==========================================================================
Ubuntu Security Notice USN-6332-1
August 31, 2023
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
attacker could use this to expose sensitive information (kernel memory) or
in conjunction with another kernel vulnerability. (CVE-2023-0597)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)
It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)
It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)
It was discovered that the SLIMpro I2C device driver in the Linux kernel
did not properly validate user-supplied data in some situations, leading to
an out-of-bounds write vulnerability. A privileged attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-2194)
It was discovered that the perf subsystem in the Linux kernel contained a
use-after-free vulnerability. A privileged local attacker could possibly
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-2235)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that the ARM Mali Display Processor driver implementation
in the Linux kernel did not properly handle certain error conditions. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-23004)
It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)
It was discovered that the DA9150 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-30772)
It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)
Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly validate pointers in some situations, leading to a
null pointer dereference vulnerability. A remote attacker could use this to
cause a denial of service (system crash). (CVE-2023-32248)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)
It was discovered that the Qualcomm EMAC ethernet driver in the Linux
kernel did not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33203)
It was discovered that the BQ24190 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33288)
It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)
It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)
It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)
It was discovered that the Rockchip Video Decoder IP driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35829)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1045-azure 5.15.0-1045.52
linux-image-5.15.0-1045-azure-fde 5.15.0-1045.52.1
linux-image-azure-fde-lts-22.04 5.15.0.1045.52.23
linux-image-azure-lts-22.04 5.15.0.1045.41
Ubuntu 20.04 LTS:
linux-image-5.15.0-1045-azure 5.15.0-1045.52~20.04.1
linux-image-azure 5.15.0.1045.52~20.04.34
linux-image-azure-cvm 5.15.0.1045.52~20.04.34
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6332-1
CVE-2022-40982, CVE-2022-4269, CVE-2022-48502, CVE-2023-0597,
CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002,
CVE-2023-20593, CVE-2023-2124, CVE-2023-21400, CVE-2023-2163,
CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004,
CVE-2023-28466, CVE-2023-30772, CVE-2023-3141, CVE-2023-32248,
CVE-2023-3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823,
CVE-2023-35824, CVE-2023-35828, CVE-2023-35829, CVE-2023-3609,
CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,
CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1045.52
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1045.52.1
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1045.52~20.04.1
Thursday, August 31, 2023
[USN-6328-1] Linux kernel (Oracle) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6328-1
August 31, 2023
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1010-oracle 6.2.0-1010.10
linux-image-oracle 6.2.0.1010.10
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6328-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-oracle/6.2.0-1010.10
Ubuntu Security Notice USN-6328-1
August 31, 2023
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1010-oracle 6.2.0-1010.10
linux-image-oracle 6.2.0.1010.10
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6328-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-oracle/6.2.0-1010.10
[USN-6331-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6331-1
August 31, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (system crash). (CVE-2022-1184)
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that a race condition existed in the qdisc implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0590)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)
It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)
It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)
It was discovered that the SLIMpro I2C device driver in the Linux kernel
did not properly validate user-supplied data in some situations, leading to
an out-of-bounds write vulnerability. A privileged attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-2194)
It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)
It was discovered that the DA9150 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-30772)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle error conditions in some situations, leading
to a use-after-free vulnerability. A local attacker could possibly use this
to cause a denial of service (system crash). (CVE-2023-3111)
It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)
It was discovered that the Qualcomm EMAC ethernet driver in the Linux
kernel did not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33203)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1114-azure 5.4.0-1114.120
linux-image-azure-lts-20.04 5.4.0.1114.107
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6331-1
CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672,
CVE-2022-40982, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611,
CVE-2023-1855, CVE-2023-1990, CVE-2023-20593, CVE-2023-2124,
CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111,
CVE-2023-3141, CVE-2023-33203, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1114.120
Ubuntu Security Notice USN-6331-1
August 31, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the netlink implementation in the Linux kernel did
not properly validate policies when parsing attributes in some situations.
An attacker could use this to cause a denial of service (infinite
recursion). (CVE-2020-36691)
Billy Jheng Bing Jhong discovered that the CIFS network file system
implementation in the Linux kernel did not properly validate arguments to
ioctl() in some situations. A local attacker could possibly use this to
cause a denial of service (system crash). (CVE-2022-0168)
It was discovered that the ext4 file system implementation in the Linux
kernel contained a use-after-free vulnerability. An attacker could use this
to construct a malicious ext4 file system image that, when mounted, could
cause a denial of service (system crash). (CVE-2022-1184)
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that a race condition existed in the qdisc implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0590)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)
It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)
It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)
It was discovered that the SLIMpro I2C device driver in the Linux kernel
did not properly validate user-supplied data in some situations, leading to
an out-of-bounds write vulnerability. A privileged attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-2194)
It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)
It was discovered that the DA9150 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-30772)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle error conditions in some situations, leading
to a use-after-free vulnerability. A local attacker could possibly use this
to cause a denial of service (system crash). (CVE-2023-3111)
It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)
It was discovered that the Qualcomm EMAC ethernet driver in the Linux
kernel did not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33203)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1114-azure 5.4.0-1114.120
linux-image-azure-lts-20.04 5.4.0.1114.107
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6331-1
CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672,
CVE-2022-40982, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611,
CVE-2023-1855, CVE-2023-1990, CVE-2023-20593, CVE-2023-2124,
CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111,
CVE-2023-3141, CVE-2023-33203, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1114.120
[USN-6329-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6329-1
August 31, 2023
linux-gcp-5.4, linux-oracle-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1107-oracle 5.4.0-1107.116~18.04.1
linux-image-5.4.0-1111-gcp 5.4.0-1111.120~18.04.1
linux-image-gcp 5.4.0.1111.87
linux-image-oracle 5.4.0.1107.116~18.04.79
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6329-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Ubuntu Security Notice USN-6329-1
August 31, 2023
linux-gcp-5.4, linux-oracle-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1107-oracle 5.4.0-1107.116~18.04.1
linux-image-5.4.0-1111-gcp 5.4.0-1111.120~18.04.1
linux-image-gcp 5.4.0.1111.87
linux-image-oracle 5.4.0.1107.116~18.04.79
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6329-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
[USN-6327-1] Linux kernel (KVM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6327-1
August 31, 2023
linux-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
Details:
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the virtual terminal driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory). (CVE-2023-3567)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1123-kvm 4.4.0-1123.133
linux-image-kvm 4.4.0.1123.120
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6327-1
CVE-2023-2269, CVE-2023-2985, CVE-2023-31084, CVE-2023-3567,
CVE-2023-3611, CVE-2023-3776
Ubuntu Security Notice USN-6327-1
August 31, 2023
linux-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
Details:
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the virtual terminal driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory). (CVE-2023-3567)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1123-kvm 4.4.0-1123.133
linux-image-kvm 4.4.0.1123.120
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6327-1
CVE-2023-2269, CVE-2023-2985, CVE-2023-31084, CVE-2023-3567,
CVE-2023-3611, CVE-2023-3776
[USN-6330-1] Linux kernel (GCP) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6330-1
August 31, 2023
linux-gcp-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.15.0-1040-gcp 5.15.0-1040.48~20.04.1
linux-image-gcp 5.15.0.1040.48~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6330-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609,
CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,
CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1040.48~20.04.1
Ubuntu Security Notice USN-6330-1
August 31, 2023
linux-gcp-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.15.0-1040-gcp 5.15.0-1040.48~20.04.1
linux-image-gcp 5.15.0.1040.48~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6330-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609,
CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,
CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1040.48~20.04.1
[USN-6326-1] GitPython vulnerability
==========================================================================
Ubuntu Security Notice USN-6326-1
August 31, 2023
python-git vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
GitPython could be made to run arbitrary commands on the host.
Software Description:
- python-git: Python library to interact with Git repositories
Details:
It was discovered that GitPython did not block insecure options from user
inputs in the clone command. An attacker could possibly use this issue to
execute arbitrary commands on the host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
python3-git 3.1.30-1ubuntu0.23.04.1
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
python3-git 3.1.24-1ubuntu0.1~esm2
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
python3-git 3.0.7-1ubuntu0.1~esm2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python-git 2.1.8-1ubuntu0.1~esm2
python3-git 2.1.8-1ubuntu0.1~esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python-git 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2
python3-git 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python-git 0.3.2~RC1-3ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6326-1
CVE-2023-40267
Package Information:
https://launchpad.net/ubuntu/+source/python-git/3.1.30-1ubuntu0.23.04.1
Ubuntu Security Notice USN-6326-1
August 31, 2023
python-git vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
GitPython could be made to run arbitrary commands on the host.
Software Description:
- python-git: Python library to interact with Git repositories
Details:
It was discovered that GitPython did not block insecure options from user
inputs in the clone command. An attacker could possibly use this issue to
execute arbitrary commands on the host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
python3-git 3.1.30-1ubuntu0.23.04.1
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
python3-git 3.1.24-1ubuntu0.1~esm2
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
python3-git 3.0.7-1ubuntu0.1~esm2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python-git 2.1.8-1ubuntu0.1~esm2
python3-git 2.1.8-1ubuntu0.1~esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python-git 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2
python3-git 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python-git 0.3.2~RC1-3ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6326-1
CVE-2023-40267
Package Information:
https://launchpad.net/ubuntu/+source/python-git/3.1.30-1ubuntu0.23.04.1
LibreSSL 3.8.1 Released
We have released LibreSSL 3.8.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is a development release for
the 3.8.x branch, so we appreciate early testing and feedback.
It includes the following changes:
* Portable changes
- Applications bundled as part of the LibreSSL package internally,
nc(1) and openssl(1), now are linked statically if static libraries
are built.
- Internal compatibility function symbols are no longer exported from
libcrypto. Instead, the libcompat library is linked to libcrypto,
libssl, and libtls separately. This increases size a little, but
ensures that the libraries are not exporting symbols to programs
unintentionally.
- Selective removal of CET implementation on platforms where it is
not supported (macOS).
- Integrated four more tests.
- Added Windows ARM64 architecture to tested platforms.
- Removed Solaris 10 support, fixed Solaris 11.
- libtls no longer links statically to libcrypto / libssl unless
'--enable-libtls-only' is specified at configure time.
- Improved Windows compatibility library, namely handling of files vs
sockets, correcting an exception when operating on a closed socket.
- CMake builds no longer hardcode '-O2' into the compiler flags, instead
using flags from the CMake build type instead.
- Set the CMake default build type to 'Release'. This can be overridden
during configuration.
- Fixed broken ASM support with MinGW builds.
* Internal improvements
- Fixed alignment handling in SHA-512.
- Moved the verified_chain to the correct internal struct.
- Improved checks for commonName in libtls.
- Fixed error check for X509_get_ext_d2i() failure in libtls.
- Improved BIGNUM internals and performance.
- Significantly improved Montgomery multiplication performance.
- Initial cleanup passes for SHA-256 internals.
- Converted more libcrypto internals API using CBB and CBS.
- Removed code guarded by #ifdef ZLIB.
- Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with
Ed25519 and fixed a few bugs in there.
- Fixed various issues with EVP_PKEY_CTX_{new,dup}().
- Improved X.509 certificate version checks.
- Cleaned up handling of elliptic curve cofactors.
- Made BN_num_bits() independent of bn->top.
- Rewrote and simplified bn_sqr().
- Removed EC_GROUP precomp machinery.
- Ensure no X.509v3 extensions appear more than once in certificates.
- Cleaned up various ECDH, ECDSA and EC internals.
- Replaced ASN1_bn_print with a cleaner internal implementation.
- Simplified ASN1_item_sign_ctx().
- Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().
- Various improvements in the 'simple' EC code.
- Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
- Reduced the dependency of hash implementations on many layers of
macros. This results in significant speedups since modern compilers
are now less confused.
- Significantly simplified the BN_BLINDING internals used in RSA.
* New features
* Compatibility changes
- X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain
valid UTF-8 without embedded NUL.
- Moved libtls from ECDSA_METHOD to EC_KEY_METHOD.
- Removed support for ECDH_METHOD and ECDSA_METHOD.
- BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than
32 kbits for primality. This mitigates various DoS vectors.
- Comp was removed.
- Dynamic loading of conf modules is no longer supported.
- DSO was removed and OPENSSL_NO_DSO is defined.
- ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite
of this, some stub functions are provided to avoid patching some
applications that do not honor OPENSSL_NO_ENGINE.
- It is no longer possible to make the library use your own error
stack or ex_data implementation.
* Bug fixes
- Fixed aliasing issue in BN_mod_inverse().
- Made CRYPTO_get_ex_new_index() not return 0 to allow applications
to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside
each other.
- Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
- Plugged leaks in BIO_chain_dup().
- Fixed numerous leaks and other minor bugs in RSA, DH, DSA and EC
ASN.1 methods. Unified the coding style.
- On socket errors in the poll loop, netcat could issue system calls
on invalidated file descriptors.
* Documentation improvements
- Made it very explicit that the verify callback should not be used.
- Called out that the CRL lastUpdate is standardized as thisUpdate.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
* Security fixes
- Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer
be selected for use.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
directory of your local OpenBSD mirror soon. This is a development release for
the 3.8.x branch, so we appreciate early testing and feedback.
It includes the following changes:
* Portable changes
- Applications bundled as part of the LibreSSL package internally,
nc(1) and openssl(1), now are linked statically if static libraries
are built.
- Internal compatibility function symbols are no longer exported from
libcrypto. Instead, the libcompat library is linked to libcrypto,
libssl, and libtls separately. This increases size a little, but
ensures that the libraries are not exporting symbols to programs
unintentionally.
- Selective removal of CET implementation on platforms where it is
not supported (macOS).
- Integrated four more tests.
- Added Windows ARM64 architecture to tested platforms.
- Removed Solaris 10 support, fixed Solaris 11.
- libtls no longer links statically to libcrypto / libssl unless
'--enable-libtls-only' is specified at configure time.
- Improved Windows compatibility library, namely handling of files vs
sockets, correcting an exception when operating on a closed socket.
- CMake builds no longer hardcode '-O2' into the compiler flags, instead
using flags from the CMake build type instead.
- Set the CMake default build type to 'Release'. This can be overridden
during configuration.
- Fixed broken ASM support with MinGW builds.
* Internal improvements
- Fixed alignment handling in SHA-512.
- Moved the verified_chain to the correct internal struct.
- Improved checks for commonName in libtls.
- Fixed error check for X509_get_ext_d2i() failure in libtls.
- Improved BIGNUM internals and performance.
- Significantly improved Montgomery multiplication performance.
- Initial cleanup passes for SHA-256 internals.
- Converted more libcrypto internals API using CBB and CBS.
- Removed code guarded by #ifdef ZLIB.
- Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with
Ed25519 and fixed a few bugs in there.
- Fixed various issues with EVP_PKEY_CTX_{new,dup}().
- Improved X.509 certificate version checks.
- Cleaned up handling of elliptic curve cofactors.
- Made BN_num_bits() independent of bn->top.
- Rewrote and simplified bn_sqr().
- Removed EC_GROUP precomp machinery.
- Ensure no X.509v3 extensions appear more than once in certificates.
- Cleaned up various ECDH, ECDSA and EC internals.
- Replaced ASN1_bn_print with a cleaner internal implementation.
- Simplified ASN1_item_sign_ctx().
- Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().
- Various improvements in the 'simple' EC code.
- Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
- Reduced the dependency of hash implementations on many layers of
macros. This results in significant speedups since modern compilers
are now less confused.
- Significantly simplified the BN_BLINDING internals used in RSA.
* New features
* Compatibility changes
- X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain
valid UTF-8 without embedded NUL.
- Moved libtls from ECDSA_METHOD to EC_KEY_METHOD.
- Removed support for ECDH_METHOD and ECDSA_METHOD.
- BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than
32 kbits for primality. This mitigates various DoS vectors.
- Comp was removed.
- Dynamic loading of conf modules is no longer supported.
- DSO was removed and OPENSSL_NO_DSO is defined.
- ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite
of this, some stub functions are provided to avoid patching some
applications that do not honor OPENSSL_NO_ENGINE.
- It is no longer possible to make the library use your own error
stack or ex_data implementation.
* Bug fixes
- Fixed aliasing issue in BN_mod_inverse().
- Made CRYPTO_get_ex_new_index() not return 0 to allow applications
to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside
each other.
- Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
- Plugged leaks in BIO_chain_dup().
- Fixed numerous leaks and other minor bugs in RSA, DH, DSA and EC
ASN.1 methods. Unified the coding style.
- On socket errors in the poll loop, netcat could issue system calls
on invalidated file descriptors.
* Documentation improvements
- Made it very explicit that the verify callback should not be used.
- Called out that the CRL lastUpdate is standardized as thisUpdate.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
* Security fixes
- Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer
be selected for use.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
[USN-6324-1] Linux kernel (GKE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6324-1
August 31, 2023
linux-gkeop vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1075-gkeop 5.4.0-1075.79
linux-image-gkeop 5.4.0.1075.73
linux-image-gkeop-5.4 5.4.0.1075.73
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6324-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1075.79
Ubuntu Security Notice USN-6324-1
August 31, 2023
linux-gkeop vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1075-gkeop 5.4.0-1075.79
linux-image-gkeop 5.4.0.1075.73
linux-image-gkeop-5.4 5.4.0.1075.73
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6324-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1075.79
[USN-6325-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6325-1
August 31, 2023
linux-gkeop-5.15, linux-intel-iotg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1038-intel-iotg 5.15.0-1038.43
linux-image-intel-iotg 5.15.0.1038.37
Ubuntu 20.04 LTS:
linux-image-5.15.0-1026-gkeop 5.15.0-1026.31~20.04.1
linux-image-gkeop-5.15 5.15.0.1026.31~20.04.22
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6325-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609,
CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,
CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1038.43
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1026.31~20.04.1
Ubuntu Security Notice USN-6325-1
August 31, 2023
linux-gkeop-5.15, linux-intel-iotg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1038-intel-iotg 5.15.0-1038.43
linux-image-intel-iotg 5.15.0.1038.37
Ubuntu 20.04 LTS:
linux-image-5.15.0-1026-gkeop 5.15.0-1026.31~20.04.1
linux-image-gkeop-5.15 5.15.0.1026.31~20.04.22
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6325-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609,
CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,
CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1038.43
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1026.31~20.04.1
Inactive provenpackagers policy for the f39 cycle
This is a bit late on schedule, but...
In accordance with FESCo policy[1], the following provenpackagers will
be submitted for removal in two weeks based on a lack of Koji builds
submitted in the last six months. If you received this directly, you
can reply off-list to indicate you should still be in the
provenpackager group.
Note that removal from this group is not a "punishment" or a lack of
appreciation for the work you have done. The intent of the process is
to ensure contributors with distro-wide package privileges are still
active and responsive. This process is done regularly at the branch
point in each release.
[1]
https://docs.fedoraproject.org/en-US/fesco/Provenpackager_policy/#_maintaining_provenpackager_status
================
Checked 132 provenpackagers
The following 10 provenpackagers have not submitted a Koji build since
at least 2023-02-23 00:00:00:
puiterwijk
ajax
rdieter
ausil
pjones
hguemar
jwilson
law
wtogami
steve
================
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
In accordance with FESCo policy[1], the following provenpackagers will
be submitted for removal in two weeks based on a lack of Koji builds
submitted in the last six months. If you received this directly, you
can reply off-list to indicate you should still be in the
provenpackager group.
Note that removal from this group is not a "punishment" or a lack of
appreciation for the work you have done. The intent of the process is
to ensure contributors with distro-wide package privileges are still
active and responsive. This process is done regularly at the branch
point in each release.
[1]
https://docs.fedoraproject.org/en-US/fesco/Provenpackager_policy/#_maintaining_provenpackager_status
================
Checked 132 provenpackagers
The following 10 provenpackagers have not submitted a Koji build since
at least 2023-02-23 00:00:00:
puiterwijk
ajax
rdieter
ausil
pjones
hguemar
jwilson
law
wtogami
steve
================
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Wednesday, August 30, 2023
[USN-6323-1] FRR vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGJo5iQBEADBDrePgICrxsoCWxlAiEKAgZgqeX1XhHxhDCkprNwOA9ZEU7G9
77BEHgYLSrAh3LraWYK+piBXBuHdg8KCUppUmEC4GtiHg+KxtxRjgZn/tjLD6vgZ
kwZYs0KXQVCK2bhSL0paEA78Xcx1B6xa8JArnjk87VoNl6RCjJESXkwlqGtQTEOp
bNxBy5Pd0T33xYeKcOz0GWY5ndkU1gD7NtMZdWZ8vcQclLquQO5OE33OhK78cU4Z
k4xFL5I5R4rBhlrOsw002bbD0+QI6wUKQByHfvcAz59eHS/wJOrAY/1p+IKql/4f
sRQQSRPSc+3CqELdxzF2s+AG0PciQms3RVYT6czH28Ce9C9BDAENga28FvQDf5Zi
STUeXZm0XJ9g+dLg+6FBPHp9wX+ybfAmIRXQlV4D6DledQAWjoBy3j09JOGQGSH0
S3EbQ68Qn2xyGBlYeFCZbMlKDN8NrpVCx9Jf6dDb3Qv2Do1yIIRu5x0vwKlNsQG0
NffMryLCQ0tVBNNiwqrHIbmZEhSUEmKf6u+zZsx1JMewe6fRw3hf3VOzENH5tGpZ
Z1Yg8m3E2yiXmPJ9cX3iZD0l7/L8CEiuMWt/q/NEDnKsGovi9N1r04Yxxo5lWoHr
+4taaOnC2C7YEHICIWx3lEU0lm24PbNG4QBJCJ8ctwG2rV3AMILCVSzW0QARAQAB
zSVNYXJrIEVzbGVyIDxtYXJrLmVzbGVyQGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+
FiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmJo5iQCGwMFCQPCZwAFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQ1guDyQUTvU/Gqw/9F5ko+KS9CRXXcp4SkdhHB6aG
tD9rEJycEywPymmI+OwCJppmbQBzzwW7QGLHi8TTiWnWMSeikhSh0p9pPCc9rhLt
tYDlGZwoxXPt7PwS0k9JjITNviTNZD6uHIoYmFMxS65qdh7s7OSQj4+nTij1b+dV
qzaG4krGB/pav2D2adt4k02KfqIkPiLY0Jo+o8hKOx2HRh8xqEU/eySRtVvIx55c
D4Qh63KQv465Afz+QuKsbxuqA2iboUP/srYtMQtFi8TCF7/5gLwDbGDgOAYhIxyf
vgAH5dbBFB8lIMPjIeTbP0lE+xMHUmQsKhtYICnjhnGRJeT6vBlDFuUar5DYA3fI
m9LEAf1T1eMK4FBUSCv+cULlT9+rsHDbG6tiZU/BDp/mkKFs2Ax9W68+fgXy7bor
ixrgDhfSCsYWaxLsXW/GEmyCbp30PZlLr6kvfQq7CMEjeE79FEsef7/ppRH/t+mv
6p2xhb+DDbvqzcQZ7LQn3+PLxkR37spQRvevPxpx000CqTO5gV19w/2ZSPydm2Zd
44XSranzwDdD4o5ZsMXAPuCNlVAVzxAhxNj2QQL7xh9bdDDmM9Z7qBPwFX42n7mw
ryjBHqMtrSCSI8hupSh2B/bQSRyWd3/KQ2vlJMoq7H5EJiJYpb3blvb4tfoSfEag
PqYV1jJEcKImOGs988rOwU0EYmjmJAEQAL0wGwC8P1qj0fuLaFpPKBAFtxBqnJJc
c+63DjQ17/QJrYpKwGGkW6fz/Nn0nUDf88FdrHd7t6a9c3m82/gvsr8VjAD4SISp
DjPIpfCj5gWGAuhATWB0pwjWRsgFkIThaa0px6ZJFGdU9lJmi633Xsk4s9bws8kZ
pnwtk+StRueqcSElfLw1/gbu6EhcEH62iBb2qlRhgtntgy1dcnqDEQhcdccWSgna
+ZlDIo3Z75RWoIXxrtzUe9PDdG4Ou+k/H96mS7pZdmU6elbQlcDGYegYGH6OTYjv
Zyl81ACN9Y3Fcmc+luBMeuyQndHFnG6rjOwHr6iM9ZKRBq03QiAAp4vooPyLqG9n
ZmoeLH0Q7L2pVIwroVtsJvnjws5z3DujguZcLYCeA/WEXj8p0lYy9WVGrfJ7LyLp
+Uj7AdXFB6msED51Swb6QkpWrcC7V2COKZmfYGXFy7PdIwWeqgYjJ0zqEldHGDTD
V0yTuuER2bJ/T1WBVy9U46/KRUXYevgCZFGPbyO/vKLwKVbrbkimULMFcPJpKinF
PQs0ch7HA6PPog0wbux5Bm9O78lzYo/WFlvofFKTzfGEsnifCVXkcsu0Qp8m6DQZ
yeFO8SH3DHaHFaPKc3JYEFTdmP0PdvH8aqb5TVTb8G+hvxktDkCuCrlaoFVSCNhI
WfJ6rAxxYGuNABEBAAHCwXwEGAEKACYWIQQtOxD+hm4kyov31C3WC4PJBRO9TwUC
YmjmJAIbDAUJA8JnAAAKCRDWC4PJBRO9T3SnEACEprj9LsxvhbM6A/aLk3la8UD9
MYtLSmbl+KPGEvP0r7viPftolgV8O+tRG09Z7Wd/63WsHjA2Psgwdm49BziL8tCf
ONfVXCojPxR/uyL5ykPHSE/yC+mz3DTPWcncGCdteil6Cw43MHNCm2oYJ38VXAwV
9pikHeO5Pj5xukmc/bQr3v3NrDQI+AQpNbWs2r4vw+y01IidmMh12RkuGi2UYOga
jvfDeoSSEF7VJ6Qlij9UjatkbZpSHjn2rf+B9DdlkRNr5Vfd9/xaSFQoazdgNS/Q
HqOeZ+9HqNrUlHTH9BUaTkmV6MDXtEjVGfROXxXPw/q29QUzZUZE3agqmuxB3yar
PjW24mNu5Kd22rb06blTfBO0o7DOX9UwOVLfFLejfWAYANuXilcju9/3dHRsv6o9
9tGfRxJIMOPVY6JgswYISB7CwdA+Uda6UvU+qwYCRi7B8L13H3uhDKzA5sgRZnz2
oQw+bOB/ErZv78NVnhrdy9LAkLk0U8RVvH8sWPco4ZjQVou6wDMEsKaIlioU8x6n
YOi8LBpijWpaKEpCbU4nRdV/4d3eWr7tu1MWGcm70C6mrjypxI6TVCPg+gimjM4D
7LOpJKZJVGQg9JYPUhccp27Nn/3L2/Y9F3tKUfCTPHanOzHg4KNRRUr8CQD8qi+8
nWqztY9OeZjz0vagYM7BTQRiaOZoARAA6bzogRYAMYdwU2BsWFurvrghzEbqjguN
XwBiQ/90kXb3exYZvGXTCxdrV5FRjPU6eeX2TAyZRt6XnK6nyrZFlRAcXeWCeo05
d+mdK6fv4iOc/T0JeMZCrNm4BDjcGNOr7KImVQTNuoN9nVieVQSK/hRpSFPkNLbn
1oemHqZitxoI5HCBAVQrKR8d0REzn9Y1jdCHkhgSNaEcAww6CgF2Mlsw5txhmIh9
IZircfAzGU6lI1MgjPkDOFPDdwIoc8xtuAJB/G6gT8Ot9FQ3EMaV2zPTL7Jd1ZQR
hOrs75gjLlhOyYYb5Y3isaMKzUMYKQDFWrCws/sGEm2TwbD5gI6ipa2r71DcGijj
GJQITAQsS+rdUKBts+DPKfZR4nlLq41/utA4LJL2y33SFXeqylyIoKPs1FJ0JZyM
VXiWQyxAuPjYJPZbcSh8exj6rct/QVZgztSuvKxeaEqZ/xwkQ/uHWZxQy7lZxBbw
LCVH8HxVApD/tc3/U/jQjtQSblX3KnMia5rHjX+p9tYSSeLNPA99KNrqwLdDh9Mz
/Rm131NUHwlOEIpSeqDfs1+jQYy0QdZnxDHrIVnpIz6M8IVFRBo4LQmi0sPkzzEZ
A29s3+IzofztGXf+b+vZAmnOrQEgNPjdIVHfvQJVqcm1JdOzyuHEvN8IiV/90RAP
r2NqNrtRjQMAEQEAAcLBfAQYAQoAJhYhBC07EP6GbiTKi/fULdYLg8kFE71PBQJi
aOZoAhsgBQkDwmcAAAoJENYLg8kFE71PE2wQAK2ntrQ0902+a3KC/Ak7VhOTV0c0
my8e7mqesYRGXB158P7UJZS1grU6MjBbMsArFdshTRquSmEOnAB6ahnD+JNq+Jzf
9QKknvekzkjlC11FxTHMGncKnScsu8Vont+rFBA66JYLrh7my5CpzijTVTYC9HcA
SbnW0IzzJl90cVh5tC9S+m6Dh3kNcujWyJ8D+ceaEhwYE2LgbbDUSJa2p1tBiXQ6
SGu6nX0nyXL5p7zzRhAl/ao5cZ/FTijvdQe1Vzm7qArKj6A3ir5YOWzSnaCbfbSm
J2pPgZZCNybzStmcoZ73GgBJxIh89vixfBRLTJVECePLTw2gBmoxR1ziqs0pKW3H
y3VKBb+QMJAVmRwRlonMTgT5gHa8bCL8U7Qvx9jOrApOEqFee3dytIOoVsCUkNh0
vOKmlLuqrIopdbJm8F58qOV/eR5chfxax9jOSHkZ812LyMyxr8y6wn3d26XF4Ho1
tGRAYDI77qaLxaPbzIFas1t9X/+U+sz3Bg0exmi9/mp9wwvLJh3XOC+2MaHzBXGl
x+MvgOYIvEtZXVvfwjay19rhJRvn0D497VaVrhw7md5IbKY42h5qUCCzlHsqHEe5
YDxswWadH4fZhy+cEatf29lYJ2BaK+PIsmp22bxbxdGdoZ2cbqQXIko+3XxaiVp5
z7V5USx9zNkfsrbz
=3tFx
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmTwAxoFAwAAAAAACgkQ1guDyQUTvU/r
Sw//VbWodbDuFqNrEPtTzyzfUnNJwBkK0j/aZZta0YYupKDoPWvhHBxYmzjqXS1YWQN+PDNWqTeg
CGRjG6XmBUi5v6uDkDceXsqS3KBdzTrVd0eNGfoJeU9joZAFvGqd1zqsBnpHSTYmQL8PjKX6lkzh
TRagFs8UxQ1OOOpX7pXw5NtegsSZeHlhHLa3zS0EH6irCWB9TBrKeN8Ktc0MXQ/lTs0ejE+vPaFQ
pHvu3VIAFhMiQAuwUp+LY51/YxvfEzqgL6QQy0SnPbiwicOe13zbNKgZjCZB3wUGS7WhfnkVNar8
brbrMiR4/yuBdzljA2rbiHKUKafLRFA+Q7Zyvn96UzIo8e6swGCsxjNcONEXX7cdbzMUr+bXyDoy
QaVauRd7U2T74OGwdPrj3xTfi66m7XLWfMOH8UucvvhmpfHXtcQtiq2VV3wWOL7lw1nBHC2IVMyW
2F8OWZOqNWfdzTpG9E4qqPEls9Xrfr3YCgTcZttm2cDbDWy6LZvrX84PDeLljWVP0HOksGSpZzY4
E5jmUlaIS0x6oLf2xjpg9uER+XfSMWmZBq4P6OMKq1SKZ7tSmIbDznL4QPj3bzm0pazWwKWVHrrA
uMBLwWHe+mjQxidA3x++Wrf7psGrbznWgimXWa4EBNnTyt0fjbnb/G7K2e7EnJ0BgNlcaW1ZT/LE
qAg=
=2y6f
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6323-1
August 31, 2023
frr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
FRR could be made to close sessions if it received speacially
crafted network traffic.
Software Description:
- frr: FRRouting suite of internet protocols
Details:
Ben Cartwright-Cox discovered that FRR did not handle RFC 7606
attributes properly. A remote attacker could possibly use this to
cause denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
frr 8.4.2-1ubuntu1.3
Ubuntu 22.04 LTS:
frr 8.1-1ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6323-1
CVE-2023-31490
Package Information:
https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.3
https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.5
xsFNBGJo5iQBEADBDrePgICrxsoCWxlAiEKAgZgqeX1XhHxhDCkprNwOA9ZEU7G9
77BEHgYLSrAh3LraWYK+piBXBuHdg8KCUppUmEC4GtiHg+KxtxRjgZn/tjLD6vgZ
kwZYs0KXQVCK2bhSL0paEA78Xcx1B6xa8JArnjk87VoNl6RCjJESXkwlqGtQTEOp
bNxBy5Pd0T33xYeKcOz0GWY5ndkU1gD7NtMZdWZ8vcQclLquQO5OE33OhK78cU4Z
k4xFL5I5R4rBhlrOsw002bbD0+QI6wUKQByHfvcAz59eHS/wJOrAY/1p+IKql/4f
sRQQSRPSc+3CqELdxzF2s+AG0PciQms3RVYT6czH28Ce9C9BDAENga28FvQDf5Zi
STUeXZm0XJ9g+dLg+6FBPHp9wX+ybfAmIRXQlV4D6DledQAWjoBy3j09JOGQGSH0
S3EbQ68Qn2xyGBlYeFCZbMlKDN8NrpVCx9Jf6dDb3Qv2Do1yIIRu5x0vwKlNsQG0
NffMryLCQ0tVBNNiwqrHIbmZEhSUEmKf6u+zZsx1JMewe6fRw3hf3VOzENH5tGpZ
Z1Yg8m3E2yiXmPJ9cX3iZD0l7/L8CEiuMWt/q/NEDnKsGovi9N1r04Yxxo5lWoHr
+4taaOnC2C7YEHICIWx3lEU0lm24PbNG4QBJCJ8ctwG2rV3AMILCVSzW0QARAQAB
zSVNYXJrIEVzbGVyIDxtYXJrLmVzbGVyQGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+
FiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmJo5iQCGwMFCQPCZwAFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQ1guDyQUTvU/Gqw/9F5ko+KS9CRXXcp4SkdhHB6aG
tD9rEJycEywPymmI+OwCJppmbQBzzwW7QGLHi8TTiWnWMSeikhSh0p9pPCc9rhLt
tYDlGZwoxXPt7PwS0k9JjITNviTNZD6uHIoYmFMxS65qdh7s7OSQj4+nTij1b+dV
qzaG4krGB/pav2D2adt4k02KfqIkPiLY0Jo+o8hKOx2HRh8xqEU/eySRtVvIx55c
D4Qh63KQv465Afz+QuKsbxuqA2iboUP/srYtMQtFi8TCF7/5gLwDbGDgOAYhIxyf
vgAH5dbBFB8lIMPjIeTbP0lE+xMHUmQsKhtYICnjhnGRJeT6vBlDFuUar5DYA3fI
m9LEAf1T1eMK4FBUSCv+cULlT9+rsHDbG6tiZU/BDp/mkKFs2Ax9W68+fgXy7bor
ixrgDhfSCsYWaxLsXW/GEmyCbp30PZlLr6kvfQq7CMEjeE79FEsef7/ppRH/t+mv
6p2xhb+DDbvqzcQZ7LQn3+PLxkR37spQRvevPxpx000CqTO5gV19w/2ZSPydm2Zd
44XSranzwDdD4o5ZsMXAPuCNlVAVzxAhxNj2QQL7xh9bdDDmM9Z7qBPwFX42n7mw
ryjBHqMtrSCSI8hupSh2B/bQSRyWd3/KQ2vlJMoq7H5EJiJYpb3blvb4tfoSfEag
PqYV1jJEcKImOGs988rOwU0EYmjmJAEQAL0wGwC8P1qj0fuLaFpPKBAFtxBqnJJc
c+63DjQ17/QJrYpKwGGkW6fz/Nn0nUDf88FdrHd7t6a9c3m82/gvsr8VjAD4SISp
DjPIpfCj5gWGAuhATWB0pwjWRsgFkIThaa0px6ZJFGdU9lJmi633Xsk4s9bws8kZ
pnwtk+StRueqcSElfLw1/gbu6EhcEH62iBb2qlRhgtntgy1dcnqDEQhcdccWSgna
+ZlDIo3Z75RWoIXxrtzUe9PDdG4Ou+k/H96mS7pZdmU6elbQlcDGYegYGH6OTYjv
Zyl81ACN9Y3Fcmc+luBMeuyQndHFnG6rjOwHr6iM9ZKRBq03QiAAp4vooPyLqG9n
ZmoeLH0Q7L2pVIwroVtsJvnjws5z3DujguZcLYCeA/WEXj8p0lYy9WVGrfJ7LyLp
+Uj7AdXFB6msED51Swb6QkpWrcC7V2COKZmfYGXFy7PdIwWeqgYjJ0zqEldHGDTD
V0yTuuER2bJ/T1WBVy9U46/KRUXYevgCZFGPbyO/vKLwKVbrbkimULMFcPJpKinF
PQs0ch7HA6PPog0wbux5Bm9O78lzYo/WFlvofFKTzfGEsnifCVXkcsu0Qp8m6DQZ
yeFO8SH3DHaHFaPKc3JYEFTdmP0PdvH8aqb5TVTb8G+hvxktDkCuCrlaoFVSCNhI
WfJ6rAxxYGuNABEBAAHCwXwEGAEKACYWIQQtOxD+hm4kyov31C3WC4PJBRO9TwUC
YmjmJAIbDAUJA8JnAAAKCRDWC4PJBRO9T3SnEACEprj9LsxvhbM6A/aLk3la8UD9
MYtLSmbl+KPGEvP0r7viPftolgV8O+tRG09Z7Wd/63WsHjA2Psgwdm49BziL8tCf
ONfVXCojPxR/uyL5ykPHSE/yC+mz3DTPWcncGCdteil6Cw43MHNCm2oYJ38VXAwV
9pikHeO5Pj5xukmc/bQr3v3NrDQI+AQpNbWs2r4vw+y01IidmMh12RkuGi2UYOga
jvfDeoSSEF7VJ6Qlij9UjatkbZpSHjn2rf+B9DdlkRNr5Vfd9/xaSFQoazdgNS/Q
HqOeZ+9HqNrUlHTH9BUaTkmV6MDXtEjVGfROXxXPw/q29QUzZUZE3agqmuxB3yar
PjW24mNu5Kd22rb06blTfBO0o7DOX9UwOVLfFLejfWAYANuXilcju9/3dHRsv6o9
9tGfRxJIMOPVY6JgswYISB7CwdA+Uda6UvU+qwYCRi7B8L13H3uhDKzA5sgRZnz2
oQw+bOB/ErZv78NVnhrdy9LAkLk0U8RVvH8sWPco4ZjQVou6wDMEsKaIlioU8x6n
YOi8LBpijWpaKEpCbU4nRdV/4d3eWr7tu1MWGcm70C6mrjypxI6TVCPg+gimjM4D
7LOpJKZJVGQg9JYPUhccp27Nn/3L2/Y9F3tKUfCTPHanOzHg4KNRRUr8CQD8qi+8
nWqztY9OeZjz0vagYM7BTQRiaOZoARAA6bzogRYAMYdwU2BsWFurvrghzEbqjguN
XwBiQ/90kXb3exYZvGXTCxdrV5FRjPU6eeX2TAyZRt6XnK6nyrZFlRAcXeWCeo05
d+mdK6fv4iOc/T0JeMZCrNm4BDjcGNOr7KImVQTNuoN9nVieVQSK/hRpSFPkNLbn
1oemHqZitxoI5HCBAVQrKR8d0REzn9Y1jdCHkhgSNaEcAww6CgF2Mlsw5txhmIh9
IZircfAzGU6lI1MgjPkDOFPDdwIoc8xtuAJB/G6gT8Ot9FQ3EMaV2zPTL7Jd1ZQR
hOrs75gjLlhOyYYb5Y3isaMKzUMYKQDFWrCws/sGEm2TwbD5gI6ipa2r71DcGijj
GJQITAQsS+rdUKBts+DPKfZR4nlLq41/utA4LJL2y33SFXeqylyIoKPs1FJ0JZyM
VXiWQyxAuPjYJPZbcSh8exj6rct/QVZgztSuvKxeaEqZ/xwkQ/uHWZxQy7lZxBbw
LCVH8HxVApD/tc3/U/jQjtQSblX3KnMia5rHjX+p9tYSSeLNPA99KNrqwLdDh9Mz
/Rm131NUHwlOEIpSeqDfs1+jQYy0QdZnxDHrIVnpIz6M8IVFRBo4LQmi0sPkzzEZ
A29s3+IzofztGXf+b+vZAmnOrQEgNPjdIVHfvQJVqcm1JdOzyuHEvN8IiV/90RAP
r2NqNrtRjQMAEQEAAcLBfAQYAQoAJhYhBC07EP6GbiTKi/fULdYLg8kFE71PBQJi
aOZoAhsgBQkDwmcAAAoJENYLg8kFE71PE2wQAK2ntrQ0902+a3KC/Ak7VhOTV0c0
my8e7mqesYRGXB158P7UJZS1grU6MjBbMsArFdshTRquSmEOnAB6ahnD+JNq+Jzf
9QKknvekzkjlC11FxTHMGncKnScsu8Vont+rFBA66JYLrh7my5CpzijTVTYC9HcA
SbnW0IzzJl90cVh5tC9S+m6Dh3kNcujWyJ8D+ceaEhwYE2LgbbDUSJa2p1tBiXQ6
SGu6nX0nyXL5p7zzRhAl/ao5cZ/FTijvdQe1Vzm7qArKj6A3ir5YOWzSnaCbfbSm
J2pPgZZCNybzStmcoZ73GgBJxIh89vixfBRLTJVECePLTw2gBmoxR1ziqs0pKW3H
y3VKBb+QMJAVmRwRlonMTgT5gHa8bCL8U7Qvx9jOrApOEqFee3dytIOoVsCUkNh0
vOKmlLuqrIopdbJm8F58qOV/eR5chfxax9jOSHkZ812LyMyxr8y6wn3d26XF4Ho1
tGRAYDI77qaLxaPbzIFas1t9X/+U+sz3Bg0exmi9/mp9wwvLJh3XOC+2MaHzBXGl
x+MvgOYIvEtZXVvfwjay19rhJRvn0D497VaVrhw7md5IbKY42h5qUCCzlHsqHEe5
YDxswWadH4fZhy+cEatf29lYJ2BaK+PIsmp22bxbxdGdoZ2cbqQXIko+3XxaiVp5
z7V5USx9zNkfsrbz
=3tFx
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELTsQ/oZuJMqL99Qt1guDyQUTvU8FAmTwAxoFAwAAAAAACgkQ1guDyQUTvU/r
Sw//VbWodbDuFqNrEPtTzyzfUnNJwBkK0j/aZZta0YYupKDoPWvhHBxYmzjqXS1YWQN+PDNWqTeg
CGRjG6XmBUi5v6uDkDceXsqS3KBdzTrVd0eNGfoJeU9joZAFvGqd1zqsBnpHSTYmQL8PjKX6lkzh
TRagFs8UxQ1OOOpX7pXw5NtegsSZeHlhHLa3zS0EH6irCWB9TBrKeN8Ktc0MXQ/lTs0ejE+vPaFQ
pHvu3VIAFhMiQAuwUp+LY51/YxvfEzqgL6QQy0SnPbiwicOe13zbNKgZjCZB3wUGS7WhfnkVNar8
brbrMiR4/yuBdzljA2rbiHKUKafLRFA+Q7Zyvn96UzIo8e6swGCsxjNcONEXX7cdbzMUr+bXyDoy
QaVauRd7U2T74OGwdPrj3xTfi66m7XLWfMOH8UucvvhmpfHXtcQtiq2VV3wWOL7lw1nBHC2IVMyW
2F8OWZOqNWfdzTpG9E4qqPEls9Xrfr3YCgTcZttm2cDbDWy6LZvrX84PDeLljWVP0HOksGSpZzY4
E5jmUlaIS0x6oLf2xjpg9uER+XfSMWmZBq4P6OMKq1SKZ7tSmIbDznL4QPj3bzm0pazWwKWVHrrA
uMBLwWHe+mjQxidA3x++Wrf7psGrbznWgimXWa4EBNnTyt0fjbnb/G7K2e7EnJ0BgNlcaW1ZT/LE
qAg=
=2y6f
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6323-1
August 31, 2023
frr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
FRR could be made to close sessions if it received speacially
crafted network traffic.
Software Description:
- frr: FRRouting suite of internet protocols
Details:
Ben Cartwright-Cox discovered that FRR did not handle RFC 7606
attributes properly. A remote attacker could possibly use this to
cause denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
frr 8.4.2-1ubuntu1.3
Ubuntu 22.04 LTS:
frr 8.1-1ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6323-1
CVE-2023-31490
Package Information:
https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.3
https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.5
[USN-6322-1] elfutils vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6322-1
August 30, 2023
elfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in elfutils.
Software Description:
- elfutils: collection of utilities to handle ELF objects
Details:
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665)
It was discovered that elfutils incorrectly handled bounds checks in
certain functions when processing malformed files. If a user or automated
system were tricked into processing a specially crafted file, elfutils
could be made to crash or consume resources, resulting in a denial of
service. (CVE-2020-21047, CVE-2021-33294)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
elfutils 0.176-1.1ubuntu0.1
libasm1 0.176-1.1ubuntu0.1
libdw1 0.176-1.1ubuntu0.1
libelf1 0.176-1.1ubuntu0.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
elfutils 0.170-0.4ubuntu0.1+esm1
libasm1 0.170-0.4ubuntu0.1+esm1
libdw1 0.170-0.4ubuntu0.1+esm1
libelf1 0.170-0.4ubuntu0.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
elfutils 0.165-3ubuntu1.2+esm1
libasm1 0.165-3ubuntu1.2+esm1
libdw1 0.165-3ubuntu1.2+esm1
libelf1 0.165-3ubuntu1.2+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
elfutils 0.158-0ubuntu5.3+esm1
libasm1 0.158-0ubuntu5.3+esm1
libdw1 0.158-0ubuntu5.3+esm1
libelf1 0.158-0ubuntu5.3+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6322-1
CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520,
CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665,
CVE-2020-21047, CVE-2021-33294
Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.176-1.1ubuntu0.1
Ubuntu Security Notice USN-6322-1
August 30, 2023
elfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in elfutils.
Software Description:
- elfutils: collection of utilities to handle ELF objects
Details:
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665)
It was discovered that elfutils incorrectly handled bounds checks in
certain functions when processing malformed files. If a user or automated
system were tricked into processing a specially crafted file, elfutils
could be made to crash or consume resources, resulting in a denial of
service. (CVE-2020-21047, CVE-2021-33294)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
elfutils 0.176-1.1ubuntu0.1
libasm1 0.176-1.1ubuntu0.1
libdw1 0.176-1.1ubuntu0.1
libelf1 0.176-1.1ubuntu0.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
elfutils 0.170-0.4ubuntu0.1+esm1
libasm1 0.170-0.4ubuntu0.1+esm1
libdw1 0.170-0.4ubuntu0.1+esm1
libelf1 0.170-0.4ubuntu0.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
elfutils 0.165-3ubuntu1.2+esm1
libasm1 0.165-3ubuntu1.2+esm1
libdw1 0.165-3ubuntu1.2+esm1
libelf1 0.165-3ubuntu1.2+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
elfutils 0.158-0ubuntu5.3+esm1
libasm1 0.158-0ubuntu5.3+esm1
libdw1 0.158-0ubuntu5.3+esm1
libelf1 0.158-0ubuntu5.3+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6322-1
CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520,
CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665,
CVE-2020-21047, CVE-2021-33294
Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.176-1.1ubuntu0.1
[USN-6321-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6321-1
August 30, 2023
linux-gcp, linux-starfive vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-starfive: Linux kernel for StarFive processors
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1003-starfive 6.2.0-1003.3
linux-image-6.2.0-1012-gcp 6.2.0-1012.12
linux-image-gcp 6.2.0.1012.12
linux-image-starfive 6.2.0.1003.6
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6321-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1012.12
https://launchpad.net/ubuntu/+source/linux-starfive/6.2.0-1003.3
Ubuntu Security Notice USN-6321-1
August 30, 2023
linux-gcp, linux-starfive vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-starfive: Linux kernel for StarFive processors
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1003-starfive 6.2.0-1003.3
linux-image-6.2.0-1012-gcp 6.2.0-1012.12
linux-image-gcp 6.2.0.1012.12
linux-image-starfive 6.2.0.1003.6
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6321-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1012.12
https://launchpad.net/ubuntu/+source/linux-starfive/6.2.0-1003.3
[USN-6263-2] OpenJDK regression
==========================================================================
Ubuntu Security Notice USN-6263-2
August 30, 2023
openjdk-lts, openjdk-17 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
USN-6263-1 introduced a regression in OpenJDK 11 and OpenJDK 17.
Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-lts: Open Source Java implementation
Details:
USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update
introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11
and OpenJDK 17. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Motoyasu Saburi discovered that OpenJDK incorrectly handled special
characters in file name parameters. An attacker could possibly use
this issue to insert, edit or obtain sensitive information. This issue
only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006)
Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP
archives. An attacker could possibly use this issue to cause a denial
of service. This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-22036)
David Stancu discovered that OpenJDK had a flaw in the AES cipher
implementation. An attacker could possibly use this issue to obtain
sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-22041)
Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses
when using the binary '%' operator. An attacker could possibly use this
issue to obtain sensitive information. This issue only affected OpenJDK 17.
(CVE-2023-22044)
Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2023-22045)
It was discovered that OpenJDK incorrectly sanitized URIs strings. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-22049)
It was discovered that OpenJDK incorrectly handled certain glyphs. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-25193)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~23.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~23.04
Ubuntu 22.04 LTS:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~22.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~22.04
Ubuntu 20.04 LTS:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~20.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~20.04
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~18.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~18.04
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6263-2
https://ubuntu.com/security/notices/USN-6263-1
https://launchpad.net/bugs/2032865
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~20.04
Ubuntu Security Notice USN-6263-2
August 30, 2023
openjdk-lts, openjdk-17 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
USN-6263-1 introduced a regression in OpenJDK 11 and OpenJDK 17.
Software Description:
- openjdk-17: Open Source Java implementation
- openjdk-lts: Open Source Java implementation
Details:
USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update
introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11
and OpenJDK 17. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Motoyasu Saburi discovered that OpenJDK incorrectly handled special
characters in file name parameters. An attacker could possibly use
this issue to insert, edit or obtain sensitive information. This issue
only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006)
Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP
archives. An attacker could possibly use this issue to cause a denial
of service. This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-22036)
David Stancu discovered that OpenJDK had a flaw in the AES cipher
implementation. An attacker could possibly use this issue to obtain
sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-22041)
Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses
when using the binary '%' operator. An attacker could possibly use this
issue to obtain sensitive information. This issue only affected OpenJDK 17.
(CVE-2023-22044)
Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2023-22045)
It was discovered that OpenJDK incorrectly sanitized URIs strings. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. (CVE-2023-22049)
It was discovered that OpenJDK incorrectly handled certain glyphs. An
attacker could possibly use this issue to cause a denial of service.
This issue only affected OpenJDK 11 and OpenJDK 17.
(CVE-2023-25193)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~23.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~23.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~23.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~23.04
Ubuntu 22.04 LTS:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~22.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~22.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~22.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~22.04
Ubuntu 20.04 LTS:
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~20.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~20.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~20.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~20.04
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
openjdk-11-jdk 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre-headless 11.0.20.1+1-0ubuntu1~18.04
openjdk-11-jre-zero 11.0.20.1+1-0ubuntu1~18.04
openjdk-17-jdk 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre-headless 17.0.8.1+1~us1-0ubuntu1~18.04
openjdk-17-jre-zero 17.0.8.1+1~us1-0ubuntu1~18.04
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6263-2
https://ubuntu.com/security/notices/USN-6263-1
https://launchpad.net/bugs/2032865
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~23.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8.1+1~us1-0ubuntu1~20.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20.1+1-0ubuntu1~20.04
[USN-6320-1] Firefox vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6320-1
August 30, 2023
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-4573,
CVE-2023-4574, CVE-2023-4575, CVE-2023-4578, CVE-2023-4581, CVE-2023-4583,
CVE-2023-4584, CVE-2023-4585)
Lukas Bernhard discovered that Firefox did not properly manage memory when
the "UpdateRegExpStatics" attempted to access "initialStringHeap". An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4577)
Malte Jürgens discovered that Firefox did not properly handle search
queries if the search query itself was a well formed URL. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-4579)
Harveer Singh discovered that Firefox did not properly handle push
notifications stored on disk in private browsing mode. An attacker could
potentially exploits this issue to access sensitive information.
(CVE-2023-4580)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 117.0+build2-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-6320-1
CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577,
CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4581,
CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
Package Information:
https://launchpad.net/ubuntu/+source/firefox/117.0+build2-0ubuntu0.20.04.1
Ubuntu Security Notice USN-6320-1
August 30, 2023
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-4573,
CVE-2023-4574, CVE-2023-4575, CVE-2023-4578, CVE-2023-4581, CVE-2023-4583,
CVE-2023-4584, CVE-2023-4585)
Lukas Bernhard discovered that Firefox did not properly manage memory when
the "UpdateRegExpStatics" attempted to access "initialStringHeap". An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4577)
Malte Jürgens discovered that Firefox did not properly handle search
queries if the search query itself was a well formed URL. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-4579)
Harveer Singh discovered that Firefox did not properly handle push
notifications stored on disk in private browsing mode. An attacker could
potentially exploits this issue to access sensitive information.
(CVE-2023-4580)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
firefox 117.0+build2-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-6320-1
CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577,
CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4581,
CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
Package Information:
https://launchpad.net/ubuntu/+source/firefox/117.0+build2-0ubuntu0.20.04.1
Tuesday, August 29, 2023
[USN-6319-1] AMD Microcode vulnerability
==========================================================================
Ubuntu Security Notice USN-6319-1
August 30, 2023
amd64-microcode vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
AMD processors may allow an attacker to expose sensitive information due to a
speculative execution vulnerability.
Software Description:
- amd64-microcode: Processor microcode firmware for AMD CPUs
Details:
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
amd64-microcode 3.20220411.1ubuntu3.2
Ubuntu 22.04 LTS:
amd64-microcode 3.20191218.1ubuntu2.2
Ubuntu 20.04 LTS:
amd64-microcode 3.20191218.1ubuntu1.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
amd64-microcode 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
amd64-microcode 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6319-1
CVE-2023-20569
Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20220411.1ubuntu3.2
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.2
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.2
Ubuntu Security Notice USN-6319-1
August 30, 2023
amd64-microcode vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
AMD processors may allow an attacker to expose sensitive information due to a
speculative execution vulnerability.
Software Description:
- amd64-microcode: Processor microcode firmware for AMD CPUs
Details:
Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
amd64-microcode 3.20220411.1ubuntu3.2
Ubuntu 22.04 LTS:
amd64-microcode 3.20191218.1ubuntu2.2
Ubuntu 20.04 LTS:
amd64-microcode 3.20191218.1ubuntu1.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
amd64-microcode 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
amd64-microcode 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6319-1
CVE-2023-20569
Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20220411.1ubuntu3.2
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.2
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.2
[USN-6318-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6318-1
August 29, 2023
linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm,
linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-6.2: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-6.2: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-6.2: Linux low latency kernel
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1008-ibm 6.2.0-1008.8
linux-image-6.2.0-1010-aws 6.2.0-1010.10
linux-image-6.2.0-1010-azure 6.2.0-1010.10
linux-image-6.2.0-1011-kvm 6.2.0-1011.11
linux-image-6.2.0-1011-lowlatency 6.2.0-1011.11
linux-image-6.2.0-1011-lowlatency-64k 6.2.0-1011.11
linux-image-6.2.0-1011-raspi 6.2.0-1011.13
linux-image-6.2.0-31-generic 6.2.0-31.31
linux-image-6.2.0-31-generic-64k 6.2.0-31.31
linux-image-6.2.0-31-generic-lpae 6.2.0-31.31
linux-image-aws 6.2.0.1010.11
linux-image-azure 6.2.0.1010.10
linux-image-generic 6.2.0.31.29
linux-image-generic-64k 6.2.0.31.29
linux-image-generic-lpae 6.2.0.31.29
linux-image-ibm 6.2.0.1008.8
linux-image-kvm 6.2.0.1011.11
linux-image-lowlatency 6.2.0.1011.11
linux-image-lowlatency-64k 6.2.0.1011.11
linux-image-raspi 6.2.0.1011.14
linux-image-raspi-nolpae 6.2.0.1011.14
linux-image-virtual 6.2.0.31.29
Ubuntu 22.04 LTS:
linux-image-6.2.0-1010-aws 6.2.0-1010.10~22.04.1
linux-image-6.2.0-1011-lowlatency 6.2.0-1011.11~22.04.1
linux-image-6.2.0-1011-lowlatency-64k 6.2.0-1011.11~22.04.1
linux-image-6.2.0-31-generic 6.2.0-31.31~22.04.1
linux-image-6.2.0-31-generic-64k 6.2.0-31.31~22.04.1
linux-image-6.2.0-31-generic-lpae 6.2.0-31.31~22.04.1
linux-image-aws 6.2.0.1010.10~22.04.1
linux-image-generic-64k-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-generic-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-generic-lpae-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-lowlatency-64k-hwe-22.04 6.2.0.1011.11~22.04.8
linux-image-lowlatency-hwe-22.04 6.2.0.1011.11~22.04.8
linux-image-virtual-hwe-22.04 6.2.0.31.31~22.04.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6318-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux/6.2.0-31.31
https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1010.10
https://launchpad.net/ubuntu/+source/linux-azure/6.2.0-1010.10
https://launchpad.net/ubuntu/+source/linux-ibm/6.2.0-1008.8
https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1011.11
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1011.13
https://launchpad.net/ubuntu/+source/linux-aws-6.2/6.2.0-1010.10~22.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.2/6.2.0-31.31~22.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.2/6.2.0-1011.11~22.04.1
Ubuntu Security Notice USN-6318-1
August 29, 2023
linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm,
linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-6.2: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-6.2: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-6.2: Linux low latency kernel
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
linux-image-6.2.0-1008-ibm 6.2.0-1008.8
linux-image-6.2.0-1010-aws 6.2.0-1010.10
linux-image-6.2.0-1010-azure 6.2.0-1010.10
linux-image-6.2.0-1011-kvm 6.2.0-1011.11
linux-image-6.2.0-1011-lowlatency 6.2.0-1011.11
linux-image-6.2.0-1011-lowlatency-64k 6.2.0-1011.11
linux-image-6.2.0-1011-raspi 6.2.0-1011.13
linux-image-6.2.0-31-generic 6.2.0-31.31
linux-image-6.2.0-31-generic-64k 6.2.0-31.31
linux-image-6.2.0-31-generic-lpae 6.2.0-31.31
linux-image-aws 6.2.0.1010.11
linux-image-azure 6.2.0.1010.10
linux-image-generic 6.2.0.31.29
linux-image-generic-64k 6.2.0.31.29
linux-image-generic-lpae 6.2.0.31.29
linux-image-ibm 6.2.0.1008.8
linux-image-kvm 6.2.0.1011.11
linux-image-lowlatency 6.2.0.1011.11
linux-image-lowlatency-64k 6.2.0.1011.11
linux-image-raspi 6.2.0.1011.14
linux-image-raspi-nolpae 6.2.0.1011.14
linux-image-virtual 6.2.0.31.29
Ubuntu 22.04 LTS:
linux-image-6.2.0-1010-aws 6.2.0-1010.10~22.04.1
linux-image-6.2.0-1011-lowlatency 6.2.0-1011.11~22.04.1
linux-image-6.2.0-1011-lowlatency-64k 6.2.0-1011.11~22.04.1
linux-image-6.2.0-31-generic 6.2.0-31.31~22.04.1
linux-image-6.2.0-31-generic-64k 6.2.0-31.31~22.04.1
linux-image-6.2.0-31-generic-lpae 6.2.0-31.31~22.04.1
linux-image-aws 6.2.0.1010.10~22.04.1
linux-image-generic-64k-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-generic-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-generic-lpae-hwe-22.04 6.2.0.31.31~22.04.8
linux-image-lowlatency-64k-hwe-22.04 6.2.0.1011.11~22.04.8
linux-image-lowlatency-hwe-22.04 6.2.0.1011.11~22.04.8
linux-image-virtual-hwe-22.04 6.2.0.31.31~22.04.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6318-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610,
CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux/6.2.0-31.31
https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1010.10
https://launchpad.net/ubuntu/+source/linux-azure/6.2.0-1010.10
https://launchpad.net/ubuntu/+source/linux-ibm/6.2.0-1008.8
https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1011.11
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1011.13
https://launchpad.net/ubuntu/+source/linux-aws-6.2/6.2.0-1010.10~22.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.2/6.2.0-31.31~22.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.2/6.2.0-1011.11~22.04.1
[USN-6316-1] Linux kernel (OEM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6316-1
August 29, 2023
linux-oem-6.1 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-6.1: Linux kernel for OEM systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-6.1.0-1020-oem 6.1.0-1020.20
linux-image-oem-22.04c 6.1.0.1020.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6316-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1020.20
Ubuntu Security Notice USN-6316-1
August 29, 2023
linux-oem-6.1 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-6.1: Linux kernel for OEM systems
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-6.1.0-1020-oem 6.1.0-1020.20
linux-image-oem-22.04c 6.1.0.1020.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6316-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3777, CVE-2023-3995,
CVE-2023-4004, CVE-2023-4015
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1020.20
[USN-6317-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6317-1
August 29, 2023
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm,
linux-oracle, linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1028-xilinx-zynqmp 5.4.0-1028.32
linux-image-5.4.0-1097-kvm 5.4.0-1097.103
linux-image-5.4.0-1107-oracle 5.4.0-1107.116
linux-image-5.4.0-1108-aws 5.4.0-1108.116
linux-image-5.4.0-1111-gcp 5.4.0-1111.120
linux-image-5.4.0-159-generic 5.4.0-159.176
linux-image-5.4.0-159-generic-lpae 5.4.0-159.176
linux-image-5.4.0-159-lowlatency 5.4.0-159.176
linux-image-aws-lts-20.04 5.4.0.1108.105
linux-image-gcp-lts-20.04 5.4.0.1111.113
linux-image-generic 5.4.0.159.154
linux-image-generic-lpae 5.4.0.159.154
linux-image-kvm 5.4.0.1097.92
linux-image-lowlatency 5.4.0.159.154
linux-image-oem 5.4.0.159.154
linux-image-oem-osp1 5.4.0.159.154
linux-image-oracle-lts-20.04 5.4.0.1107.100
linux-image-virtual 5.4.0.159.154
linux-image-xilinx-zynqmp 5.4.0.1028.30
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1108-aws 5.4.0-1108.116~18.04.1
linux-image-5.4.0-159-generic 5.4.0-159.176~18.04.1
linux-image-5.4.0-159-generic-lpae 5.4.0-159.176~18.04.1
linux-image-5.4.0-159-lowlatency 5.4.0-159.176~18.04.1
linux-image-aws 5.4.0.1108.86
linux-image-generic-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-generic-lpae-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-lowlatency-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-oem 5.4.0.159.176~18.04.127
linux-image-oem-osp1 5.4.0.159.176~18.04.127
linux-image-snapdragon-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-virtual-hwe-18.04 5.4.0.159.176~18.04.127
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6317-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-159.176
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1108.116
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1111.120
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1097.103
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1107.116
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1028.32
Ubuntu Security Notice USN-6317-1
August 29, 2023
linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm,
linux-oracle, linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
Details:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1028-xilinx-zynqmp 5.4.0-1028.32
linux-image-5.4.0-1097-kvm 5.4.0-1097.103
linux-image-5.4.0-1107-oracle 5.4.0-1107.116
linux-image-5.4.0-1108-aws 5.4.0-1108.116
linux-image-5.4.0-1111-gcp 5.4.0-1111.120
linux-image-5.4.0-159-generic 5.4.0-159.176
linux-image-5.4.0-159-generic-lpae 5.4.0-159.176
linux-image-5.4.0-159-lowlatency 5.4.0-159.176
linux-image-aws-lts-20.04 5.4.0.1108.105
linux-image-gcp-lts-20.04 5.4.0.1111.113
linux-image-generic 5.4.0.159.154
linux-image-generic-lpae 5.4.0.159.154
linux-image-kvm 5.4.0.1097.92
linux-image-lowlatency 5.4.0.159.154
linux-image-oem 5.4.0.159.154
linux-image-oem-osp1 5.4.0.159.154
linux-image-oracle-lts-20.04 5.4.0.1107.100
linux-image-virtual 5.4.0.159.154
linux-image-xilinx-zynqmp 5.4.0.1028.30
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1108-aws 5.4.0-1108.116~18.04.1
linux-image-5.4.0-159-generic 5.4.0-159.176~18.04.1
linux-image-5.4.0-159-generic-lpae 5.4.0-159.176~18.04.1
linux-image-5.4.0-159-lowlatency 5.4.0-159.176~18.04.1
linux-image-aws 5.4.0.1108.86
linux-image-generic-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-generic-lpae-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-lowlatency-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-oem 5.4.0.159.176~18.04.127
linux-image-oem-osp1 5.4.0.159.176~18.04.127
linux-image-snapdragon-hwe-18.04 5.4.0.159.176~18.04.127
linux-image-virtual-hwe-18.04 5.4.0.159.176~18.04.127
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6317-1
CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611,
CVE-2023-3776
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-159.176
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1108.116
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1111.120
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1097.103
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1107.116
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1028.32
Subscribe to:
Posts (Atom)