ubuntu jammy v1.105
Metadata:
BOSH Agent Version: 2.525.0
USNs:
Title: USN-6011-1: Json-smart vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6011-1
Priorities: medium
Description:
It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed quotes.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2021-31684)
It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed brackets.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2023-1370)
CVEs:
- https://ubuntu.com/security/CVE-2021-31684
- https://ubuntu.com/security/CVE-2023-1370
- https://ubuntu.com/security/CVE-2021-31684
- https://ubuntu.com/security/CVE-2023-1370
Title: USN-6026-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6026-1
Priorities: medium,low
Description:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular
expressions inside a visual selection. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position
operations, which could result in an out-of-bounds read. An attacker could
possibly use this issue to expose sensitive information. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when
updating windows present on a screen, which could result in a heap buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write
operations when in visual block mode, going beyond the end of a line and
causing a heap buffer overflow. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging
operations when in Visual mode, which could result in an out-of-bounds read.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing
conditional expressions. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when
processing data in Ex mode, which could result in a heap buffer overflow.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when
executing line operations in Visual mode, which could result in a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,
CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when
looking for spell suggestions, which could result in a stack buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when
executing buffer operations, which could result in the usage of freed
memory. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for
column numbers when replacing tabs with spaces or spaces with tabs, which
could cause a heap buffer overflow. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data
that contained special multi-byte characters, which could cause an
out-of-bounds read. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define
indentation in a file, which could cause a heap buffer overflow. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular
expression patterns and strings, which could cause an out-of-bounds read.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the corruption of sensitive
information, a crash, or arbitrary code execution. (CVE-2022-2207)
CVEs:
- https://ubuntu.com/security/CVE-2021-4166
- https://ubuntu.com/security/CVE-2021-4192
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0261
- https://ubuntu.com/security/CVE-2022-0318
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0408
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2022-0554
- https://ubuntu.com/security/CVE-2022-0572
- https://ubuntu.com/security/CVE-2022-0629
- https://ubuntu.com/security/CVE-2022-0685
- https://ubuntu.com/security/CVE-2022-0714
- https://ubuntu.com/security/CVE-2022-0729
- https://ubuntu.com/security/CVE-2022-2207
- https://ubuntu.com/security/CVE-2022-0729
- https://ubuntu.com/security/CVE-2022-2207
- https://ubuntu.com/security/CVE-2022-0714
- https://ubuntu.com/security/CVE-2022-0408
- https://ubuntu.com/security/CVE-2022-0572
- https://ubuntu.com/security/CVE-2022-0685
- https://ubuntu.com/security/CVE-2022-0261
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2021-4166
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0554
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2022-0318
- https://ubuntu.com/security/CVE-2021-4192
- https://ubuntu.com/security/CVE-2022-0629
Title: USN-6012-1: Smarty vulnerability
URL: https://ubuntu.com/security/notices/USN-6012-1
Priorities: medium
Description:
It was discovered that Smarty incorrectly parsed blocks' names and
included files' names. A remote attacker with template writing permissions
could use this issue to execute arbitrary PHP code. (CVE-2022-29221)
CVEs:
Title: USN-6008-1: Exo vulnerability
URL: https://ubuntu.com/security/notices/USN-6008-1
Priorities: medium
Description:
It was discovered that Exo did not properly sanitized desktop files.
A remote attacker could possibly use this issue to to cause a crash or
arbitrary code execution.
CVEs:
Title: USN-6025-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6025-1
Priorities: high,medium
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)
It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)
Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)
It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type confusion vulnerability in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1073)
It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)
It was discovered that the NFS implementation in the Linux kernel did not
properly handle pending tasks in some situations. A local attacker could
use this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2023-1652)
Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)
CVEs:
- https://ubuntu.com/security/CVE-2023-1281
- https://ubuntu.com/security/CVE-2023-0386
- https://ubuntu.com/security/CVE-2022-4129
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2022-4842
- https://ubuntu.com/security/CVE-2023-0394
- https://ubuntu.com/security/CVE-2023-1073
- https://ubuntu.com/security/CVE-2023-1074
- https://ubuntu.com/security/CVE-2023-1652
- https://ubuntu.com/security/CVE-2023-26545
- https://ubuntu.com/security/CVE-2022-4842
- https://ubuntu.com/security/CVE-2023-26545
- https://ubuntu.com/security/CVE-2023-1074
- https://ubuntu.com/security/CVE-2023-1652
- https://ubuntu.com/security/CVE-2023-1073
- https://ubuntu.com/security/CVE-2023-1281
- https://ubuntu.com/security/CVE-2023-0386
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2022-4129
- https://ubuntu.com/security/CVE-2023-0394
Title: USN-6024-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6024-1
Priorities: high,medium,low
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-0468)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)
Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-1032)
It was discovered that the module decompression implementation in the Linux
kernel did not properly handle return values in certain error conditions. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-22997)
Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly handle a loop termination condition, leading to an
out-of-bounds read vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-26606)
Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
CVEs:
- https://ubuntu.com/security/CVE-2023-1281
- https://ubuntu.com/security/CVE-2023-0468
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2023-1032
- https://ubuntu.com/security/CVE-2023-22997
- https://ubuntu.com/security/CVE-2023-26545
- https://ubuntu.com/security/CVE-2023-26606
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2023-0468
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2023-22997
- https://ubuntu.com/security/CVE-2023-1032
- https://ubuntu.com/security/CVE-2023-26545
- https://ubuntu.com/security/CVE-2023-1281
- https://ubuntu.com/security/CVE-2023-26606
- https://ubuntu.com/security/CVE-2023-28328
Title: USN-6018-1: Apport vulnerability
URL: https://ubuntu.com/security/notices/USN-6018-1
Priorities: medium
Description:
Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation
vulnerability in apport-cli when viewing crash reports and unprivileged
users are allowed to run sudo less. A local attacker on a specially
configured system could use this to escalate their privilege.
CVEs:
Title: USN-6015-1: Thunderbird vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6015-1
Priorities: medium
Description:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-1945, CVE-2023-29548,
CVE-2023-29550)
Paul Menzel discovered that Thunderbird did not properly validate OCSP
revocation status of recipient certificates when sending S/Mime encrypted
email. An attacker could potentially exploits this issue to perform
spoofing attack. (CVE-2023-0547)
Ribose RNP Team discovered that Thunderbird did not properly manage memory
when parsing certain OpenPGP messages. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29479)
Irvan Kurniawan discovered that Thunderbird did not properly manage
fullscreen notifications using a combination of window.open, fullscreen
requests, window.name assignments, and setInterval calls. An attacker could
potentially exploit this issue to perform spoofing attacks.
(CVE-2023-29533)
Lukas Bernhard discovered that Thunderbird did not properly manage memory
when doing Garbage Collector compaction. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29535)
Zx from qriousec discovered that Thunderbird did not properly validate the
address to free a pointer provided to the memory manager. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-29536)
Trung Pham discovered that Thunderbird did not properly validate the
filename directive in the Content-Disposition header. An attacker could
possibly exploit this to perform reflected file download attacks
potentially tricking users to install malware. (CVE-2023-29539)
Ameen Basha M K discovered that Thunderbird did not properly validate
downloads of files ending in .desktop. An attacker could potentially
exploits this issue to execute arbitrary code. (CVE-2023-29541)
CVEs:
- https://ubuntu.com/security/CVE-2023-1945
- https://ubuntu.com/security/CVE-2023-29548
- https://ubuntu.com/security/CVE-2023-29550
- https://ubuntu.com/security/CVE-2023-0547
- https://ubuntu.com/security/CVE-2023-29479
- https://ubuntu.com/security/CVE-2023-29533
- https://ubuntu.com/security/CVE-2023-29535
- https://ubuntu.com/security/CVE-2023-29536
- https://ubuntu.com/security/CVE-2023-29539
- https://ubuntu.com/security/CVE-2023-29541
- https://ubuntu.com/security/CVE-2023-29535
- https://ubuntu.com/security/CVE-2023-29479
- https://ubuntu.com/security/CVE-2023-29548
- https://ubuntu.com/security/CVE-2023-29536
- https://ubuntu.com/security/CVE-2023-1945
- https://ubuntu.com/security/CVE-2023-29533
- https://ubuntu.com/security/CVE-2023-29550
- https://ubuntu.com/security/CVE-2023-29541
- https://ubuntu.com/security/CVE-2023-0547
- https://ubuntu.com/security/CVE-2023-29539
Title: USN-6006-1: .NET vulnerability
URL: https://ubuntu.com/security/notices/USN-6006-1
Priorities: medium
Description:
It was discovered that .NET did not properly manage dll files. An
attacker could potentially use this issue to execute arbitrary code.
CVEs: