==========================================================================
Ubuntu Security Notice USN-5792-2
January 09, 2023
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
Details:
Mingwei Zhang discovered that the KVM implementation for AMD processors in
the Linux kernel did not properly handle cache coherency with Secure
Encrypted Virtualization (SEV). A local attacker could possibly use this to
cause a denial of service (host system crash). (CVE-2022-0171)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1027-aws 5.15.0-1027.31
linux-image-5.15.0-1030-azure 5.15.0-1030.37
linux-image-5.15.0-1030-azure-fde 5.15.0-1030.37.1
linux-image-aws 5.15.0.1027.25
linux-image-aws-lts-22.04 5.15.0.1027.25
linux-image-azure 5.15.0.1030.26
linux-image-azure-fde 5.15.0.1030.37.7
linux-image-azure-lts-22.04 5.15.0.1030.26
Ubuntu 20.04 LTS:
linux-image-5.15.0-1027-aws 5.15.0-1027.31~20.04.1
linux-image-5.15.0-1030-azure 5.15.0-1030.37~20.04.1
linux-image-aws 5.15.0.1027.31~20.04.16
linux-image-azure 5.15.0.1030.37~20.04.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5792-2
https://ubuntu.com/security/notices/USN-5792-1
CVE-2022-0171, CVE-2022-20421, CVE-2022-2663, CVE-2022-3061,
CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-3649,
CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1027.31
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1030.37
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1030.37.1
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1027.31~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1030.37~20.04.1
Monday, January 9, 2023
[USN-5793-2] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5793-2
January 09, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3910)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that the Sunplus Ethernet driver in the Linux kernel
contained a read-after-free vulnerability. An attacker could possibly use
this to expose sensitive information (kernel memory) (CVE-2022-3541)
It was discovered that a memory leak existed in the Unix domain socket
implementation of the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2022-3543)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3544, CVE-2022-3646)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the hugetlb implementation in the Linux kernel
contained a race condition in some situations. A local attacker could use
this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2022-3623)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
It was discovered that a race condition existed in the MCTP implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3977)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that a race condition existed in the SMSC UFX USB driver
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41849)
It was discovered that a race condition existed in the Roccat HID driver in
the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-41850)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
linux-image-5.19.0-1016-azure 5.19.0-1016.17
linux-image-azure 5.19.0.1016.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5793-2
https://ubuntu.com/security/notices/USN-5793-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541,
CVE-2022-3543, CVE-2022-3544, CVE-2022-3586, CVE-2022-3623,
CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977,
CVE-2022-40307, CVE-2022-4095, CVE-2022-41849, CVE-2022-41850,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1016.17
Ubuntu Security Notice USN-5793-2
January 09, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3910)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that the Sunplus Ethernet driver in the Linux kernel
contained a read-after-free vulnerability. An attacker could possibly use
this to expose sensitive information (kernel memory) (CVE-2022-3541)
It was discovered that a memory leak existed in the Unix domain socket
implementation of the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2022-3543)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3544, CVE-2022-3646)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the hugetlb implementation in the Linux kernel
contained a race condition in some situations. A local attacker could use
this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2022-3623)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
It was discovered that a race condition existed in the MCTP implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3977)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that a race condition existed in the SMSC UFX USB driver
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41849)
It was discovered that a race condition existed in the Roccat HID driver in
the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-41850)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
linux-image-5.19.0-1016-azure 5.19.0-1016.17
linux-image-azure 5.19.0.1016.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5793-2
https://ubuntu.com/security/notices/USN-5793-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541,
CVE-2022-3543, CVE-2022-3544, CVE-2022-3586, CVE-2022-3623,
CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977,
CVE-2022-40307, CVE-2022-4095, CVE-2022-41849, CVE-2022-41850,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1016.17
[USN-5791-2] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5791-2
January 09, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1100-azure 5.4.0-1100.106
linux-image-azure-lts-20.04 5.4.0.1100.93
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5791-2
https://ubuntu.com/security/notices/USN-5791-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303,
CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307,
CVE-2022-4095, CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1100.106
Ubuntu Security Notice USN-5791-2
January 09, 2023
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1100-azure 5.4.0-1100.106
linux-image-azure-lts-20.04 5.4.0.1100.93
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5791-2
https://ubuntu.com/security/notices/USN-5791-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303,
CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307,
CVE-2022-4095, CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1100.106
F38 proposal: Noto CJK Variable Fonts (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/Noto_CJK_Variable_Fonts
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Switch the default Noto CJK fonts for Chinese, Japanese and Korean
from static to variable fonts.
== Owner ==
* Name: [[User:pwu| Peng Wu]]
* Email: pwu@redhat.com
== Detailed Description ==
In order to reduce the font size in Noto CJK fonts, we plan to switch
to use the variable fonts by default.
# Split the google-noto-cjk-fonts package into
google-noto-sans-cjk-fonts and google-noto-serif-cjk-fonts, and
provide the variable fonts in google-noto-sans-cjk-vf-fonts and
google-noto-serif-cjk-vf-fonts.
# Drop several sub packages which are not installed by default from
the google-noto-cjk-fonts package.
## Like google-noto-sans-cjk-*-fonts, google-noto-sans-*-fonts,
google-noto-sans-mono-cjk-*-fonts, google-noto-serif-cjk-*-fonts and
google-noto-serif-*-fonts
# Install the Noto CJK Variable Fonts by default.
Fedora Copr for testing: https://copr.fedorainfracloud.org/coprs/pwu/noto-cjk/
== Feedback ==
== Benefit to Fedora ==
The variable fonts will reduce the disk space usage and live image
size compared to the static fonts.
{| class="wikitable"
|+ RPM Size
|-
! Size (bytes) !! Noto Sans CJK !! Noto Serif CJK
|-
| Static Fonts || 130674365 || 181621033
|-
| Variable Fonts || 64613100 || 56924710
|}
== Scope ==
* Proposal owners:
** Package four font packages for Noto CJK fonts
** Retire google-noto-cjk-fonts in Fedora rawhide
** Switch to install variable fonts by default in fedora-comps and langpacks
** Submit pull request to lorax templates to use
google-noto-sans-cjk-fonts in the boot.iso
* Other developers:
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
When upgrade, the variable fonts will be installed by default.
== How To Test ==
* Please upgrade to Fedora 38 or rawhide to get the latest fonts
* Install the variable fonts: google-noto-sans-cjk-vf-fonts and
google-noto-serif-cjk-vf-fonts
** Check the google-noto-sans-cjk-ttc-fonts and
google-noto-serif-cjk-ttc-fonts packages are replaced
* Then use CJK locales to check if the new fonts have any problem
== User Experience ==
This new variable fonts will reduce the disk space usage and live image size.
== Dependencies ==
== Contingency Plan ==
* Contingency mechanism: Use the static fonts by default -
google-noto-sans-cjk-fonts and google-noto-serif-cjk-fonts
* Contingency deadline: N/A
* Blocks release? N/A
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
This new variable fonts will reduce the disk space usage and live image size.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Switch the default Noto CJK fonts for Chinese, Japanese and Korean
from static to variable fonts.
== Owner ==
* Name: [[User:pwu| Peng Wu]]
* Email: pwu@redhat.com
== Detailed Description ==
In order to reduce the font size in Noto CJK fonts, we plan to switch
to use the variable fonts by default.
# Split the google-noto-cjk-fonts package into
google-noto-sans-cjk-fonts and google-noto-serif-cjk-fonts, and
provide the variable fonts in google-noto-sans-cjk-vf-fonts and
google-noto-serif-cjk-vf-fonts.
# Drop several sub packages which are not installed by default from
the google-noto-cjk-fonts package.
## Like google-noto-sans-cjk-*-fonts, google-noto-sans-*-fonts,
google-noto-sans-mono-cjk-*-fonts, google-noto-serif-cjk-*-fonts and
google-noto-serif-*-fonts
# Install the Noto CJK Variable Fonts by default.
Fedora Copr for testing: https://copr.fedorainfracloud.org/coprs/pwu/noto-cjk/
== Feedback ==
== Benefit to Fedora ==
The variable fonts will reduce the disk space usage and live image
size compared to the static fonts.
{| class="wikitable"
|+ RPM Size
|-
! Size (bytes) !! Noto Sans CJK !! Noto Serif CJK
|-
| Static Fonts || 130674365 || 181621033
|-
| Variable Fonts || 64613100 || 56924710
|}
== Scope ==
* Proposal owners:
** Package four font packages for Noto CJK fonts
** Retire google-noto-cjk-fonts in Fedora rawhide
** Switch to install variable fonts by default in fedora-comps and langpacks
** Submit pull request to lorax templates to use
google-noto-sans-cjk-fonts in the boot.iso
* Other developers:
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
When upgrade, the variable fonts will be installed by default.
== How To Test ==
* Please upgrade to Fedora 38 or rawhide to get the latest fonts
* Install the variable fonts: google-noto-sans-cjk-vf-fonts and
google-noto-serif-cjk-vf-fonts
** Check the google-noto-sans-cjk-ttc-fonts and
google-noto-serif-cjk-ttc-fonts packages are replaced
* Then use CJK locales to check if the new fonts have any problem
== User Experience ==
This new variable fonts will reduce the disk space usage and live image size.
== Dependencies ==
== Contingency Plan ==
* Contingency mechanism: Use the static fonts by default -
google-noto-sans-cjk-fonts and google-noto-serif-cjk-fonts
* Contingency deadline: N/A
* Blocks release? N/A
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
This new variable fonts will reduce the disk space usage and live image size.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-5797-1] WebKitGTK vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5797-1
January 09, 2023
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.10.1
libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.10.1
libjavascriptcoregtk-5.0-0 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-5.0-0 2.38.3-0ubuntu0.22.10.1
Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5797-1
CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692,
CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.20.04.1
Ubuntu Security Notice USN-5797-1
January 09, 2023
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.10.1
libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.10.1
libjavascriptcoregtk-5.0-0 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.10.1
libwebkit2gtk-5.0-0 2.38.3-0ubuntu0.22.10.1
Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5797-1
CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692,
CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.20.04.1
[USN-5795-1] Net-SNMP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5795-1
January 09, 2023
net-snmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Net-SNMP could be made to crash if it received specially crafted network
traffic.
Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications
Details:
It was discovered that Net-SNMP incorrectly handled certain requests. A
remote attacker could possibly use these issues to cause Net-SNMP to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libsnmp40 5.9.3+dfsg-1ubuntu1.2
snmp 5.9.3+dfsg-1ubuntu1.2
snmpd 5.9.3+dfsg-1ubuntu1.2
Ubuntu 22.04 LTS:
libsnmp40 5.9.1+dfsg-1ubuntu2.4
snmp 5.9.1+dfsg-1ubuntu2.4
snmpd 5.9.1+dfsg-1ubuntu2.4
Ubuntu 20.04 LTS:
libsnmp35 5.8+dfsg-2ubuntu2.6
snmp 5.8+dfsg-2ubuntu2.6
snmpd 5.8+dfsg-2ubuntu2.6
Ubuntu 18.04 LTS:
libsnmp30 5.7.3+dfsg-1.8ubuntu3.8
snmp 5.7.3+dfsg-1.8ubuntu3.8
snmpd 5.7.3+dfsg-1.8ubuntu3.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5795-1
CVE-2022-44792, CVE-2022-44793
Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.9.3+dfsg-1ubuntu1.2
https://launchpad.net/ubuntu/+source/net-snmp/5.9.1+dfsg-1ubuntu2.4
https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu2.6
https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1.8ubuntu3.8
Ubuntu Security Notice USN-5795-1
January 09, 2023
net-snmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Net-SNMP could be made to crash if it received specially crafted network
traffic.
Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications
Details:
It was discovered that Net-SNMP incorrectly handled certain requests. A
remote attacker could possibly use these issues to cause Net-SNMP to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libsnmp40 5.9.3+dfsg-1ubuntu1.2
snmp 5.9.3+dfsg-1ubuntu1.2
snmpd 5.9.3+dfsg-1ubuntu1.2
Ubuntu 22.04 LTS:
libsnmp40 5.9.1+dfsg-1ubuntu2.4
snmp 5.9.1+dfsg-1ubuntu2.4
snmpd 5.9.1+dfsg-1ubuntu2.4
Ubuntu 20.04 LTS:
libsnmp35 5.8+dfsg-2ubuntu2.6
snmp 5.8+dfsg-2ubuntu2.6
snmpd 5.8+dfsg-2ubuntu2.6
Ubuntu 18.04 LTS:
libsnmp30 5.7.3+dfsg-1.8ubuntu3.8
snmp 5.7.3+dfsg-1.8ubuntu3.8
snmpd 5.7.3+dfsg-1.8ubuntu3.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5795-1
CVE-2022-44792, CVE-2022-44793
Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.9.3+dfsg-1ubuntu1.2
https://launchpad.net/ubuntu/+source/net-snmp/5.9.1+dfsg-1ubuntu2.4
https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu2.6
https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1.8ubuntu3.8
[USN-5796-1] w3m vulnerability
==========================================================================
Ubuntu Security Notice USN-5796-1
January 09, 2023
w3m vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
w3m could be made to crash or run programs as your login if it opened a
malicious website.
Software Description:
- w3m: WWW browsable pager with excellent tables/frames support
Details:
It was discovered that w3m incorrectly handled certain HTML files. A remote
attacker could use this issue to cause w3m to crash, resulting in a denial
of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
w3m 0.5.3+git20220429-1ubuntu0.1
Ubuntu 22.04 LTS:
w3m 0.5.3+git20210102-6ubuntu0.1
Ubuntu 20.04 LTS:
w3m 0.5.3-37ubuntu0.1
Ubuntu 18.04 LTS:
w3m 0.5.3-36ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5796-1
CVE-2022-38223
Package Information:
https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20220429-1ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20210102-6ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3-37ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3-36ubuntu0.1
Ubuntu Security Notice USN-5796-1
January 09, 2023
w3m vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
w3m could be made to crash or run programs as your login if it opened a
malicious website.
Software Description:
- w3m: WWW browsable pager with excellent tables/frames support
Details:
It was discovered that w3m incorrectly handled certain HTML files. A remote
attacker could use this issue to cause w3m to crash, resulting in a denial
of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
w3m 0.5.3+git20220429-1ubuntu0.1
Ubuntu 22.04 LTS:
w3m 0.5.3+git20210102-6ubuntu0.1
Ubuntu 20.04 LTS:
w3m 0.5.3-37ubuntu0.1
Ubuntu 18.04 LTS:
w3m 0.5.3-36ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5796-1
CVE-2022-38223
Package Information:
https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20220429-1ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20210102-6ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3-37ubuntu0.1
https://launchpad.net/ubuntu/+source/w3m/0.5.3-36ubuntu0.1
[USN-5787-2] Libksba vulnerability
==========================================================================
Ubuntu Security Notice USN-5787-2
January 09, 2023
libksba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Libksba could be made to crash or run programs if it processed specially
crafted data.
Software Description:
- libksba: X.509 and CMS support library
Details:
USN-5787-1 fixed vulnerabilities in Libksba. This update provides the
corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Libksba incorrectly handled parsing CRL signatures.
A remote attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libksba8 1.3.3-1ubuntu0.16.04.1+esm2
Ubuntu 14.04 ESM:
libksba8 1.3.0-3ubuntu0.14.04.2+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5787-2
https://ubuntu.com/security/notices/USN-5787-1
CVE-2022-47629
Ubuntu Security Notice USN-5787-2
January 09, 2023
libksba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Libksba could be made to crash or run programs if it processed specially
crafted data.
Software Description:
- libksba: X.509 and CMS support library
Details:
USN-5787-1 fixed vulnerabilities in Libksba. This update provides the
corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Libksba incorrectly handled parsing CRL signatures.
A remote attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libksba8 1.3.3-1ubuntu0.16.04.1+esm2
Ubuntu 14.04 ESM:
libksba8 1.3.0-3ubuntu0.14.04.2+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5787-2
https://ubuntu.com/security/notices/USN-5787-1
CVE-2022-47629
Friday, January 6, 2023
reallost1.fbsd2233449:彻底推翻压在HR身上的三座大山
reallost1.fbsd2233449,您好
彻底推翻压在HR身上的三座大山:
如何有效解决员工泡病假、调岗降薪、裁员、搬迁、并购、违纪违规员工合法调查取证及劳动合同解除的核心要点解析
[2023年上海专场]:03月24日 05月26日 07月21日 10月27日 11月24日 12月22日
[2023年北京专场]:03月17日 05月19日 07月20日 08月23日 09月27日 12月20日
[2023年深圳专场]:03月23日 04月27日 06月29日 09月21日 10月26日 12月21日
费用:3500元/人
【课程背景】
对于HR来说,病假是劳动用工管理过程中少有的几个硬骨头之一,不仅涉及到让人头痛的医疗期问题,还涉及到各类错乱迷离的病假如何审批、是否有效的问题。我们准备啃一啃这个硬骨头,期待您的参与!
劳动合同变更是劳动用工管理过程中的热点和难点,用人单位既要行使法律赋予的用工自主权,同时还要避免侵犯劳动者的合法权益,二者之间的界限十分难以把握,用人单位在此翻船无数。那么如何进行合法有效的变更,最大限度行使企业的用工自主权?吉衡公开课将与您分享劳动合同变更过程中的那些事儿,详细为您解读劳动合同岗位变更、地点变更、薪酬变更、期限变更、主体变更过程中的法律风险点及风险控制方法。
违纪导致的冲突和争议,是员工关系管理中的难点所在。不恰当的违纪处理轻则导致双倍赔偿、恢复劳动关系,重则引发群体性停工、罢工,不仅给公司带来巨大经济损失,而且将极大的挑战公司的管理权威,从而为企业的后续管理埋下隐患。此外,中国员工的忠诚度普遍下降,员工的"对抗性"违纪持续增多,违纪行为本身也出现"多元化、复杂化、极端化"的新特征。诸如配偶介入利益冲突、商业贿赂、过激维权、性骚扰、滥用电子资源等新型违纪行为给公司的人员管理和证据固定带来新挑战,如何对员工违纪行为进行类型化思考和以及如何进行调查取证,避免败诉风险,成为众多企业普遍关心的问题。最高法正式发布《关于适用〈中华人民共和国民事诉讼法〉的解释》,网上聊天记录、博客、微博客、手机短信、电子签名、域名等形成或者存储在电子介质中的信息可以视为民事案件中的证据。该司法解释对违纪违规行为调查取证将产生怎样的影响?如何有效固定电子证据?如何避免证据风险?员工劳动合同的解除或终止,该注意哪些问题?
违纪问题来势汹汹,违纪员工面对冲突,现在往往不通过法律手段而采取其他过激方式,对公司造成更大损失。此时公司该怎么办?吉衡公开课将从上百件违纪解雇争议案例中挑选出具有代表性的经典案例,分析新司法解释背景下各类违纪行为的处理重点、调查取证和证据固定,为企业有效推进违纪员工管理提供针对性的策略和技巧。
【课程对象】
企业董事长、总经理;企业法律事务部、合同管理部、战略发展部、风险管理部、人力资源部、党委组织部等相关负责人;企业人力资源总监/经理/专员及人事行政管理人员;工会干部;法务人员、律师及相关管理人员等。
【部分内容】
第一部分 如何有效应对员工"泡病假"—详解病假管理过程中的各类奇葩
1. 20分钟让您彻底整明白二十年都没搞懂的啥是病假、啥是医疗期!
2. 医疗期期限的计算方法。非连续的病休时间如何统计?
3. 医疗期能否多次享受?医疗期是否存在统计周期?
4. 医疗期遇休息日、法定节假日如何处理?
5. 医疗期内劳动合同到期的处理方法?医疗期满解除劳动合同的操作?
6. 特殊疾病医疗期的计算?医疗期碰上抑郁症如何处置?
7. 医疗期满后继续请病假是否可认定为"不能从事另行安排的工作" ?
8. 未经公司批准的病假是否有效?啊?!原来公司没有病假的批准权!那么公司批准的是什么?!
9. 有病假单未提交,病假是否有效?仅提供病假单、病历、医药费收据复印件,病假是否有效?
10. 单位要求劳动者到指定医院复诊是否合法?拒绝指定医院复诊可否违纪处理?
11. 未到指定医院(比如,公司要求劳动者患病必须提供三甲以上医院诊断证明)就诊是否属于违纪?
12. 涂改、补开的病假证明是否有效?未挂号的病假单是否有效?
13. 拒绝设备医学检查开具的病假单是否有效?病假单只有医生签名无盖章是否有效?
14. 注明是个人要求出具的病假单是否有效?病假期间外出游玩是否视为旷工?
15. 医疗期满后继续请病假可否解除?
16. 病假职工可否取消年终奖支付
第二部分 调岗降薪-劳动合同变更过程中的风险管控
17. 劳动者不胜任工作调岗,怎么调,降低工资吗,劳动者不签字咋办?
18. 没有客观评分标准的《绩效评估表》如同废纸一张!领导说不行、主管说不行、同事说不行,甚至下属都说不行,劳动者就真的不行了吗?!
19. 劳动者不能完成同岗位平均数量的工作,用人单位可以调岗!
20. 掰开了、揉碎了,给你讲清楚客观情况发生重大变化!
21. 适应市场变化进行组织机构调整可能不属于客观情况发生重大变化。
22. 经营模式变更,岗位撤销,可能就属于客观情况发生重大变化。
23. 劳动合同中约定用人单位有权单方调整劳动者的岗位,是否有效?如果无效,怎么才能让它有效呢?
24. 劳动报酬在什么情况下可以依法进行调整?单位搬家,劳动者拒绝到新的工作地点,用人单位如何应对?
25. 哺乳期间劳动合同到期,劳动合同顺延至哺乳期届满,可是如何实操呢,至少做两件事,你知道吗?
26. 为何要在劳动合同期限中设计自动续延条款,如何设计才有效?
27. 变更劳动合同期限与续签劳动合同次数的关系?劳动合同期限往长变和往短变有什么本质区别吗?
28. 啥是补签,啥是倒签?分得清吗?都有啥法律后果?
29. 股东、法人、名称等变更,劳动合同是否也需要变更呢?
第三部分 员工违纪(违规)行为处理与合法调查取证实务操作
30. 违纪案件争议协调与处理:与违纪员工的协商谈判,如何快速推进?当员工提出恢复劳动关系的仲裁诉求时,该怎样应对?
31. 对特殊群体的违纪处理注意事项:三期、病假、工伤职工、高级管理人员、劳务派遣人员违纪处理的注意事项。
32. 案例解析"违纪案件"处理四要件:法律依据、处理依据、事实依据、程序依据
33. 员工出现盗窃、商业贿赂、性骚扰等违纪行为该如何收集证据?
34. 旷工、旷职、虚报工时、加班、代打卡的违纪行为怎样取证,你知道吗?
35. 若员工出现越权行为、渎职行为、非法侵占,单位该如何保留证据?
36. 遇到虚假陈述、骗取信任的员工,该怎么办?
37. 员工出现消极怠工、拒绝岗位调整、拒绝公司搬迁这类行为,该怎样处理?
38. 泄露商业秘密、泄露秘密信息、违反保密规定的这类员工,单位该如何处理?
39. 损害员工利益、损害公司利益的员工,违纪的证据如何收集?
40. 员工出现擅自兼职、在职竞业、自我交易等行为,公司该怎样处理?
41. 打架斗殴、毁坏财物十分可恶,留存证据很关键。
42. 罢工停工、擅自报警、群发邮件、擅闯堵门、滞留办公、跳楼群访、媒体披露,该咋办?
第四部分 解除或终止劳动合同的实务操作
43. 诚实信用、忠诚义务的内涵如何理解?
43. 以违反职业道德、忠诚义务、公序良俗为由解除劳动合同,司法实践的认定标准及认可程度如何?
45. 接受供应商请客送礼,是否属于违反职业道德?
46. 非工作时间与工作无关的私人言行,可否构成公司解除劳动合同的事由?
47. 签订协商解除劳动合同协议后能否协商撤销?能否单方撤销?
48. 协商解除劳动合同协议中约定"双方再无任何劳动纠纷,劳动者不得再向用人单位主张权利,不得申请仲裁、提起诉讼",劳动者离职后还能再申请仲裁吗?
49. 解除理由、时间如何确定?
50. 解除协议是否必须明确经济补偿数额及支付程序?解除协议约定公司不支付经济补偿,合法吗?解除协议约定经济补偿标准低于法定标准,合法吗?
51. 解除协议如何撰写恰当的免责条款和兜底条款?公司应如何避免员工撤销离职协议的情形发生?
52. 公司单方提出解除劳动合同,如何增加将来仲裁的胜算?
53. 如何做好解雇前风险评估?公司愿意支付2N,就可以解雇任何员工吗?
54. 如果员工主张继续履行劳动合同,怎么办?
55. 与接触职业病危害作业的员工解除劳动合同应当注意哪些问题?
56. 岗位撤销或部门撤销,公司可否解除劳动合同?分支机构关闭,公司是否可以单方终止劳动合同?
57. 尚未建立工会组织,在解除劳动合同时如何"事先通知工会"?
58. 离职手续的办理瑕疵与法律风险有哪些?
59. 如何规范管理员工提出辞职的流程?如何填写离职申请表?
60. 劳动合同约定员工辞职必须提前2个月通知公司,是否有效?
61. 员工提出辞职后,公司让立即离职是否合法?员工提出辞职后反悔,公司应如何处理?
62. 如何认定用人单位未及时支付劳动者劳动报酬?
63. 公司没有缴纳社会保险费,员工是否可以提出解除劳动合同?
64. 公司对员工作出降职、降薪处理,员工能否以此为由提出被迫解除劳动合同?
65. 员工可否在劳动仲裁中修改此前提出的被迫解除劳动合同理由?
66. 公司有权单方终止劳动合同的常见情形有哪些?
67. 解除劳动合同通知书如何撰写效果更好?
68. 员工在离职时不办理工作交接,怎么办?
69. 员工离职时,拒绝返还公司财物或偿还相关款项(如备用金、借款等),如何处理?
70. 离职证明能否写出对员工不利的相关事实?公司未及时出具离职证明,是否需要承担赔偿责任?
71. 离职时的工资待遇、未休年休假报酬、代通知金、经济补偿等如何结算?
72. 曾经预付的经济补偿,是抵扣工作年限还是抵扣补偿金额?
73. 离职前12个月的月平均工资如何确定?双上限如何适用?
授课老师:
庞律师
著名劳动法与员工关系管理实战专家,资深律师,资深法律培训师
北京金诚同达律师事务所高级合伙人
担任上海市劳动争议仲裁委员会仲裁员
上海市律师协会劳动法律关系研究委员会委员
上海市律师协会劳动法律关系研究委员会副主任
中华全国律协劳动法委员会委员
上海市劳动法研究会理事
上海市法学会劳动法研究会委员
曾老师
大成中国区劳动与人力资源专业委员会副主任
大成深圳办公室公司与商业事务部副主任
深圳市人大常委会立法调研基地法律专家
深圳市律师协会劳动与社会保障法律专业委员会主任
广东省律师协会劳动法律专业委员会委员
深圳市劳动能力鉴定委员会委员
一体两翼"领导力模型的版权所有人
深圳企业适用劳动法常用数据指引版权所有人。
郝云峰
北京市劳动人事争议仲裁委员会兼职仲裁员
北京市律师协会劳动与社会保障法律专业委员会副主任
北京市劳动法学和社会保障法学会理事
北京市劳动法学和社会保障法学会劳动法分会常务理事
被北京市律师协会评为"北京市优秀劳动法专业律师"、被海淀区司法局评为"海淀区优秀律师"、北京市司法局评为"优秀公益律师"
郝云峰律师长期(超过二十年)从事企业劳动用工法律风险管理与控制的研究与实践,有着丰富的劳动用工管理实战经验。
【报名方式1 微信报名(推荐)】:请填写以下"报名回执",微信发送给主办方 张老师Jack (微信号18621603778),添加时备注"报名培训"
【报名方式2 邮件报名】:请填写以下"报名回执",发到指定报名邮
箱 jack.zhang@shanghai-jiheng.com.cn并抄送到:18621603778@163.com 即可报名成功,1个工作日内客服人员会和您跟进后续事宜.
参会人员信息
公司名称:
公司地址:
姓名:
性别:
职位:
电话:
邮箱:
手机(必填):
Invoice信息
抬头:
税号:
发票金额:3500元/人
类型:□专票 □普票
开户行及账号:
注册地址及公司电话:
发票内容: □会务费 □ 咨询费 □ 培训服务费
付款方式: □会前转账 □现场刷卡/快捷支付
是否提前寄送Invoice: □否 □是,寄送地址:
报名咨询:
张老师 Jack Zhang |上海吉衡企业管理咨询有限公司
电话: +86 18621603778 (同微信号)
指定报名邮箱: jack.zhang@shanghai-jiheng.com.cn
手机邮箱:18621603778@163.com
2023-01-07 8:04:06
[USN-5792-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5792-1
January 06, 2023
linux, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm,
linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
Details:
Mingwei Zhang discovered that the KVM implementation for AMD processors in
the Linux kernel did not properly handle cache coherency with Secure
Encrypted Virtualization (SEV). A local attacker could possibly use this to
cause a denial of service (host system crash). (CVE-2022-0171)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1012-gkeop 5.15.0-1012.16
linux-image-5.15.0-1022-ibm 5.15.0-1022.25
linux-image-5.15.0-1022-raspi 5.15.0-1022.24
linux-image-5.15.0-1022-raspi-nolpae 5.15.0-1022.24
linux-image-5.15.0-1024-gke 5.15.0-1024.29
linux-image-5.15.0-1025-kvm 5.15.0-1025.30
linux-image-5.15.0-1026-gcp 5.15.0-1026.33
linux-image-5.15.0-1026-oracle 5.15.0-1026.32
linux-image-5.15.0-57-generic 5.15.0-57.63
linux-image-5.15.0-57-generic-64k 5.15.0-57.63
linux-image-5.15.0-57-generic-lpae 5.15.0-57.63
linux-image-5.15.0-57-lowlatency 5.15.0-57.63
linux-image-5.15.0-57-lowlatency-64k 5.15.0-57.63
linux-image-gcp 5.15.0.1026.21
linux-image-generic 5.15.0.57.55
linux-image-generic-64k 5.15.0.57.55
linux-image-generic-64k-hwe-22.04 5.15.0.57.55
linux-image-generic-hwe-22.04 5.15.0.57.55
linux-image-generic-lpae 5.15.0.57.55
linux-image-generic-lpae-hwe-22.04 5.15.0.57.55
linux-image-gke 5.15.0.1024.23
linux-image-gke-5.15 5.15.0.1024.23
linux-image-gkeop 5.15.0.1012.11
linux-image-gkeop-5.15 5.15.0.1012.11
linux-image-ibm 5.15.0.1022.18
linux-image-kvm 5.15.0.1025.21
linux-image-lowlatency 5.15.0.57.50
linux-image-lowlatency-64k 5.15.0.57.50
linux-image-lowlatency-64k-hwe-22.04 5.15.0.57.50
linux-image-lowlatency-hwe-22.04 5.15.0.57.50
linux-image-oracle 5.15.0.1026.21
linux-image-raspi 5.15.0.1022.19
linux-image-raspi-nolpae 5.15.0.1022.19
linux-image-virtual 5.15.0.57.55
linux-image-virtual-hwe-22.04 5.15.0.57.55
Ubuntu 20.04 LTS:
linux-image-5.15.0-57-generic 5.15.0-57.63~20.04.1
linux-image-5.15.0-57-generic-64k 5.15.0-57.63~20.04.1
linux-image-5.15.0-57-generic-lpae 5.15.0-57.63~20.04.1
linux-image-generic-64k-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-generic-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-generic-lpae-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-virtual-hwe-20.04 5.15.0.57.63~20.04.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5792-1
CVE-2022-0171, CVE-2022-20421, CVE-2022-2663, CVE-2022-3061,
CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-3649,
CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-57.63
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1026.33
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1024.29
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1012.16
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1022.25
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1025.30
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-57.63
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1026.32
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1022.24
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-57.63~20.04.1
Ubuntu Security Notice USN-5792-1
January 06, 2023
linux, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm,
linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
Details:
Mingwei Zhang discovered that the KVM implementation for AMD processors in
the Linux kernel did not properly handle cache coherency with Secure
Encrypted Virtualization (SEV). A local attacker could possibly use this to
cause a denial of service (host system crash). (CVE-2022-0171)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)
Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
linux-image-5.15.0-1012-gkeop 5.15.0-1012.16
linux-image-5.15.0-1022-ibm 5.15.0-1022.25
linux-image-5.15.0-1022-raspi 5.15.0-1022.24
linux-image-5.15.0-1022-raspi-nolpae 5.15.0-1022.24
linux-image-5.15.0-1024-gke 5.15.0-1024.29
linux-image-5.15.0-1025-kvm 5.15.0-1025.30
linux-image-5.15.0-1026-gcp 5.15.0-1026.33
linux-image-5.15.0-1026-oracle 5.15.0-1026.32
linux-image-5.15.0-57-generic 5.15.0-57.63
linux-image-5.15.0-57-generic-64k 5.15.0-57.63
linux-image-5.15.0-57-generic-lpae 5.15.0-57.63
linux-image-5.15.0-57-lowlatency 5.15.0-57.63
linux-image-5.15.0-57-lowlatency-64k 5.15.0-57.63
linux-image-gcp 5.15.0.1026.21
linux-image-generic 5.15.0.57.55
linux-image-generic-64k 5.15.0.57.55
linux-image-generic-64k-hwe-22.04 5.15.0.57.55
linux-image-generic-hwe-22.04 5.15.0.57.55
linux-image-generic-lpae 5.15.0.57.55
linux-image-generic-lpae-hwe-22.04 5.15.0.57.55
linux-image-gke 5.15.0.1024.23
linux-image-gke-5.15 5.15.0.1024.23
linux-image-gkeop 5.15.0.1012.11
linux-image-gkeop-5.15 5.15.0.1012.11
linux-image-ibm 5.15.0.1022.18
linux-image-kvm 5.15.0.1025.21
linux-image-lowlatency 5.15.0.57.50
linux-image-lowlatency-64k 5.15.0.57.50
linux-image-lowlatency-64k-hwe-22.04 5.15.0.57.50
linux-image-lowlatency-hwe-22.04 5.15.0.57.50
linux-image-oracle 5.15.0.1026.21
linux-image-raspi 5.15.0.1022.19
linux-image-raspi-nolpae 5.15.0.1022.19
linux-image-virtual 5.15.0.57.55
linux-image-virtual-hwe-22.04 5.15.0.57.55
Ubuntu 20.04 LTS:
linux-image-5.15.0-57-generic 5.15.0-57.63~20.04.1
linux-image-5.15.0-57-generic-64k 5.15.0-57.63~20.04.1
linux-image-5.15.0-57-generic-lpae 5.15.0-57.63~20.04.1
linux-image-generic-64k-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-generic-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-generic-lpae-hwe-20.04 5.15.0.57.63~20.04.23
linux-image-virtual-hwe-20.04 5.15.0.57.63~20.04.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5792-1
CVE-2022-0171, CVE-2022-20421, CVE-2022-2663, CVE-2022-3061,
CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-3649,
CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-57.63
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1026.33
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1024.29
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1012.16
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1022.25
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1025.30
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-57.63
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1026.32
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1022.24
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-57.63~20.04.1
[USN-5794-1] Linux kernel (AWS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5794-1
January 06, 2023
linux-aws vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
linux-image-4.4.0-1153-aws 4.4.0-1153.168
linux-image-aws 4.4.0.1153.157
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5794-1
CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
Ubuntu Security Notice USN-5794-1
January 06, 2023
linux-aws vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
linux-image-4.4.0-1153-aws 4.4.0-1153.168
linux-image-aws 4.4.0.1153.157
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5794-1
CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934
[USN-5793-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5793-1
January 06, 2023
linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3910)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that the Sunplus Ethernet driver in the Linux kernel
contained a read-after-free vulnerability. An attacker could possibly use
this to expose sensitive information (kernel memory) (CVE-2022-3541)
It was discovered that a memory leak existed in the Unix domain socket
implementation of the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2022-3543)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3544, CVE-2022-3646)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the hugetlb implementation in the Linux kernel
contained a race condition in some situations. A local attacker could use
this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2022-3623)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
It was discovered that a race condition existed in the MCTP implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3977)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that a race condition existed in the SMSC UFX USB driver
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41849)
It was discovered that a race condition existed in the Roccat HID driver in
the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-41850)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
linux-image-5.19.0-1011-raspi 5.19.0-1011.18
linux-image-5.19.0-1011-raspi-nolpae 5.19.0-1011.18
linux-image-5.19.0-1014-lowlatency 5.19.0-1014.15
linux-image-5.19.0-1014-lowlatency-64k 5.19.0-1014.15
linux-image-5.19.0-1015-kvm 5.19.0-1015.16
linux-image-5.19.0-1016-aws 5.19.0-1016.17
linux-image-5.19.0-28-generic 5.19.0-28.29
linux-image-5.19.0-28-generic-64k 5.19.0-28.29
linux-image-5.19.0-28-generic-lpae 5.19.0-28.29
linux-image-aws 5.19.0.1016.13
linux-image-generic 5.19.0.28.25
linux-image-generic-64k 5.19.0.28.25
linux-image-generic-64k-hwe-22.04 5.19.0.28.25
linux-image-generic-hwe-22.04 5.19.0.28.25
linux-image-generic-lpae 5.19.0.28.25
linux-image-generic-lpae-hwe-22.04 5.19.0.28.25
linux-image-kvm 5.19.0.1015.12
linux-image-lowlatency 5.19.0.1014.11
linux-image-lowlatency-64k 5.19.0.1014.11
linux-image-lowlatency-64k-hwe-22.04 5.19.0.1014.11
linux-image-lowlatency-hwe-22.04 5.19.0.1014.11
linux-image-oem-22.04 5.19.0.28.25
linux-image-raspi 5.19.0.1011.10
linux-image-raspi-nolpae 5.19.0.1011.10
linux-image-virtual 5.19.0.28.25
linux-image-virtual-hwe-22.04 5.19.0.28.25
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5793-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541,
CVE-2022-3543, CVE-2022-3544, CVE-2022-3586, CVE-2022-3623,
CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977,
CVE-2022-40307, CVE-2022-4095, CVE-2022-41849, CVE-2022-41850,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.19.0-28.29
https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1016.17
https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1015.16
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.19.0-1014.15
https://launchpad.net/ubuntu/+source/linux-raspi/5.19.0-1011.18
Ubuntu Security Notice USN-5793-1
January 06, 2023
linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lowlatency: Linux low latency kernel
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3910)
It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)
It was discovered that the Sunplus Ethernet driver in the Linux kernel
contained a read-after-free vulnerability. An attacker could possibly use
this to expose sensitive information (kernel memory) (CVE-2022-3541)
It was discovered that a memory leak existed in the Unix domain socket
implementation of the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2022-3543)
It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3544, CVE-2022-3646)
Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)
It was discovered that the hugetlb implementation in the Linux kernel
contained a race condition in some situations. A local attacker could use
this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2022-3623)
Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)
It was discovered that a race condition existed in the MCTP implementation
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3977)
It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)
Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)
It was discovered that a race condition existed in the SMSC UFX USB driver
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41849)
It was discovered that a race condition existed in the Roccat HID driver in
the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-41850)
It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
linux-image-5.19.0-1011-raspi 5.19.0-1011.18
linux-image-5.19.0-1011-raspi-nolpae 5.19.0-1011.18
linux-image-5.19.0-1014-lowlatency 5.19.0-1014.15
linux-image-5.19.0-1014-lowlatency-64k 5.19.0-1014.15
linux-image-5.19.0-1015-kvm 5.19.0-1015.16
linux-image-5.19.0-1016-aws 5.19.0-1016.17
linux-image-5.19.0-28-generic 5.19.0-28.29
linux-image-5.19.0-28-generic-64k 5.19.0-28.29
linux-image-5.19.0-28-generic-lpae 5.19.0-28.29
linux-image-aws 5.19.0.1016.13
linux-image-generic 5.19.0.28.25
linux-image-generic-64k 5.19.0.28.25
linux-image-generic-64k-hwe-22.04 5.19.0.28.25
linux-image-generic-hwe-22.04 5.19.0.28.25
linux-image-generic-lpae 5.19.0.28.25
linux-image-generic-lpae-hwe-22.04 5.19.0.28.25
linux-image-kvm 5.19.0.1015.12
linux-image-lowlatency 5.19.0.1014.11
linux-image-lowlatency-64k 5.19.0.1014.11
linux-image-lowlatency-64k-hwe-22.04 5.19.0.1014.11
linux-image-lowlatency-hwe-22.04 5.19.0.1014.11
linux-image-oem-22.04 5.19.0.28.25
linux-image-raspi 5.19.0.1011.10
linux-image-raspi-nolpae 5.19.0.1011.10
linux-image-virtual 5.19.0.28.25
linux-image-virtual-hwe-22.04 5.19.0.28.25
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5793-1
CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541,
CVE-2022-3543, CVE-2022-3544, CVE-2022-3586, CVE-2022-3623,
CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977,
CVE-2022-40307, CVE-2022-4095, CVE-2022-41849, CVE-2022-41850,
CVE-2022-43750
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.19.0-28.29
https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1016.17
https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1015.16
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.19.0-1014.15
https://launchpad.net/ubuntu/+source/linux-raspi/5.19.0-1011.18
Subscribe to:
Posts (Atom)