Tuesday, October 31, 2023

[USN-6454-3] Linux kernel (ARM laptop) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBhKIFAwAAAAAACgkQZ0GeRcM5nt1p
vwgAipG0F7vpe1QEze6tVLaWn5E92RGjKKuXwzYNYRYgAFIvo7tiqstUd6tXaBvdOpuWjD6AviS3
ztd/6SaFk9lwYhP6ZiZ86y+0RH5jBAbmSJjejWnVCUD4lvNXJ7lMXzJQIHGnmaZ6uEq0YJ5AreN3
fqY54omtN61gLpibtM+1dMjK2EvZDGvbDRDrUXGH5V8v0SMXip9U45EIjR5tWOuuCoPn+QUTlPAV
qttRC/XAnOWgkEcdsfvGz0fhfZvI/b2gd7k7RVjvmCa1dv8Y5whSYOxlB3Jh0raqQBFS2jK/Sqao
5911zts6PjQz5uwjKFzO8frHElWNuPB5vVRLLM8wbg==
=LVK1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6454-3
October 31, 2023

linux-laptop vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-laptop: Linux kernel for Lenovo X13s ARM laptops

Details:

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1005-laptop 6.5.0-1005.8
linux-image-laptop-23.10 6.5.0.1005.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6454-3
https://ubuntu.com/security/notices/USN-6454-1
CVE-2023-42756, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197

Package Information:
https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1005.8

[USN-6466-1] Linux kernel (NVIDIA) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBfycFAwAAAAAACgkQZ0GeRcM5nt3x
MwgAoB5DCvEJy7BLBmnULYNOG4Rx8MlBbWB91ak6ERx7Uk3YbFyXBICB0WpZi8dvXxZ82+gNJFe2
Fy88purvR+N2278m1gdpy0FRaNp2Wr2P85PG6Snggt0JQ8uyKw4Sw0PTJUCXVXKLCNUQItxy6hky
vK3lA9UlgDXXveionurFB2zRSFM+eglowRMvpAOghWkRmtblA9uVhDthd93M2B2LC/6sLsaqxf9A
nGrkpc6D2Q80SaGEsBpHg6nSNzYqFGn7Ti2KXPQRsCns+OcAVyUYRU7A6tys6J1eTgAmroR+PWdz
WR+9Oknd0dWDU4Z5DjHBpMMHBqk2wl869XzcHurT6w==
=k+hJ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6466-1
October 31, 2023

linux-nvidia-6.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-nvidia-6.2: Linux kernel for NVIDIA systems

Details:

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel
contained a race condition during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-45886, CVE-2022-45919)

Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the
Linux kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2022-45887)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-48425)

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that the ARM64 KVM implementation in the Linux kernel did
not properly restrict hypervisor memory access. An attacker in a guest VM
could use this to execute arbitrary code in the host OS. (CVE-2023-21264)

It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (CVE-2023-2156)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an integer
underflow and out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38427)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate packet header sizes in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38431)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
did not properly validate a buffer size in certain situations, leading to
an out-of-bounds read vulnerability. A remote attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-3865)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
contained a null pointer dereference vulnerability when handling handling
chained requests. A remote attacker could use this to cause a denial of
service (system crash). (CVE-2023-3866)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly handle session setup requests, leading to an out-of-bounds read
vulnerability. A remote attacker could use this to expose sensitive
information. (CVE-2023-3867)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)

It was discovered that a race condition existed in the Cypress touchscreen
driver in the Linux kernel during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4134)

Andy Nguyen discovered that the KVM implementation for AMD processors in
the Linux kernel with Secure Encrypted Virtualization (SEV) contained a
race condition when accessing the GHCB page. A local attacker in a SEV
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2023-4155)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)

Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)

Maxim Suhanov discovered that the exFAT file system implementation in the
Linux kernel did not properly check a file name length, leading to an out-
of-bounds write vulnerability. An attacker could use this to construct a
malicious exFAT image that, when mounted and operated on, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4273)

Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)

Thelford Williams discovered that the Ceph file system messenger protocol
implementation in the Linux kernel did not properly validate frame segment
length in certain situation, leading to a buffer overflow vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-44466)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)

Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.2.0-1011-nvidia 6.2.0-1011.11
linux-image-6.2.0-1011-nvidia-64k 6.2.0-1011.11
linux-image-nvidia-6.2 6.2.0.1011.13
linux-image-nvidia-64k-6.2 6.2.0.1011.13
linux-image-nvidia-64k-hwe-22.04 6.2.0.1011.13
linux-image-nvidia-hwe-22.04 6.2.0.1011.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6466-1
CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-48425,
CVE-2023-1206, CVE-2023-20569, CVE-2023-20588, CVE-2023-21264,
CVE-2023-2156, CVE-2023-31083, CVE-2023-3212, CVE-2023-34319,
CVE-2023-3772, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431,
CVE-2023-38432, CVE-2023-3863, CVE-2023-3865, CVE-2023-3866,
CVE-2023-3867, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132,
CVE-2023-4134, CVE-2023-4155, CVE-2023-4194, CVE-2023-4244,
CVE-2023-4273, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755,
CVE-2023-42756, CVE-2023-44466, CVE-2023-4569, CVE-2023-4622,
CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197

Package Information:
https://launchpad.net/ubuntu/+source/linux-nvidia-6.2/6.2.0-1011.11

[USN-6465-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBfx4FAwAAAAAACgkQZ0GeRcM5nt3e
2QgAh8VQfWDq6TsGPlWePaLzfoV7Cm0r5iNhhQaswY4tKtGFr0irGMh7TpGFsCDvholAiIl6nNrG
FHh1yBXukVWi9ki7V+GXru1tIGWYkC3WHj5yK5zh7WcSBwhqvWe+fHMVNTgHwFRRBA6k5Onuv6IG
ebqOsq8m0j33RLzWw5Mxc4fX/zNgpCj19NL9bP6OZ/VVqdjl+rs+hywVAajdU7GC6CDBIegvsbV2
oy4klntrwRT/bOFy5J9+zbIVnvBhGmcGDHgZbndGAN2KgbpfD2+j8k/dRHB50RV4R0m+81CJNBP9
4HXnIqi3hwB/OLzKNz5i9JjUexG0z8C98OOUzq4D+Q==
=6z0Y
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6465-1
October 31, 2023

linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,
linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,
linux-oracle, linux-oracle-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-lowlatency-hwe-5.15: Linux low latency kernel
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1032-gkeop 5.15.0-1032.38
linux-image-5.15.0-1040-nvidia 5.15.0-1040.40
linux-image-5.15.0-1040-nvidia-lowlatency 5.15.0-1040.40
linux-image-5.15.0-1042-ibm 5.15.0-1042.45
linux-image-5.15.0-1046-gcp 5.15.0-1046.54
linux-image-5.15.0-1046-kvm 5.15.0-1046.51
linux-image-5.15.0-1047-oracle 5.15.0-1047.53
linux-image-5.15.0-1049-aws 5.15.0-1049.54
linux-image-5.15.0-1051-azure 5.15.0-1051.59
linux-image-5.15.0-1051-azure-fde 5.15.0-1051.59.1
linux-image-5.15.0-88-generic 5.15.0-88.98
linux-image-5.15.0-88-generic-64k 5.15.0-88.98
linux-image-5.15.0-88-generic-lpae 5.15.0-88.98
linux-image-5.15.0-88-lowlatency 5.15.0-88.98
linux-image-5.15.0-88-lowlatency-64k 5.15.0-88.98
linux-image-aws-lts-22.04 5.15.0.1049.48
linux-image-azure-fde-lts-22.04 5.15.0.1051.59.29
linux-image-azure-lts-22.04 5.15.0.1051.47
linux-image-gcp-lts-22.04 5.15.0.1046.42
linux-image-generic 5.15.0.88.85
linux-image-generic-64k 5.15.0.88.85
linux-image-generic-lpae 5.15.0.88.85
linux-image-gkeop 5.15.0.1032.31
linux-image-gkeop-5.15 5.15.0.1032.31
linux-image-ibm 5.15.0.1042.38
linux-image-kvm 5.15.0.1046.42
linux-image-lowlatency 5.15.0.88.90
linux-image-lowlatency-64k 5.15.0.88.90
linux-image-nvidia 5.15.0.1040.40
linux-image-nvidia-lowlatency 5.15.0.1040.40
linux-image-oracle 5.15.0.1047.42
linux-image-oracle-lts-22.04 5.15.0.1047.42
linux-image-virtual 5.15.0.88.85

Ubuntu 20.04 LTS:
linux-image-5.15.0-1032-gkeop 5.15.0-1032.38~20.04.1
linux-image-5.15.0-1042-ibm 5.15.0-1042.45~20.04.1
linux-image-5.15.0-1046-gcp 5.15.0-1046.54~20.04.1
linux-image-5.15.0-1047-oracle 5.15.0-1047.53~20.04.1
linux-image-5.15.0-1049-aws 5.15.0-1049.54~20.04.1
linux-image-5.15.0-1051-azure 5.15.0-1051.59~20.04.1
linux-image-5.15.0-1051-azure-fde 5.15.0-1051.59~20.04.1.1
linux-image-5.15.0-88-generic 5.15.0-88.98~20.04.1
linux-image-5.15.0-88-generic-64k 5.15.0-88.98~20.04.1
linux-image-5.15.0-88-generic-lpae 5.15.0-88.98~20.04.1
linux-image-5.15.0-88-lowlatency 5.15.0-88.98~20.04.1
linux-image-5.15.0-88-lowlatency-64k 5.15.0-88.98~20.04.1
linux-image-aws 5.15.0.1049.54~20.04.37
linux-image-azure 5.15.0.1051.59~20.04.40
linux-image-azure-cvm 5.15.0.1051.59~20.04.40
linux-image-azure-fde 5.15.0.1051.59~20.04.1.29
linux-image-gcp 5.15.0.1046.54~20.04.1
linux-image-generic-64k-hwe-20.04 5.15.0.88.98~20.04.46
linux-image-generic-hwe-20.04 5.15.0.88.98~20.04.46
linux-image-generic-lpae-hwe-20.04 5.15.0.88.98~20.04.46
linux-image-gkeop-5.15 5.15.0.1032.38~20.04.28
linux-image-ibm 5.15.0.1042.45~20.04.14
linux-image-lowlatency-64k-hwe-20.04 5.15.0.88.98~20.04.43
linux-image-lowlatency-hwe-20.04 5.15.0.88.98~20.04.43
linux-image-oem-20.04 5.15.0.88.98~20.04.46
linux-image-oem-20.04b 5.15.0.88.98~20.04.46
linux-image-oem-20.04c 5.15.0.88.98~20.04.46
linux-image-oem-20.04d 5.15.0.88.98~20.04.46
linux-image-oracle 5.15.0.1047.53~20.04.1
linux-image-virtual-hwe-20.04 5.15.0.88.98~20.04.46

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6465-1
CVE-2023-31083, CVE-2023-3772

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-88.98
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1049.54
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1051.59
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1051.59.1
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1046.54
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1032.38
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1042.45
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1046.51
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-88.98
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1040.40
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1047.53
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1049.54~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1051.59~20.04.1

https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1051.59~20.04.1.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1046.54~20.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1032.38~20.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-88.98~20.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1042.45~20.04.1

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-88.98~20.04.1

https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1047.53~20.04.1

[USN-6464-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBfxgFAwAAAAAACgkQZ0GeRcM5nt2z
Qgf/bfZOrnxzkgBL6/BFWF9R1aEBjnIEv4zEbqmHc6nCSbHWIrxWcAAvC+hEpymtgKI7jp9Uwpn3
qofD6TV017pcaqG79Njh/5f9Tit11ZaHVo9hHgFufZU8gadNo3rLebmtDhLmcoOR3mTVAeBprWbT
GQgO57g4k8Wc2QHXgRdCmbPJAIRHDeZTYi6FWE4WFK4neJNO/rJqOmwoHBGxOUO1Mt2VyGEEAyx6
EHu3L/CyQb5Uo7PZ3/gmhPwZ6lkBDIVY4m62Sut6hFSZjcRW/UTaFJxT9XFFcVlhpHKJWRe8QHpd
xO5/PwFH7lgoVMTejO2dK2hBelXoHRCBv8imxK4yog==
=uUEV
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6464-1
October 31, 2023

linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm,
linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi,
linux-starfive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-starfive: Linux kernel for StarFive processors
- linux-aws-6.2: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-6.2: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-6.2: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gcp-6.2: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-6.2: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-6.2: Linux low latency kernel

Details:

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
did not properly validate a buffer size in certain situations, leading to
an out-of-bounds read vulnerability. A remote attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-3865)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
contained a null pointer dereference vulnerability when handling handling
chained requests. A remote attacker could use this to cause a denial of
service (system crash). (CVE-2023-3866)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly handle session setup requests, leading to an out-of-bounds read
vulnerability. A remote attacker could use this to expose sensitive
information. (CVE-2023-3867)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)

It was discovered that a race condition existed in the Cypress touchscreen
driver in the Linux kernel during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4134)

Thelford Williams discovered that the Ceph file system messenger protocol
implementation in the Linux kernel did not properly validate frame segment
length in certain situation, leading to a buffer overflow vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-44466)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
linux-image-6.2.0-1008-starfive 6.2.0-1008.9
linux-image-6.2.0-1015-aws 6.2.0-1015.15
linux-image-6.2.0-1015-oracle 6.2.0-1015.15
linux-image-6.2.0-1016-azure 6.2.0-1016.16
linux-image-6.2.0-1016-kvm 6.2.0-1016.16
linux-image-6.2.0-1016-lowlatency 6.2.0-1016.16
linux-image-6.2.0-1016-lowlatency-64k 6.2.0-1016.16
linux-image-6.2.0-1016-raspi 6.2.0-1016.18
linux-image-6.2.0-1018-gcp 6.2.0-1018.20
linux-image-6.2.0-36-generic 6.2.0-36.37
linux-image-6.2.0-36-generic-64k 6.2.0-36.37
linux-image-6.2.0-36-generic-lpae 6.2.0-36.37
linux-image-aws 6.2.0.1015.16
linux-image-azure 6.2.0.1016.16
linux-image-gcp 6.2.0.1018.18
linux-image-generic 6.2.0.36.36
linux-image-generic-64k 6.2.0.36.36
linux-image-generic-lpae 6.2.0.36.36
linux-image-kvm 6.2.0.1016.16
linux-image-lowlatency 6.2.0.1016.16
linux-image-lowlatency-64k 6.2.0.1016.16
linux-image-oracle 6.2.0.1015.15
linux-image-raspi 6.2.0.1016.19
linux-image-raspi-nolpae 6.2.0.1016.19
linux-image-starfive 6.2.0.1008.11
linux-image-virtual 6.2.0.36.36

Ubuntu 22.04 LTS:
linux-image-6.2.0-1015-aws 6.2.0-1015.15~22.04.1
linux-image-6.2.0-1016-azure 6.2.0-1016.16~22.04.1
linux-image-6.2.0-1016-azure-fde 6.2.0-1016.16~22.04.1.1
linux-image-6.2.0-1016-lowlatency 6.2.0-1016.16~22.04.1
linux-image-6.2.0-1016-lowlatency-64k 6.2.0-1016.16~22.04.1
linux-image-6.2.0-1018-gcp 6.2.0-1018.20~22.04.1
linux-image-6.2.0-36-generic 6.2.0-36.37~22.04.1
linux-image-6.2.0-36-generic-64k 6.2.0-36.37~22.04.1
linux-image-6.2.0-36-generic-lpae 6.2.0-36.37~22.04.1
linux-image-aws 6.2.0.1015.15~22.04.1
linux-image-azure 6.2.0.1016.16~22.04.1
linux-image-azure-fde 6.2.0.1016.16~22.04.1.13
linux-image-gcp 6.2.0.1018.20~22.04.1
linux-image-generic-64k-hwe-22.04 6.2.0.36.37~22.04.14
linux-image-generic-hwe-22.04 6.2.0.36.37~22.04.14
linux-image-generic-lpae-hwe-22.04 6.2.0.36.37~22.04.14
linux-image-lowlatency-64k-hwe-22.04 6.2.0.1016.16~22.04.13
linux-image-lowlatency-hwe-22.04 6.2.0.1016.16~22.04.13
linux-image-virtual-hwe-22.04 6.2.0.36.37~22.04.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6464-1
CVE-2023-31083, CVE-2023-3772, CVE-2023-38430, CVE-2023-38432,
CVE-2023-3863, CVE-2023-3865, CVE-2023-3866, CVE-2023-3867,
CVE-2023-4132, CVE-2023-4134, CVE-2023-44466

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.2.0-36.37
https://launchpad.net/ubuntu/+source/linux-aws/6.2.0-1015.15
https://launchpad.net/ubuntu/+source/linux-azure/6.2.0-1016.16
https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1018.20
https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1016.16
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.2.0-1016.16
https://launchpad.net/ubuntu/+source/linux-oracle/6.2.0-1015.15
https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1016.18
https://launchpad.net/ubuntu/+source/linux-starfive/6.2.0-1008.9
https://launchpad.net/ubuntu/+source/linux-aws-6.2/6.2.0-1015.15~22.04.1
https://launchpad.net/ubuntu/+source/linux-azure-6.2/6.2.0-1016.16~22.04.1

https://launchpad.net/ubuntu/+source/linux-azure-fde-6.2/6.2.0-1016.16~22.04.1.1
https://launchpad.net/ubuntu/+source/linux-gcp-6.2/6.2.0-1018.20~22.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.2/6.2.0-36.37~22.04.1

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.2/6.2.0-1016.16~22.04.1

[USN-6461-1] Linux kernel (OEM) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBfwIFAwAAAAAACgkQZ0GeRcM5nt1k
Dwf/cnlTFZwlIZabqM+W00E9xBLuxdcxFYH+xLfWvU2dVPYlpM8o1O01/F/GAf1tp4zGI4EVFdb2
aHomqm/6wrUhd7ht1SyqRF1DvGow+BDAOyhEPAf1GaI5ailn51zqsr8lf0vsX2xmTaz8IOjubgKx
LV1S07nbbJeUgVj469arKwD/CDAxcX5kIK5hagxHFDC5FW2Y+CHSAFkgl3APTi8i19hQ3EQeRh3Q
CcMHMZ0kydNPEJt02cVscEBhO2d1GZEtLueqAKEKKJm8kiAPjbf0HB6DsuWFDJWpLgNFIj0D5DAy
h84mU6LFQJUoA824Myya+B1dtvRBpiYg37Gis2ZnwA==
=LHXV
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6461-1
October 31, 2023

linux-oem-6.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem-6.1: Linux kernel for OEM systems

Details:

Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)

Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.1.0-1025-oem 6.1.0-1025.25
linux-image-oem-22.04 6.1.0.1025.26
linux-image-oem-22.04a 6.1.0.1025.26
linux-image-oem-22.04b 6.1.0.1025.26
linux-image-oem-22.04c 6.1.0.1025.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6461-1
CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-4244,
CVE-2023-42754, CVE-2023-4921, CVE-2023-5345

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1025.25

[USN-6462-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVBfw0FAwAAAAAACgkQZ0GeRcM5nt3R
aQf/Up9f0l5qRn2wY6VHv7vmSPsGXgQ7sswrVGPFcXcxtPDYz+XDW5rT0TBWt4ItJEIt4/0Zrw1W
T5ct4ZNXR/m51W3mhnKGUmaoLei5Ks/ePSv6y7oxEuGKR/fDujJThfvGN9rwjUM/KjP7oqbF1QE5
cEeqpniwtZUy2/xyjxl++HZLEoFy2kUbHR0GLViLD1NAKbPteXhI4NPzIuW7JTU8xQ4Y8qVenmPl
OCuqaOVh2MPDRa8bcA1L6BSrxxdGvqJhfopya6D3dFOJpIMUjWEbAXu+ZrbDwwoq4Jvsj7/tjY7Z
SmJIsTj6XAGeVhPDyjxvyKtZak9zk75Bxsqp4/jAvg==
=pmH1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6462-1
October 31, 2023

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
attacker could use this to expose sensitive information (kernel memory) or
in conjunction with another kernel vulnerability. (CVE-2023-0597)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1033-xilinx-zynqmp 5.4.0-1033.37
linux-image-5.4.0-1060-ibm 5.4.0-1060.65
linux-image-5.4.0-1074-bluefield 5.4.0-1074.80
linux-image-5.4.0-1080-gkeop 5.4.0-1080.84
linux-image-5.4.0-1097-raspi 5.4.0-1097.109
linux-image-5.4.0-1102-kvm 5.4.0-1102.108
linux-image-5.4.0-1112-oracle 5.4.0-1112.121
linux-image-5.4.0-1113-aws 5.4.0-1113.123
linux-image-5.4.0-1117-gcp 5.4.0-1117.126
linux-image-5.4.0-1119-azure 5.4.0-1119.126
linux-image-5.4.0-166-generic 5.4.0-166.183
linux-image-5.4.0-166-generic-lpae 5.4.0-166.183
linux-image-5.4.0-166-lowlatency 5.4.0-166.183
linux-image-aws-lts-20.04 5.4.0.1113.110
linux-image-azure-lts-20.04 5.4.0.1119.112
linux-image-bluefield 5.4.0.1074.69
linux-image-gcp-lts-20.04 5.4.0.1117.119
linux-image-generic 5.4.0.166.163
linux-image-generic-lpae 5.4.0.166.163
linux-image-gkeop 5.4.0.1080.78
linux-image-gkeop-5.4 5.4.0.1080.78
linux-image-ibm-lts-20.04 5.4.0.1060.89
linux-image-kvm 5.4.0.1102.97
linux-image-lowlatency 5.4.0.166.163
linux-image-oem 5.4.0.166.163
linux-image-oem-osp1 5.4.0.166.163
linux-image-oracle-lts-20.04 5.4.0.1112.105
linux-image-raspi 5.4.0.1097.127
linux-image-raspi2 5.4.0.1097.127
linux-image-virtual 5.4.0.166.163
linux-image-xilinx-zynqmp 5.4.0.1033.33

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1060-ibm 5.4.0-1060.65~18.04.1
linux-image-5.4.0-1097-raspi 5.4.0-1097.109~18.04.2
linux-image-5.4.0-1112-oracle 5.4.0-1112.121~18.04.4
linux-image-5.4.0-1113-aws 5.4.0-1113.123~18.04.1
linux-image-5.4.0-1117-gcp 5.4.0-1117.126~18.04.1
linux-image-5.4.0-1119-azure 5.4.0-1119.126~18.04.2
linux-image-5.4.0-166-generic 5.4.0-166.183~18.04.2
linux-image-5.4.0-166-lowlatency 5.4.0-166.183~18.04.2
linux-image-aws 5.4.0.1113.91
linux-image-azure 5.4.0.1119.92
linux-image-gcp 5.4.0.1117.93
linux-image-generic-hwe-18.04 5.4.0.166.183~18.04.134
linux-image-ibm 5.4.0.1060.71
linux-image-lowlatency-hwe-18.04 5.4.0.166.183~18.04.134
linux-image-oem 5.4.0.166.183~18.04.134
linux-image-oem-osp1 5.4.0.166.183~18.04.134
linux-image-oracle 5.4.0.1112.121~18.04.84
linux-image-raspi-hwe-18.04 5.4.0.1097.94
linux-image-snapdragon-hwe-18.04 5.4.0.166.183~18.04.134
linux-image-virtual-hwe-18.04 5.4.0.166.183~18.04.134

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6462-1
CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-166.183
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1113.123
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1119.126
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1074.80
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1117.126
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1080.84
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1060.65
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1102.108
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1112.121
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1097.109
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1033.37

[USN-6463-1] Open VM Tools vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmVBMJUACgkQZWnYVadE
vpMDSRAAlctOdWhVBSK4DG4iBwfLvG4iUjtpkDQ8Hf6McB+Ic1jcYsYTRFnRWyrh
QeYI3Thu9vVsn/bZowmT4BwFgS6fJDqRmqWbQFFjlC+3cnFYGwZJMzRaq4dAbly3
zH/GjYCIBFoHMJW/yzyV0Agi5VxBqwdwKB89V3Jub2vPlpg+Kd864nMMZMzq06IM
Hvqv/w76nLXlBK0J2QSXjm4T44Eun0v3x/bCMfm6Xbi0CzWt2LLeWClLrKBaahrB
WBQ+nIMAOjG7KxO51neR2RQA1iXcdMFak83AjZbsri+O/9GsQth7YbX+4TQZOuwq
K5G5giFd92O4F3dFn3BN72yig2/OMiq1zosffyrbIoDQeyRwEfaFVjQGySjJ/xra
99vCAUGdXHyacwfUdC84d+WJ/cl5WdR3yAjPgFeB4oKbaYfntFha0/DyXu41XnBM
/XboTDeMj4TBZUFUeym4aAY0MqLmlBMGjPbYGkzrvvDfGvJC9YH6DrydBD6Z8V+t
TPVKfkVINl3brvfD9yu9B4l7IPG/QT6hlGzLhP8wyi7SfH5yqXMhoXukMd6hYdt1
LrYpkiQt7PJ7+41yNEFDDMwH2d+rCRyiJ+tLmUzPTFsDb9Q0O5fU2uFrUn8lk5aO
dmz7Qwj6Lh58C0AHZZvAShO6c4badhHyh3KoWQTHCHUS+ylPmSo=
=LKqc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6463-1
October 31, 2023

open-vm-tools vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Open VM Tools.

Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker Guest Operations privileges could possibly use this issue
to escalate privileges. (CVE-2023-34058)

Matthias Gerstner discovered that Open VM Tools incorrectly handled file
descriptors when dropping privileges. A local attacker could possibly use
this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
open-vm-tools 2:12.3.0-1ubuntu0.1
open-vm-tools-desktop 2:12.3.0-1ubuntu0.1

Ubuntu 23.04:
open-vm-tools 2:12.1.5-3ubuntu0.23.04.3
open-vm-tools-desktop 2:12.1.5-3ubuntu0.23.04.3

Ubuntu 22.04 LTS:
open-vm-tools 2:12.1.5-3~ubuntu0.22.04.4
open-vm-tools-desktop 2:12.1.5-3~ubuntu0.22.04.4

Ubuntu 20.04 LTS:
open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.7
open-vm-tools-desktop 2:11.3.0-2ubuntu0~ubuntu20.04.7

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6463-1
CVE-2023-34058, CVE-2023-34059

Package Information:
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3ubuntu0.23.04.3
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3~ubuntu0.22.04.4

https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.7

[USN-6453-2] X.Org X Server vulnerabilities

==========================================================================
Ubuntu Security Notice USN-6453-2
October 31, 2023

xorg-server vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in X.Org X Server, xwayland.

Software Description:
- xorg-server: X.Org X11 server

Details:

USN-6453-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
prepending values to certain properties. An attacker could possibly use
this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5367)

Sri discovered that the X.Org X Server incorrectly handled detroying
windows in certain legacy multi-screen setups. An attacker could possibly
use this issue to cause the X Server to crash, execute arbitrary code, or
escalate privileges. (CVE-2023-5380)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm1
xwayland 2:1.19.6-1ubuntu4.15+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm6
xwayland 2:1.18.4-0ubuntu0.12+esm6

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm8

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6453-2
https://ubuntu.com/security/notices/USN-6453-1
CVE-2023-5367, CVE-2023-5380

FreeBSD website new design

Dear community,

As part of the WebApps Working Group we would like to show you the new
design for the website and ask about your opinion.

If all goes well, it will be released on the same day as FreeBSD 14.

The idea of a new web design is to update the FreeBSD image and show a
more modern website, with a responsive design, etc.

The new design wants to convey that FreeBSD is a modern operating
system and that it is used by leading companies in the sector and
technologies and processes key behind FreeBSD.

It is true that the design is very similar to the current "trending" designs.
But we have to think that we should show FreeBSD as an operating
system that both a startup and a large company can use.

The key points of this change:
- Complete redesign of the main page
- Responsive
- Dark theme
- Update HTML and CSS to modern versions
- Improve access to files to install FreeBSD
- Simplify the website

Things still pending:
- Dropdown button on the main page
- Dark theme
- Events page

You can see the design in [1] - [5]
It is important to indicate that the links *NOT* work, the idea is to
show the new design.

Bye and thanks for your time.

Sergio Carlavilla
(Without any hat)

PS: Please, constructive and well-founded criticism, avoid adding
also 200 links to the answer :)

PS2: To make this design we have been inspired by [6] - [9]

[1] https://people.freebsd.org/~carlavilla/website/index.html
[2] https://people.freebsd.org/~carlavilla/website/404.html
[3] https://people.freebsd.org/~carlavilla/website/about.html
[4] https://people.freebsd.org/~carlavilla/website/news.html
[5] https://people.freebsd.org/~carlavilla/website/usergroups.html
[6] https://go.dev/
[7] https://rockylinux.org/
[8] https://podman.io/
[9] https://code.visualstudio.com/

Monday, October 30, 2023

[USN-6460-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVAF8cFAwAAAAAACgkQZ0GeRcM5nt1k
ywf9FoiBrWJnex3NPgUIy1x3I7N2og6wEQav7B6U1Ma6iAaHUxN98V/iBXZFJYS5aVjNzhePmohr
TBO5iOo12nYjq02LgT3+rtXQkEuR3X1UZDhmL3ICVTer3aVj1VJerjqNTBCIxRUOX52pCHnFFcwU
+8qQgkGUe+9cwaOPznpfcqKynKCcRyBaossyfhXY5XwjOQ/oW3mLrFQikIeWavhHpCPARiRfw7jX
ezKhOCxDCneukLuXdUnNhfRyOwTe2nMVcvshs0pNRzoPemTvsmOkrxzLQRMgQHJHhvBQbbFdFQr+
s/OAwdmH5oz6i2BrjToyNGH2uaSMYfiGqaCPYyopvg==
=cwB9
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6460-1
October 30, 2023

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)

Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
linux-image-3.13.0-194-generic 3.13.0-194.245
linux-image-3.13.0-194-lowlatency 3.13.0-194.245
linux-image-generic 3.13.0.194.204
linux-image-generic-lts-trusty 3.13.0.194.204
linux-image-lowlatency 3.13.0.194.204
linux-image-server 3.13.0.194.204
linux-image-virtual 3.13.0.194.204

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6460-1
CVE-2023-1206, CVE-2023-1380, CVE-2023-31436, CVE-2023-35001,
CVE-2023-42752, CVE-2023-42755, CVE-2023-4623

[USN-6454-2] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmU/5C4FAwAAAAAACgkQZ0GeRcM5nt3V
aAf/R8efdkoOd846PCoCT1oWXvrlK0U4CUPjT/3HEPUeJrWwhqvI5oP64Qv1w+6zjGTr5DtmTRuB
YFO2vDVhTVQw4poei5cP2Ky+3Gp4sUgLXeqx27LeTDixA6ntPQSgZqbWYOIinwIGYpy7+eYP0KWq
iRXOBFtWFnIK3j5PNbZv4A2ZASesk5IQiGRPLT2AkUe6QszPLL51gPOIjuIGiTw9hufAxAea0OCg
xE1pw27OGSSjDezqxZNQHKm3ieCvIU8OgQbRPSNWzA6S87jSwW14Lr9WDas/7WM/5pIpmodhzj9E
ifUbhlnCVthWLmiC8hYy2DBaWEgBke1dspeEyQpJkQ==
=lr4T
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6454-2
October 30, 2023

linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1006-raspi 6.5.0-1006.8
linux-image-6.5.0-1008-azure 6.5.0-1008.8
linux-image-6.5.0-1008-azure-fde 6.5.0-1008.8
linux-image-6.5.0-1008-gcp 6.5.0-1008.8
linux-image-6.5.0-1009-aws 6.5.0-1009.9
linux-image-6.5.0-1011-oracle 6.5.0-1011.11
linux-image-aws 6.5.0.1009.9
linux-image-azure 6.5.0.1008.10
linux-image-azure-fde 6.5.0.1008.10
linux-image-gcp 6.5.0.1008.8
linux-image-oracle 6.5.0.1011.11
linux-image-raspi 6.5.0.1006.7
linux-image-raspi-nolpae 6.5.0.1006.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6454-2
https://ubuntu.com/security/notices/USN-6454-1
CVE-2023-42756, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1009.9
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1008.8
https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1008.8
https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1006.8

[USN-6441-3] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmU/5BMFAwAAAAAACgkQZ0GeRcM5nt3C
yQf/dYfE3u+xbiZIL0oX0gDOtyyedPRBD6XqCh0jRK3JaIDLvL0odR8iOc5yizqKoRZdr1rqHoHi
vTjXbkiO40WjEXc3Jt4XbJcioSZa99yAOncBHMyfbov6Ll5Uh93uv1kmcfC0bbx9+D7c+mdyrQmw
pYFKvBzGEzimw5K5pSfGhE04SdQ+L5937Qe7lQa62HtcdLl8ft8pl+wmVfEohrFh+KVj0sxOwr2/
8ZRY3XSnAzBv00mgcrWtBHUFvPeLuNxHM4S+uAVFXNF54xMwFO0wQAPEsLUgf94yDjj0tywPmOE4
wQmmVge8w0JikYXnZKyB39H09Iiz1kKWOP68Wtz+iA==
=EoAh
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6441-3
October 30, 2023

linux-iot, linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-iot: Linux kernel for IoT platforms
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)

Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)

Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1024-iot 5.4.0-1024.25
linux-image-5.4.0-1096-raspi 5.4.0-1096.107
linux-image-raspi 5.4.0.1096.126
linux-image-raspi2 5.4.0.1096.126

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1096-raspi 5.4.0-1096.107~18.04.1
linux-image-raspi-hwe-18.04 5.4.0.1096.93

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6441-3
https://ubuntu.com/security/notices/USN-6441-1
CVE-2023-34319, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755,
CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881,
CVE-2023-4921

Package Information:
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1024.25
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1096.107

[USN-6459-1] MySQL vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmU/y18ACgkQZWnYVadE
vpNVBhAAknbIxpVEOeKbvPm3AKJPl7pLk7q59qM3Eg2lZFd+1evNIEgrVjHRp5HF
AvIUlrXlcBDRcJhIA6Pz9DTeSWEL4yZ3CgcAJyrgtwBmVtqnkDpzVMHEY9G+HkJO
P2Dw1yswJLu8JON3hx6IP8OJhooOEJUZVW6j16oF57EPPqRadiy4ODr5fiVjufkg
DpHkgLqaMHRBBkCRoJJm4tFMrCkbWcIgSCeLh53w1t6M0vMiLkSL4v16XDGgfDix
cAhxipvetIN7fh1y6QPFCrIcTXJwcXLa3Q1xCX311NiUyD8Dwcp+cjFeQgE9Bkrs
H+shhr3GusRgygU9BJ+zS+mVisGl9L1xcUiXtGsSt+oeus49Cf2XXprxKtSP+mwL
hUdRhnrC7FfoZehiH7N2+rUKIOzzKw6TC+Wwv3QzQdkxftZHu2ZjLaQGx6ohuiWx
sjlXFIYBPmsL6XyTQZS2PgBwQ9NcJ+5oCm6mzzzIHsr3lZmDrOVopjdgSdOK3iHn
uYTfac5ifTUqNdIwDER4hX5T92d5WGRztA2p19Bnx6NYftWfiYifnMEj291msxxj
ee6ySfnLm2DWDwCByJjrl93oIF4PtR7pFNN4gea/wl8EABEmEndrJsKGuDI7qaQj
q4oEfB1pu7CjXr+5JLCBxYEb0t4SCOZ/+G9ZPgghhDTaDHparBA=
=AMzR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6459-1
October 30, 2023

mysql-8.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-8.0: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.35 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 23.04, and Ubuntu 23.10.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-35.html
https://www.oracle.com/security-alerts/cpuoct2023.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
mysql-server-8.0 8.0.35-0ubuntu0.23.10.1

Ubuntu 23.04:
mysql-server-8.0 8.0.35-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:
mysql-server-8.0 8.0.35-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
mysql-server-8.0 8.0.35-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-6459-1
CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22066,
CVE-2023-22068, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079,
CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103,
CVE-2023-22112, CVE-2023-22114

Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.35-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.35-0ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.35-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.35-0ubuntu0.20.04.1

[USN-6457-1] Node.js vulnerabilities

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGO/60oBDADb8Iw1QscMxjlKh+9QZcJ6NQwruJEuvbH4qi6hRKJt3441GR2F
sJRcmGrQOp87R2QdMoRSaifa96QOWLVu740PVq4/ztQkoqyB7yVMxc8L986H79xL
b+pcExy4Rvn++CQyTJ2/L/QEaOzN/Rq8ZCCDLtWUwxYOwYKZCW3Hw1/Fjzs0kpz6
oNlX4jiq76tJmA7vuVCydB9FuuC7/6K7/wUZrm2sHMnQ3JSv3G2vhHI0KANyVPIB
fNGplCqGc3aSRMIJ04KVukuzVPUKeLqkfLydiwdmG/IuS4jpWGL1bSWRPds0W2Ct
/N7hFcStudDlbV36DhGdpMeDxrhLL9aRpeZQro1LGhHHAA4oadE20vk1+9JS2pQC
CjtxxWnyDsC9j5eXN8Gr61yiLorxIRzO37arPVLxFMjafrP0rAweTivWCp2C+BOm
FsNilHHr57pDQOmc3LXDqdz8qqSVHaAK0CEH3YQA5ZUnWDbjj2D8aHcvrwSAk8pl
OxFmmOns8W6p/eEAEQEAAc1BQW1pciBOYXNlcmVkaW5pIChQcml2YXRlIEVtYWls
IEFkZHJlc3MpIDxzYWhuYXNlcmVkaW5pQGdtYWlsLmNvbT7CwRQEEwEKAD4WIQQt
F2HPcpjsUaJwwPxWOD410VO4sgUCY7/sHAIbAwUJA8JnAAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAAKCRBWOD410VO4spcWDACioxx6/W7LDOkfKGx741eFLTHjeOR0
RMGL20Qd6cK4pdFjfrHU3PPBXKlZBSAT3JCcPKVE5ecu49Behqnzj4obGPJ0XBwM
hGRWeLhVQhsPmtGYy4irgXsm3+n2xbru9iq5CPobesDam6Z84OZoKDT/7XD5I8C/
ntJ8mD/+v2P4VeQ1iwvO3wAwh0zKna+Bi55mX1neLJj1T3/3+fIRnudclESE+JR0
A6309kotXRPLLse9LOzE8u3uM/zqHoJukc5G2CFbxSsdUE8MP4lQOff54vkb7NkM
hQzDDgvVKXTl5OF+gECHIeR4Dv7yjafLwt+3sDBwWK0HPaf6vvfi227G/urMKCxf
D5VWglvZfm64j0v+/apMUDtmkqw2PxFulJ8iwWA39owP0vH8jNp5YWJASOrNoDXn
nPzbvJLdy2gP59W2n038V59hH7vdA86ywmiWuP0n1pw95UjzkZiYGoaPCLrefiY9
SG5Jp3XoWVGP8mB87FfHTzccm2Dzm6pPbzHNL0FtaXIgTmFzZXJlZGluaSA8YW1p
ci5uYXNlcmVkaW5pQGNhbm9uaWNhbC5jb20+wsEXBBMBCgBBAhsDBQkDwmcABQsJ
CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmO/
7aUCGQEACgkQVjg+NdFTuLJ9WQv/R0lA8yFIZGs2d6f3skai5QBeCGkBNdAatjeP
JNeFATvXbv8tNyXSJqhpQi2mVdNIq4uVdhzxzGbWrFGKcZh+aLNFe6XhqO/dupnm
fhAaCeTFmKlqU2VPbXGznIffK5s4IjEy0+6haF2mDwFokuav+JNFn9REPESQ9sJq
/zWC5LDm8ZzF0+ElPlJS3SrRG+BSx44qFASkbMMvKWj/huwplWOvjED6O8XU91Ii
ydlndFpk6xJE5cu3030R47Szn58z3iXTNWsWBgzVxy3rmr97MniOuLeAKWgK7NqE
TWE9OjG/lLEgtSP5suv/k07oufIAJtaIIjNZTTgyKZKfMaaKoekYCVMpXI6lwiLE
97nw4uQ/7hCi0TOzWVdOlRP58O3f3ATWyGrijn6c/N1CDAABgJvz6nJihS5Vkpc4
3qe8V3zgi173BbEpGcf2nOEMukBV4E4vNviFDNoKoUMNv+jxDiPPCDUJQa/oDxJ4
73KaXIIddyEUw3mqCRZlwtKhisy2zsDNBGO/60oBDACg+zE4kmu2CzeSFHEV/mSi
8P4u/MGN2Orq/pXFcpsN4fI3nsAS1qy7SfSmB8n6x8VZABRTPikznAochiFiD9U7
6tz7xsb5LWVXY+bdPzkMjsdB9UExhbARAiNaAZ1uvUI2YjD5+NVTDEuWpCyoVf7y
qfzth39p70KmdJE32PJC26+a7dV+dZKV7DM+pOH3PW0iXGaokzoO/hfWnIo4EanE
3IxtGG85E/PTxrSs0qDrOcQ9t0RLN0kCHwrjlDaAiN/amB4nx1BQLsUofripb10x
drLXdcGCPeqyNnuDKA++eGxMs4rf/gZqpriZe/c5GOZYOEWf94eyEfY7Ap3iXYhG
3bcNIKxikOY+N8i7CNuaZcFrosK6pGIgzUX3jCxjZpYYfP4CI1AcPPnqIgEWH4qQ
wmaWYNQ8gVQAnF097hKKbLozvKkg5App66v3DdDERKkB1YPPDPAXmQR9RiPUnXxQ
p89wveOLCemuROqq9hWnVTq+d9SElOipRXfY3r2xzTUAEQEAAcLA/AQYAQoAJhYh
BC0XYc9ymOxRonDA/FY4PjXRU7iyBQJjv+tKAhsMBQkDwmcAAAoJEFY4PjXRU7iy
ZSML/iIEflaHoQnViezZwZq0Jjwvy4SljggpUzKiF65aZK7VXd5JHH8J4cCOTJUy
0a4p+g7XMChLMVY8zj4GjnaQ9AG0LT9pvbDPNnFAQ37W8LgoSmaJ9oAo1wYbjoDJ
9wYsfATPveltC04LQ5ODH+R+3AkG15gBEX7lImyNSHabLedrYQUvAcWDo66C4Gwk
k7Q/GgwYteCwRYvG+Rmv1OWcjSZmqWJArk4vwdGuaEWmPsTldTgU0T1jjhny81eI
FYTwAtL175x+ScIhrVuvBpsxV2htrJCOPCPZTYPyd8sXZZgAfhjyAepWAqgONIoJ
Npog1dAZDpUCihQviQ0kzPokaPXKUCahY/hKm+nncKCOR/FB8l2iQHTC6rlDhZ4a
8DSRjElpOJ9Q94aWUuUEQ+7VnwBFFbTClwAo51ejvZ3ZKaEX6lAo4VMchQYpqb6A
FXf9+sS2VJ2HRD1wsHZ2hTLxApu16lVJphpGM90Zc81qc3uXR7fDTi6G0FDzRx0/
PrhDFw==
=grCX
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEELRdhz3KY7FGicMD8Vjg+NdFTuLIFAmU/pKgFAwAAAAAACgkQVjg+NdFTuLJD
mQv+JBDHKAVdd9sZXAUfKPMZ+vYU5nyWGlPNGvgtdRMSfzHhdivQq1FZuYr/v0W1AZT8ZAukB+Pw
IeHUk3tzTtOpmcTd/e1fZE7s2+RouqRK0kihjTDc9LRhMMgID4WzjqNhyCdwJyYadMkqv1kdffWw
YoiXDrJrbpUtCdVCQKveTDK7xRiHCPu+eeej/Ss4h8AC4Q6iYXPKaqE9XV8EO0ECQfY7Gnc2DXRB
9O6vtIy0oGrAwPU3IJTO1qrzHH3o55Eqv3S1SOiBjvuCA1ZB9+Uwgc1F/RCzALqgYQ1ZGgGT+OPF
6n8TVENEmzRXFrUWy4Id7UmNulN5fNB4w3zIW4kag2YhHyXjc6dsJisoKZBGNqkPKrtTGjb5uAtS
rh90mSL0oSfntJiSo3hS403yuJhYopZFGfXSUFic6Au1mVdBXf5WwUAVndaPj7vGRT/9QdTVROFm
CjCPhFnhp/EDGyyY0yJ2FVKvf9Bog/Kno+JLrSkfyCWvGgsAnK3eeZt4Xc9e
=hpCh
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6457-1
October 30, 2023

nodejs vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Node.js.

Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0778)

Elison Niven discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-1292)

Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2068)

Alex Chernyakhovsky discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2097)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libnode-dev 12.22.9~dfsg-1ubuntu3.1
libnode72 12.22.9~dfsg-1ubuntu3.1
nodejs 12.22.9~dfsg-1ubuntu3.1
nodejs-doc 12.22.9~dfsg-1ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6457-1
CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097

Package Information:
https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.1

[USN-6458-1] Slurm vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmU/n1YFAwAAAAAACgkQbzAtCH6LqTYh
Bwf/YCwWJaUz9jIqI+o9ZiDP2LW5zpAKy806/iTZlHQL8QRFcqFfjQ2p/upCAihnByZ7THbL0M/B
VhKIL462AeBqp/0mO7rsBIovZmMSz3uHR6+qnhYMR+Nxhea4UsEa0MJlupfggAH/G7aBpgynEWwH
+7UnqSGfEQhWao8HtenlrMvXHMNmWPB+1zAPZUsHP1ZWPEFSIH/6A7DxaNKnxHXrOn/PAM0Tbcul
DZpCcBUccly51oOkGRkigpMriPIzBfWSBSG2lkJnhNwb+E7Mz5WDQea4QCCqTB7uEcZSaEZHEvg+
64xWzchbh838c04jWzIHoErRGPVl3EKQH0UzSrF8sA==
=Fe3Z
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6458-1
October 30, 2023

slurm-llnl, slurm-wlm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Slurm.

Software Description:
- slurm-wlm: Simple Linux Utility for Resource Management
- slurm-llnl: Simple Linux Utility for Resource Management

Details:

It was discovered that Slurm did not properly handle credential
management, which could allow an unprivileged user to impersonate the
SlurmUser account. An attacker could possibly use this issue to execute
arbitrary code as the root user. (CVE-2022-29500)

It was discovered that Slurm did not properly handle access control when
dealing with RPC traffic through PMI2 and PMIx, which could allow an
unprivileged user to send data to an arbitrary unix socket in the host.
An attacker could possibly use this issue to execute arbitrary code as
the root user. (CVE-2022-29501)

It was discovered that Slurm did not properly handle validation logic when
processing input and output data with the srun client, which could lead to
the interception of process I/O. An attacker could possibly use this issue
to expose sensitive information or execute arbitrary code. This issue only
affected Ubuntu 22.04 LTS. (CVE-2022-29502)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
libpam-slurm 21.08.5-2ubuntu1+esm1
libpmi0 21.08.5-2ubuntu1+esm1
libpmi2-0 21.08.5-2ubuntu1+esm1
libslurm-perl 21.08.5-2ubuntu1+esm1
libslurm37 21.08.5-2ubuntu1+esm1
libslurmdb-perl 21.08.5-2ubuntu1+esm1
slurm-client 21.08.5-2ubuntu1+esm1
slurm-wlm 21.08.5-2ubuntu1+esm1
slurm-wlm-basic-plugins 21.08.5-2ubuntu1+esm1
slurmctld 21.08.5-2ubuntu1+esm1
slurmd 21.08.5-2ubuntu1+esm1
slurmdbd 21.08.5-2ubuntu1+esm1
slurmrestd 21.08.5-2ubuntu1+esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
libpam-slurm 19.05.5-1ubuntu0.1~esm2
libpmi0 19.05.5-1ubuntu0.1~esm2
libpmi2-0 19.05.5-1ubuntu0.1~esm2
libslurm-perl 19.05.5-1ubuntu0.1~esm2
libslurm34 19.05.5-1ubuntu0.1~esm2
libslurmdb-perl 19.05.5-1ubuntu0.1~esm2
slurm-client 19.05.5-1ubuntu0.1~esm2
slurm-wlm 19.05.5-1ubuntu0.1~esm2
slurm-wlm-basic-plugins 19.05.5-1ubuntu0.1~esm2
slurmctld 19.05.5-1ubuntu0.1~esm2
slurmd 19.05.5-1ubuntu0.1~esm2
slurmdbd 19.05.5-1ubuntu0.1~esm2

After a standard system update you need to restart Slurm to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-6458-1
CVE-2022-29500
, CVE-2022-29501, CVE-2022-29502

[USN-6455-1] Exim vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAmU/aykFAwAAAAAACgkQhGmXSGiknnVd
9hAAs234vHaAow1FUcpGNQZgVXvEOQq/ZZz4VIwER4a/rGfjfjDbYPgdJaCcluH7N2ApN3doiWq3
mQ1kv9sG/b50E3JpEURo2lyDbm9UzdvsMH8MTchymudb55L5oKMR7jQ0P8zx53asGjUVAsH/pKwp
Wp0eVzXUyyCfpPlQVDsJLhHcz9sNzdC6t5AhmdyO0SI6LZp6BNgqVjlShR3y3iLI0STk467Ra7in
hOXi3nURLhVrbmpeGD+/2cMj651YQcZfGc2zLm7yKp91SAi/Wu39dx5Q00gl+srZNgVuXWadL9k+
HdChFKFizvDHfD5kdgRYzhO6HqSs7GRgtPcdtv6otvwJ4cklhplq9EXT8g3d/kSFWU5Tr5mKWvpU
WZ/vtX4x4oWcm7bI7lUMjgm7PpZFiQDaCjN8Vt6jjhWkjHbgdaPTOVMXuoejltuY9hZWsj8cMQ6R
Wurdf0qFLy6E3BUnovjc1xgvZjHdYbDN4v5oi+MvS1DCDeAAHOqZvmIKanKuoaTzLpFiejKNMbQX
M7L8QOq7cIYgda6ROKmYwY/gFNzwvgtvdFgUH6br51M1aI0aH3od/aqvfC+WA1wQf5R3D+uuirmM
M+jKxaBmzOra7x/ga8K/yBhzf0ZOyXi8vRx3Pm2lFsb8Ss+92KAb2lqIg1FnMLBevuHG/DZB9j06
beU=
=Jw7x
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6455-1
October 26, 2023

exim4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Exim.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)

It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
exim4-daemon-heavy 4.96-17ubuntu2.1
exim4-daemon-light 4.96-17ubuntu2.1

Ubuntu 23.04:
exim4-daemon-heavy 4.96-14ubuntu1.3
exim4-daemon-light 4.96-14ubuntu1.3

Ubuntu 22.04 LTS:
exim4-daemon-heavy 4.95-4ubuntu2.4
exim4-daemon-light 4.95-4ubuntu2.4

Ubuntu 20.04 LTS:
exim4-daemon-heavy 4.93-13ubuntu1.9
exim4-daemon-light 4.93-13ubuntu1.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm2
exim4-daemon-light 4.90.1-1ubuntu1.10+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm5
exim4-daemon-light 4.86.2-2ubuntu2.6+esm5

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
exim4-daemon-heavy 4.82-3ubuntu2.4+esm7
exim4-daemon-light 4.82-3ubuntu2.4+esm7

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6455-1
CVE-2023-42117, CVE-2023-42119

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.96-17ubuntu2.1
https://launchpad.net/ubuntu/+source/exim4/4.96-14ubuntu1.3
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.4
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.9

[USN-6456-1] Firefox vulnerabilities

==========================================================================
Ubuntu Security Notice USN-6456-1
October 30, 2023

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-5722,
CVE-2023-5724, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731)

Kelsey Gilbert discovered that Firefox did not properly manage certain
browser prompts and dialogs due to an insufficient activation-delay. An
attacker could potentially exploit this issue to perform clickjacking.
(CVE-2023-5721)

Daniel Veditz discovered that Firefox did not properly validate a cookie
containing invalid characters. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2023-5723)

Shaheen Fazim discovered that Firefox did not properly validate the URLs
open by installed WebExtension. An attacker could potentially exploit this
issue to obtain sensitive information. (CVE-2023-5725)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
firefox 119.0+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-6456-1
CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724,
CVE-2023-5725, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730,
CVE-2023-5731

Package Information:
https://launchpad.net/ubuntu/+source/firefox/119.0+build2-0ubuntu0.20.04.1