Stemcell (Linux) Release Notes

This topic includes release notes for Linux stemcells used with Tanzu Operations Manager.

Jammy Stemcells

The following sections describe each Jammy stemcell release.

1.x

This section includes release notes for the 1.x line of Linux stemcells used with Tanzu Operations Manager.

1.486

Available in the Broadcom Support portal

Release Date: July 02, 2024

Metadata:

BOSH Agent Version: 2.663.0
Kernel Version: 5.15.0.113.113

USNs:

Title: USN-6847-1: libheif vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6847-1
Priorities: medium
Description:
It was discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-11471)

Reza Mirzazade Farkhani discovered that libheif incorrectly handled
certain image data. An attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-23109)

Eugene Lim discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)

Min Jang discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-29659)

Yuchuan Meng discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 23.10.
(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)
CVEs:
- https://ubuntu.com/security/CVE-2019-11471
- https://ubuntu.com/security/CVE-2020-23109
- https://ubuntu.com/security/CVE-2023-0996
- https://ubuntu.com/security/CVE-2023-29659
- https://ubuntu.com/security/CVE-2023-49460
- https://ubuntu.com/security/CVE-2023-49462
- https://ubuntu.com/security/CVE-2023-49463
- https://ubuntu.com/security/CVE-2023-49464
- https://ubuntu.com/security/CVE-2023-49463
- https://ubuntu.com/security/CVE-2020-23109
- https://ubuntu.com/security/CVE-2023-49464
- https://ubuntu.com/security/CVE-2023-29659
- https://ubuntu.com/security/CVE-2023-49462
- https://ubuntu.com/security/CVE-2019-11471
- https://ubuntu.com/security/CVE-2023-49460
- https://ubuntu.com/security/CVE-2023-0996

Title: USN-6842-1: gdb vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6842-1
Priorities: low
Description:
It was discovered that gdb incorrectly handled certain memory operations
when parsing an ELF file. An attacker could possibly use this issue
to cause a denial of service. This issue is the result of an
incomplete fix for CVE-2020-16599. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-4285)

It was discovered that gdb incorrectly handled memory leading
to a heap based buffer overflow. An attacker could use this
issue to cause a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-1972)

It was discovered that gdb incorrectly handled memory leading
to a stack overflow. An attacker could possibly use this issue
to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39128)

It was discovered that gdb had a use after free vulnerability
under certain circumstances. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2023-39129)

It was discovered that gdb incorrectly handled memory leading to a
heap based buffer overflow. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39130)
CVEs:
- https://ubuntu.com/security/CVE-2020-16599
- https://ubuntu.com/security/CVE-2022-4285
- https://ubuntu.com/security/CVE-2023-1972
- https://ubuntu.com/security/CVE-2023-39128
- https://ubuntu.com/security/CVE-2023-39129
- https://ubuntu.com/security/CVE-2023-39130

Title: USN-6809-1: BlueZ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6809-1
Priorities: low,medium
Description:
It was discovered that BlueZ could be made to dereference invalid memory.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3563)

It was discovered that BlueZ could be made to write out of bounds. If a
user were tricked into connecting to a malicious device, an attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2023-27349)
CVEs:
- https://ubuntu.com/security/CVE-2022-3563
- https://ubuntu.com/security/CVE-2023-27349
- https://ubuntu.com/security/CVE-2023-27349
- https://ubuntu.com/security/CVE-2022-3563

Title: USN-6846-1: Ansible vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6846-1
Priorities: medium
Description:
It was discovered that Ansible incorrectly handled certain inputs when using
tower_callback parameter. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)

It was discovered that Ansible incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a Template Injection.
(CVE-2023-5764)
CVEs:
- https://ubuntu.com/security/CVE-2022-3697
- https://ubuntu.com/security/CVE-2023-5764
- https://ubuntu.com/security/CVE-2023-5764
- https://ubuntu.com/security/CVE-2022-3697

Title: USN-6854-1: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-6854-1
Priorities: medium
Description:
It was discovered that OpenSSL failed to choose an appropriately short
private key size when computing shared-secrets in the Diffie-Hellman Key
Agreement Protocol. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-40735

Title: USN-6851-1: Netplan vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6851-1
Priorities: medium
Description:
Andreas Hasenack discovered that netplan incorrectly handled the permissions
for netdev files containing wireguard configuration. An attacker could use this to obtain
wireguard secret keys.

It was discovered that netplan configuration could be manipulated into injecting
arbitrary commands while setting up network interfaces. An attacker could
use this to execute arbitrary commands or escalate privileges.
CVEs:
- https://ubuntu.com/security/CVE-2022-4968

Title: USN-6822-1: Node.js vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6822-1
Priorities: medium
Description:
It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)

It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a privilege escalation. (CVE-2023-32559)
CVEs:
- https://ubuntu.com/security/CVE-2023-32002
- https://ubuntu.com/security/CVE-2023-32006
- https://ubuntu.com/security/CVE-2023-32559
- https://ubuntu.com/security/CVE-2023-32002
- https://ubuntu.com/security/CVE-2023-32559
- https://ubuntu.com/security/CVE-2023-32006

Title: USN-6800-1: browserify-sign vulnerability
URL: https://ubuntu.com/security/notices/USN-6800-1
Priorities: medium
Description:
It was discovered that browserify-sign incorrectly handled an upper bound check
in signature verification. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a signature forgery attack.
CVEs:
- https://ubuntu.com/security/CVE-2023-46234

Title: LSN-0104-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0104-1
Priorities: high
Description:
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that are
not yet active.(CVE-2024-26581)

In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a bigger maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes.(CVE-2024-26597)
CVEs:
- https://ubuntu.com/security/CVE-2023-6270
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2024-26581
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2023-6270
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2024-26581

Title: USN-6819-4: Linux kernel (Oracle) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6819-4
Priorities: medium,low,high,negligible
Description:
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- Core kernel;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Drivers core;
- Power management core;
- Bus devices;
- Device frequency scaling framework;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCMI message protocol;
- GPU drivers;
- IIO ADC drivers;
- InfiniBand drivers;
- IOMMU subsystem;
- Media drivers;
- Multifunction device drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- Device tree and open firmware driver;
- PCI driver for MicroSemi Switchtec;
- Power supply drivers;
- RPMSG subsystem;
- SCSI drivers;
- QCOM SoC drivers;
- SPMI drivers;
- Thermal drivers;
- TTY drivers;
- VFIO drivers;
- BTRFS file system;
- Ceph distributed file system;
- EFI Variable file system;
- EROFS file system;
- Ext4 file system;
- F2FS file system;
- GFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system server daemon;
- File systems infrastructure;
- Pstore file system;
- ReiserFS file system;
- SMB network file system;
- BPF subsystem;
- Memory management;
- TLS protocol;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NetLabel subsystem;
- Network traffic control;
- SMC sockets;
- Sun RPC protocol;
- AppArmor security module;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,
CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,
CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,
CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,
CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,
CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,
CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,
CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,
CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,
CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,
CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,
CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,
CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,
CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,
CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,
CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,
CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,
CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,
CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,
CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,
CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,
CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,
CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,
CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,
CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,
CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,
CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,
CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,
CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,
CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,
CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,
CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,
CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,
CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,
CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,
CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)
CVEs:
- https://ubuntu.com/security/CVE-2023-6356
- https://ubuntu.com/security/CVE-2023-6535
- https://ubuntu.com/security/CVE-2023-6536
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2023-52612
- https://ubuntu.com/security/CVE-2024-26808
- https://ubuntu.com/security/CVE-2023-52691
- https://ubuntu.com/security/CVE-2023-52618
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2024-26668
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2024-26670
- https://ubuntu.com/security/CVE-2024-26646
- https://ubuntu.com/security/CVE-2023-52472
- https://ubuntu.com/security/CVE-2024-26586
- https://ubuntu.com/security/CVE-2023-52681
- https://ubuntu.com/security/CVE-2023-52453
- https://ubuntu.com/security/CVE-2023-52611
- https://ubuntu.com/security/CVE-2023-52622
- https://ubuntu.com/security/CVE-2024-26641
- https://ubuntu.com/security/CVE-2023-52616
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2024-26620
- https://ubuntu.com/security/CVE-2023-52692
- https://ubuntu.com/security/CVE-2024-26669
- https://ubuntu.com/security/CVE-2023-52623
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2024-26616
- https://ubuntu.com/security/CVE-2024-26610
- https://ubuntu.com/security/CVE-2024-35839
- https://ubuntu.com/security/CVE-2023-52490
- https://ubuntu.com/security/CVE-2023-52672
- https://ubuntu.com/security/CVE-2024-26612
- https://ubuntu.com/security/CVE-2023-52617
- https://ubuntu.com/security/CVE-2023-52697
- https://ubuntu.com/security/CVE-2024-26644
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-35841
- https://ubuntu.com/security/CVE-2023-52664
- https://ubuntu.com/security/CVE-2023-52635
- https://ubuntu.com/security/CVE-2023-52676
- https://ubuntu.com/security/CVE-2023-52669
- https://ubuntu.com/security/CVE-2024-26632
- https://ubuntu.com/security/CVE-2023-52486
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52608
- https://ubuntu.com/security/CVE-2024-26634
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2024-26618
- https://ubuntu.com/security/CVE-2024-26640
- https://ubuntu.com/security/CVE-2023-52489
- https://ubuntu.com/security/CVE-2023-52675
- https://ubuntu.com/security/CVE-2023-52678
- https://ubuntu.com/security/CVE-2024-26583
- https://ubuntu.com/security/CVE-2023-52693
- https://ubuntu.com/security/CVE-2023-52498
- https://ubuntu.com/security/CVE-2024-26649
- https://ubuntu.com/security/CVE-2023-52670
- https://ubuntu.com/security/CVE-2023-52473
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52667
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2023-52686
- https://ubuntu.com/security/CVE-2024-26633
- https://ubuntu.com/security/CVE-2023-52666
- https://ubuntu.com/security/CVE-2024-35840
- https://ubuntu.com/security/CVE-2024-26629
- https://ubuntu.com/security/CVE-2024-26595
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52687
- https://ubuntu.com/security/CVE-2023-52465
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2023-52493
- https://ubuntu.com/security/CVE-2023-52491
- https://ubuntu.com/security/CVE-2024-26636
- https://ubuntu.com/security/CVE-2024-26584
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2023-52633
- https://ubuntu.com/security/CVE-2023-52696
- https://ubuntu.com/security/CVE-2024-26585
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2024-35838
- https://ubuntu.com/security/CVE-2024-26645
- https://ubuntu.com/security/CVE-2023-52591
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52609
- https://ubuntu.com/security/CVE-2024-26608
- https://ubuntu.com/security/CVE-2023-52450
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52495
- https://ubuntu.com/security/CVE-2023-52626
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2023-52680
- https://ubuntu.com/security/CVE-2023-52632
- https://ubuntu.com/security/CVE-2024-26582
- https://ubuntu.com/security/CVE-2024-35837
- https://ubuntu.com/security/CVE-2023-52494
- https://ubuntu.com/security/CVE-2023-52614
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52698
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2024-26615
- https://ubuntu.com/security/CVE-2023-52452
- https://ubuntu.com/security/CVE-2023-52492
- https://ubuntu.com/security/CVE-2024-26647
- https://ubuntu.com/security/CVE-2023-52468
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2023-52621
- https://ubuntu.com/security/CVE-2024-26638
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2024-26673
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52677
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2024-26623
- https://ubuntu.com/security/CVE-2023-52488
- https://ubuntu.com/security/CVE-2023-52497
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2024-26607
- https://ubuntu.com/security/CVE-2023-52610
- https://ubuntu.com/security/CVE-2024-35842
- https://ubuntu.com/security/CVE-2023-52690
- https://ubuntu.com/security/CVE-2023-52683
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2024-26671
- https://ubuntu.com/security/CVE-2023-52455
- https://ubuntu.com/security/CVE-2023-52679
- https://ubuntu.com/security/CVE-2024-26598
- https://ubuntu.com/security/CVE-2023-52674
- https://ubuntu.com/security/CVE-2023-52627
- https://ubuntu.com/security/CVE-2023-52619
- https://ubuntu.com/security/CVE-2023-52487
- https://ubuntu.com/security/CVE-2023-52446
- https://ubuntu.com/security/CVE-2024-35835
- https://ubuntu.com/security/CVE-2023-52682
- https://ubuntu.com/security/CVE-2023-52685
- https://ubuntu.com/security/CVE-2023-52694
- https://ubuntu.com/security/CVE-2024-26631
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2023-52453
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-35835
- https://ubuntu.com/security/CVE-2023-52681
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2024-26608
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2024-26623
- https://ubuntu.com/security/CVE-2023-52486
- https://ubuntu.com/security/CVE-2023-52686
- https://ubuntu.com/security/CVE-2024-26584
- https://ubuntu.com/security/CVE-2023-52627
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2024-35839
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52498
- https://ubuntu.com/security/CVE-2023-52465
- https://ubuntu.com/security/CVE-2024-26610
- https://ubuntu.com/security/CVE-2023-52677
- https://ubuntu.com/security/CVE-2023-52635
- https://ubuntu.com/security/CVE-2024-26583
- https://ubuntu.com/security/CVE-2024-26616
- https://ubuntu.com/security/CVE-2023-52455
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52446
- https://ubuntu.com/security/CVE-2024-26638
- https://ubuntu.com/security/CVE-2023-52691
- https://ubuntu.com/security/CVE-2023-52608
- https://ubuntu.com/security/CVE-2023-52618
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2024-26641
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2024-26598
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2023-52696
- https://ubuntu.com/security/CVE-2023-52616
- https://ubuntu.com/security/CVE-2023-52685
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2023-52489
- https://ubuntu.com/security/CVE-2023-52683
- https://ubuntu.com/security/CVE-2023-52495
- https://ubuntu.com/security/CVE-2023-52670
- https://ubuntu.com/security/CVE-2024-26668
- https://ubuntu.com/security/CVE-2024-26634
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52609
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52621
- https://ubuntu.com/security/CVE-2024-26632
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2023-6356
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2024-26646
- https://ubuntu.com/security/CVE-2023-52632
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52491
- https://ubuntu.com/security/CVE-2023-52619
- https://ubuntu.com/security/CVE-2024-26615
- https://ubuntu.com/security/CVE-2023-52468
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2024-26618
- https://ubuntu.com/security/CVE-2023-52626
- https://ubuntu.com/security/CVE-2024-26645
- https://ubuntu.com/security/CVE-2023-6535
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2023-52612
- https://ubuntu.com/security/CVE-2024-26582
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52611
- https://ubuntu.com/security/CVE-2023-52617
- https://ubuntu.com/security/CVE-2024-26673
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2024-26670
- https://ubuntu.com/security/CVE-2023-52494
- https://ubuntu.com/security/CVE-2024-26649
- https://ubuntu.com/security/CVE-2023-52692
- https://ubuntu.com/security/CVE-2024-26640
- https://ubuntu.com/security/CVE-2023-52488
- https://ubuntu.com/security/CVE-2023-52690
- https://ubuntu.com/security/CVE-2024-26629
- https://ubuntu.com/security/CVE-2024-26808
- https://ubuntu.com/security/CVE-2023-52669
- https://ubuntu.com/security/CVE-2024-26633
- https://ubuntu.com/security/CVE-2024-26607
- https://ubuntu.com/security/CVE-2024-26671
- https://ubuntu.com/security/CVE-2023-52698
- https://ubuntu.com/security/CVE-2023-52672
- https://ubuntu.com/security/CVE-2024-26631
- https://ubuntu.com/security/CVE-2023-52666
- https://ubuntu.com/security/CVE-2023-52591
- https://ubuntu.com/security/CVE-2023-52614
- https://ubuntu.com/security/CVE-2024-26585
- https://ubuntu.com/security/CVE-2024-26612
- https://ubuntu.com/security/CVE-2024-35837
- https://ubuntu.com/security/CVE-2023-52472
- https://ubuntu.com/security/CVE-2023-52674
- https://ubuntu.com/security/CVE-2023-52694
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52678
- https://ubuntu.com/security/CVE-2023-52450
- https://ubuntu.com/security/CVE-2023-52676
- https://ubuntu.com/security/CVE-2023-52490
- https://ubuntu.com/security/CVE-2023-52487
- https://ubuntu.com/security/CVE-2023-52497
- https://ubuntu.com/security/CVE-2024-35840
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2023-52493
- https://ubuntu.com/security/CVE-2024-26586
- https://ubuntu.com/security/CVE-2023-52473
- https://ubuntu.com/security/CVE-2024-26647
- https://ubuntu.com/security/CVE-2023-52664
- https://ubuntu.com/security/CVE-2024-35838
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2024-35842
- https://ubuntu.com/security/CVE-2024-26636
- https://ubuntu.com/security/CVE-2024-26595
- https://ubuntu.com/security/CVE-2023-52675
- https://ubuntu.com/security/CVE-2023-52633
- https://ubuntu.com/security/CVE-2023-6536
- https://ubuntu.com/security/CVE-2024-26644
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2024-35841
- https://ubuntu.com/security/CVE-2023-52610
- https://ubuntu.com/security/CVE-2023-52622
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2023-52492
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2023-52680
- https://ubuntu.com/security/CVE-2023-52623
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2023-52679
- https://ubuntu.com/security/CVE-2023-52693
- https://ubuntu.com/security/CVE-2024-26620
- https://ubuntu.com/security/CVE-2023-52687
- https://ubuntu.com/security/CVE-2024-26669
- https://ubuntu.com/security/CVE-2023-52682
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2023-52452
- https://ubuntu.com/security/CVE-2023-52697
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2023-52667

Title: USN-6805-1: libarchive vulnerability
URL: https://ubuntu.com/security/notices/USN-6805-1
Priorities: medium
Description:
It was discovered that libarchive incorrectly handled certain RAR archive files.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2024-26256

Title: USN-6844-1: CUPS vulnerability
URL: https://ubuntu.com/security/notices/USN-6844-1
Priorities: medium
Description:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.
CVEs:
- https://ubuntu.com/security/CVE-2024-35235

Title: USN-6801-1: PyMySQL vulnerability
URL: https://ubuntu.com/security/notices/USN-6801-1
Priorities: medium
Description:
It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An
attacker could possibly use this issue to perform SQL injection attacks.
CVEs:
- https://ubuntu.com/security/CVE-2024-36039

Title: USN-6843-1: Plasma Workspace vulnerability
URL: https://ubuntu.com/security/notices/USN-6843-1
Priorities: medium
Description:
Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user’s session manager and execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2024-36041

Title: USN-6852-1: Wget vulnerability
URL: https://ubuntu.com/security/notices/USN-6852-1
Priorities: medium
Description:
It was discovered that Wget incorrectly handled semicolons in the userinfo
subcomponent of a URI. A remote attacker could possibly trick a user into
connecting to a different host than expected.
CVEs:
- https://ubuntu.com/security/CVE-2024-38428

Title: USN-6798-1: GStreamer Base Plugins vulnerability
URL: https://ubuntu.com/security/notices/USN-6798-1
Priorities: medium
Description:
It was discovered that GStreamer Base Plugins incorrectly handled certain
EXIF metadata. An attacker could possibly use this issue to execute arbitrary
code or cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2024-4453

Title: USN-6859-1: OpenSSH vulnerability
URL: https://ubuntu.com/security/notices/USN-6859-1
Priorities: high
Description:
It was discovered that OpenSSH incorrectly handled signal management. A
remote attacker could use this issue to bypass authentication and remotely
access systems without proper credentials.
CVEs:
- https://ubuntu.com/security/CVE-2024-6387

What’s Changed

Vary location of grub config if the stemcell is EFI or not by @selzoc in https://github.com/cloudfoundry/bosh-linux-stemcell-builder/pull/362

New Contributors

@selzoc made their first contribution in https://github.com/cloudfoundry/bosh-linux-stemcell-builder/pull/362

Full Changelog: https://github.com/cloudfoundry/bosh-linux-stemcell-builder/compare/ubuntu-jammy/v1.351…ubuntu-jammy/v1.486

1.465

USNs:

Title: USN-6692-1: Gson vulnerability
URL: https://ubuntu.com/security/notices/USN-6692-1
Priorities: medium
Description:
It was discovered that Gson incorrectly handled deserialization of untrusted
input data. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-25647

Title: USN-6690-1: Open vSwitch vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6690-1
Priorities: medium
Description:
Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)

It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)
CVEs:
- https://ubuntu.com/security/CVE-2023-3966
- https://ubuntu.com/security/CVE-2023-5366
- https://ubuntu.com/security/CVE-2023-5366
- https://ubuntu.com/security/CVE-2023-3966

Title: USN-6693-1: .NET vulnerability
URL: https://ubuntu.com/security/notices/USN-6693-1
Priorities: medium
Description:
It was discovered that .NET did not properly handle certain specially
crafted requests. An attacker could potentially use this issue to cause
a resource leak, leading to a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2024-21392

Title: USN-6691-1: OVN vulnerability
URL: https://ubuntu.com/security/notices/USN-6691-1
Priorities: medium
Description:
It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding
Detection on logical ports. A remote attacker could possibly use this issue
to disrupt traffic.
CVEs:
- https://ubuntu.com/security/CVE-2024-2182

1.404

Available in the Broadcom Support portal

Release Date: March 13, 2024

Metadata:

BOSH Agent Version: 2.639.0

Updates:

The linux kernel has been changed from the HWE line of kernels back to the LTS line of kernels. Changing from the current 6.5 to 5.15. This is an attempt to mitigate issue 318 where we see cgroups with memory limits hitting OOM errors when they previously did not under the 6.2 kernel versions.

USNs:

Title: USN-6682-1: Puma vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6682-1
Priorities: medium
Description:
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)

It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)

Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)

It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)

Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)

Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)
CVEs:
- https://ubuntu.com/security/CVE-2020-11076
- https://ubuntu.com/security/CVE-2020-11077
- https://ubuntu.com/security/CVE-2022-23634
- https://ubuntu.com/security/CVE-2022-24790
- https://ubuntu.com/security/CVE-2023-40175
- https://ubuntu.com/security/CVE-2024-21647
- https://ubuntu.com/security/CVE-2024-21647
- https://ubuntu.com/security/CVE-2020-11076
- https://ubuntu.com/security/CVE-2023-40175
- https://ubuntu.com/security/CVE-2020-11077
- https://ubuntu.com/security/CVE-2022-23634
- https://ubuntu.com/security/CVE-2022-24790

Title: USN-6675-1: ImageProcessing vulnerability
URL: https://ubuntu.com/security/notices/USN-6675-1
Priorities: medium
Description:
It was discovered that ImageProcessing incorrectly handled series of operations
that are coming from unsanitised inputs. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-24720

Title: USN-6659-1: libde265 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6659-1
Priorities: medium
Description:
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249,
CVE-2022-43250, CVE-2022-47665, CVE-2023-25221)

It was discovered that libde265 could be made to read out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2022-43245)

It was discovered that libde265 could be made to dereference invalid
memory. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,
CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758)
CVEs:
- https://ubuntu.com/security/CVE-2022-43244
- https://ubuntu.com/security/CVE-2022-43249
- https://ubuntu.com/security/CVE-2022-43250
- https://ubuntu.com/security/CVE-2022-47665
- https://ubuntu.com/security/CVE-2023-25221
- https://ubuntu.com/security/CVE-2022-43245
- https://ubuntu.com/security/CVE-2023-24751
- https://ubuntu.com/security/CVE-2023-24752
- https://ubuntu.com/security/CVE-2023-24754
- https://ubuntu.com/security/CVE-2023-24755
- https://ubuntu.com/security/CVE-2023-24756
- https://ubuntu.com/security/CVE-2023-24757
- https://ubuntu.com/security/CVE-2023-24758
- https://ubuntu.com/security/CVE-2022-47665
- https://ubuntu.com/security/CVE-2023-24752
- https://ubuntu.com/security/CVE-2022-43244
- https://ubuntu.com/security/CVE-2023-24754
- https://ubuntu.com/security/CVE-2023-24756
- https://ubuntu.com/security/CVE-2022-43245
- https://ubuntu.com/security/CVE-2023-24758
- https://ubuntu.com/security/CVE-2023-24751
- https://ubuntu.com/security/CVE-2023-25221
- https://ubuntu.com/security/CVE-2022-43250
- https://ubuntu.com/security/CVE-2022-43249
- https://ubuntu.com/security/CVE-2023-24757
- https://ubuntu.com/security/CVE-2023-24755

Title: USN-6667-1: Cpanel-JSON-XS vulnerability
URL: https://ubuntu.com/security/notices/USN-6667-1
Priorities: medium
Description:
It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A
remote attacker could use this issue to cause Cpanel-JSON-XS to crash,
resulting in a denial of service, or possibly obtain sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2022-48623

Title: USN-6664-1: less vulnerability
URL: https://ubuntu.com/security/notices/USN-6664-1
Priorities: medium
Description:
It was discovered that less incorrectly handled certain file names.
An attacker could possibly use this issue to cause a crash or execute
arbitrary commands.
CVEs:
- https://ubuntu.com/security/CVE-2022-48624

Title: USN-6671-1: php-nyholm-psr7 vulnerability
URL: https://ubuntu.com/security/notices/USN-6671-1
Priorities: medium
Description:
It was discovered that php-nyholm-psr7 incorrectly parsed HTTP
headers. A remote attacker could possibly use this issue to perform
an HTTP header injection attack.
CVEs:
- https://ubuntu.com/security/CVE-2023-29197

Title: USN-6670-1: php-guzzlehttp-psr7 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6670-1
Priorities: medium
Description:
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP
headers. A remote attacker could possibly use these issues to perform
an HTTP header injection attack.
CVEs:
- https://ubuntu.com/security/CVE-2023-29197
- https://ubuntu.com/security/CVE-2022-24775

Title: USN-6683-1: HtmlCleaner vulnerability
URL: https://ubuntu.com/security/notices/USN-6683-1
Priorities: low
Description:
It was discovered that HtmlCleaner incorrectly handled certain html
documents. An attacker could possibly use this issue to cause a denial
of service via application crash.
CVEs:
- https://ubuntu.com/security/CVE-2023-34624

Title: USN-6680-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6680-2
Priorities: medium
Description:
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)

Jann Horn discovered that the io_uring subsystem in the Linux kernel
contained an out-of-bounds access vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2023-6560)

Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
CVEs:
- https://ubuntu.com/security/CVE-2023-46343
- https://ubuntu.com/security/CVE-2023-51779
- https://ubuntu.com/security/CVE-2023-51782
- https://ubuntu.com/security/CVE-2023-6121
- https://ubuntu.com/security/CVE-2023-6560
- https://ubuntu.com/security/CVE-2024-0607
- https://ubuntu.com/security/CVE-2024-25744
- https://ubuntu.com/security/CVE-2023-46343
- https://ubuntu.com/security/CVE-2024-0607
- https://ubuntu.com/security/CVE-2023-6121
- https://ubuntu.com/security/CVE-2024-25744
- https://ubuntu.com/security/CVE-2023-51779
- https://ubuntu.com/security/CVE-2023-51782
- https://ubuntu.com/security/CVE-2023-6560

Title: USN-6688-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6688-1
Priorities: medium,high,low,negligible
Description:
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that the Habana’s AI Processors driver in the Linux
kernel did not properly initialize certain data structures before passing
them to user space. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2023-50431)

Murray McAllister discovered that the VMware Virtual GPU DRM driver in the
Linux kernel did not properly handle memory objects when storing surfaces,
leading to a use-after-free vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5633)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-6610)

It was discovered that the VirtIO subsystem in the Linux kernel did not
properly initialize memory in some situations. A local attacker could use
this to possibly expose sensitive information (kernel memory).
(CVE-2024-0340)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- Block layer;
- ACPI drivers;
- Android drivers;
- EDAC drivers;
- GPU drivers;
- InfiniBand drivers;
- Media drivers;
- Multifunction device drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- PHY drivers;
- PWM drivers;
- SCSI drivers;
- SPMI drivers;
- TTY drivers;
- Userspace I/O drivers;
- Ceph distributed file system;
- EFI Variable file system;
- Ext4 file system;
- F2FS file system;
- GFS2 file system;
- JFS file system;
- SMB network file system;
- BPF subsystem;
- Logical Link Layer;
- Netfilter;
- Unix domain sockets;
- AppArmor security module;
(CVE-2024-26599, CVE-2023-52604, CVE-2023-52439, CVE-2024-26627,
CVE-2024-26601, CVE-2024-26628, CVE-2023-52607, CVE-2023-52456,
CVE-2023-52602, CVE-2023-52443, CVE-2023-52599, CVE-2023-52603,
CVE-2024-26588, CVE-2024-26581, CVE-2023-52600, CVE-2024-26624,
CVE-2023-52584, CVE-2024-26625, CVE-2023-52606, CVE-2023-52463,
CVE-2023-52464, CVE-2023-52597, CVE-2023-52595, CVE-2023-52458,
CVE-2023-52457, CVE-2023-52438, CVE-2023-52469, CVE-2023-52462,
CVE-2024-26589, CVE-2024-26592, CVE-2024-26594, CVE-2023-52601,
CVE-2023-52593, CVE-2023-52436, CVE-2023-52447, CVE-2023-52587,
CVE-2023-52445, CVE-2023-52454, CVE-2023-52451, CVE-2023-52605,
CVE-2024-26597, CVE-2023-52448, CVE-2023-52598, CVE-2024-26591,
CVE-2023-52449, CVE-2023-52444, CVE-2023-52583, CVE-2023-52589,
CVE-2024-26598, CVE-2023-52470, CVE-2023-52594, CVE-2023-52588,
CVE-2023-52467, CVE-2024-26600)
CVEs:
- https://ubuntu.com/security/CVE-2023-46838
- https://ubuntu.com/security/CVE-2023-50431
- https://ubuntu.com/security/CVE-2023-5633
- https://ubuntu.com/security/CVE-2023-6610
- https://ubuntu.com/security/CVE-2024-0340
- https://ubuntu.com/security/CVE-2024-1085
- https://ubuntu.com/security/CVE-2024-1086
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2024-26599
- https://ubuntu.com/security/CVE-2023-52604
- https://ubuntu.com/security/CVE-2023-52439
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2024-26601
- https://ubuntu.com/security/CVE-2024-26628
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2023-52602
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2023-52603
- https://ubuntu.com/security/CVE-2024-26588
- https://ubuntu.com/security/CVE-2024-26581
- https://ubuntu.com/security/CVE-2023-52600
- https://ubuntu.com/security/CVE-2024-26624
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52438
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2024-26589
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2023-52601
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52436
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52605
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-26591
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2024-26598
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2024-26600
- https://ubuntu.com/security/CVE-2023-52438
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2023-46838
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2023-5633
- https://ubuntu.com/security/CVE-2024-26628
- https://ubuntu.com/security/CVE-2024-26624
- https://ubuntu.com/security/CVE-2023-50431
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2023-52602
- https://ubuntu.com/security/CVE-2024-26600
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2023-52603
- https://ubuntu.com/security/CVE-2024-1086
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52605
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2024-26588
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2023-6610
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2023-52436
- https://ubuntu.com/security/CVE-2024-26599
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2024-26601
- https://ubuntu.com/security/CVE-2023-52439
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2023-52601
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-26589
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2024-26591
- https://ubuntu.com/security/CVE-2023-52600
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2024-0340
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2024-26581
- https://ubuntu.com/security/CVE-2024-1085
- https://ubuntu.com/security/CVE-2023-52604
- https://ubuntu.com/security/CVE-2024-26598

Title: USN-6665-1: Unbound vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6665-1
Priorities: medium
Description:
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Unbound incorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Unbound to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Unbound incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Unbound to consume resources, leading to a denial of service.
(CVE-2023-50868)
CVEs:
- https://ubuntu.com/security/CVE-2023-50387
- https://ubuntu.com/security/CVE-2023-50868
- https://ubuntu.com/security/CVE-2023-50868
- https://ubuntu.com/security/CVE-2023-50387

Title: USN-6673-1: python-cryptography vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6673-1
Priorities: medium
Description:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)

It was discovered that python-cryptography incorrectly handled memory
operations when processing mismatched PKCS#12 keys. A remote attacker could
possibly use this issue to cause python-cryptography to crash, leading to a
denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-26130)
CVEs:
- https://ubuntu.com/security/CVE-2023-50782
- https://ubuntu.com/security/CVE-2024-26130
- https://ubuntu.com/security/CVE-2024-26130
- https://ubuntu.com/security/CVE-2023-50782

Title: USN-6651-3: Linux kernel (StarFive) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6651-3
Priorities: medium,high
Description:
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the io_uring subsystem in the Linux kernel did
not properly handle the release of certain buffer rings. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2024-0582)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0582
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0582
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-51780

Title: USN-6651-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6651-2
Priorities: medium,high
Description:
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the io_uring subsystem in the Linux kernel did
not properly handle the release of certain buffer rings. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2024-0582)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0582
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0582
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-51780

Title: USN-6653-3: Linux kernel (Low Latency) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6653-3
Priorities: medium,high
Description:
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2023-6915

Title: USN-6653-4: Linux kernel (GKE) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6653-4
Priorities: medium,high
Description:
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-51780

Title: USN-6653-2: Linux kernel (AWS) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6653-2
Priorities: medium,high
Description:
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-51780
- https://ubuntu.com/security/CVE-2024-0565
- https://ubuntu.com/security/CVE-2023-6915
- https://ubuntu.com/security/CVE-2023-51781

Title: USN-6668-1: python-openstackclient vulnerability
URL: https://ubuntu.com/security/notices/USN-6668-1
Priorities: medium
Description:
It was discovered that when python-openstackclient attempted to delete a
non-existing access rule, it would delete another existing access rule
instead, contrary to expectations.
CVEs:
- https://ubuntu.com/security/CVE-2023-6110

Title: LSN-0101-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0101-1
Priorities: high
Description:
Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-6932)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion).(CVE-2023-7192)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)
CVEs:
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-6932
- https://ubuntu.com/security/CVE-2023-7192
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2024-0646
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-6932
- https://ubuntu.com/security/CVE-2023-7192
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2024-0646

Title: USN-6661-1: OpenJDK 17 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6661-1
Priorities: medium
Description:
Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 17 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 17 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP
archives that have file and directory entries with the same name. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2024-20932)

It was discovered that OpenJDK 17 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)

Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
CVEs:
- https://ubuntu.com/security/CVE-2024-20918
- https://ubuntu.com/security/CVE-2024-20919
- https://ubuntu.com/security/CVE-2024-20921
- https://ubuntu.com/security/CVE-2024-20932
- https://ubuntu.com/security/CVE-2024-20945
- https://ubuntu.com/security/CVE-2024-20952
- https://ubuntu.com/security/CVE-2024-20952
- https://ubuntu.com/security/CVE-2024-20921
- https://ubuntu.com/security/CVE-2024-20945
- https://ubuntu.com/security/CVE-2024-20918
- https://ubuntu.com/security/CVE-2024-20919
- https://ubuntu.com/security/CVE-2024-20932

Title: USN-6662-1: OpenJDK 21 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6662-1
Priorities: medium
Description:
Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 21 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 21 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

It was discovered that OpenJDK 21 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)

Hubert Kario discovered that the TLS implementation in OpenJDK 21 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
CVEs:
- https://ubuntu.com/security/CVE-2024-20918
- https://ubuntu.com/security/CVE-2024-20919
- https://ubuntu.com/security/CVE-2024-20921
- https://ubuntu.com/security/CVE-2024-20945
- https://ubuntu.com/security/CVE-2024-20952
- https://ubuntu.com/security/CVE-2024-20952
- https://ubuntu.com/security/CVE-2024-20921
- https://ubuntu.com/security/CVE-2024-20945
- https://ubuntu.com/security/CVE-2024-20918
- https://ubuntu.com/security/CVE-2024-20919

Title: USN-6676-1: c-ares vulnerability
URL: https://ubuntu.com/security/notices/USN-6676-1
Priorities: medium
Description:
Vojtěch Vobr discovered that c-ares incorrectly handled user input from
local configuration files. An attacker could possibly use this issue to
cause a denial of service via application crash.
CVEs:
- https://ubuntu.com/security/CVE-2024-25629

Title: USN-6679-1: FRR vulnerability
URL: https://ubuntu.com/security/notices/USN-6679-1
Priorities: medium
Description:
It was discovered that FRR incorrectly handled certain malformed OSPF LSA
packets. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2024-27913

1.390

Available in the Broadcom Support portal

Release Date: February 29, 2024

Available in the Broadcom Support portal

Release Date: January 29, 2024

Metadata:

BOSH Agent Version: 2.620.0

Improvements

311
kernel bumped to 6.5 #312
libsumcmd.a folder changes with newer kernels #313 #315

USNs:

Title: USN-6579-2: Xerces-C++ vulnerability
URL: https://ubuntu.com/security/notices/USN-6579-2
Priorities: medium
Description:
USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the
corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04
and Ubuntu 23.10.

Original advisory details:

It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2018-1311

Title: USN-6590-1: Xerces-C++ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6590-1
Priorities: medium
Description:
It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311)

It was discovered that Xerces-C++ was not properly performing bounds
checks when processing XML Schema Definition files, which could lead to an
out-of-bounds access via an HTTP request. If a user or automated system
were tricked into processing a specially crafted XSD file, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-37536)
CVEs:
- https://ubuntu.com/security/CVE-2018-1311
- https://ubuntu.com/security/CVE-2023-37536
- https://ubuntu.com/security/CVE-2018-1311
- https://ubuntu.com/security/CVE-2023-37536

Title: USN-6559-1: ZooKeeper vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6559-1
Priorities: low,medium
Description:
It was discovered that ZooKeeper incorrectly handled authorization for
the getACL() command. A remote attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2019-0201)

Damien Diederen discovered that ZooKeeper incorrectly handled
authorization if SASL Quorum Peer authentication is enabled. An
attacker could possibly use this issue to bypass ZooKeeper’s
authorization system. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04
and Ubuntu 23.10. (CVE-2023-44981)
CVEs:
- https://ubuntu.com/security/CVE-2019-0201
- https://ubuntu.com/security/CVE-2023-44981
- https://ubuntu.com/security/CVE-2023-44981
- https://ubuntu.com/security/CVE-2019-0201

Title: USN-6586-1: FreeImage vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6586-1
Priorities: medium
Description:
It was discovered that FreeImage incorrectly handled certain memory
operations. If a user were tricked into opening a crafted TIFF file, a
remote attacker could use this issue to cause a heap buffer overflow,
resulting in a denial of service attack. This issue only affected Ubuntu
16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211)

It was discovered that FreeImage incorrectly processed images under
certain circumstances. If a user were tricked into opening a crafted TIFF
file, a remote attacker could possibly use this issue to cause a stack
exhaustion condition, resulting in a denial of service attack. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213)

It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2020-21427,
CVE-2020-21428)

It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted PFM file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2020-22524)
CVEs:
- https://ubuntu.com/security/CVE-2019-12211
- https://ubuntu.com/security/CVE-2019-12213
- https://ubuntu.com/security/CVE-2020-21427
- https://ubuntu.com/security/CVE-2020-21428
- https://ubuntu.com/security/CVE-2020-22524
- https://ubuntu.com/security/CVE-2020-21427
- https://ubuntu.com/security/CVE-2020-21428
- https://ubuntu.com/security/CVE-2019-12213
- https://ubuntu.com/security/CVE-2020-22524
- https://ubuntu.com/security/CVE-2019-12211

Title: USN-6571-1: Monit vulnerability
URL: https://ubuntu.com/security/notices/USN-6571-1
Priorities: medium
Description:
Youssef Rebahi-Gilbert discovered that Monit did not properly process
credentials for disabled accounts. An attacker could possibly use this
issue to login to the platform with an expired account and a valid
password.
CVEs:
- https://ubuntu.com/security/CVE-2022-26563

Title: USN-6575-1: Twisted vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6575-1
Priorities: low,medium
Description:
It was discovered that Twisted incorrectly escaped host headers in certain
404 responses. A remote attacker could possibly use this issue to perform
HTML and script injection attacks. This issue only affected Ubuntu 20.04
LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)

It was discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay responses and manipulate the responses of second
requests. (CVE-2023-46137)
CVEs:
- https://ubuntu.com/security/CVE-2022-39348
- https://ubuntu.com/security/CVE-2023-46137
- https://ubuntu.com/security/CVE-2022-39348
- https://ubuntu.com/security/CVE-2023-46137

Title: USN-6581-1: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6581-1
Priorities: medium
Description:
It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2022-44840, CVE-2022-45703)

It was discovered that GNU binutils incorrectly handled memory management
operations in several of its functions, which could lead to excessive
memory consumption due to memory leaks. An attacker could possibly use
these issues to cause a denial of service.
(CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011)
CVEs:
- https://ubuntu.com/security/CVE-2022-44840
- https://ubuntu.com/security/CVE-2022-45703
- https://ubuntu.com/security/CVE-2022-47007
- https://ubuntu.com/security/CVE-2022-47008
- https://ubuntu.com/security/CVE-2022-47010
- https://ubuntu.com/security/CVE-2022-47011
- https://ubuntu.com/security/CVE-2022-47008
- https://ubuntu.com/security/CVE-2022-47011
- https://ubuntu.com/security/CVE-2022-47007
- https://ubuntu.com/security/CVE-2022-47010
- https://ubuntu.com/security/CVE-2022-45703
- https://ubuntu.com/security/CVE-2022-44840

Title: USN-6600-1: MariaDB vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6600-1
Priorities: medium
Description:
Several security issues were discovered in MariaDB and this update
includes new upstream MariaDB versions to fix these issues.

MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16
in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10.

CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
CVEs:
- https://ubuntu.com/security/CVE-2022-47015
- https://ubuntu.com/security/CVE-2022-47015
- https://ubuntu.com/security/CVE-2023-22084

Title: USN-6574-1: Go vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6574-1
Priorities: medium
Description:
Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a cross
site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-39318, CVE-2023-39319)

It was discovered that Go did not properly validate the “//go:cgo_”
directives during compilation. An attacker could possibly use this issue to
inject arbitrary code during compile time. (CVE-2023-39323)

It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
(CVE-2023-39325, CVE-2023-44487)

It was discovered that the Go net/http module did not properly validate the
chunk extensions reading from a request or response body. An attacker could
possibly use this issue to read sensitive information. (CVE-2023-39326)

It was discovered that Go did not properly validate the insecure “git://”
protocol when using go get to fetch a module with the “.git” suffix. An
attacker could possibly use this issue to bypass secure protocol checks.
(CVE-2023-45285)
CVEs:
- https://ubuntu.com/security/CVE-2023-39318
- https://ubuntu.com/security/CVE-2023-39319
- https://ubuntu.com/security/CVE-2023-39323
- https://ubuntu.com/security/CVE-2023-39325
- https://ubuntu.com/security/CVE-2023-44487
- https://ubuntu.com/security/CVE-2023-39326
- https://ubuntu.com/security/CVE-2023-45285
- https://ubuntu.com/security/CVE-2023-39326
- https://ubuntu.com/security/CVE-2023-39323
- https://ubuntu.com/security/CVE-2023-45285
- https://ubuntu.com/security/CVE-2023-39325
- https://ubuntu.com/security/CVE-2023-44487
- https://ubuntu.com/security/CVE-2023-39319
- https://ubuntu.com/security/CVE-2023-39318

Title: USN-6580-1: w3m vulnerability
URL: https://ubuntu.com/security/notices/USN-6580-1
Priorities: medium
Description:
It was discovered that w3m incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2023-4255

Title: USN-6582-1: WebKitGTK vulnerability
URL: https://ubuntu.com/security/notices/USN-6582-1
Priorities: medium
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
CVEs:
- https://ubuntu.com/security/CVE-2023-42883

Title: USN-6541-2: GNU C Library regression
URL: https://ubuntu.com/security/notices/USN-6541-2
Priorities: low,medium
Description:
USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately,
changes made to allow proper application of the fix for CVE-2023-4806 in
Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing
functionalities. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the GNU C Library was not properly handling certain
memory operations. An attacker could possibly use this issue to cause a
denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)

It was discovered that the GNU C library was not properly implementing a
fix for CVE-2023-4806 in certain cases, which could lead to a memory leak.
An attacker could possibly use this issue to cause a denial of service
(application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu
23.04. (CVE-2023-5156)
CVEs:
- https://ubuntu.com/security/CVE-2023-4806
- https://ubuntu.com/security/CVE-2023-4806
- https://ubuntu.com/security/CVE-2023-4813
- https://ubuntu.com/security/CVE-2023-4806
- https://ubuntu.com/security/CVE-2023-5156

Title: USN-6589-1: FileZilla vulnerability
URL: https://ubuntu.com/security/notices/USN-6589-1
Priorities: medium
Description:
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH
protocol used in FileZilla is prone to a prefix truncation attack, known as
the “Terrapin attack”. A remote attacker could use this issue to downgrade or
disable some security features and obtain sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2023-48795

Title: USN-6598-1: Paramiko vulnerability
URL: https://ubuntu.com/security/notices/USN-6598-1
Priorities: medium
Description:
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.
CVEs:
- https://ubuntu.com/security/CVE-2023-48795

Title: USN-6591-1: Postfix vulnerability
URL: https://ubuntu.com/security/notices/USN-6591-1
Priorities: medium
Description:
Timo Longin discovered that Postfix incorrectly handled certain email line
endings. A remote attacker could possibly use this issue to bypass an email
authentication mechanism, allowing domain spoofing and potential spamming.

Please note that certain configuration changes are required to address
this issue. They are not enabled by default for backward compatibility.
Information can be found at https://www.postfix.org/smtp-smuggling.html.
CVEs:
- https://ubuntu.com/security/CVE-2023-51764

Title: USN-6606-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6606-1
Priorities: medium,high
Description:
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)
CVEs:
- https://ubuntu.com/security/CVE-2023-51779
- https://ubuntu.com/security/CVE-2023-6606
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-6931
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2023-51779
- https://ubuntu.com/security/CVE-2023-6606
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-6931

Title: USN-6607-1: Linux kernel (Azure) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6607-1
Priorities: high,medium
Description:
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not
properly validate network family support while creating a new netfilter
table. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)
CVEs:
- https://ubuntu.com/security/CVE-2023-5345
- https://ubuntu.com/security/CVE-2023-6040
- https://ubuntu.com/security/CVE-2023-6606
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-6931
- https://ubuntu.com/security/CVE-2023-6932
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2023-6931
- https://ubuntu.com/security/CVE-2023-6817
- https://ubuntu.com/security/CVE-2023-5345
- https://ubuntu.com/security/CVE-2024-0193
- https://ubuntu.com/security/CVE-2023-6932
- https://ubuntu.com/security/CVE-2023-6040
- https://ubuntu.com/security/CVE-2023-6606

Title: USN-6592-1: libssh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6592-1
Priorities: medium
Description:
It was discovered that libssh incorrectly handled the ProxyCommand and the
ProxyJump features. A remote attacker could possibly use this issue to
inject malicious code into the command of the features mentioned through
the hostname parameter. (CVE-2023-6004)

It was discovered that libssh incorrectly handled return codes when
performing message digest operations. A remote attacker could possibly use
this issue to cause libssh to crash, obtain sensitive information, or
execute arbitrary code. (CVE-2023-6918)
CVEs:
- https://ubuntu.com/security/CVE-2023-6004
- https://ubuntu.com/security/CVE-2023-6918
- https://ubuntu.com/security/CVE-2023-6918
- https://ubuntu.com/security/CVE-2023-6004

Title: USN-6576-1: Linux kernel (OEM) vulnerability
URL: https://ubuntu.com/security/notices/USN-6576-1
Priorities: medium
Description:
Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle an expired catchall element in some situations, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2023-6111

Title: USN-6587-1: X.Org X Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6587-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)

Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)

Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
CVEs:
- https://ubuntu.com/security/CVE-2023-6816
- https://ubuntu.com/security/CVE-2024-0229
- https://ubuntu.com/security/CVE-2024-0408
- https://ubuntu.com/security/CVE-2024-0409
- https://ubuntu.com/security/CVE-2024-21885
- https://ubuntu.com/security/CVE-2024-21886
- https://ubuntu.com/security/CVE-2024-21886
- https://ubuntu.com/security/CVE-2024-21885
- https://ubuntu.com/security/CVE-2024-0408
- https://ubuntu.com/security/CVE-2024-0409
- https://ubuntu.com/security/CVE-2023-6816
- https://ubuntu.com/security/CVE-2024-0229

Title: USN-6578-1: .NET vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6578-1
Priorities: medium
Description:
Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)

Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)
CVEs:
- https://ubuntu.com/security/CVE-2024-0057
- https://ubuntu.com/security/CVE-2024-21319
- https://ubuntu.com/security/CVE-2024-0057
- https://ubuntu.com/security/CVE-2024-21319

Title: USN-6588-1: PAM vulnerability
URL: https://ubuntu.com/security/notices/USN-6588-1
Priorities: medium
Description:
Matthias Gerstner discovered that the PAM pam_namespace module incorrectly
handled special files when performing directory checks. A local attacker
could possibly use this issue to cause PAM to stop responding, resulting in
a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2024-22365

1.340

Available in the Broadcom Support portal

Release Date: January 10, 2024

Metadata:

BOSH Agent Version: 2.616.0

What’s Changed

* Fixed issue where logrotate was not being scheduled properly due to using “OnUnitActiveSec” instead of “OnCalendar.” https://github.com/cloudfoundry/bosh-linux-stemcell-builder/pull/308

USNs:

Title: USN-6233-2: YAJL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6233-2
Priorities: low,medium
Description:
USN-6233-1 fixed vulnerabilities in YAJL. This update provides the
corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
23.04.

Original advisory details:

It was discovered that YAJL was not properly performing bounds checks when
decoding a string with escape sequences. If a user or automated system
using YAJL were tricked into processing specially crafted input, an
attacker could possibly use this issue to cause a denial of service
(application abort). (CVE-2017-16516)

It was discovered that YAJL was not properly handling memory allocation
when dealing with large inputs, which could lead to heap memory
corruption. If a user or automated system using YAJL were tricked into
running a specially crafted large input, an attacker could possibly use
this issue to cause a denial of service. (CVE-2022-24795)

It was discovered that memory leaks existed in one of the YAJL parsing
functions. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2023-33460)
CVEs:
- https://ubuntu.com/security/CVE-2017-16516
- https://ubuntu.com/security/CVE-2022-24795
- https://ubuntu.com/security/CVE-2023-33460
- https://ubuntu.com/security/CVE-2023-33460
- https://ubuntu.com/security/CVE-2017-16516
- https://ubuntu.com/security/CVE-2022-24795

Title: USN-6558-1: audiofile vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6558-1
Priorities: low,medium
Description:
It was discovered that audiofile could be made to dereference invalid
memory. If a user or an automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2018-13440)

It was discovered that audiofile could be made to write out of bounds. If a
user or an automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2018-17095)

It was discovered that audiofile could be made to dereference invalid
memory. If a user or an automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. (CVE-2019-13147)

It was discovered that audiofile could be made to leak memory. If a user or
an automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to obtain sensitive information.
(CVE-2022-24599)
CVEs:
- https://ubuntu.com/security/CVE-2018-13440
- https://ubuntu.com/security/CVE-2018-17095
- https://ubuntu.com/security/CVE-2019-13147
- https://ubuntu.com/security/CVE-2022-24599
- https://ubuntu.com/security/CVE-2018-17095
- https://ubuntu.com/security/CVE-2019-13147
- https://ubuntu.com/security/CVE-2018-13440
- https://ubuntu.com/security/CVE-2022-24599

Title: USN-6567-1: QEMU vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6567-1
Priorities: low,medium
Description:
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)

It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)

It was discovered that QEMU incorrectly handled the Intel HD audio device.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2021-3611)

It was discovered that QEMU incorrectly handled the ATI VGA device. A
malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-3638)

It was discovered that QEMU incorrectly handled the VMWare paravirtual RDMA
device. A malicious guest attacker could use this issue to cause QEMU to
crash, leading to a denial of service. (CVE-2023-1544)

It was discovered that QEMU incorrectly handled the 9p passthrough
filesystem. A malicious guest attacker could possibly use this issue to
open special files and escape the exported 9p tree. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-2861)

It was discovered that QEMU incorrectly handled the virtual crypto device.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-3180)

It was discovered that QEMU incorrectly handled the built-in VNC server.
A remote authenticated attacker could possibly use this issue to cause QEMU
to stop responding, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3255)

It was discovered that QEMU incorrectly handled net device hot-unplugging.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 23.04. (CVE-2023-3301)

It was discovered that QEMU incorrectly handled the built-in VNC server.
A remote attacker could possibly use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-3354)

It was discovered that QEMU incorrectly handled NVME devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-40360)

It was discovered that QEMU incorrectly handled NVME devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 23.10. (CVE-2023-4135)

It was discovered that QEMU incorrectly handled SCSI devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
(CVE-2023-42467)

It was discovered that QEMU incorrectly handled certain disk offsets. A
malicious guest attacker could possibly use this issue to gain control of
the host in certain nested virtualization scenarios. (CVE-2023-5088)
CVEs:
- https://ubuntu.com/security/CVE-2020-14394
- https://ubuntu.com/security/CVE-2020-24165
- https://ubuntu.com/security/CVE-2021-3611
- https://ubuntu.com/security/CVE-2021-3638
- https://ubuntu.com/security/CVE-2023-1544
- https://ubuntu.com/security/CVE-2023-2861
- https://ubuntu.com/security/CVE-2023-3180
- https://ubuntu.com/security/CVE-2023-3255
- https://ubuntu.com/security/CVE-2023-3301
- https://ubuntu.com/security/CVE-2023-3354
- https://ubuntu.com/security/CVE-2023-40360
- https://ubuntu.com/security/CVE-2023-4135
- https://ubuntu.com/security/CVE-2023-42467
- https://ubuntu.com/security/CVE-2023-5088
- https://ubuntu.com/security/CVE-2023-1544
- https://ubuntu.com/security/CVE-2023-3354
- https://ubuntu.com/security/CVE-2023-3301
- https://ubuntu.com/security/CVE-2023-5088
- https://ubuntu.com/security/CVE-2020-24165
- https://ubuntu.com/security/CVE-2021-3638
- https://ubuntu.com/security/CVE-2023-4135
- https://ubuntu.com/security/CVE-2023-3180
- https://ubuntu.com/security/CVE-2023-2861
- https://ubuntu.com/security/CVE-2021-3611
- https://ubuntu.com/security/CVE-2023-3255
- https://ubuntu.com/security/CVE-2023-42467
- https://ubuntu.com/security/CVE-2020-14394
- https://ubuntu.com/security/CVE-2023-40360

Title: USN-6565-1: OpenSSH vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6565-1
Priorities: low,medium
Description:
It was discovered that OpenSSH incorrectly handled supplemental groups when
running helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand as a different user. An attacker could possibly
use this issue to escalate privileges. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-41617)

It was discovered that OpenSSH incorrectly added destination constraints
when PKCS#11 token keys were added to ssh-agent, contrary to expectations.
This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-51384)

It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. (CVE-2023-51385)
CVEs:
- https://ubuntu.com/security/CVE-2021-41617
- https://ubuntu.com/security/CVE-2023-51384
- https://ubuntu.com/security/CVE-2023-51385
- https://ubuntu.com/security/CVE-2021-41617
- https://ubuntu.com/security/CVE-2023-51384
- https://ubuntu.com/security/CVE-2023-51385

Title: USN-6557-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6557-1
Priorities: low,medium
Description:
It was discovered that Vim could be made to dereference invalid memory. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1725)

It was discovered that Vim could be made to recurse infinitely. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)

It was discovered that Vim could be made to write out of bounds with a put
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-1886)

It was discovered that Vim could be made to write out of bounds. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,
CVE-2022-2000)

It was discovered that Vim did not properly manage memory in the spell
command. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-2042)

It was discovered that Vim did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2023-46246, CVE-2023-48231)

It was discovered that Vim could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)

It was discovered that Vim contained multiple arithmetic overflows. An
attacker could possibly use these issues to cause a denial of service.
(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,
CVE-2023-48237)

It was discovered that Vim did not properly manage memory in the
substitute command. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)
CVEs:
- https://ubuntu.com/security/CVE-2022-1725
- https://ubuntu.com/security/CVE-2022-1771
- https://ubuntu.com/security/CVE-2022-1886
- https://ubuntu.com/security/CVE-2022-1897
- https://ubuntu.com/security/CVE-2022-2000
- https://ubuntu.com/security/CVE-2022-2042
- https://ubuntu.com/security/CVE-2023-46246
- https://ubuntu.com/security/CVE-2023-48231
- https://ubuntu.com/security/CVE-2023-48232
- https://ubuntu.com/security/CVE-2023-48233
- https://ubuntu.com/security/CVE-2023-48234
- https://ubuntu.com/security/CVE-2023-48235
- https://ubuntu.com/security/CVE-2023-48236
- https://ubuntu.com/security/CVE-2023-48237
- https://ubuntu.com/security/CVE-2023-48706
- https://ubuntu.com/security/CVE-2023-48706
- https://ubuntu.com/security/CVE-2023-48234
- https://ubuntu.com/security/CVE-2023-48231
- https://ubuntu.com/security/CVE-2023-46246
- https://ubuntu.com/security/CVE-2023-48235
- https://ubuntu.com/security/CVE-2022-1725
- https://ubuntu.com/security/CVE-2023-48232
- https://ubuntu.com/security/CVE-2022-2042
- https://ubuntu.com/security/CVE-2022-2000
- https://ubuntu.com/security/CVE-2022-1886
- https://ubuntu.com/security/CVE-2023-48233
- https://ubuntu.com/security/CVE-2023-48236
- https://ubuntu.com/security/CVE-2022-1771
- https://ubuntu.com/security/CVE-2022-1897
- https://ubuntu.com/security/CVE-2023-48237

Title: USN-6564-1: Node.js vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6564-1
Priorities: medium,high
Description:
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-4304)

CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-4450)

Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-0215)

David Benjamin discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2023-0286)

Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-0401)
CVEs:
- https://ubuntu.com/security/CVE-2022-4304
- https://ubuntu.com/security/CVE-2022-4450
- https://ubuntu.com/security/CVE-2023-0215
- https://ubuntu.com/security/CVE-2023-0286
- https://ubuntu.com/security/CVE-2023-0401
- https://ubuntu.com/security/CVE-2022-4450
- https://ubuntu.com/security/CVE-2022-4304
- https://ubuntu.com/security/CVE-2023-0286
- https://ubuntu.com/security/CVE-2023-0401
- https://ubuntu.com/security/CVE-2023-0215

Title: USN-6556-1: Budgie Extras vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6556-1
Priorities: medium
Description:
It was discovered that Budgie Extras incorrectly handled certain temporary file paths.
An attacker could possibly use this issue to inject false information or deny
access to the application. (CVE-2023-49342, CVE-2023-49343, CVE-2023-49347)

Matthias Gerstner discovered that Budgie Extras incorrectly handled certain
temporary file paths. A local attacker could use this to inject arbitrary PNG
data in this path and have it displayed on the victim’s desktop or deny access
to the application. (CVE-2023-49344)

Matthias Gerstner discovered that Budgie Extras incorrectly handled certain
temporary file paths. A local attacker could use this to inject false information
or deny access to the application. (CVE-2023-49345, CVE-2023-49346)
CVEs:
- https://ubuntu.com/security/CVE-2023-49342
- https://ubuntu.com/security/CVE-2023-49343
- https://ubuntu.com/security/CVE-2023-49347
- https://ubuntu.com/security/CVE-2023-49344
- https://ubuntu.com/security/CVE-2023-49345
- https://ubuntu.com/security/CVE-2023-49346
- https://ubuntu.com/security/CVE-2023-49346
- https://ubuntu.com/security/CVE-2023-49343
- https://ubuntu.com/security/CVE-2023-49344
- https://ubuntu.com/security/CVE-2023-49347
- https://ubuntu.com/security/CVE-2023-49345
- https://ubuntu.com/security/CVE-2023-49342

Title: USN-6563-1: Thunderbird vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6563-1
Priorities: medium
Description:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.(CVE-2023-6857, CVE-2023-6858,
CVE-2023-6859, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864)

Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME
payload that contains digitally signed text. An attacker could potentially
exploit this issue to spoof an email message. (CVE-2023-50762)

Marcus Brinkmann discovered that Thunderbird did not properly compare the
signature creation date with the message date and time when using digitally
signed S/MIME email message. An attacker could potentially exploit this
issue to spoof date and time of an email message. (CVE-2023-50761)

DoHyun Lee discovered that Thunderbird did not properly manage memory when
used on systems with the Mesa VM driver. An attacker could potentially
exploit this issue to execute arbitrary code. (CVE-2023-6856)

Andrew Osmond discovered that Thunderbird did not properly validate the
textures produced by remote decoders. An attacker could potentially exploit
this issue to escape the sandbox. (CVE-2023-6860)
CVEs:
- https://ubuntu.com/security/CVE-2023-6857
- https://ubuntu.com/security/CVE-2023-6858
- https://ubuntu.com/security/CVE-2023-6859
- https://ubuntu.com/security/CVE-2023-6861
- https://ubuntu.com/security/CVE-2023-6862
- https://ubuntu.com/security/CVE-2023-6863
- https://ubuntu.com/security/CVE-2023-6864
- https://ubuntu.com/security/CVE-2023-50762
- https://ubuntu.com/security/CVE-2023-50761
- https://ubuntu.com/security/CVE-2023-6856
- https://ubuntu.com/security/CVE-2023-6860
- https://ubuntu.com/security/CVE-2023-6859
- https://ubuntu.com/security/CVE-2023-6860
- https://ubuntu.com/security/CVE-2023-6863
- https://ubuntu.com/security/CVE-2023-6858
- https://ubuntu.com/security/CVE-2023-6864
- https://ubuntu.com/security/CVE-2023-6856
- https://ubuntu.com/security/CVE-2023-6857
- https://ubuntu.com/security/CVE-2023-50762
- https://ubuntu.com/security/CVE-2023-6861
- https://ubuntu.com/security/CVE-2023-6862
- https://ubuntu.com/security/CVE-2023-50761

1.329

Available in the Broadcom Support portal

Release Date: December 21, 2023

Metadata:

BOSH Agent Version: 2.612.0

Updates

bumped azure cli to solve server timeouts 14

BOSH Agent Version: 2.572.0

Notice

update the azure blobstore

USNs:

Title: USN-6295-1: Podman vulnerability
URL: https://ubuntu.com/security/notices/USN-6295-1
Priorities: medium
Description:
It was discovered that Podman incorrectly handled certain supplementary groups.
An attacker could possibly use this issue to expose sensitive information
or execute binary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-2989

Title: USN-6286-1: Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6286-1
Priorities: medium
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear
microarchitectural state after speculative execution of various instructions. A
local unprivileged user could use this to obtain to sensitive
information. (CVE-2022-40982)

It was discovered that some Intel(R) Xeon(R) Processors did not properly
restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged
user could use this to further escalate their privileges. (CVE-2022-41804)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors
did not properly restrict access in some situations. A local privileged attacker
could use this to obtain sensitive information. (CVE-2023-23908)
CVEs:
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2022-41804
- https://ubuntu.com/security/CVE-2023-23908
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2023-23908
- https://ubuntu.com/security/CVE-2022-41804

Title: USN-6290-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6290-1
Priorities: medium,low
Description:
It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-48281)

It was discovered that LibTIFF incorrectly handled certain image files. If
a user were tricked into opening a specially crafted image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 23.04. (CVE-2023-2731)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-2908)

It was discovered that LibTIFF incorrectly handled certain file paths. If
a user were tricked into specifying certain output paths, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2023-3618)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966)

It was discovered that LibTIFF did not properly managed memory when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-26965)

It was discovered that LibTIFF contained an arithmetic overflow. If a user
were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-38288, CVE-2023-38289)
CVEs:
- https://ubuntu.com/security/CVE-2022-48281
- https://ubuntu.com/security/CVE-2023-2731
- https://ubuntu.com/security/CVE-2023-2908
- https://ubuntu.com/security/CVE-2023-3316
- https://ubuntu.com/security/CVE-2023-3618
- https://ubuntu.com/security/CVE-2023-25433
- https://ubuntu.com/security/CVE-2023-26966
- https://ubuntu.com/security/CVE-2023-26965
- https://ubuntu.com/security/CVE-2023-38288
- https://ubuntu.com/security/CVE-2023-38289
- https://ubuntu.com/security/CVE-2022-48281
- https://ubuntu.com/security/CVE-2023-2908
- https://ubuntu.com/security/CVE-2023-3316
- https://ubuntu.com/security/CVE-2023-3618
- https://ubuntu.com/security/CVE-2023-38288
- https://ubuntu.com/security/CVE-2023-25433
- https://ubuntu.com/security/CVE-2023-38289
- https://ubuntu.com/security/CVE-2023-2731
- https://ubuntu.com/security/CVE-2023-26966
- https://ubuntu.com/security/CVE-2023-26965

Title: USN-6293-1: OpenStack Heat vulnerability
URL: https://ubuntu.com/security/notices/USN-6293-1
Priorities: medium
Description:
It was discovered that OpenStack Heat incorrectly handled certain hidden
parameter values. A remote authenticated user could possibly use this issue
to obtain sensitive data.
CVEs:
- https://ubuntu.com/security/CVE-2023-1625

Title: USN-6288-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6288-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.34 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-34.html
https://www.oracle.com/security-alerts/cpujul2023.html
CVEs:
- https://ubuntu.com/security/CVE-2023-22038
- https://ubuntu.com/security/CVE-2023-22005
- https://ubuntu.com/security/CVE-2023-22056
- https://ubuntu.com/security/CVE-2023-22046
- https://ubuntu.com/security/CVE-2023-22008
- https://ubuntu.com/security/CVE-2023-22054
- https://ubuntu.com/security/CVE-2023-22053
- https://ubuntu.com/security/CVE-2023-22058
- https://ubuntu.com/security/CVE-2023-22033
- https://ubuntu.com/security/CVE-2023-22057
- https://ubuntu.com/security/CVE-2023-22048

Title: USN-6289-1: WebKitGTK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6289-1
Priorities: medium
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
CVEs:
- https://ubuntu.com/security/CVE-2023-38572
- https://ubuntu.com/security/CVE-2023-38600
- https://ubuntu.com/security/CVE-2023-38592
- https://ubuntu.com/security/CVE-2023-38611
- https://ubuntu.com/security/CVE-2023-38599
- https://ubuntu.com/security/CVE-2023-38133
- https://ubuntu.com/security/CVE-2023-38594
- https://ubuntu.com/security/CVE-2023-38595
- https://ubuntu.com/security/CVE-2023-38597

Title: USN-6294-1: HAProxy vulnerability
URL: https://ubuntu.com/security/notices/USN-6294-1
Priorities: medium
Description:
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
CVEs:
- https://ubuntu.com/security/CVE-2023-40225

1.199

Available in the Broadcom Support portal

Release Date: August 14, 2023

Metadata:

BOSH Agent Version: 2.568.0

Important Notice.

the kernel has been updated to 6.2 see #296
added support for the azure blob storage #295

Available in the Broadcom Support portal

Release Date: November 29, 2022

Metadata:

BOSH Agent Version: 2.479.0

PR’s
- fix rsyslog crash in case of connection abort .#255 by @h0nIg
-

Available in the Broadcom Support portal

Release Date: January 30, 2024

Fixes

The bosh-agent no longer blocks when running an asynchronous action and receiving a second asynchronous action. It will not run multiple actions in parallel, but it will not block so get_task actions are able to be processed.

Metadata:

BOSH Agent Version: 2.268.170

621.584

Available in the Broadcom Support portal

Release Date: June 26, 2023

Metadata:

BOSH Agent Version: 2.268.145

Preserve extended attributes when migrating disk data

Available in the Broadcom Support portal

Release Date: October 25, 2022

Known issues

Xenial Stemcell Versions 621.241 through 621.305 contain a Linux kernel slab memory leak.

Not all workloads and configurations are affected, but anyone planning to upgrade to one of these stemcell versions are urged to not use the affected versions and to use stemcell version 621.330 or later.

For more information about how to detect the issue, please see this Knowledge Base article: https://community.pivotal.io/s/article/Slab-memory-leak-Ubuntu-Xenial

NOTE: This issue has been resolved in Stemcell version 621.330.

Metadata:

BOSH Agent Version: 2.268.98

USNs:

Title: USN-5695-1: Linux kernel (GCP) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5695-1
Priorities: medium
Description:
It was discovered that the SUNRPC RDMA protocol implementation in the Linux
kernel did not properly calculate the header size of a RPC message payload.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0812)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)
CVEs:
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365

621.304

Available in the Broadcom Support portal

Release Date: October 25, 2022

Known Issues:

This stemcell was removed from AWS regions and cannot be recovered making it unavailable to AWS light stemcell users. AWS light stemcell users should instead use the AWS heavy stemcell or v621.305.
Xenial Stemcell Versions 621.241 through 621.305 contain a Linux kernel slab memory leak.

Not all workloads and configurations are affected, but anyone planning to upgrade to one of these stemcell versions are urged to not use the affected versions and to use stemcell version 621.330 or later.

For more information about how to detect the issue, please see this Knowledge Base article: https://community.pivotal.io/s/article/Slab-memory-leak-Ubuntu-Xenial

NOTE: The kernel slab memory leak issue has been resolved in Stemcell version 621.330.

Metadata:

BOSH Agent Version: 2.268.98

USNs:

Title: USN-5690-1: libXdmcp vulnerability
URL: https://ubuntu.com/security/notices/USN-5690-1
Priorities: low
Description:
It was discovered that libXdmcp was generating weak session keys.
A local attacker could possibly use this issue to perform a brute
force attack and obtain another user’s key.
CVEs:
- https://ubuntu.com/security/CVE-2017-2625

Title: USN-5665-1: PCRE vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5665-1
Priorities: low
Description:
It was discovered that PCRE incorrectly handled certain regular expressions.
A remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-6004)

It was discovered that PCRE incorrectly handled certain Unicode encoding. A
remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-7186)
CVEs:
- https://ubuntu.com/security/CVE-2017-6004
- https://ubuntu.com/security/CVE-2017-7186
- https://ubuntu.com/security/CVE-2017-7186
- https://ubuntu.com/security/CVE-2017-6004

Title: USN-5675-1: Heimdal vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5675-1
Priorities: medium,low
Description:
Isaac Boukris and Andrew Bartlett discovered that Heimdal’s KDC was
not properly performing checksum algorithm verifications in the
S4U2Self extension module. An attacker could possibly use this issue
to perform a machine-in-the-middle attack and request S4U2Self
tickets for any user known by the application. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
(CVE-2018-16860)

It was discovered that Heimdal was not properly handling the
verification of key exchanges when an anonymous PKINIT was being
used. An attacker could possibly use this issue to perform a
machine-in-the-middle attack and expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2019-12098)

Joseph Sutton discovered that Heimdal was not properly handling
memory management operations when dealing with TGS-REQ tickets that
were missing information. An attacker could possibly use this issue
to cause a denial of service. (CVE-2021-3671)

Michał Kępień discovered that Heimdal was not properly handling
logical conditions that related to memory management operations. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-3116)
CVEs:
- https://ubuntu.com/security/CVE-2018-16860
- https://ubuntu.com/security/CVE-2019-12098
- https://ubuntu.com/security/CVE-2021-3671
- https://ubuntu.com/security/CVE-2022-3116
- https://ubuntu.com/security/CVE-2018-16860
- https://ubuntu.com/security/CVE-2022-3116
- https://ubuntu.com/security/CVE-2019-12098
- https://ubuntu.com/security/CVE-2021-3671

Title: USN-5657-1: Graphite2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5657-1
Priorities: low
Description:
It was discovered that Graphite2 mishandled specially crafted files. An
attacker could possibly use this issue to cause a denial of service or
other unspecified impact.
CVEs:
- https://ubuntu.com/security/CVE-2018-7999

Title: USN-5656-1: JACK vulnerability
URL: https://ubuntu.com/security/notices/USN-5656-1
Priorities: low
Description:
Joseph Yasi discovered that JACK incorrectly handled the closing of a socket
in certain conditions. An attacker could potentially use this issue to
cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2019-13351

Title: USN-5671-1: AdvanceCOMP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5671-1
Priorities: low
Description:
It was discovered that AdvanceCOMP did not properly manage memory of function
be_uint32_read() under certain circumstances. If a user were tricked into
opening a specially crafted binary file, a remote attacker could possibly use
this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8379)

It was discovered that AdvanceCOMP did not properly manage memory of function
adv_png_unfilter_8() under certain circumstances. If a user were tricked into
opening a specially crafted PNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8383)
CVEs:
- https://ubuntu.com/security/CVE-2019-8379
- https://ubuntu.com/security/CVE-2019-8383
- https://ubuntu.com/security/CVE-2019-8379
- https://ubuntu.com/security/CVE-2019-8383

Title: USN-5371-3: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-5371-3
Priorities: medium,low
Description:
USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx.
This update provides the corresponding update for CVE-2020-11724
for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)

It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)

It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
CVEs:
- https://ubuntu.com/security/CVE-2020-11724
- https://ubuntu.com/security/CVE-2020-11724
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-11724

Title: USN-5689-1: Perl vulnerability
URL: https://ubuntu.com/security/notices/USN-5689-1
Priorities: medium
Description:
It was discovered that Perl incorrectly handled certain signature verification.
An remote attacker could possibly use this issue to bypass signature verification.
CVEs:
- https://ubuntu.com/security/CVE-2020-16156

Title: USN-5650-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5650-1
Priorities: medium,low
Description:
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-33656)

Christian Brauner discovered that the XFS file system implementation in the
Linux kernel did not properly handle setgid file creation. A local attacker
could use this to gain elevated privileges. (CVE-2021-4037)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize memory in some situations. A privileged
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0850)

Duoming Zhou discovered that the AX.25 amateur radio protocol
implementation in the Linux kernel did not handle detach events properly in
some situations. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-1199)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel during device detach operations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-1204)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

It was discovered that the Packet network protocol implementation in the
Linux kernel contained an out-of-bounds access. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-20368)

It was discovered that the Open vSwitch implementation in the Linux kernel
contained an out of bounds write vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-2639)

Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the
Linux kernel contained multiple out-of-bounds vulnerabilities. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-2964)

Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)

It was discovered that the Journaled File System (JFS) in the Linux kernel
contained a null pointer dereference in some situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2022-3202)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
CVEs:
- https://ubuntu.com/security/CVE-2021-33655
- https://ubuntu.com/security/CVE-2021-33656
- https://ubuntu.com/security/CVE-2021-4037
- https://ubuntu.com/security/CVE-2022-0850
- https://ubuntu.com/security/CVE-2022-1199
- https://ubuntu.com/security/CVE-2022-1204
- https://ubuntu.com/security/CVE-2022-1729
- https://ubuntu.com/security/CVE-2022-20368
- https://ubuntu.com/security/CVE-2022-2639
- https://ubuntu.com/security/CVE-2022-2964
- https://ubuntu.com/security/CVE-2022-2978
- https://ubuntu.com/security/CVE-2022-3028
- https://ubuntu.com/security/CVE-2022-3202
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2021-4037
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2021-33655
- https://ubuntu.com/security/CVE-2022-0850
- https://ubuntu.com/security/CVE-2022-1204
- https://ubuntu.com/security/CVE-2022-1199
- https://ubuntu.com/security/CVE-2021-33656
- https://ubuntu.com/security/CVE-2022-20368
- https://ubuntu.com/security/CVE-2022-2964
- https://ubuntu.com/security/CVE-2022-3202
- https://ubuntu.com/security/CVE-2022-2978
- https://ubuntu.com/security/CVE-2022-3028
- https://ubuntu.com/security/CVE-2022-1729
- https://ubuntu.com/security/CVE-2022-2639

Title: USN-5652-1: Linux kernel (Azure) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5652-1
Priorities: medium
Description:
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
CVEs:
- https://ubuntu.com/security/CVE-2021-33655
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2021-33655

Title: USN-5614-2: Wayland vulnerability
URL: https://ubuntu.com/security/notices/USN-5614-2
Priorities: medium
Description:
USN-5614-1 fixed a vulnerability in Wayland. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Wayland incorrectly handled reference counting
certain objects. An attacker could use this issue to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://ubuntu.com/security/CVE-2021-3782

Title: USN-5666-1: OpenSSH vulnerability
URL: https://ubuntu.com/security/notices/USN-5666-1
Priorities: low
Description:
It was discovered that OpenSSH incorrectly handled certain helper programs.
An attacker could possibly use this issue to arbitrary code execution.
CVEs:
- https://ubuntu.com/security/CVE-2021-41617

Title: USN-5673-1: unzip vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5673-1
Priorities: low,medium
Description:
It was discovered that unzip did not properly handle unicode strings under
certain circumstances. If a user were tricked into opening a specially crafted
zip file, an attacker could possibly use this issue to cause unzip to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-4217)

It was discovered that unzip did not properly perform bounds checking while
converting wide strings to local strings. If a user were tricked into opening a
specially crafted zip file, an attacker could possibly use this issue to cause
unzip to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0529, CVE-2022-0530)
CVEs:
- https://ubuntu.com/security/CVE-2021-4217
- https://ubuntu.com/security/CVE-2022-0529
- https://ubuntu.com/security/CVE-2022-0530
- https://ubuntu.com/security/CVE-2022-0529
- https://ubuntu.com/security/CVE-2021-4217
- https://ubuntu.com/security/CVE-2022-0530

Title: USN-5669-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5669-2
Priorities: medium
Description:
It was discovered that the SUNRPC RDMA protocol implementation in the Linux
kernel did not properly calculate the header size of a RPC message payload.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0812)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)
CVEs:
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-0812

Title: USN-5679-1: Linux kernel (HWE) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5679-1
Priorities: medium
Description:
It was discovered that the SUNRPC RDMA protocol implementation in the Linux
kernel did not properly calculate the header size of a RPC message payload.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0812)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)
CVEs:
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-33742

Title: USN-5684-1: Linux kernel (Azure) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5684-1
Priorities: medium
Description:
It was discovered that the SUNRPC RDMA protocol implementation in the Linux
kernel did not properly calculate the header size of a RPC message payload.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0812)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)
CVEs:
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-33741
- https://ubuntu.com/security/CVE-2022-32296
- https://ubuntu.com/security/CVE-2022-1012
- https://ubuntu.com/security/CVE-2022-33740
- https://ubuntu.com/security/CVE-2022-33744
- https://ubuntu.com/security/CVE-2022-33742
- https://ubuntu.com/security/CVE-2022-0812
- https://ubuntu.com/security/CVE-2022-2318
- https://ubuntu.com/security/CVE-2022-26365

Title: USN-5676-1: PostgreSQL vulnerability
URL: https://ubuntu.com/security/notices/USN-5676-1
Priorities: medium
Description:
Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.
CVEs:
- https://ubuntu.com/security/CVE-2022-1552

Title: USN-5688-1: Libksba vulnerability
URL: https://ubuntu.com/security/notices/USN-5688-1
Priorities: high
Description:
It was discovered that an integer overflow could be triggered in Libksba
when decoding certain data. An attacker could use this issue to cause a
denial of service (application crash) or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-3515

Title: USN-5651-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5651-2
Priorities: medium
Description:
USN-5651-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and
and CRL distribution points (CDP) in certificates. A remote attacker could
possibly use this issue to initiate IKE_SAs and send crafted certificates
that contain URIs pointing to servers under their control, which can lead
to a denial-of-service attack.
CVEs:
- https://ubuntu.com/security/CVE-2022-40617

Full Changelog: https://github.com/pivotal-cf/bosh-linux-stemcell-builder-lts/compare/ubuntu-trusty/v3586.153…ubuntu-xenial/v621.304

621.296

Available in the Broadcom Support portal

Release Date: October 04, 2022

Known issues

Metadata:

BOSH Agent Version: 2.268.95

USNs:

Title: USN-5593-1: Zstandard vulnerability
URL: https://ubuntu.com/security/notices/USN-5593-1
Priorities: medium
Description:
It was discovered that Zstandard incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2019-11922

Title: USN-5637-1: libvpx vulnerability
URL: https://ubuntu.com/security/notices/USN-5637-1
Priorities: low
Description:
It was discovered that libvpx incorrectly handled certain WebM media
files. A remote attacker could use this issue to crash an application
using libvpx under certain conditions, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-0034

Title: USN-5619-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5619-1
Priorities: negligible,medium,low
Description:
It was discovered that LibTIFF was not properly performing the calculation
of data that would eventually be used as a reference for bound-checking
operations. An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-19131)

It was discovered that LibTIFF was not properly terminating a function
execution when processing incorrect data. An attacker could possibly use
this issue to cause a denial of service or to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144)

It was discovered that LibTIFF did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted TIFF
file using tiffinfo tool, an attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1354)

It was discovered that LibTIFF did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted TIFF
file using tiffcp tool, an attacker could possibly use this issue to
cause a denial of service. (CVE-2022-1355)

It was discovered that LibTIFF was not properly performing checks to avoid
division calculations where the denominator value was zero, which could
lead to an undefined behaviour situation via a specially crafted file. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
CVEs:
- https://ubuntu.com/security/CVE-2020-19131
- https://ubuntu.com/security/CVE-2020-19144
- https://ubuntu.com/security/CVE-2022-1354
- https://ubuntu.com/security/CVE-2022-1355
- https://ubuntu.com/security/CVE-2022-2056
- https://ubuntu.com/security/CVE-2022-2057
- https://ubuntu.com/security/CVE-2022-2058
- https://ubuntu.com/security/CVE-2020-19144
- https://ubuntu.com/security/CVE-2022-1354
- https://ubuntu.com/security/CVE-2022-2056
- https://ubuntu.com/security/CVE-2022-2058
- https://ubuntu.com/security/CVE-2022-2057
- https://ubuntu.com/security/CVE-2020-19131
- https://ubuntu.com/security/CVE-2022-1355

Title: USN-5618-1: Ghostscript vulnerability
URL: https://ubuntu.com/security/notices/USN-5618-1
Priorities: medium
Description:
It was discovered the Ghostscript incorrectly handled memory when
processing certain inputs. By tricking a user into opening a specially
crafted PDF file, an attacker could cause the program to crash.
CVEs:
- https://ubuntu.com/security/CVE-2020-27792

Title: USN-5615-2: SQLite vulnerability
URL: https://ubuntu.com/security/notices/USN-5615-2
Priorities: medium
Description:
USN-5615-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that SQLite incorrectly handled INTERSEC query
processing. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2020-35525
- https://ubuntu.com/security/CVE-2020-35525

Title: USN-5645-1: PostgreSQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5645-1
Priorities: medium
Description:
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established. (CVE-2021-23214)

Tom Lane discovered that PostgreSQL incorrect handled certain array
subscripting calculations. An authenticated attacker could possibly use
this issue to overwrite server memory and escalate privileges.
(CVE-2021-32027)
CVEs:
- https://ubuntu.com/security/CVE-2021-23214
- https://ubuntu.com/security/CVE-2021-32027
- https://ubuntu.com/security/CVE-2021-23214
- https://ubuntu.com/security/CVE-2021-32027

Title: USN-5629-1: Python vulnerability
URL: https://ubuntu.com/security/notices/USN-5629-1
Priorities: low
Description:
It was discovered that the Python http.server module incorrectly handled
certain URIs. An attacker could potentially use this to redirect web traffic.
CVEs:
- https://ubuntu.com/security/CVE-2021-28861

Title: USN-5621-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5621-1
Priorities: medium
Description:
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
CVEs:
- https://ubuntu.com/security/CVE-2021-33655
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2022-36946
- https://ubuntu.com/security/CVE-2021-33655

Title: USN-5597-1: Linux kernel (Oracle) vulnerability
URL: https://ubuntu.com/security/notices/USN-5597-1
Priorities: medium
Description:
It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-33656

Title: USN-4976-2: Dnsmasq vulnerability
URL: https://ubuntu.com/security/notices/USN-4976-2
Priorities: low
Description:
USN-4976-1 fixed a vulnerability in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Dnsmasq has been updated to 2.79-1 for Ubuntu 16.04 ESM in order to fix
some security issues.

Original advisory details:

Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in
certain configurations. A remote attacker could possibly use this issue to
facilitate DNS cache poisoning attacks.
CVEs:
- https://ubuntu.com/security/CVE-2021-3448

Title: USN-5626-2: Bind vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5626-2
Priorities: medium
Description:
USN-5626-1 fixed several vulnerabilities in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind
incorrectly handled large delegations. A remote attacker could possibly use
this issue to reduce performance, leading to a denial of service.
(CVE-2022-2795)

It was discovered that Bind incorrectly handled memory when processing
ECDSA DNSSEC verification. A remote attacker could use this issue to
consume resources, leading to a denial of service. (CVE-2022-38177)
CVEs:
- https://ubuntu.com/security/CVE-2022-2795
- https://ubuntu.com/security/CVE-2022-38177
- https://ubuntu.com/security/CVE-2022-38177
- https://ubuntu.com/security/CVE-2022-2795

Title: USN-5636-1: SoS vulnerability
URL: https://ubuntu.com/security/notices/USN-5636-1
Priorities: medium
Description:
It was discovered that SoS incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2022-2806

Title: USN-5604-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5604-1
Priorities: low
Description:
It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-2867, CVE-2022-2869)

It was discovered that LibTIFF incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-2868)
CVEs:
- https://ubuntu.com/security/CVE-2022-2867
- https://ubuntu.com/security/CVE-2022-2869
- https://ubuntu.com/security/CVE-2022-2868
- https://ubuntu.com/security/CVE-2022-2869
- https://ubuntu.com/security/CVE-2022-2868
- https://ubuntu.com/security/CVE-2022-2867

Title: USN-5606-1: poppler vulnerability
URL: https://ubuntu.com/security/notices/USN-5606-1
Priorities: medium
Description:
It was discovered that poppler incorrectly handled certain
PDF. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-38784

Title: USN-5638-1: Expat vulnerability
URL: https://ubuntu.com/security/notices/USN-5638-1
Priorities: medium
Description:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-40674

621.280

Available in the Broadcom Support portal

Release Date: September 06, 2022

Known issues

Fixes

There is an existing kernel bug in Xenial that can prevent the Precision Hardware Clock used in Azure stemcells from correctly tracking the time. To work around this problem we’ve changed the Azure stemcells to once again use the NTP servers in the config provided by BOSH. If your Azure network does not allow output NTP traffic to your configured NTP servers you may need to update your firewall rules to allow this traffic now.

The kernel patches included in 621.224 are now in the main kernel repository and have been included in this release.

Metadata:

BOSH Agent Version: 2.268.72

USNs:

Title: USN-5371-1: nginx vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5371-1
Priorities: medium,low
Description:
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)

It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)

It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
CVEs:
- https://ubuntu.com/security/CVE-2020-11724
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-11724

Title: USN-5373-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5373-2
Priorities: high,medium
Description:
USN-5373-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain certain column
aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A
remote attacker could possibly use this issue to perform an SQL injection
attack. (CVE-2022-28346)

It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. (CVE-2021-32052)
CVEs:
- https://ubuntu.com/security/CVE-2022-28346
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2022-28346

621.224

Available in the Broadcom Support portal

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 621.216. We have tested this patched kernel against the problems seen in 621.216 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.268.65

USNs:

Title: USN-5322-1: Subversion vulnerability
URL: https://ubuntu.com/security/notices/USN-5322-1
Priorities: medium
Description:
Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-17525

Title: USN-5328-2: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-5328-2
Priorities: high
Description:
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-0778

Title: USN-5320-1: Expat vulnerabilities and regression
URL: https://ubuntu.com/security/notices/USN-5320-1
Priorities: high,medium
Description:
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)

Original advisory details:

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
CVEs:
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25313
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25313

Title: USN-5334-1: man-db vulnerability
URL: https://ubuntu.com/security/notices/USN-5334-1
Priorities: low
Description:
It was discovered that man-db incorrectly handled permission changing
operations in its daily cron job, and was therefore affected by a race
condition. An attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2015-1336

Title: USN-5331-1: tcpdump vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5331-1
Priorities: low
Description:
It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)
CVEs:
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037

Title: USN-5325-1: Zsh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5325-1
Priorities: low
Description:
Sam Foxman discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to regain dropped privileges.
(CVE-2019-20044)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-45444)
CVEs:
- https://ubuntu.com/security/CVE-2019-20044
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2019-20044

Title: USN-5329-1: tar vulnerability
URL: https://ubuntu.com/security/notices/USN-5329-1
Priorities: low
Description:
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-20193

Title: USN-5332-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5332-2
Priorities: medium
Description:
USN-5332-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
CVEs:
- https://ubuntu.com/security/CVE-2021-25220
- https://ubuntu.com/security/CVE-2021-25220

Title: USN-5343-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5343-1
Priorities: high,low,medium,negligible
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)

It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)

It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)

It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)

It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-29650
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-29650

Title: USN-5339-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5339-1
Priorities: high,medium,low
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

It was discovered that the ARM Trusted Execution Environment (TEE)
subsystem in the Linux kernel contained a race condition leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service or possibly execute arbitrary code. (CVE-2021-44733)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095

621.216

Release Date: March 09, 2022

Known Iissues

There are currently reported issues with this stemcell and TAS Diego Cells. We have removed this stemcell until we can resolve the issue. If you need access, please contact support.

Metadata:

BOSH Agent Version: 2.268.63

USNs:

Title: USN-5300-1: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5300-1
Priorities: low,medium
Description:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)
CVEs:
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707

Title: USN-5299-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5299-1
Priorities: medium,low
Description:
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)
CVEs:
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-3612

Title: USN-5298-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5298-1
Priorities: medium,low
Description:
It was discovered that the Packet network protocol implementation in the
Linux kernel contained a double-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-22600)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did
not adequately limit the number of events driver domains (unprivileged PV
backends) could send to other guest VMs. An attacker in a driver domain
could use this to cause a denial of service in other guest VMs.
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Jürgen Groß discovered that the Xen network backend driver in the Linux
kernel did not adequately limit the amount of queued packets when a guest
did not process them. An attacker in a guest VM can use this to cause a
denial of service (excessive kernel memory consumption) in the network
backend domain. (CVE-2021-28714, CVE-2021-28715)

Szymon Heidrich discovered that the USB Gadget subsystem in the Linux
kernel did not properly restrict the size of control requests for certain
gadget types, leading to possible out of bounds reads or writes. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-39685)

Jann Horn discovered a race condition in the Unix domain socket
implementation in the Linux kernel that could result in a read-after-free.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-4083)

Kirill Tkhai discovered that the XFS file system implementation in the
Linux kernel did not calculate size correctly when pre-allocating space in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2021-4155)

Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)

Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in
the Linux kernel did not perform a GPU TLB flush in some situations. A
local attacker could use this to cause a denial of service or possibly
execute arbitrary code. (CVE-2022-0330)

It was discovered that the VMware Virtual GPU driver in the Linux kernel
did not properly handle certain failure conditions, leading to a stale
entry in the file descriptor table. A local attacker could use this to
expose sensitive information or possibly gain administrative privileges.
(CVE-2022-22942)
CVEs:
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202

Title: USN-5292-4: snapd regression
URL: https://ubuntu.com/security/notices/USN-5292-4
Priorities: medium,high
Description:
USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731

Title: USN-5310-2: GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5310-2
Priorities: medium,low
Description:
USN-5310-1 fixed several vulnerabilities in GNU. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the GNU C library getcwd function incorrectly
handled buffers. An attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-3999)

It was discovered that the GNU C Library sunrpc module incorrectly handled
buffer lengths. An attacker could possibly use this issue to cause the GNU
C Library to crash, resulting in a denial of service. (CVE-2022-23218,
CVE-2022-23219)
CVEs:
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2022-23219
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23219

Title: USN-5319-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5319-1
Priorities: high
Description:
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2022-0001
- https://ubuntu.com/security/CVE-2022-0002

Title: USN-5301-2: Cyrus SASL vulnerability
URL: https://ubuntu.com/security/notices/USN-5301-2
Priorities: high
Description:
USN-5301-1 fixed a vulnerability in Cyrus. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.
CVEs:
- https://ubuntu.com/security/CVE-2022-24407

621.211

Available in the Broadcom Support portal

BOSH Agent Version: 2.268.51

USNs:

Title: LSN-0083-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0083-1
Priorities: medium,high
Description:
The BPF subsystem in the Linux kernel before 4.17 mishandles
situations with a long jump over an instruction sequence where inner
instructions require substantial expansions into multiple BPF instructions,
leading to an overflow. This affects kernel/bpf/core.c and
net/core/filter.c.(CVE-2018-25020)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.(CVE-2021-3653)

Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.(CVE-2021-4002)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-3653
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-3653

Title: USN-5211-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5211-1
Priorities: high
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.
CVEs:
- https://ubuntu.com/security/CVE-2021-4002

Title: USN-5209-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5209-1
Priorities: high,low,medium
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this cause a denial of
service. (CVE-2021-20317)

It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)

It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)

It was discovered that an integer overflow could be triggered in the eBPF
implementation in the Linux kernel when preallocating objects for stack
maps. A privileged local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2021-41864)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
CVEs:
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-20317

621.192

Available in the Broadcom Support portal

Release Date: December 17, 2021

Enhancements

/var/opt is now mounted to the ephemeral disk rather than the root disk. This is not a recommended storage point for bosh workloads, but some agents deployed on stemcells write their logs to this folder and that could cause the root disk to fill up.

Fixes

This release reverts the NATS firewall enhancement added in 621.183. Changes associated with this feature caused VMs to report a networking failed state and prevented monit firewall rules from being applied. The NATS firewall enhancement will be reintroduced in a future release.

Metadata:

BOSH Agent Version: 2.268.49

USNs:

Title: USN-5202-1: OpenJDK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5202-1
Priorities: medium
Description:
Varnavas Papaioannou discovered that the FTP client implementation in
OpenJDK accepted alternate server IP addresses when connecting with FTP
passive mode. An attacker controlling an FTP server that an application
connects to could possibly use this to expose sensitive information
(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)

Markus Loewe discovered that OpenJDK did not properly handle JAR files
containing multiple manifest files. An attacker could possibly use
this to bypass JAR signature verification. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
21.04. (CVE-2021-2369)

Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly
perform range check elimination in some situations. An attacker could
possibly use this to construct a Java class that could bypass Java
sandbox restrictions. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388)

Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by
default. An attacker could possibly use this to expose sensitive
information. (CVE-2021-35550)

It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35556)

It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35559)

Markus Loewe discovered that the HashMap and HashSet implementations in
OpenJDK did not properly validate load factors during deserialization. An
attacker could use this to cause a denial of service (excessive memory
consumption). (CVE-2021-35561)

It was discovered that the Keytool component in OpenJDK did not properly
handle certificates with validity ending dates in the far future. An
attacker could use this to specially craft a certificate that when imported
could corrupt a keystore. (CVE-2021-35564)

Tristen Hayfield discovered that the HTTP server implementation in OpenJDK
did not properly handle TLS session close in some situations. A remote
attacker could possibly use this to cause a denial of service (application
infinite loop). (CVE-2021-35565)

Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not
correctly report subject principals when using Kerberos Constrained
Delegation. An attacker could possibly use this to cause incorrect Kerberos
tickets to be used. (CVE-2021-35567)

it was discovered that the TLS implementation in OpenJDK did not properly
handle TLS handshakes in certain situations where a Java application is
acting as a TLS server. A remote attacker could possibly use this to cause
a denial of service (application crash). (CVE-2021-35578)

it was discovered that OpenJDK did not properly restrict the amount of
memory allocated when processing BMP images. An attacker could use this to
specially craft a BMP image file that could cause a denial of service.
(CVE-2021-35586)

It was discovered that the HotSpot VM in OpenJDK 8 did not properly perform
validation of inner class index values in some situations. An attacker
could use this to specially craft a class file that when loaded could cause
a denial of service (Java VM crash). (CVE-2021-35588)

Artem Smotrakov discovered that the TLS implementation in OpenJDK used non-
constant time comparisons during TLS handshakes. A remote attacker could
use this to expose sensitive information. (CVE-2021-35603)
CVEs:
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-2388
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-2388

Title: USN-5189-1: GLib vulnerability
URL: https://ubuntu.com/security/notices/USN-5189-1
Priorities: medium
Description:
It was discovered that GLib incorrectly handled certain environment variables.
An attacker could possibly use this issue to escalate privileges.
CVEs:
- https://ubuntu.com/security/CVE-2021-3800

Title: USN-5168-4: NSS regression
URL: https://ubuntu.com/security/notices/USN-5168-4
Priorities: high
Description:
USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced
a regression that could break SSL connections. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
signatures. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-43527

Title: USN-5192-2: Apache Log4j 2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5192-2
Priorities: high
Description:
USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run
programs via a special crafted input. An attacker could use this vulnerability
to cause a denial of service or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-44228

621.183

Available in the Broadcom Support portal

Release Date: December 06, 2021

Enhancements

Added firewall rules to restrict access to the NATS message bus except by the bosh agent. This provides an additional layer of security so even if an attacker is able to gain access to the NATS credentials, they would be unable to use those from a workload on a Bosh deployed VM. If you are attempting to debug NATS connectivity problems by directly connecting to the Bosh NATS server, you will need additional access; instructions can be found here.

Title: USN-5109-1: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-5109-1
Priorities: medium
Description:
It was discovered that nginx incorrectly handled files with
certain modification dates. A remote attacker could possibly
use this issue to cause a denial of service or other unspecified
impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-20005

Title: USN-5022-3: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5022-3
Priorities: medium
Description:
USN-5022-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html
https://www.oracle.com/security-alerts/cpujul2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2179
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2162
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2389
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2194
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2146
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2342
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2171
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2180
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2385

Title: USN-5103-1: docker.io vulnerability
URL: https://ubuntu.com/security/notices/USN-5103-1
Priorities: medium
Description:
Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41089

Title: USN-5111-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5111-2
Priorities: medium
Description:
USN-5111-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that strongSwan incorrectly handled replacing
certificates in the cache. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-41991)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41991

Title: USN-5121-1: Mailman vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5121-1
Priorities: high
Description:
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman
did not properly associate cross-site request forgery (CSRF) tokens
to specific accounts. A remote attacker could use this to perform a
CSRF attack to gain access to another account. (CVE-2021-42097)

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s
cross-site request forgery (CSRF) tokens for the options page are
derived from the admin password. A remote attacker could possibly use
this to assist in performing a brute force attack against the admin
password. (CVE-2021-42096)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42097

621.160

Available in the Broadcom Support portal

Release Date: October 01, 2021

Fixes

Fixes an issue introduced in v621.151 that caused frequent udev events and high CPU usage on Azure VMs.

Metadata:

BOSH Agent Version: 2.268.29

621.154

Available in the Broadcom Support portal

Release Date: September 16, 2021

Fixes

Fixes an issue introduced in v621.151 that caused persistent disks to frequently fail to mount.

Metadata:

BOSH Agent Version: 2.268.27

USNs:

Title: USN-5077-2: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5077-2
Priorities: medium
Description:
USN-5077-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Maik Münch and Stephen Röttger discovered that Apport incorrectly handled
certain information gathering operations. A local attacker could use this
issue to gain read access to arbitrary files, possibly containing sensitive
information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3710

Title: USN-5076-1: Git vulnerability
URL: https://ubuntu.com/security/notices/USN-5076-1
Priorities: medium
Description:
It was discovered that Git allowed newline characters in
certain repository paths. An attacker could potentially use this issue to perform
cross-protocol requests.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40330

621.151

Available in the Broadcom Support portal

Release Date: September 14, 2021

Fixes

Updates the /var/vcap/bosh/bin/monit wrapper script to refer to monit-actual by absolute path, rather than relative path. This allows folks who reset or clear the PATH environment variable to actually be able to use the monit CLI. Prior to this fix, folks who cleared their PATH environment variable would see an error like: /var/vcap/bosh/bin/monit: line 9: exec: monit-actual: not found.
Fixes the “incorrect used memory reporting” issue introduced in stemcell version 621.141. The Bosh Agent will now report the correct amount of memory used by all processes in the VM that it manages, rather than just the processes in its cgroup.

Known issues

We’ve seen failures with this version of the stemcell in vSphere when attempting to attach a persistent disk to a running VM. We are currently planning to address this issue with an update to the vSphere CPI. It should be fixed in vSphere CPI release >= v69. We have pulled the vSphere version of this stemcell for now.

Note: This issue is fixed in stemcell version 621.154

Metadata:

BOSH Agent Version: 2.268.27

USNs:

Title: USN-5066-2: PySAML2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5066-2
Priorities: medium
Description:
USN-5066-1 fixed a vulnerability in PySAML2. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic
signatures. A remote attacker could possibly use this issue to alter SAML
documents.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21239

Title: USN-5039-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5039-1
Priorities: high
Description:
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555

Title: LSN-0080-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0080-1
Priorities: high
Description:
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555

Title: USN-5028-1: Exiv2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5028-1
Priorities: medium
Description:
It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31291

Title: USN-5025-2: libsndfile vulnerability
URL: https://ubuntu.com/security/notices/USN-5025-2
Priorities: medium
Description:
USN-5025-1 fixed a vulnerability in libsndfile. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to crash,
resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3246

Title: USN-5027-2: PEAR vulnerability
URL: https://ubuntu.com/security/notices/USN-5027-2
Priorities: medium
Description:
USN-5027-1 fixed a vulnerability in PEAR. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that PEAR incorrectly handled symbolic links in archives.
A remote attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32610

Title: USN-5044-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5044-1
Priorities: medium
Description:
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-3587)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3564

Title: USN-5073-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5073-1
Priorities: medium,low,high
Description:
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host’s physical
memory. (CVE-2021-3656)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory. (CVE-2021-3653)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3612
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34693
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38160
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653

Title: USN-5062-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5062-1
Priorities: high
Description:
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653

Title: LSN-0081-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0081-1
Priorities: high
Description:
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.(CVE-2021-3653)

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host’s physical
memory.(CVE-2021-3656)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909

Title: USN-5034-2: c-ares vulnerability
URL: https://ubuntu.com/security/notices/USN-5034-2
Priorities: medium
Description:
USN-5034-1 fixed a vulnerability in c-ares. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3672

Title: USN-5026-2: QPDF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5026-2
Priorities: medium,low
Description:
USN-5026-1 fixed several vulnerabilities in QPDF. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:

It was discovered that QPDF incorrectly handled certain malformed PDF
files. A remote attacker could use this issue to cause QPDF to consume
resources, resulting in a denial of service. (CVE-2018-18020)

It was discovered that QPDF incorrectly handled certain malformed PDF
files. A remote attacker could use this issue to cause QPDF to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-36978)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-36978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18020

Title: USN-5051-2: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-5051-2
Priorities: medium
Description:
USN-5051-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1
strings. A remote attacker could use this issue to cause OpenSSL to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2021-3712)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3712

Title: USN-5043-1: Exiv2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5043-1
Priorities: medium
Description:
It was discovered that Exiv2 incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622)

It was discovered that Exiv2 incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service.
These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04.
(CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618,
CVE-2021-37619, CVE-2021-37621, CVE-2021-37623)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37622
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37621
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37620
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37618
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34335
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37619
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34334

Title: USN-5055-1: GNOME grilo vulnerability
URL: https://ubuntu.com/security/notices/USN-5055-1
Priorities: medium
Description:
Michael Catanzaro discovered that grilo incorrectly handled certain TLS
certificate verification. An attacker could possibly use this issue to
MITM attacks.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-39365

Title: USN-5068-1: GD library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5068-1
Priorities: medium,low
Description:
It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
An attacker could possibly use this issue to cause a crash or expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
(CVE-2017-6363)

It was discovered that GD Graphics Library incorrectly handled certain TGA files.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2021-381)

It was discovered that GD Graphics Library incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2021-40145)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38115
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6363

621.141

Available in the Broadcom Support portal

Release Date: August 30, 2021

Enhancements

Added firewall rules to restrict Monit API access to the Monit CLI and BOSH Agent. To see how to grant your program access to the Monit API, examine the new monit wrapper script, found at /var/vcap/bosh/bin/monit.

Known issues

The memory used by the VM that a Bosh Agent manages is incorrectly reported. The Agent will report very significantly smaller amounts of memory used by the VM than are actually used. This means that the “memory used” information in the output of bosh vms --vitals and related commands is incorrect. For now, avoid using this stemcell version, if you rely on the VM memory usage information reported by the Bosh Agent, Director, or the bosh CLI.
NOTE: This issue has been resolved in Stemcell version 621.151.

Title: USN-4754-1: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4754-1
Priorities: medium,low
Description:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3177
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27619

621.108

621.94

Release Date: December 08, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:

Title: USN-4652-1: SniffIt vulnerability
URL: https://ubuntu.com/security/notices/USN-4652-1
Priorities: medium
Description:
It was discovered that SniffIt incorrectly handled certain configuration
files. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5439

Title: USN-4662-1: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-4662-1
Priorities: high
Description:
David Benjamin discovered that OpenSSL incorrectly handled comparing
certificates containing a EDIPartyName name type. A remote attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial of
service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1971

621.93

Release Date: December 01, 2020

Metadata:

BOSH Agent Version: 2.268.16

Title: USN-4470-1: sane-backends vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4470-1
Priorities: low,medium
Description:
Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318)
It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6318
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12862
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12863
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12864
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12866
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12867

Title: USN-4485-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4485-1
Priorities: low,medium,negligible
Description:
Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19947
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10766
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10781
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12771
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15393
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24394

Title: USN-4476-1: NSS vulnerability
URL: https://ubuntu.com/security/notices/USN-4476-1
Priorities: medium
Description:
It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12403

Title: USN-4490-1: X.Org X Server vulnerability
URL: https://ubuntu.com/security/notices/USN-4490-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14345

Title: USN-4489-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-4489-1
Priorities: high
Description:
Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386

Title: USN-4471-1: Net-SNMP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4471-1
Priorities: medium
Description:
Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861)
It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15862

Title: USN-4482-1: Ark vulnerability
URL: https://ubuntu.com/security/notices/USN-4482-1
Priorities: medium
Description:
Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24654

621.82

Release Date: August 21, 2020

This release changes the way the Linux Google light stemcell works to reference a source image. It will lead to a decrease in the time it takes to upload the light stemcell. This change will also help mitigate the impact of the new GCP image creation rate limit which any user uploading more than 6 GCP stemcells an hour would hit.

Metadata:

BOSH Agent Version: 2.268.16

BOSH Agent Version: 2.268.12

BOSH Agent Version: 2.268.11

USNs:

621.50

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.268.10

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4232-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities
URL: https://usn.ubuntu.com/4237-1/
Priorities: medium
Description:
It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805)
It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities
URL: https://usn.ubuntu.com/4238-1/
Priorities: medium,low
Description:
It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability
URL: https://usn.ubuntu.com/4240-1/
Priorities: high
Description:
It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities
URL: https://usn.ubuntu.com/4239-1/
Priorities: low
Description:
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability
URL: https://usn.ubuntu.com/4236-2/
Priorities: medium
Description:
USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4227-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4228-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability
URL: https://usn.ubuntu.com/4230-1/
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability
URL: https://usn.ubuntu.com/4231-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4234-1/
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability
URL: https://usn.ubuntu.com/4235-1/
Priorities: medium
Description:
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

621.41

Release Date: February 04, 2020

BOSH Agent version: 2.268.9
USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description:
USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description:
Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description:
Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)
Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description:
It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description:
It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description:
USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description:
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description:
Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894)
It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

621.29

Release Date: December 10, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description:
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)
Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description:
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description:
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description:
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description:
Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

621.26

Release Date: November 26, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description:
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

621.23

Release Date: November 18, 2019

BOSH Agent version: 2.268.6
USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description:
It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498)
It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description:
USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description:
USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description:
It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068)
Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description:
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

621.12

Release Date: November 12, 2019

BOSH Agent version: 2.268.5
USNs:

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description:
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description:
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description:
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

621.5

Release Date: October 31, 2019

New stemcell line!

* rev the stemcell_api_version to 3 for upcoming signed url feature - https://www.pivotaltracker.com/epic/show/4392899
* blacklist nouveau kernel module (#96)

—

BOSH Agent version: 2.268.3

456.x

USNs:

USNs:

Title: USN-5449-1: libXv vulnerability
URL: https://ubuntu.com/security/notices/USN-5449-1
Priorities: low
Description:
It was discovered that libXv incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-5407

Title: USN-5437-1: libXfixes vulnerability
URL: https://ubuntu.com/security/notices/USN-5437-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-7944

Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5452-1: NTFS-3G vulnerability
URL: https://ubuntu.com/security/notices/USN-5452-1
Priorities: low
Description:
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-46790

Title: USN-5402-2: OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5402-2
Priorities: medium,low
Description:
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
CVEs:
- https://ubuntu.com/security/CVE-2022-1292
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1292

Title: USN-5404-2: Rsyslog vulnerability
URL: https://ubuntu.com/security/notices/USN-5404-2
Priorities: medium
Description:
USN-5404-1 addressed a vulnerability in Rsyslog. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Pieter Agten discovered that Rsyslog incorrectly handled certain requests.
An attacker could possibly use this issue to cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2022-24903

Title: USN-5453-1: FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-5453-1
Priorities: low
Description:
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-27406

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

456.267

Available in the Broadcom Support portal

Release Date: May 25, 2022

Metadata:

BOSH Agent Version: 2.234.63

USNs:

456.265

Available in the Broadcom Support portal

Release Date: May 17, 2022

Metadata:

BOSH Agent Version: 2.234.62

USNs:

Title: USN-5398-1: Simple DirectMedia Layer vulnerability
URL: https://ubuntu.com/security/notices/USN-5398-1
Priorities:
Description:
It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:

Title: USN-5407-1: Cairo vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5407-1
Priorities: low
Description:
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)

Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
CVEs:
- https://ubuntu.com/security/CVE-2016-9082
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2016-9082

Title: USN-5389-1: Libcroco vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5389-1
Priorities: low
Description:
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
CVEs:
- https://ubuntu.com/security/CVE-2017-7960
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2017-7960

Title: USN-5405-1: jbig2dec vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5405-1
Priorities: low
Description:
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)

It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
CVEs:
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268

Title: USN-5259-3: Cron regression
URL: https://ubuntu.com/security/notices/USN-5259-3
Priorities: low
Description:
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5413-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5413-1
Priorities: low,medium
Description:
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)

It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-39713)

It was discovered that the Parallel NFS (pNFS) implementation in the Linux
kernel did not properly perform bounds checking in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-4157)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2020-27820
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2020-27820

Title: USN-5179-2: BusyBox vulnerability
URL: https://ubuntu.com/security/notices/USN-5179-2
Priorities: low
Description:
USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)
CVEs:
- https://ubuntu.com/security/CVE-2021-28831
- https://ubuntu.com/security/CVE-2021-28831

Title: USN-5392-1: Mutt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5392-1
Priorities: low,medium
Description:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055)

It was discovered that Mutt incorrectly handled certain input.
An attacker could possibly use this issue to cause a crash,
or expose sensitive information. (CVE-2022-1328)
CVEs:
- https://ubuntu.com/security/CVE-2021-32055
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2021-32055

Title: USN-5391-1: libsepol vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5391-1
Priorities: low
Description:
Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)
CVEs:
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36087
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36087

Title: USN-5409-1: libsndfile vulnerability
URL: https://ubuntu.com/security/notices/USN-5409-1
Priorities: low
Description:
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2021-4156

Title: USN-5385-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5385-1
Priorities: medium,low,negligible
Description:
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
CVEs:
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617

Title: USN-5400-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5400-2
Priorities: medium
Description:
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21417
- https://ubuntu.com/security/CVE-2022-21451
- https://ubuntu.com/security/CVE-2022-21460
- https://ubuntu.com/security/CVE-2022-21444
- https://ubuntu.com/security/CVE-2022-21454
- https://ubuntu.com/security/CVE-2022-21427

Title: USN-5354-2: Twisted vulnerability
URL: https://ubuntu.com/security/notices/USN-5354-2
Priorities: medium
Description:
USN-5354-1 fixed vulnerabilities in Twisted. This update provides the
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
CVEs:
- https://ubuntu.com/security/CVE-2022-21716
- https://ubuntu.com/security/CVE-2022-21716

456.261

Available in the Broadcom Support portal

Release Date: April 21, 2022

Notice:

The kernel patches included in 456.252 are now in the main kernel repository and have been included in this release.

Metadata:

BOSH Agent Version: 2.234.58

USNs:

456.252

Available in the Broadcom Support portal

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 456.244. We have tested this patched kernel against the problems seen in 456.244 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.234.54

USNs:

456.244

Release Date: March 09, 2022

Known Iissues

There are currently reported issues with this stemcell and TAS Diego Cells. We have removed this stemcell until we can resolve the issue. If you need access, please contact support.

Fixes

Metadata:

BOSH Agent Version: 2.234.42

USNs:

456.224

Available in the Broadcom Support portal

Release Date: January 07, 2022

Metadata:

BOSH Agent Version: 2.234.39

USNs:

456.220

Available in the Broadcom Support portal

Release Date: December 17, 2021

Fixes

This release reverts the NATS firewall enhancement added in 456.213. Changes associated with this feature caused VMs to report a networking failed state and prevented monit firewall rules from being applied. The NATS firewall enhancement will be reintroduced in a future release.

Metadata:

BOSH Agent Version: 2.234.37

USNs:

456.213

Available in the Broadcom Support portal

Release Date: December 06, 2021

Enhancements

Added firewall rules to restrict access to the NATS message bus except by the bosh agent. This provides an additional layer of security so even if an attacker is able to gain access to the NATS credentials, they would be unable to use those from a workload on a Bosh deployed VM. If you are attempting to debug NATS connectivity problems by directly connecting to the Bosh NATS server, you will need additional access; instructions can be found here.

Available in the Broadcom Support portal

Release Date: October 01, 2021

Fixes

Fixes an issue that caused frequent udev events and high CPU usage on Azure VMs.

Metadata:

BOSH Agent Version: 2.234.20

456.188

Available in the Broadcom Support portal

Release Date: September 16, 2021

Fixes

Fixes an issue introduced in v456.186 that caused persistent disks to frequently fail to mount.

Metadata:

BOSH Agent Version: 2.234.18

USNs:

456.186

Available in the Broadcom Support portal

Release Date: September 14, 2021

Fixes

Updates the /var/vcap/bosh/bin/monit wrapper script to refer to monit-actual by absolute path, rather than relative path. This allows folks who reset or clear the PATH environment variable to actually be able to use the monit CLI. Prior to this fix, folks who cleared their PATH environment variable would see an error like: /var/vcap/bosh/bin/monit: line 9: exec: monit-actual: not found.
Fixes the “incorrect used memory reporting” issue introduced in stemcell version 456.176. The Bosh Agent will now report the correct amount of memory used by all processes in the VM that it manages, rather than just the processes in its cgroup.

Known issues

We’ve seen failures with this version of the stemcell in vSphere when attempting to attach a persistent disk to a running VM. We are currently planning to address this issue with an update to the vSphere CPI. It should be fixed in vSphere CPI release >= v69. We have pulled the vSphere version of this stemcell.

NOTE: This is resolved in stemcell version v456.188.

Metadata:

BOSH Agent Version: 2.234.18

USNs:

456.176

Available in the Broadcom Support portal

Release Date: August 30, 2021

Enhancements

Added firewall rules to restrict Monit API access to the Monit CLI and BOSH Agent. To see how to grant your program access to the Monit API, examine the new monit wrapper script, found at /var/vcap/bosh/bin/monit.

Known issues

The memory used by the VM that a Bosh Agent manages is incorrectly reported. The Agent will report very significantly smaller amounts of memory used by the VM than are actually used. This means that the “memory used” information in the output of bosh vms --vitals and related commands is incorrect. For now, avoid using this stemcell version, if you rely on the VM memory usage information reported by the Bosh Agent, Director, or the bosh CLI.
NOTE: This issue has been resolved in Stemcell version 456.186.

Metadata:

BOSH Agent Version: 2.234.14

USNs:

Release Date: February 03, 2021

Metadata:

BOSH Agent Version: 2.234.8

USNs:

Title: USN-4708-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4708-1
Priorities: medium,low
Description:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27777
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813

Title: USN-4709-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4709-1
Priorities: high,low
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093

Title: USN-4711-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4711-1
Priorities: high,medium
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25704

Title: USN-4716-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4716-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10.
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html
https://www.oracle.com/security-alerts/cpujan2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2088
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2076
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2061
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2081
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2072
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2122
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2048
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2031
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2087
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2036
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2032
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2011

Title: USN-4717-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4717-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, conduct clickjacking attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23954
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23958
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23960
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23963
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23955
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23961
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23953
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23965

Title: USN-4703-1: Mutt vulnerability
URL: https://ubuntu.com/security/notices/USN-4703-1
Priorities: medium
Description:
It was discovered that Mutt incorrectly handled certain email messages.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3181

Title: USN-4715-1: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4715-1
Priorities: medium
Description:
Wang Baohua discovered that Django incorrectly extracted archive files. A
remote attacker could possibly use this issue to extract files outside of
their expected location.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3281

456.135

Available in the Broadcom Support portal

Release Date: January 27, 2021

Metadata:

BOSH Agent Version: 2.234.7

USNs:

USNs:

Title: USN-4311-1: BlueZ vulnerabilities
URL: https://usn.ubuntu.com/4311-1/
Priorities: low,medium
Description:
It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556)
It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities
URL: https://usn.ubuntu.com/4316-1/
Priorities: low
Description:
It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553)
It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4314-1: pam-krb5 vulnerability
URL: https://usn.ubuntu.com/4314-1/
Priorities: medium
Description:
Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4317-1/
Priorities: high
Description:
Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4315-1/
Priorities: high,medium
Description:
Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831)
Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

456.103

Release Date: March 24, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

456.100

Release Date: March 03, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4279-2: PHP regression
URL: https://usn.ubuntu.com/4279-2/
Priorities: low
Description:
USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability
URL: https://usn.ubuntu.com/4290-1/
Priorities: medium
Description:
It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities
URL: https://usn.ubuntu.com/4292-1/
Priorities: low
Description:
It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4289-1/
Priorities: medium
Description:
Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528)
Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4287-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4287-1/
Priorities: medium,negligible,low
Description:
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15099
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16232
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18786
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19078
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19082
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4286-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4286-1/
Priorities: medium,negligible,low
Description:
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Title: USN-4293-1: libarchive vulnerabilities
URL: https://usn.ubuntu.com/4293-1/
Priorities: low,medium
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221)
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4278-2/
Priorities: medium
Description:
USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability
URL: https://usn.ubuntu.com/4288-1/
Priorities: medium
Description:
It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

456.98

Release Date: February 18, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

456.96

Release Date: February 06, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

Title: USN-4246-1: zlib vulnerabilities
URL: https://usn.ubuntu.com/4246-1/
Priorities: low
Description:
It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4259-1: Apache Solr vulnerability
URL: https://usn.ubuntu.com/4259-1/
Priorities: high
Description:
Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4248-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4248-1/
Priorities: medium
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4252-1: tcpdump vulnerabilities
URL: https://usn.ubuntu.com/4252-1/
Priorities: low,medium
Description:
Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4254-1/
Priorities: medium,negligible,low
Description:
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities
URL: https://usn.ubuntu.com/4255-2/
Priorities: medium
Description:
USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4244-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4244-1/
Priorities: low,medium
Description:
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities
URL: https://usn.ubuntu.com/4247-1/
Priorities: medium
Description:
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted repositories, contrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4263-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4263-1/
Priorities: low
Description:
Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability
URL: https://usn.ubuntu.com/4256-1/
Priorities: medium
Description:
It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4249-1: e2fsprogs vulnerability
URL: https://usn.ubuntu.com/4249-1/
Priorities: medium
Description:
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4265-1: SpamAssassin vulnerabilities
URL: https://usn.ubuntu.com/4265-1/
Priorities: medium
Description:
It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities
URL: https://usn.ubuntu.com/4250-1/
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4257-1/
Priorities: low,medium
Description:
It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583)
It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

Title: USN-4245-1: PySAML2 vulnerability
URL: https://usn.ubuntu.com/4245-1/
Priorities: medium
Description:
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

456.93

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.234.7

USNs:

456.84

Release Date: February 04, 2020

BOSH Agent version: 2.234.7
USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description:
USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description:
Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description:
Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)
Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description:
It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description:
It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description:
USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description:
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description:
Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894)
It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

456.77

Release Date: December 10, 2019

BOSH Agent version: 2.234.7
USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description:
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)
Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description:
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description:
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description:
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description:
Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

456.74

Release Date: November 26, 2019

BOSH Agent version: 2.234.7
USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description:
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

456.69

Release Date: November 18, 2019

BOSH Agent version: 2.234.6
USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description:
It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498)
It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description:
USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description:
USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description:
It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068)
Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description:
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

456.58

Release Date: November 12, 2019

BOSH Agent version: 2.234.6
USNs:

Title: USN-4171-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4171-1/
Priorities: low,medium
Description:
Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481)
Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15790

Title: USN-4170-1: Whoopsie vulnerability
URL: https://usn.ubuntu.com/4170-1/
Priorities: medium
Description:
Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11484

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description:
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4172-1: file vulnerability
URL: https://usn.ubuntu.com/4172-1/
Priorities: medium
Description:
It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18218

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description:
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4169-1: libarchive vulnerability
URL: https://usn.ubuntu.com/4169-1/
Priorities: medium
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18408

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description:
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

456.51

Release Date: October 29, 2019

BOSH Agent version: 2.234.5

Addresses CVE-2019-17596

456.40

Release Date: October 24, 2019

BOSH Agent version: 2.234.3
USNs:

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11739

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11740

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11742

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11743

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11744

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11746

Title: USN-4150-1: Thunderbird vulnerabilities
URL: https://usn.ubuntu.com/4150-1/
Priorities: medium
Description:
It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)
Multiple…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11752

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7572

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7573

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7574

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7575

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7576

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7577

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7578

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7636

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7637

Title: USN-4156-1: SDL vulnerabilities
URL: https://usn.ubuntu.com/4156-1/
Priorities: low,medium
Description:
It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7638

Title: USN-4154-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4154-1/
Priorities: medium
Description:
Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description:
It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)
It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056

Title: USN-4151-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4151-1/
Priorities: medium,low
Description:
It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)
It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935

Title: USN-4155-1: Aspell vulnerability
URL: https://usn.ubuntu.com/4155-1/
Priorities: medium
Description:
It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17544

456.30

Release Date: October 08, 2019

BOSH Agent version: 2.234.2
USNs:

456.27

Release Date: September 24, 2019

BOSH Agent version: 2.234.2
USNs:

456.25

Release Date: September 19, 2019

BOSH Agent version: 2.117.13
USNs:

Title: USN-4128-1: Tomcat vulnerabilities
URL: https://usn.ubuntu.com/4128-1/
Priorities: low,medium
Description:
It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10072

Title: USN-4133-1: Wireshark vulnerabilities
URL: https://usn.ubuntu.com/4133-1/
Priorities: low,medium
Description:
It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13619

Title: USN-4134-1: IBus vulnerability
URL: https://usn.ubuntu.com/4134-1/
Priorities: medium
Description:
Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4115-2: Linux kernel regression
URL: https://usn.ubuntu.com/4115-2
Description:
USN 4115-1 introduced a regression in the Linux kernel
CVEs:

Title: USN-4135-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4135-1/
Priorities: high,medium
Description:
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835)
It was discovered that the Linux kernel on PowerPC architectures did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14835
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15031

Title: USN-4132-1: Expat vulnerability
URL: https://usn.ubuntu.com/4132-1/
Priorities: medium
Description:
It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15903

Title: USN-4129-1: curl vulnerabilities
URL: https://usn.ubuntu.com/4129-1/
Priorities: medium
Description:
Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481)
Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5481
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5482

456.22

Release Date: September 10, 2019

BOSH Agent version: 2.234.2
USNs:

Title: USN-4122-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4122-1/
Priorities: medium,low,negligible
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9812

Title: USN-4124-1: Exim vulnerability
URL: https://usn.ubuntu.com/4124-1/
Priorities: high
Description:
It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15846

456.16

Release Date: September 03, 2019

Updating golang to versions that fixed CVEs disclosed here:
https://github.com/golang/go/issues/33606

For more details, please read:
https://kb.cert.org/vuls/id/605641/ which describes all the CVEs that cause the HTTP/2 implementations vulnerable to DDOS.
and
https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752 which shows a matrix of what http/2 implementations are affected by which vulnerabilities.

Because stemcells are implemented in golang, the vulnerabilities fixed in this patch are:
CVE-2019-9512, also known as Ping Flood
CVE-2019-9514, also known as Reset Flood

456.14

Release Date: August 27, 2019

BOSH Agent version: 2.234.0
Bi-weekly stemcell release

456.12

Release Date: August 16, 2019

BOSH Agent version: 2.234.0
Bi-weekly stemcell bump

456.3

Release Date: August 01, 2019

BOSH Agent version: 2.234.0
Bi-weekly update

456.1

Release Date: August 01, 2019

BOSH Agent version: 2.234.0
First release for 456 major line