Friday, March 29, 2024

[arch-announce] The xz package has been backdoored

TL;DR: Upgrade your systems and container images **now**!

As many of you may have already read [1], the upstream release tarballs for `xz` in version `5.6.0` and `5.6.1` contain malicious code which adds a backdoor.

This vulnerability is tracked in the Arch Linux security tracker [2].

The `xz` packages prior to version `5.6.1-2` (specifically `5.6.0-1` and `5.6.1-1`) contain this backdoor.

The following release artifacts contain the compromised `xz`:

- installation medium `2024.03.01`
- virtual machine images `20240301.218094` and `20240315.221711`
- container images created between and including *2024-02-24* and *2024-03-28*

The affected release artifacts have been removed from our mirrors.

We strongly advise against using affected release artifacts and instead downloading what is currently available as latest version!

## Upgrading the system

It is strongly advised to do a full system upgrade right away if your system currently has `xz` version `5.6.0-1` or `5.6.1-1` installed:

```
pacman -Syu
```

## Upgrading container images

To figure out if you are using an affected container image, use either

```
podman image history archlinux/archlinux
```

or

```
docker image history archlinux/archlinux
```

depending on whether you use `podman` or `docker`.

Any Arch Linux container image older than `2024-03-29` and younger than `2024-02-24` is affected.

Run either

```
podman image pull archlinux/archlinux
```

or

```
docker image pull archlinux/archlinux
```

to upgrade affected container images to the most recent version.

Afterwards make sure to rebuild any container images based on the affected versions and also inspect any running containers!

## Regarding sshd authentication bypass/code execution

>From the upstream report [1]:

> openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

```
ldd "$(command -v sshd)"
```

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4
[2]: https://security.archlinux.org/ASA-202403-1

URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Thursday, March 28, 2024

[USN-6707-4] Linux kernel (Azure) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYF194FAwAAAAAACgkQZ0GeRcM5nt3E
DQf+N1nI99BcoofFvtGzGTaZu+DsGOBi9Pq1Z1i0CA61ID4OIYQK8Q5LGqhOOGu6RKbHYrzj1MP6
6vvilT7TXR/NjHM8Cd0VCNUNc0cqjqqKFNuUZsu7SbZWJIHdoF42pVTOA4bPtAyCbwW8g/fkhjFx
aV/VMcxudBIonwoh0OsUh24dPYMWZ70dNcioC+7uBe1Rae6h/8BT4N6HR6bqVL/RoAsQSYy0qnHr
HomWxX8w5mNvGd6cTi6UUslExuIlzofwwc4eVtHmuwkYrq38J43kUuZCP7GSobmnxqpvWrwFFHTX
fYS0DlDqt1j+eMb61t7693j29OXHrYsH2Smk5AVqFg==
=Qdby
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6707-4
March 28, 2024

linux-azure-6.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-6.5: Linux kernel for Microsoft Azure cloud systems

Details:

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- PWM drivers;
(CVE-2024-26597, CVE-2024-26599)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.5.0-1017-azure 6.5.0-1017.17~22.04.1
linux-image-6.5.0-1017-azure-fde 6.5.0-1017.17~22.04.1
linux-image-azure 6.5.0.1017.17~22.04.1
linux-image-azure-fde 6.5.0.1017.17~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6707-4
https://ubuntu.com/security/notices/USN-6707-1
CVE-2024-1085, CVE-2024-1086, CVE-2024-26597, CVE-2024-26599

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-6.5/6.5.0-1017.17~22.04.1

[USN-6704-4] Linux kernel (Intel IoTG) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYF19AFAwAAAAAACgkQZ0GeRcM5nt0k
7wgAkTPHmQWM+8dPj4UY4hCA0dLab1AjSBy+W8eNYJkQvOKpjxGCWMx3lwRQCYvHhlDq0ozSPbYi
W/csWlGNhXixkbB4sxZpMoLhHMP62onMJZjrU5anCiFRhofAtzXmo3zaLNLiFD5+XphjQogspcQ5
ExLgdO5EvKFa1SHNs4y19jaRbRLVPZX7qGcPwuI4+VRwyu+oUBYvHfqKDIChdYXxzPRFAuVp8iRL
V/ujTrXGJcmA9wT/FLuWhtzFBy8V98U4BQSqnbck/uR6aPE3iW8MNT3y7Nwf7W11R6s1PP+MT/3V
g452CLbzwKdjw9tOrKMajloPZjyk0hyLJvmp562IeQ==
=AAVX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6704-4
March 28, 2024

linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1051-intel-iotg 5.15.0-1051.57
linux-image-intel-iotg 5.15.0.1051.51

Ubuntu 20.04 LTS:
linux-image-5.15.0-1051-intel-iotg 5.15.0-1051.57~20.04.1
linux-image-intel 5.15.0.1051.57~20.04.41
linux-image-intel-iotg 5.15.0.1051.57~20.04.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6704-4
https://ubuntu.com/security/notices/USN-6704-1
CVE-2023-23000, CVE-2023-32247, CVE-2024-1085, CVE-2024-1086,
CVE-2024-24855

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1051.57

https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1051.57~20.04.1

FreeBSD Security Advisory FreeBSD-SA-24:03.unbound

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-24:03.unbound Security Advisory
The FreeBSD Project

Topic: Multiple vulnerabilities in unbound

Category: contrib
Module: unbound
Announced: 2024-03-28
Affects: FreeBSD 13.2 and FreeBSD 14.0
Corrected: 2024-02-17 13:45:44 UTC (stable/14, 14.0-STABLE)
2024-03-28 05:06:26 UTC (releng/14.0, 14.0-RELEASE-p6)
2024-02-17 13:45:44 UTC (stable/13, 13.2-STABLE)
2024-03-28 05:07:55 UTC (releng/13.2, 13.2-RELEASE-p11)
CVE Name: CVE-2023-50387, CVE-2023-50868

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I. Background

Unbound is a validating, recursive, and caching DNS resolver.

II. Problem Description

The KeyTrap vulnerability (CVE-2023-50387) works by using a combination of Keys
(also colliding Keys), Signatures and number of RRSETs on a malicious zone.
Answers from that zone can force a DNSSEC validator down a very CPU intensive
and time costly validation path.

The NSEC3 vulnerability (CVE-2023-50868) uses specially crafted responses on a
malicious zone with multiple NSEC3 RRSETs to force a DNSSEC validator down a
very CPU intensive and time costly NSEC3 hash calculation path.


III. Impact

Both issues can force Unbound to spend an enormous time (comparative to regular
traffic) validating a single specially crafted DNSSEC response while everything
else is on hold for that thread. A trivially orchestrated attack could render
all threads busy with such responses leading to denial of service.

IV. Workaround

No workaround is available. Systems not running Unbound are not affected.

V. Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 14.0]
# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch
# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch.asc
# gpg --verify unbound-14.patch.asc

[FreeBSD 13.2]
# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch
# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch.asc
# gpg --verify unbound-13.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch -p0 < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart the applicable daemons, or reboot the system.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ e2b44c401cc2 stable/14-n266696
releng/14.0/ c189b94f8a22 releng/14.0-n265416
stable/13/ abe4ced2b9de stable/13-n257436
releng/13.2/ d9d90e5e42f6 releng/13.2-n254664
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:03.unbound.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGa4ACgkQbljekB8A
Gu8Oxw/9HrzGZVx0FsUb8dhvf6Hlcfy3B0RNjxcnvvBm+P/V0+WSEaFTod9YaonO
GN331SXI1blvqfCpOz2TLiOvHjWDPCcb8bb9YqQXRId4axnpxCCzIY0HkxgXFNDu
XgXwM4JYapmWis/pOxifRXnB087lwbkfVx/0iOTeA0XUFoRRIbooiL/6H76hOmq7
XR5moI8xYyAX5Xh+5/6yZgd+A+0n/KfQnOEpA7Ex9MWC17co+RGOP1JUZYIFHhAc
W/vNuL23UWqR1TjMgVWTHEvVBTrUPEiDfp2Z1LiQexH9IaQ4cePu7qrWlzAo7rr6
6Cf3DybH9IxALQQSSKq1JWNqQFOWvpXCy5JKBua+Z7kcFHR5tmAgolqGLGJ629Ko
GNwsSUTZ8SzwupJ93boMaD4jF2t+zOXvBvceYywZEEvd2gq2zkfMV6WJwtUUOvdm
z7Z7AejUFONrQyYps4rcKCthnQOLHtzcPUQom68KpUACsdOr1hkA0VOCf5HRrEe6
DpwM9PX1T3eiHSq1eZj2MMkz+Cw/DJK+wegkULRxg2ZOmWKA2U8df+Qj1RYpX4QT
JrPSHh4EqovfrB5H0uUgfLWBgAzGBLEeFKAMA+omlEaELyNzvG/4xv8eJVtjTG+D
EEQCXVTJmws/ZFDC2vJhVR6vdAwMuPz8YkBtcQkqnNcF+zzbcEk=
=PELN
-----END PGP SIGNATURE-----

FreeBSD Errata Notice FreeBSD-EN-24:08.kerberos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-24:08.kerberos Errata Notice
The FreeBSD Project

Topic: Kerberos segfaults when using weak crypto

Category: contrib
Module: heimdal
Announced: 2024-03-28
Affects: FreeBSD 14.0
Corrected: 2024-01-22 15:49:24 UTC (stable/14, 14.0-STABLE)
2024-03-28 05:06:25 UTC (releng/14.0, 14.0-RELEASE-p6)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I. Background

FreeBSD includes Heimdal, an implementation of ASN.1/DER, PKIX, and Kerberos.
It uses OpenSSL to provide a number of cryptographic routines.

II. Problem Description

Weak crypto is provided by the openssl "legacy" provider which is not loaded
by default.

III. Impact

Attempting to use weak crypto routines when the legacy provider is not loaded
results in the application crashing.

IV. Workaround

Edit /etc/ssl/openssl.cnf to load the legacy provider unconditionally.

V. Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch
# fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch.asc
# gpg --verify kerberos.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ c7db2e15e404 stable/14-n266467
releng/14.0/ c48fe39ad139 releng/14.0-n265415
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<other info on the problem>

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272835>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:08.kerberos.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGawACgkQbljekB8A
Gu9Euw/+LX8qcrGUvA11MNOVemD+SEH/Ol97L4gLHhzGlWSf3VMq5F1KtY0VRwGK
ykM3VsSAk3PoYHLn+jbHPuAMjJVym+MLg27ZZWlqnx2Z7/wk2KuAb9RVCUl4FnPy
eTXzBNt3tCSYa2ZCRWEH+uN6dZh4o8VP0DWfrNdaazH7R7ezRmTzirvcQ39MXTcE
8wI+zQedVZG4OSuqOSFY21d70nlzqgs6ThY3K6KrtcaQGfenYBSQgFmjMJlBqtrb
Mr1Yvgc+wE66Ara/Hz+/2L11bwjyFwT1dpO57DKrcyTaGTnSYiDQiDscUIAW0gCh
bUMCgWCHq+kk7pAyUIMlRbdrA/6N/wmvwP/iO6GGxYmN0lNX8udxeZWz3OPPnbif
anM5OGnvKFkkTzCqnpHumljolvJL0/VeD7XCNBBgWa1I46gFmmNZ7R2esm7UEdU8
IR4Hk9EqGhfl+EwU7OW04/Hq3br667kXbVsq1TTVM4ht39K+WhVoxzirp7QzOGTJ
WjRq6DK+44PyhQgnnAJgM/4gOGr5O/Y3ezRx4uj1S9L9faXTC5xlT8Vw78xU2wXq
BjG7vXi5r9d4POjtRcNiaMVKXQPF/saGjHcPGrGnuBLC8AFG54bFycmvM5QzWqng
AeRFOg+O8lkxLoQMDqJsNt8OMIk7vZHguwL7pt0tRtouuoaszU0=
=UnED
-----END PGP SIGNATURE-----

FreeBSD Errata Notice FreeBSD-EN-24:07.clang

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-24:07.clang Errata Notice
The FreeBSD Project

Topic: Clang crash when certain optimization is enabled

Category: contrib
Module: clang
Announced: 2024-03-28
Affects: FreeBSD 14.0 and FreeBSD 13.3
Corrected: 2024-03-08 08:19:28 UTC (stable/14, 14.0-STABLE)
2024-03-28 05:06:23 UTC (releng/14.0, 14.0-RELEASE-p6)
2024-03-08 08:19:49 UTC (stable/13, 13.3-STABLE)
2024-03-28 07:14:20 UTC (releng/13.3, 13.3-RELEASE-p1)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I. Background

FreeBSD includes the Clang C/C++ compiler in the base system. FreeBSD 14.0
and FreeBSD 13.3 include Clang version 17.

II. Problem Description

Clang 17 has a bug that results in a crash under certain circumstances.

III. Impact

The compiler crashes instead of generating an object file.

IV. Workaround

Avoid use of -fzero-call-used-regs, or install a version of Clang other than
17 from ports or packages.

V. Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch
# fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch.asc
# gpg --verify clang.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ fc31d474c40a stable/14-n266942
releng/14.0/ 711422d54795 releng/14.0-n265413
stable/13/ 961271f952fc stable/13-n257558
releng/13.3/ 26059a4f2c14 releng/13.3-n257430
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277474>
<URL:https://github.com/llvm/llvm-project/issues/75168>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:07.clang.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaoACgkQbljekB8A
Gu/y4RAAqXAE1WeZIk1tYMnlgqcw1SM5ojKvzK2iZegpPND0Yov7gzkwmNYNqCGY
GLEKVJcVqS5hagCowAZkptq0dh8JtHusBVWq53IZdI5RB81xQOa2yYp+87GkVacn
j8UnnbmAbb0rfMQyzVbMc5Kv3fkeAkZYZxiKmm+2iKt1cFHXv8yU4DIsTkxLAOUM
AlextCl+SO6NLyZ6+64XkArc9ekcrrTs4QpKhZwHcBWNOogDzvFxCokObVGM98cb
AN9pS09BTquuN5Yq5kXgFVzp8KLM0uruFKuEy+yNTCFJMMix1/9hj84yA2STm1iu
AGd0lp8N7JXfnGKdktBZ4YeOL7GRTTgrInixJ3KbzjFbwmwrgQSzBC1neZqjPbAf
iomKNIo23wsaMpjDh+RBBIOpDZnfPOO+imWh6A4ErdObMWyNw3+2MqUSHgMI9STO
qqWIAHvQQwlB0lZAYvh6/iHntfLfIa3vdUH+g7kl8d5xzZlV18HkqsF6LtzbXbE5
tJ6QxtqlZjLa7eq/7qyg5bQFk7eJ0bhN7al+P5FOjezJo/tCFOIStWaFgTWntNep
FkysAdgJUnkMreaccWT3YrIKKKyjBUVYvh1UWf6GudSdPs9ZPzsAR3X1RmixGO6H
Y5EjL5hvuaNdqM3RiCF2/Vm/sVwF8KkEJs1rDbFFhM1HKCt9000=
=lTOH
-----END PGP SIGNATURE-----

FreeBSD Errata Notice FreeBSD-EN-24:06.wireguard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-24:06.wireguard Errata Notice
The FreeBSD Project

Topic: Insufficient barriers in WireGuard if_wg(4)

Category: core
Module: if_wg
Announced: 2024-03-28
Affects: All supported versions of FreeBSD.
Corrected: 2024-03-22 15:21:39 UTC (stable/14, 14.0-STABLE)
2024-03-28 05:06:22 UTC (releng/14.0, 14.0-RELEASE-p6)
2024-03-22 15:21:42 UTC (stable/13, 13.3-STABLE)
2024-03-28 07:14:19 UTC (releng/13.3, 13.3-RELEASE-p1)
2024-03-28 05:07:54 UTC (releng/13.2, 13.2-RELEASE-p11)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I. Background

if_wg is the kernel module that implements WireGuard tunnels between two
endpoints. When packets arrive from the tunnel or are sent over the tunnel,
they are decrypted or encrypted in a separate thread from the one that delivers
the packet to its final destination.

II. Problem Description

Insufficient barriers between the encrypt/decrypt threads and the delivery
threads may result in the wrong part of an mbuf chain being read and sent along
through the network stack on architectures with a weaker memory model, e.g.,
aarch64, under certain workloads.

III. Impact

The part of the mbuf chain being sent along may contain some invalid state that
causes a later fault and panic.

IV. Workaround

No workaround is available, but X86 platforms (that is, i386 and amd64) are
not affected.

V. Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot or reload the
if_wg kernel module.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD arm64 platform can be updated
via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

After the updates have installed, you will need to reboot the system or reload
the if_wg kernel module.

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch
# fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch.asc
# gpg --verify wireguard.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system or reload the if_wg kernel module.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 590e02d3c088 stable/14-2576116
releng/14.0/ 56be7cd84447 releng/14.0-n265412
stable/13/ 806e51f81dba stable/13-n257611
releng/13.3/ f07351f90aa3 releng/13.3-n257429
releng/13.2/ 8f1f4e60ceb9 releng/13.2-n254663
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264115>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:06.wireguard.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGagACgkQbljekB8A
Gu/p2g//cupzJnkQB/sXm0EWroHjy/I6X6gbZlDpHZFbetGx8niyCH/xK3FMySuq
q1XGKpXqQKBR3R+VmTNs+Tfd0DbFK8nwStPHXnewKZJ+Qddah27Y3zEuj9+vmmmq
rzgJNDNv53eZj0c2ExIWVSfjn1faiE4ctVUOROtvxvxr9RtFpatGTzT5i/wgoNnj
gyO/VoFIn3C4ya8F/7EMicnEdQuXW55Ds+3ub9MO4DcXDds3QLWnYIVYfnvnBNV4
YX7N+yynBxGOwD1Isbee6dCFTslsOgqV8WGkN4hMXvikPGvD+lXwCpDftfJCEFbR
xDUzf+M/6eBDgTztMmg7bTQO53Dp1iv5nd6Sw71rqS6tCwJ4BoxHV8Cx31yBbPRq
S2JsUjT0UsH5Cdvq8Ky5vMPSuSa/n8Ma/CeNtAQ0wvMw9WXkDGOZQSfBuEvJIItB
WQyfpBgrWjUZ3fMX7URPc5hca04y/bLyBV+gRfRqVy2nc4T4AwplWYOvBb5f8EXs
2+Jq1Bh3PQTBM4ZdXJtGmBct7ciZn3tZSrAt8c2sNLV5tUfVhWgNTYmcj5ffpPGh
r6D9m++Oq4ZORrFpydDfgv/0qXJQrp/9nFVxv8TdhwHBOkdYWP9mJpIUJxVxwfYp
jlFBr6yZWp4bWsGGgdtQqQ5+gKo8B25aQ52IE22weZsFxxaYn24=
=oKHT
-----END PGP SIGNATURE-----

FreeBSD Errata Notice FreeBSD-EN-24:05.tty

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-24:05.tty Erratum Notice
The FreeBSD Project

Topic: TTY Kernel Panic

Category: core
Module: kernel
Announced: 2024-03-28
Affects: FreeBSD 13.2 and FreeBSD 14.0
Corrected: 2024-02-29 00:29:13 UTC (stable/14, 14.0-STABLE)
2024-03-28 05:06:21 UTC (releng/14.0, 14.0-RELEASE-p6)
2024-02-29 00:30:12 UTC (stable/13, 13.2-STABLE)
2024-03-28 05:07:53 UTC (releng/13.2, 13.2-RELEASE-p11)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I. Background

tty(4) is the general terminal device. The kern.ttys sysctl provides tty
information for tools such as `pstat -t`.

FreeBSD-SA-24:02.tty addressed an information leak about outside processes
from within a jail.

II. Problem Description

A missing check resulted in a null pointer dereference if a tty had a session
associated, but no session leader.

III. Impact

Under certain conditions an unprivileged user could provoke a kernel panic.

IV. Workaround

No workaround is available.

V. Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch
# fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch.asc
# gpg --verify tty.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 8d22744f5be1 stable/14-n266915
releng/14.0/ a3ec3054762f releng/14.0-n265411
stable/13/ a60220bbb551 stable/13-n257543
releng/13.2/ f3195cc08ccc releng/13.2-n254662
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277240>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277329>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:05.tty.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaEACgkQbljekB8A
Gu8NTw//Rqyq8heDUZZyz0TKMs/ObZY9h7VbL3Pces9mpnE6mgZx9g1kalo1xml3
x0kRIJ0L606oBxhrJYqam3DrcJsPWs/8LOmmUa9u4/M2sAPuw03pyPEYNnokhf05
NvC6mjNCpuJY4jzoa1hYdjvUHJe6u66reEoWuARPxoT6ZGPLiVhYPmoYIJFtoEAy
tLEIH4GRjfRuOEgSDY7sIy5MoxjObBqPQl4VtbCSZDN/PN4z6WuxC/f2N0vpN1uq
IyDGWCvEOa6g+7kDEiBJo4LRp30mQtMJalfQUlLm653Do2Jh6L5tUuQ+T0qIOlqc
gTlKnnaa0m/hMUD9t4lJHQbLfGFaYpXbyJpblO8hPoM7Trk2vsoGubksMYZSRHIy
/9IiZafdnNoHxa5+ZTRSqxYw9e38gwTlWsNjQpCezhtaZo0FWkhcgC7zUG+yMUXz
zYhYXCQkZXpEvIg+BJs3ZdigGK7wRjC9qsC8jfnhOU+q452qqnKjg8bxJdGxBbZ0
HKFfAVgtqAEgU3PzPN7Nmu4QJ+VOu9L/e1mOhrqcmHtYDYLfdelCT8DjHj85oggn
C5iDPG6AxnLczTlTxVsHTiQcmTy6awfeTf1N1JCbfZPovrO/CTaOLnMy/PNeZIml
UnarxLtQNeK6BDKd0E/rEym9wL0YJ1Xj/3XE1qPAjz52YufRHHM=
=w167
-----END PGP SIGNATURE-----

Wednesday, March 27, 2024

LibreSSL 3.8.4 and 3.9.1 released

We have released LibreSSL 3.8.4 and 3.9.1 which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. LibreSSL 3.9.1 is
the first stable release for the 3.9.x branch, and will also be
available with OpenBSD 7.5.

Both releases include the following changes from the previous version:

* Portable changes
- Updated tests with expiring certificates
- CET-related build fixes for Windows and macOS targets
- Update libtls linker script to include libssl and libcrypto

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

[USN-6715-1] unixODBC vulnerability

==========================================================================
Ubuntu Security Notice USN-6715-1
March 27, 2024

unixodbc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

unixODBC could be made to crash or execute arbitrary code.

Software Description:
- unixodbc: Basic ODBC tools

Details:

It was discovered that unixODBC incorrectly handled certain bytes.
An attacker could use this issue to execute arbitrary code or cause
a crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libodbc2 2.3.12-1ubuntu0.23.10.1
unixodbc 2.3.12-1ubuntu0.23.10.1

Ubuntu 22.04 LTS:
libodbc1 2.3.9-5ubuntu0.1
libodbc2 2.3.9-5ubuntu0.1
unixodbc 2.3.9-5ubuntu0.1

Ubuntu 20.04 LTS:
libodbc1 2.3.6-0.1ubuntu0.1
unixodbc 2.3.6-0.1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libodbc1 2.3.4-1.1ubuntu3+esm1
unixodbc 2.3.4-1.1ubuntu3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libodbc1 2.3.1-4.1ubuntu0.1~esm2
unixodbc 2.3.1-4.1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6715-1
CVE-2024-1013

Package Information:
https://launchpad.net/ubuntu/+source/unixodbc/2.3.12-1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/unixodbc/2.3.9-5ubuntu0.1
https://launchpad.net/ubuntu/+source/unixodbc/2.3.6-0.1ubuntu0.1

[USN-6686-5] Linux kernel (Intel IoTG) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYEjHEFAwAAAAAACgkQZ0GeRcM5nt0J
qggAtvEmYSTAJ0X6rNB7Uz/hBLT3fBKspVsoqhsaNfgzVnSo9f7Xs5P1Wq1/qk3aM/W2nCUZTY/A
0ZwO+Oyer9HkANascF9BGXNZJKxiy2+kfdTHe8EuNtf/+pY8SUI3Sh8FO/YQ86qrg3L5TkH7l+mg
G9J9PrZemkkNmbkUYb+5Wr45UeT6Av6BvLVh95na/jPsYn+3J3q7HEtIuuezUDe9CaiZMffZ+GI3
sNMK2jrbjqXb8+DQUy13+fPP/pUfTDzXroLB1hmYIqIRviC3nQLIhJid/zRj+Fs9dMI0kti5zoq+
66MiNUx2xrjvo4hv+U0ZXekmEjWWH+TS//SE9AxLaA==
=blHH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6686-5
March 27, 2024

linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the
Linux kernel did not properly handle certain error conditions during device
registration. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2023-22995)

It was discovered that a race condition existed in the Cypress touchscreen
driver in the Linux kernel during device removal, leading to a use-after-
free vulnerability. A physically proximate attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4134)

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that the io_uring subsystem in the Linux kernel contained
a race condition, leading to a null pointer dereference vulnerability. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-46862)

It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)

It was discovered that the VirtIO subsystem in the Linux kernel did not
properly initialize memory in some situations. A local attacker could use
this to possibly expose sensitive information (kernel memory).
(CVE-2024-0340)

Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1050-intel-iotg 5.15.0-1050.56
linux-image-intel-iotg 5.15.0.1050.50

Ubuntu 20.04 LTS:
linux-image-5.15.0-1050-intel-iotg 5.15.0-1050.56~20.04.1
linux-image-intel 5.15.0.1050.56~20.04.40
linux-image-intel-iotg 5.15.0.1050.56~20.04.40

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6686-5
https://ubuntu.com/security/notices/USN-6686-1
CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862,
CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340,
CVE-2024-0607

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1050.56

https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1050.56~20.04.1

[announce] Next NYC*BUG: 20 Years of NYC*BUG 2024-04-03

Next NYC*BUG: 20 Years of NYC*BUG and Can We Handle 20 More?, by George Rosamond
2024-04-03 @ 19:45 EDT (23:45 UTC)


More info:
https://www.nycbug.org/index?action=view&id=10695



_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce

[USN-6719-1] util-linux vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYET/4ACgkQZWnYVadE
vpOCQg//YS1NgGGmKnUI9UriNKwqObC1SMgWnC1CEdqRbi8rqDgnGN1WsOa/Nnhe
dAwfQkOxTUfeez8ZjXGBDGDN4Z468GHbpmA87CyXhUfRm2YOK4B49VP+3OJpaIX3
hWgzN4yjHWhAfCsaFUHyimFWYdQsw8zIvGcXKJMuHLyDVK4otvRncsLwnoWqoj97
Xe73tws+ijwxVWye3gpj1wlfPQoah8++aRRYyQBDSysjATiAluzy33MSJ3WQ8qO9
Zm7XmbCuhnBfLYf6CpLYfxQERuL1BNXe86yLik0bJCxlXdb+EVKcrMZtc47/D82X
2RrgjHs5ukS4hl9ENt2IR64Jehl9BOJ90TE0riqlwWPn0tohYTWKF5qI45qkttiN
iAFo9fA1O7Hy4KjWsqTLgFc618a/JyWBPvbKoajKCx9NhMb5ePQwPIa92nDZAH70
KGLeaZngnIinq+t95mZaBIatssjUN7qfXpHZe8OL+w5z4voxt2oTk9Zdjk71PWMP
kmTHzjEFJy7EaZhF6XNt92jtHaBaokpbcnch8N3MqrWNBThwVEcwL4NS7FizDkwU
Q/E4UlMru5pjGfVRwCHj28gCh/Q7b88btl/gH8qG63y5nrnCr3klChW4o4vOxts3
17F4jHUIy+YpttF0N8RXS08j1VoBCz7+hw78DNu2yKLmga8iU2w=
=+hk4
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6719-1
March 27, 2024

util-linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

util-linux could be made to expose sensitive information.

Software Description:
- util-linux: miscellaneous system utilities

Details:

Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
util-linux 2.39.1-4ubuntu2.1

Ubuntu 22.04 LTS:
util-linux 2.37.2-4ubuntu3.3

Ubuntu 20.04 LTS:
util-linux 2.34-0.1ubuntu9.5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6719-1
CVE-2024-28085

Package Information:
https://launchpad.net/ubuntu/+source/util-linux/2.39.1-4ubuntu2.1
https://launchpad.net/ubuntu/+source/util-linux/2.37.2-4ubuntu3.3
https://launchpad.net/ubuntu/+source/util-linux/2.34-0.1ubuntu9.5

[USN-6718-2] curl vulnerability

==========================================================================
Ubuntu Security Notice USN-6718-2
March 27, 2024

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

curl could be made to denial of service.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-6718-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
curl 7.58.0-2ubuntu3.24+esm4
libcurl3-gnutls 7.58.0-2ubuntu3.24+esm4
libcurl3-nss 7.58.0-2ubuntu3.24+esm4
libcurl4 7.58.0-2ubuntu3.24+esm4

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
curl 7.47.0-1ubuntu2.19+esm12
libcurl3 7.47.0-1ubuntu2.19+esm12
libcurl3-gnutls 7.47.0-1ubuntu2.19+esm12
libcurl3-nss 7.47.0-1ubuntu2.19+esm12

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6718-2
https://ubuntu.com/security/notices/USN-6718-1
CVE-2024-2398

[USN-6718-1] curl vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYEGs0ACgkQZWnYVadE
vpPVuA//c26UJ8T6S+UB8j0SpUmzmL09FBzt70m+6GKev6COZv5BvDzlixSFEybT
T2zLS1NSGf6kkjEW8BWccD8FQQNTsJMU6GYKfAC0SH8y7rgNnjyqfJi22OwuByjb
bysGVGVWXGez52/6T0IwGIQ67pMKXn08Ufuw/xBqnYe8VG6GYHdJFDf7ai/aenJU
MwCb1X+PoQk7ofrmBRQPL6iykzYoBWdRei0ye+jfOkA11XxWmEUNo9nPdEAKBqA+
YccOpZlNldAdL4ZAaIobvzdFrPmsZyhtN+yy5pq/G6JnKkX9BM/831kjHIiqNC0g
xfDvWdDp2wJTagbxIOkPYOUOvuHPbvadW9jdocCJ5J1d2RB+xKVW2hDJ5JDeM3cF
8dhZEGFeA5SkjRFKnvoFQvpJ56VO+A6NzdbSv3xAnBd8+Uiow61o9anUSPC16kyw
672/0DFuj0FUJxZog4f/aOH5py8veWePphIBsj2KRK47pEWTDnjUiqCUTnmv1zew
uWqTJUX5mGoN4fSw2I61Z12mz3JfqpZUiZQ5Jv/5W6pkYvcij/3MvfLTIdxJLQBJ
dVUtCcfdx5PMbmG/JH/5wMXswGZKFt6B8NC6XSYTigXjsv/W90u0F0hZLId81PiJ
exbIofoojdQ/kTNCCYDHns6lOUYo0pEokk9N3xowNedOz93+WoY=
=EgET
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6718-1
March 27, 2024

curl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
curl 8.2.1-1ubuntu3.3
libcurl3-gnutls 8.2.1-1ubuntu3.3
libcurl3-nss 8.2.1-1ubuntu3.3
libcurl4 8.2.1-1ubuntu3.3

Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.16
libcurl3-gnutls 7.81.0-1ubuntu1.16
libcurl3-nss 7.81.0-1ubuntu1.16
libcurl4 7.81.0-1ubuntu1.16

Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.22
libcurl3-gnutls 7.68.0-1ubuntu2.22
libcurl3-nss 7.68.0-1ubuntu2.22
libcurl4 7.68.0-1ubuntu2.22

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6718-1
CVE-2024-2004, CVE-2024-2398

Package Information:
https://launchpad.net/ubuntu/+source/curl/8.2.1-1ubuntu3.3
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.16
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.22

Tuesday, March 26, 2024

Reminder: F40 final freeze starts next week (2024-04-02)

Just a reminder that, because Beta used it's 'target date #2'
(ie, today), the gap between the Beta release and Final freeze is only 1
week this time.

So, please take this time to do any last minute testing and bugfixing
and make sure any packages you expect to be in the final f40 base
repositories are pushed stable before next Tuesday (2024-04-02).

https://fedorapeople.org/groups/schedule/f-40/f-40-key-tasks.html

kevin

Fedora Linux 40 Beta Released

Fedora Linux 40 Beta Released
------------------------------------------

The Fedora Project is pleased to announce the immediate availability of
Fedora Linux 40 Beta, the next step towards our planned Fedora Linux 40
release at the end of April.

Download the prerelease from our Get Fedora site:
* Get Fedora Linux 40 Beta Workstation:
https://fedoraproject.org/workstation/download/
* Get Fedora Linux 40 Beta Server: https://fedoraproject.org/server/download/
* Get Fedora Linux 40 Beta IoT: https://fedoraproject.org/iot/download/
* Get Fedora Linux 40 Beta CoreOS: https://fedoraproject.org/coreos/download/
* Get Fedora Linux 40 Beta Cloud: https://fedoraproject.org/cloud/download/

Or, check out one of our popular variants, including KDE Plasma, Xfce,
and other desktop environments:

* Get Fedora Linux 40 Beta Spins: https://spins.fedoraproject.org/prerelease
* Get Fedora Linux 40 Beta Labs: https://labs.fedoraproject.org/prerelease

For more details about the release, read the full announcement at

* https://fedoramagazine.org/announcing-fedora-linux-40-beta/

or look for the prerelease pages in the download sections at

* https://fedoraproject.org/

Since this is a Beta release, we expect that you may encounter bugs or
missing features. To report issues encountered during testing, contact
the Fedora QA team via the test@lists.fedoraproject.org mailing list or
in #fedora-qa on Libera Chat or the #qa:fedoraproject.org Matrix room.

Regards,

Samyak Jain
fas/matrix: jnsamyak
Fedora Release Engineering
--
_______________________________________________
announce mailing list -- announce@lists.fedoraproject.org
To unsubscribe send an email to announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[USN-6717-1] Thunderbird vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmYCqm8FAwAAAAAACgkQWNrRIKaTkWcw
8A//Upemw63nBqbh/kxDWPJWhOA2LFE5PgkzQLCkmmUZ2scEhUFABRj+YdP5S0JOEuFUihBUPhQB
kcpZ682uf1lwOh8wUsJVH3/ur+2U6So7UmjtwY8KJ+0bpv0i37QpRGBcyjZ3zkAILhRZgWQny6Vk
fP9FNrDndsMYxWIF/SCrut6ip5m/QK5d1dtQ0cL8kl96PRap5wBK5rydWmBC90YodtHUJHwNLJgQ
BXpjomN+gNF+t9w+qSPoh05LR8Lb9/PO/4QT79SFMBQPgGFbPHmviawsa62cr4Qv7ZVXQexA00l1
jjS17xAhgdbc9dAa5wW9+nJDz6XeHFpyaQRPm3UQ5OsoSbhjWF7tzR6dXUaPI0wJI6As10OtbtfM
4fYUuAV5E4854x2FsNQ6GCE3AF2AOvzKv1ctnGo74+VAzUl6NX6zcHzawYI159teOz8VoYsSXRZN
ToUsW5mv1kx4ekoMb9Kuo6FRL0afPAvs049rfSWixIcgknQwfYi1dxUAFwnpWWrhzq/2KGnmhOe3
7DE9Q3xA33Bo4+WTXtKk9dyrlhsCe17pVCRUHpl9ou6ohYqkqnWlNl3Z2Q6TqT7VWpNE5V/Ib94L
jtarVjJYZwxQork/fYBXBFFcq3e2cv2nWuet+jpcZK/6i1VGf2CpXlFHH8VBL2rw6kbk7jwR7U4a
3jQ=
=DW1m
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6717-1
March 26, 2024

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611,
CVE-2024-2614)

Hubert Kario discovered that Thunderbird had a timing side-channel when
performing RSA decryption. A remote attacker could possibly use this
issue to recover sensitive information. (CVE-2023-5388)

Gary Kwong discovered that Thunderbird incorrectly updated return
registers for JIT code on Armv7-A systems. An attacker could potentially
exploit this issue to execute arbitrary code. (CVE-2024-2607)

Ronald Crane discovered that Thunderbird did not properly manage memory
during character encoding. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-2608)

Georg Felber and Marco Squarcina discovered that Thunderbird incorrectly
handled html and body tags. An attacker who was able to inject markup into
a page otherwise protected by a Content Security Policy may have been able
obtain sensitive information. (CVE-2024-2610)

Ronald Crane discovered a use-after-free in Thunderbird when handling code
in SafeRefPtr. An attacker could potentially exploit this issue to cause a
denial of service, or execute arbitrary code. (CVE-2024-2612)

Ryan VanderMeulen and Dan Minor discovered that Thunderbird did not
properly manage memory conditions in ICU. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-2616)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
thunderbird 1:115.9.0+build1-0ubuntu0.23.10.1

Ubuntu 22.04 LTS:
thunderbird 1:115.9.0+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
thunderbird 1:115.9.0+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6717-1
CVE-2023-5388, CVE-2024-0743, CVE-2024-2607, CVE-2024-2608,
CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614,
CVE-2024-2616

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:115.9.0+build1-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.9.0+build1-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:115.9.0+build1-0ubuntu0.20.04.1

[USN-6588-2] PAM vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmYCmA8FAwAAAAAACgkQa1+PL+d1/Eiq
eQv/cNSllzCldQBuFR6YC5LcSs8pWoaF4jAbGiqXwMICC2svAhX4bMDvhGcU5CEeXU3uC20RpOw6
8JTi5+YoYGjyk6EoWc8V0BDXSQ6DsxT1b35tX4ucsiV7/HTEkqa8x2GKH8c+1jBZTUubzrTsB9tm
y/zK/D1khFWZL0Gdw5CPzSPu4W2B45hpIm64WYCYOV+fncC6XR7Bqc4nVGkIEqZYd6kRRgTvY7V4
Ty6XghMTH+tDaVrniuUbMAtKXS1MB169H6n+ctIuMmuKU0d+om3dUQYobhFT7F0Lgo9F3xD69fOj
e2kVBbPrwxg59YiBG+lW23mARmtkmkaiwWMo4/cZw7gjSuMguwz+OauD2KrCTR0ulwf+VOGoKIbA
vkYHBD4uZ7c8vhDauMZRnFzVXhOVzfRoeB4o8bz5TnHATds/ycqwxY64+eW8Mbe6sWUwEHAvQHP6
rTo623Ry+5rflUMuPls/MZ8FXRiAYcBDBr6pZZtI3IypIeaIZ5F8sskdSGYO
=1QAu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6588-2
March 26, 2024

pam vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

PAM could be made to stop responding if it opened a specially crafted file.

Software Description:
- pam: Pluggable Authentication Modules

Details:

USN-6588-1 fixed a vulnerability in PAM. This update
provides the corresponding updates for Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

 Matthias Gerstner discovered that the PAM pam_namespace module incorrectly
 handled special files when performing directory checks. A local attacker
 could possibly use this issue to cause PAM to stop responding,
resulting in
 a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libpam-modules                  1.1.8-3.6ubuntu2.18.04.6+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libpam-modules                  1.1.8-3.2ubuntu2.3+esm5

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  libpam-modules                  1.1.8-1ubuntu2.2+esm4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6588-2
  https://ubuntu.com/security/notices/USN-6588-1
  CVE-2024-22365

Monday, March 25, 2024

[USN-6716-1] Linux kernel (Azure) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYCGn0FAwAAAAAACgkQZ0GeRcM5nt0x
swf+PJTgrCTuYCuaWkTUeUmomOszJ0t9WXBQqud09RtQ9OPqvhCT/DB9ItAi3Az7/KS0QD+ISot9
aLb4EkvkcLbbqsvrgGb12zn7dQW9LY9I0fr7yx/nTZ04HG4uRohlnYcvVp9I/Tht5QqT4BQbxLsj
C0sisPC/mJyxzOsgEBw8iwrET4PXjTMEtQ7Dx+Y3O/CU84L50eql7fNNQaakngfRdDYXJC45uoiQ
Btf7nfqBc25zOxZPO4ITdSZ3g97PyAT7L9utk8lTDyPOxsXoEjnn7IfPyqES14RLWMvrR8mPHa5G
w2R3VEZi04h5cLwbGNTA9qHAq1zEV0daII7P3pOIcg==
=Am5w
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6716-1
March 25, 2024

linux-azure, linux-azure-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems

Details:

Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the
Linux kernel did not properly handle certain error conditions during device
registration. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2023-22995)

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

It was discovered that the ARM Mali Display Processor driver implementation
in the Linux kernel did not properly handle certain error conditions. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-23004)

Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)

It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)

It was discovered that the VirtIO subsystem in the Linux kernel did not
properly initialize memory in some situations. A local attacker could use
this to possibly expose sensitive information (kernel memory).
(CVE-2024-0340)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1126-azure 5.4.0-1126.133
linux-image-azure-lts-20.04 5.4.0.1126.119

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1126-azure 5.4.0-1126.133~18.04.1
linux-image-azure 5.4.0.1126.99

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6716-1
CVE-2021-44879, CVE-2023-22995, CVE-2023-23000, CVE-2023-23004,
CVE-2023-4244, CVE-2023-51779, CVE-2023-51780, CVE-2023-51782,
CVE-2023-6121, CVE-2024-0340, CVE-2024-1086, CVE-2024-24855

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1126.133

[USN-6707-3] Linux kernel (AWS) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYCGhYFAwAAAAAACgkQZ0GeRcM5nt3r
SQf/YofsYJ3VK+eLzbU8endbMUWtt6ENhIvushHxYiEW6O1HCoqJDZE6y9x/jw6v3K/ZlIsUPDjr
iZkrQFKHcBk6/3/OrwQmfJwV2cItt1F8KESjxG67rLKn1533xuEU6F5D5Le2ykDa60ugWK1CKCRe
e7IeD+iZDg+9p4iV9NU5IMR7CJsOcKRkomlW7EgFeEUXnKrUjzBt8CCaRj7BlSbm+wzEQ3RmK7cO
78uRo7LeE+pf5EiZL+KUg5N37QNGybcq/CKcjPZPBBO1BShowqP91wOaBJB9Qy1uFhOzBj/D2WRy
st+wtnqoB6O6zsQDNvPab7OC3sv9+ma6Oo4kkYX3bg==
=AzeN
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6707-3
March 25, 2024

linux-aws, linux-aws-6.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-6.5: Linux kernel for Amazon Web Services (AWS) systems

Details:

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- PWM drivers;
(CVE-2024-26597, CVE-2024-26599)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1016-aws 6.5.0-1016.16
linux-image-aws 6.5.0.1016.16

Ubuntu 22.04 LTS:
linux-image-6.5.0-1016-aws 6.5.0-1016.16~22.04.1
linux-image-aws 6.5.0.1016.16~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6707-3
https://ubuntu.com/security/notices/USN-6707-1
CVE-2024-1085, CVE-2024-1086, CVE-2024-26597, CVE-2024-26599

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1016.16
https://launchpad.net/ubuntu/+source/linux-aws-6.5/6.5.0-1016.16~22.04.1

[USN-6704-3] Linux kernel (Oracle) vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYCGgkFAwAAAAAACgkQZ0GeRcM5nt36
MQf/e4JOZHrRcZRio4H13KzPeGi+XGeLXOt9HqRmLWL9NpWzkbaMIkJc337u/l6kGVffPn0YdQv3
EH6k6Yx+3QitBYRx+sUJ2gjHXUOnsF4IzySclu6OavVocFVuMJkShdE8948Bsk4KlHB4UKnPORdt
MIohvT1xmZfHiI5mgTgehdhXxolCAzOpyM+iFz4RzDtikgUCPc6ASKlSn3eDEe/EqfaYR+ao173/
EuVu+XXcQfM5Q2NtLg+ctUMtLLA6l3IakrjOXcM+3d7wpzobYc3DdcGBrf69qBQ7LpSRbJ1IsR+m
O+866A7ISjQVyjkvpYLIcoRXgh6q0xoEl/KxSY7Vsg==
=lhZ0
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6704-3
March 25, 2024

linux-oracle, linux-oracle-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1054-oracle 5.15.0-1054.60
linux-image-oracle-lts-22.04 5.15.0.1054.50

Ubuntu 20.04 LTS:
linux-image-5.15.0-1054-oracle 5.15.0-1054.60~20.04.1
linux-image-oracle 5.15.0.1054.60~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6704-3
https://ubuntu.com/security/notices/USN-6704-1
CVE-2023-23000, CVE-2023-32247, CVE-2024-1085, CVE-2024-1086,
CVE-2024-24855

Package Information:
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1054.60

https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1054.60~20.04.1

[USN-6701-3] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmYCGfgFAwAAAAAACgkQZ0GeRcM5nt2K
iwf/SDwILlos23St0KDiVEZjK6sA6B8PknZacOsgb3v1eH1KHEqztLjl8gTH7Tw9BlQsd0pJK66/
T4bBkF0c6vTSCi0c0VEcvHy8cEeVz+FdqbYd6HFDvuSflymK8SqQ1W76y7GbkJLxXf+HTgeJdWDi
9udLygXkk12gLOzHZMDuwgYzPfwTGGMgvoLVOv/LdZwX6rl10xFBniBr2nra3sYgbHIYz00Y25VM
NYGXLBzh16/QWiqdZ81NWmhDXnzsFef/dnZQf9rbY4mOu+cjacPKSNcVN3l1jS87k1j52Iv05J9h
8wz7c761PxCoXOmYGV2VZaO5GsDXdtmpqpOOXJTg3w==
=LmFO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6701-3
March 25, 2024

linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-oracle: Linux kernel for Oracle Cloud systems

Details:

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)

Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)

Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1175-azure 4.15.0-1175.190
linux-image-azure-lts-18.04 4.15.0.1175.143

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1129-oracle 4.15.0-1129.140~16.04.1
linux-image-4.15.0-1166-aws 4.15.0-1166.179~16.04.1
linux-image-4.15.0-1175-azure 4.15.0-1175.190~16.04.1
linux-image-aws-hwe 4.15.0.1166.149
linux-image-azure 4.15.0.1175.159
linux-image-oracle 4.15.0.1129.110

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6701-3
https://ubuntu.com/security/notices/USN-6701-1
CVE-2023-2002, CVE-2023-23000, CVE-2023-3006, CVE-2023-34256,
CVE-2023-39197, CVE-2023-4132, CVE-2023-46838, CVE-2023-51781,
CVE-2023-6121, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855

[USN-6714-1] Debian Goodies vulnerability

==========================================================================
Ubuntu Security Notice USN-6714-1
March 25, 2024

debian-goodies vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

debmany in Debian Goodies could be made to execute arbitrary shell
commands if it received a specially crafted deb file.

Software Description:
- debian-goodies: Small toolbox-style utilities for Debian systems

Details:

It was discovered that debmany in Debian Goodies incorrectly handled certain
deb files. An attacker could possibly use this issue to execute arbitrary shell
commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
debian-goodies 0.88.1ubuntu1.2

Ubuntu 22.04 LTS:
debian-goodies 0.87ubuntu1.1

Ubuntu 20.04 LTS:
debian-goodies 0.84ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6714-1
CVE-2023-27635

Package Information:
https://launchpad.net/ubuntu/+source/debian-goodies/0.88.1ubuntu1.2
https://launchpad.net/ubuntu/+source/debian-goodies/0.87ubuntu1.1
https://launchpad.net/ubuntu/+source/debian-goodies/0.84ubuntu0.1

F41 Change Proposal: Versioned Kubernetes Packages (Self-Cont

Wiki - https://fedoraproject.org/wiki/Changes/VersionedKubernetesPackages

This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.

= Multiple Versioned Kubernetes Packages =

== Summary ==
Provide all maintained Kubernetes releases in Fedora as multiple,
versioned packages. Current practice is a separate Kubernetes release
matched with each Fedora release.

== Owner ==
* Name: [[User:Buckaroogeek| Brad Smith]]
* Email: bradley.g.smith@gmail.com


== Detailed Description ==
The Kubernetes project maintains 3 concurrent versions with a new
release every 4 months. Each version has a defined life-cycle of
approximately 1 year (https://https://kubernetes.io/releases/ for
details and current versions). In this proposal a release is a
major:minor version combination such as 1.28 or 1.27 and ignores any
patch updates (e.g. 1.28.1 or 1.28.2 as these are part of the same
1.28 minor release).

We currently match one version of Kubernetes with each Fedora release.
See https://src.fedoraproject.org/rpms/kubernetes for the list of
Kubernetes releases by Fedora release. Due to the differing release
cadences between Fedora and Kubernetes this means that a new release
of Fedora may not have the most current release of Kubernetes. And,
given that the Kubernetes cluster upgrade process does not permit
skipping major:minor releases, not providing a Kubernetes release in
Fedora so that the most current Kubernetes release is available when a
Fedora release goes into production becomes a barrier to using Fedora
as a host OS for Kubernetes.

We propose to create packages for all current Kubernetes releases for
each Fedora release starting with Fedora 40. The package name would
follow the Fedora naming convention standard for multiple package
versions of "kubernetes[major].[minor]". Using the kubernetes-client
rpm as an example, instead of kubernetes-client-1.29.2-1.fc41 Fedora
would offer kubernetes1.29-client-1.29.2-1.fc41,
kubernetes1.28-client-1.28.5-1.fc41, and
kubernetes1.27-client-1.27.8-1.fc41. The exact list of Kubernetes
versions available will depend on what is supported upstream.

We also propose that there not be any default version of Kubernetes
for a given Fedora release. Fedora would not provide a
kubernetes-client-1.30.1-1.fc41 package available, assuming that
Kubernetes 1.30 is the "default" for Fedora 41. Default versions
coupled to a given Fedora release can result in unplanned version
updates to the installed Kubernetes version (i.e. v1.28 to v1.29)
which can adversely affect cluster functioning.

It is also important to note that each Kubernetes release is built
with a specific version of the Go language. The version of Go
available in a Fedora release will potentially be a constraint on
which version of Kubernetes can be provided for an older Fedora
release.

We also maintain a Kubernetes page on Fedora Quick Docs with
information about the change and how to install Kubernetes using
Fedora provided packages.

== Feedback ==
To be provided.

== Benefit to Fedora ==

Fedora becomes a first class platform for Kubernetes using packages
from Fedora repositories. That is, all current, maintained releases of
Kubernetes are available in the main Fedora repositories, subject to
the Go language constraint. This allows Fedora, as a host OS for a
Kubernetes cluster, to be maintained and upgraded independently of the
Kubernetes release used by the cluster. This also allows the cluster
to be upgraded independently of the Fedora release using Fedora
provided packages.

This also means that a Kubernetes cluster administrator using Fedora
as their workstation can install and use or retain the appropriate
Kubernetes command line client, kubectl, that matches the release of
the cluster. Updating to a new Fedora release will not inadvertently
install a command line client that is not compatible with the release
version of the cluster(s) managed by the user.


== Scope ==
* Proposal owners:
With each new minor release of Kubernetes, package owners would
request a new repository on src.fedoraproject.org from engineering
similar to what the nodejs team now does for the parallel-installable
versions of nodejs. Documentation would be refreshed to inform users
of the new version and what specific Fedora releases the new version
of Kubernetes would be available on.

* Other developers:
Releases of cri-o and cri-tools are version matched with Kubernetes
release at the major:minor level. Cri-o uses modularity in Fedora 38
and older to provide multiple versions. The cri-o and cri-tools
package maintainers will adopt a similar versioned approach to
packaging and release in Fedora.

* Release engineering: [https://pagure.io/releng/issues #Releng issue number]
Release engineering would need to create the new dist-git repository
for each new Kubernetes release.

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)

* Alignment with Community Initiatives: N/A


== Upgrade/compatibility impact ==
This change will require documentation in on-line Fedora documentation
such as the dedicated Quick Docs page and posts to various forums and
mailing lists to raise awareness. Upgrading to Fedora 40 on a machine
with Fedora 39 or Fedora 38 would require a manual step by the user to
select the appropriate versioned Kubernetes package.


== How To Test ==
1. Install a versioned Kubernetes package on a fresh instance of
Fedora and create a functioning test cluster.
2. On a cluster node, replace a non-versioned Kubernetes package with
a versioned package and rejoin cluster. There should not be any
errors.


== User Experience =
The user experience should remain unchanged except for the need to
select a specific version of Kubernetes.


== Dependencies ==
No direct dependencies. If cri-o and/or cri-tools are installed and
used then these packages and kubernetes should have the same
major:minor version.



== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A


== Documentation ==
Fedora Quick Docs:
https://docs.fedoraproject.org/en-US/quick-docs/using-kubernetes/

N/A (not a System Wide Change)

== Release Notes ==

--
Aoife Moloney

Fedora Operations Architect

Fedora Project

Matrix: @amoloney:fedora.im

IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue