Skip to content

Releases: cloudfoundry/bosh-linux-stemcell-builder

ubuntu jammy v1.147

26 Jun 19:54
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.548.0

USNs:

Title: USN-6180-1: VLC media player vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6180-1
Priorities: low,medium
Description:
It was discovered that VLC could be made to read out of bounds when
decoding image files. If a user were tricked into opening a crafted image
file, a remote attacker could possibly use this issue to cause VLC to
crash, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721)

It was discovered that VLC could be made to write out of bounds when
processing H.264 video files. If a user were tricked into opening a
crafted H.264 video file, a remote attacker could possibly use this issue
to cause VLC to crash, leading to a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-13428)

It was discovered that VLC could be made to read out of bounds when
processing AVI video files. If a user were tricked into opening a crafted
AVI video file, a remote attacker could possibly use this issue to cause
VLC to crash, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801,
CVE-2021-25802, CVE-2021-25803, CVE-2021-25804)

It was discovered that the VNC module of VLC contained an arithmetic
overflow. If a user were tricked into opening a crafted playlist or
connecting to a rouge VNC server, a remote attacker could possibly use
this issue to cause VLC to crash, leading to a denial of service, or
possibly execute arbitrary code. (CVE-2022-41325)
CVEs:

Title: USN-6163-1: pano13 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6163-1
Priorities: medium
Description:
It was discovered that pano13 did not properly validate the prefix provided
for PTcrop's output. An attacker could use this issue to cause pano13 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307)

It was discovered that pano13 did not properly handle certain crafted TIFF
images. An attacker could use this issue to cause pano13 to crash,
resulting in a denial of service. (CVE-2021-33293)
CVEs:

Title: USN-6146-1: Netatalk vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6146-1
Priorities: medium,high
Description:
It was discovered that Netatalk did not properly validate the length of
user-supplied data in the DSI structures. A remote attacker could possibly
use this issue to execute arbitrary code with the privileges of the user
invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2021-31439)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the ad_addcomment function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-0194)

It was discovered that Netatalk did not properly handle errors when parsing
AppleDouble entries. A remote attacker could possibly use this issue to
execute arbitrary code with root privileges. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-23121)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the setfilparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23122)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the getdirparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the get_finderinfo function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23124)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the copyapplfile function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the dsi_writeinit function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu
22.10. (CVE-2022-43634)

It was discovered that Netatalk did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted .appl file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-45188)
CVEs:

Title: USN-6167-1: QEMU vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6167-1
Priorities: low,medium
Description:
It was discovered that QEMU did not properly manage the guest drivers when
shared buffers are not allocated. A malicious guest driver could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)

It was discovered that QEMU did not properly check the size of the
structure pointed to by the guest physical address pqxl. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2022-4144)

It was discovered that QEMU did not properly manage memory in the ACPI
Error Record Serialization Table (ERST) device. A malicious guest attacker
could use this issue to cause QEMU to crash, resulting in a denial of
service. This issue only affected Ubuntu 22.10. (CVE-2022-4172)

It was discovered that QEMU did not properly manage memory when DMA memory
writes happen repeatedly in the lsi53c895a device. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. (CVE-2023-0330)
CVEs:

Title: USN-6169-1: GNU SASL vulnerability
URL: https://ubuntu.com/security/notices/USN-6169-1
Priorities: low
Description:
It was discovered that GNU SASL's GSSAPI server could make an
out-of-bounds reads if given specially crafted GSS-API authentication
data. A remote attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
CVEs:

Title: USN-6145-1: Sysstat vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6145-1
Priorities: medium
Description:
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)

It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications in 64-bit systems, as a result of an incomplete fi...

Read more

ubuntu bionic v1.204

02 Jun 15:31
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.536.0

USNs:

Title: USN-6117-1: Apache Batik vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6117-1
Priorities: medium
Description:
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
CVEs:

Title: USN-6099-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6099-1
Priorities: negligible,medium
Description:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)

It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
CVEs:

Title: USN-6076-1: Synapse vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6076-1
Priorities: medium,low
Description:
It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2019-18835, CVE-2018-12291, CVE-2018-10657)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to hijack the
session. (CVE-2019-11842, CVE-2018-12423)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
spoofing or user impersonation. (CVE-2019-5885, CVE-2018-16515)
CVEs:

Title: USN-6098-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6098-1
Priorities: medium,low
Description:
It was discovered that Jhead did not properly handle certain crafted images
while processing the JFIF markers. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2019-19035)

It was discovered that Jhead did not properly handle certain crafted images
while processing longitude tags. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301)

It was discovered that Jhead did not properly handle certain crafted images
while processing IPTC data. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302)

Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing the DQT data. An attacker could cause Jhead to crash.
(CVE-2020-6624)

Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing longitude data. An attacker could cause Jhead to crash.
(CVE-2020-6625)

Feng Zhao Yang discovered that Jhead did not properly handle certain crafted
images while reading JPEG sections. An attacker could cause Jhead to crash.
(CVE-2020-26208)

It was discovered that Jhead did not properly handle certain crafted images
while processing Canon images. An attacker could cause Jhead to crash.
(CVE-2021-28276)

It was discovered that Jhead did not properly handle certain crafted images
when removing a certain type of sections. An attacker could cause Jhead to
crash. (CVE-2021-28278)
CVEs:

Title: USN-6108-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6108-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted images
while rotating them. An attacker could possibly use this issue to crash Jhead,
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images while regenerating the Exif thumbnail. An attacker could possibly use
this issue to execute arbitrary commands. (CVE-2022-41751)
CVEs:

Title: USN-6110-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6110-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
CVEs:

Read more

ubuntu jammy v1.125

02 Jun 15:32
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.536.0

USNs:

Title: USN-6117-1: Apache Batik vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6117-1
Priorities: medium
Description:
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
CVEs:

Title: USN-6099-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6099-1
Priorities: negligible,medium
Description:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)

It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
CVEs:

Title: USN-6102-1: xmldom vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6102-1
Priorities: medium
Description:
It was discovered that xmldom incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause
unexpected syntactic changes during XML processing. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-21366)

It was discovered that xmldom incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-37616, CVE-2022-39353)
CVEs:

Title: USN-6108-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6108-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted images
while rotating them. An attacker could possibly use this issue to crash Jhead,
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images while regenerating the Exif thumbnail. An attacker could possibly use
this issue to execute arbitrary commands. (CVE-2022-41751)
CVEs:

Title: USN-6110-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6110-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
CVEs:

Title: USN-6126-1: libvirt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6126-1
Priorities: low,medium
Description:
It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-0897)

It was discovered that libvirt incorrectly handled queries for the SR-IOV
PCI device capabilities. A local attacker could possibly use this issue to
cause libvirt to consume resources, leading to a denial of service.
(CVE-2023-2700)
CVEs:

Title: USN-6116-1: hawk vulnerability
URL: https://ubuntu.com/security/notices/USN-6116-1
Priorities: medium
Description:
It was discovered that hawk incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
CVEs:

Title: USN-6089-1: Linux kernel (OEM) vulnerability
URL: https://ubuntu.com/security/notices/USN-6089-1
Priorities: medium
Description:
It was discovered that the Intel i915 graphics driver in the Linux kernel
did not perform a GPU TLB flush in some situations. A local attacker could
use this to cause a denial of service or possibly execute arbitrary code.
CVEs:

Title: USN-6125-1: snapd vulnerability
URL: https://ubuntu.com/security/notices/USN-6125-1
Priorities: medium
Description:
It was discovered that the snap sandbox did not restrict the use of the
ioctl system call with a TIOCLINUX request. This could be exploited by a
malicious snap to inject commands into the controlling terminal which would
then be executed outside of the snap sandbox once the snap had exited. This
could allow an attacker to execute arbitrary commands outside of the
confined snap sandbox. Note: graphical terminal emulators like xterm,
gnome-terminal and others are not affected - this can only be exploited
when snaps are run on a virtual console.
CVEs:

Title: USN-6101-1: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6101-1
Priorities: medium,low
Description:
It was discovered that GNU binutils incorrectly handled certain DWARF
files. An attacker could possibly use this issue to cause a crash or
execute arbitrary code. This issue only affected Ubuntu 22.10.
(CVE-2023-1579)

It was discovered that GNU binutils did not properly verify the version
definitions in zer0-lengthverdef table. An attacker could possibly use this
issue to cause a crash or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 22.10 and Ub...

Read more

ubuntu jammy v1.117

22 May 22:48
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.533.0

USNs:

Title: USN-6049-1: Netty vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6049-1
Priorities: medium
Description:
It was discovered that Netty's Zlib decoders did not limit memory
allocations. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-11612)

It was discovered that Netty created temporary files with excessive
permissions. A local attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu
18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)

It was discovered that Netty did not properly validate content-length
headers. A remote attacker could possibly use this issue to smuggle
requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,
CVE-2021-21409)

It was discovered that Netty's Bzip2 decompression decoder did not limit
the decompressed output data size. A remote attacker could possibly use
this issue to cause Netty to exhaust memory via malicious input, leading
to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu
20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)

It was discovered that Netty's Snappy frame decoder function did not limit
chunk lengths. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. (CVE-2021-37137)

It was discovered that Netty did not properly handle control chars at the
beginning and end of header names. A remote attacker could possibly use
this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM,
Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)

It was discovered that Netty could be made into an infinite recursion when
parsing a malformed crafted message. A remote attacker could possibly use
this issue to cause Netty to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-41881)

It was discovered that Netty did not validate header values under certain
circumstances. A remote attacker could possibly use this issue to perform
HTTP response splitting via malicious header values. This issue only
affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu
22.10. (CVE-2022-41915)
CVEs:

Title: USN-6067-1: OpenStack Neutron vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6067-1
Priorities: medium
Description:
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)

Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)

Pavel Toporkov discovered that OpenStack Neutron incorrectly handled
extra_dhcp_opts values. An attacker could possibly use this issue to
reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS. (CVE-2021-40085)

Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the
routes middleware. An attacker could possibly use this issue to cause the
API worker to consume memory, leading to a denial of service. This issue
only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40797)

It was discovered that OpenStack Neutron incorrectly handled certain
queries. A remote authenticated user could possibly use this issue to cause
resource consumption, leading to a denial of service. (CVE-2022-3277)
CVEs:

Title: USN-6037-1: Apache Commons Net vulnerability
URL: https://ubuntu.com/security/notices/USN-6037-1
Priorities: medium
Description:
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted
the host from PASV responses by default. A remote attacker with a
malicious FTP server could redirect the client to another server, which
could possibly result in leaked information about services running on the
private network of the client.
CVEs:

Title: USN-6063-1: Ceph vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6063-1
Priorities: low,medium
Description:
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.
An attacker could possibly use this issue to create non-random encryption
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3979)

It was discovered that Ceph incorrectly handled the volumes plugin. An
attacker could possibly use this issue to obtain access to any share. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-0670)

It was discovered that Ceph incorrectly handled crash dumps. A local
attacker could possibly use this issue to escalate privileges to root. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-3650)

It was discovered that Ceph incorrectly handled URL processing on RGW
backends. An attacker could possibly use this issue to cause RGW to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 22.10. (CVE-2022-3854)
CVEs:

Title: USN-6079-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6079-1
Priorities: medium,low,negligible
Description:
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-48423)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48424)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer lengths, leading to a heap-based buffer overflow.
A remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2023-0210)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

...

Read more

ubuntu bionic v1.201

02 Jun 15:32
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.531.0

USNs:

Title: USN-6035-1: KAuth vulnerability
URL: https://ubuntu.com/security/notices/USN-6035-1
Priorities: medium
Description:
It was discovered that KAuth incorrectly handled some configuration parameters
with specially crafted arbitrary types. An attacker could possibly use this
issue to cause a denial of service, or possibly execute arbitrary code.
CVEs:

Title: USN-6049-1: Netty vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6049-1
Priorities: medium
Description:
It was discovered that Netty's Zlib decoders did not limit memory
allocations. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-11612)

It was discovered that Netty created temporary files with excessive
permissions. A local attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu
18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)

It was discovered that Netty did not properly validate content-length
headers. A remote attacker could possibly use this issue to smuggle
requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,
CVE-2021-21409)

It was discovered that Netty's Bzip2 decompression decoder did not limit
the decompressed output data size. A remote attacker could possibly use
this issue to cause Netty to exhaust memory via malicious input, leading
to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu
20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)

It was discovered that Netty's Snappy frame decoder function did not limit
chunk lengths. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. (CVE-2021-37137)

It was discovered that Netty did not properly handle control chars at the
beginning and end of header names. A remote attacker could possibly use
this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM,
Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)

It was discovered that Netty could be made into an infinite recursion when
parsing a malformed crafted message. A remote attacker could possibly use
this issue to cause Netty to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-41881)

It was discovered that Netty did not validate header values under certain
circumstances. A remote attacker could possibly use this issue to perform
HTTP response splitting via malicious header values. This issue only
affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu
22.10. (CVE-2022-41915)
CVEs:

Title: USN-6048-1: ZenLib vulnerability
URL: https://ubuntu.com/security/notices/USN-6048-1
Priorities: medium
Description:
It was discovered that ZenLib doesn't check the return value of a specific
operation before using it. An attacker could use a specially crafted input
to crash programs using the library.
CVEs:

Title: USN-6065-1: css-what vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6065-1
Priorities: medium
Description:
It was discovered that css-what incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2021-33587, CVE-2022-21222)
CVEs:

Title: USN-6037-1: Apache Commons Net vulnerability
URL: https://ubuntu.com/security/notices/USN-6037-1
Priorities: medium
Description:
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted
the host from PASV responses by default. A remote attacker with a
malicious FTP server could redirect the client to another server, which
could possibly result in leaked information about services running on the
private network of the client.
CVEs:

Title: USN-6063-1: Ceph vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6063-1
Priorities: low,medium
Description:
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.
An attacker could possibly use this issue to create non-random encryption
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3979)

It was discovered that Ceph incorrectly handled the volumes plugin. An
attacker could possibly use this issue to obtain access to any share. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-0670)

It was discovered that Ceph incorrectly handled crash dumps. A local
attacker could possibly use this issue to escalate privileges to root. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-3650)

It was discovered that Ceph incorrectly handled URL processing on RGW
backends. An attacker could possibly use this issue to cause RGW to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 22.10. (CVE-2022-3854)
CVEs:

Title: USN-6038-1: Go vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6038-1
Priorities: medium
Description:
It was discovered that the Go net/http module incorrectly handled
Transfer-Encoding headers in the HTTP/1 client. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-1705)

It was discovered that Go did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a panic
resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,
CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,
CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715,
CVE-2022-41717, CVE-2023-24534, CVE-2023-24537)

It was discovered that Go did not properly implemented the maximum size of
file headers in Reader.Read. An attacker could possibly use this issue to
cause a panic resulting into a denial of service. (CVE-2022-2879)

It was discovered that the Go net/http module incorrectly handled query
parameters in requests forwarded by ReverseProxy. A remote attacker could
possibly use this issue to perform an HTTP Query Parameter Smuggling attack.
(CVE-2022-2880)

It was discovered that Go did not properly manage the permissions for
Faccessat function. A attacker could possibly use this issue to expose
sensitive information. (CVE-2022-29526)

It was discovered that Go did not properly generate the values for
ticket_age_add in session tickets. An attacker could possibly use this
issue to observe TLS handshakes to correlate successive connections by
comparing ticket ages during session resumption. (CVE-2022-30629)

It was discovered that Go did not properly manage client IP addresses in
net/http. An attacker could possibly use this issue to cause ReverseProxy
to set the client IP as the value of the X-Forwarded-For header.
(CVE-2022-32148)

It was discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and do not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. (CVE-2023-24538)
CVEs:

Read more

ubuntu jammy v1.108

28 Apr 03:15
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.528.0

USNs:

Title: USN-6032-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6032-1
Priorities: medium,low,negligible
Description:
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)

It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)

It was discovered that the file system writeback functionality in the Linux
kernel contained a user-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2023-26605)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Duoming Zhou discovered that a race condition existed in the infrared
receiver/transceiver driver in the Linux kernel, leading to a use-after-
free vulnerability. A privileged attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-1118)
CVEs:

Title: USN-6036-1: PatchELF vulnerability
URL: https://ubuntu.com/security/notices/USN-6036-1
Priorities: medium
Description:
It was discovered that PatchELF was not properly performing bounds
checks, which could lead to an out-of-bounds read via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. (CVE-2022-44940)
CVEs:

Title: USN-6033-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6033-1
Priorities: high,medium,low,negligible
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)

Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-1032)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)

It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform file table updates in some situations, leading to a null
pointer dereference vulnerability. A local attacker could use this to cause
a denial of service (system crash). (CVE-2023-1583)

It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)

It was discovered that a race condition existed in the Bluetooth HCI SDIO
driver, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-1989)

It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)

José Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)

It was discovered that the BigBen Interactive Kids' gamepad driver in the
Linux kernel did not properly handle device removal, leading to a use-
after-free vulnerability. A local attacker with physical access could plug
in a specially crafted USB device to cause a denial of service (system
crash). (CVE-2023-25012)

It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the Bluetooth subsystem in the Linux kernel did not
properly initialize some data structures, leading to an out-of-bounds
access vulnerability in certain situations. An attacker could use this to
expose sensitive information (kernel memory). (CVE-2023-28866)

Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)

Duoming Zhou discovered that a race condition existed in the infrared
receiver/transceiver driver in the Linux kernel, leading to a use-after-
free vulnerability. A privileged attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-1118)
CVEs:

Title: USN-6043-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6043-1
Priorities: high
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
s...

Read more

ubuntu jammy v1.105

21 Apr 00:58
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.525.0

USNs:

Title: USN-6011-1: Json-smart vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6011-1
Priorities: medium
Description:
It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed quotes.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2021-31684)

It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed brackets.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2023-1370)
CVEs:

Title: USN-6026-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6026-1
Priorities: medium,low
Description:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)

It was discovered that Vim was using freed memory when dealing with regular
expressions inside a visual selection. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-4192)

It was discovered that Vim was incorrectly handling virtual column position
operations, which could result in an out-of-bounds read. An attacker could
possibly use this issue to expose sensitive information. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks when
updating windows present on a screen, which could result in a heap buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly performing read and write
operations when in visual block mode, going beyond the end of a line and
causing a heap buffer overflow. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2022-0261, CVE-2022-0318)

It was discovered that Vim was incorrectly handling window exchanging
operations when in Visual mode, which could result in an out-of-bounds read.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when parsing
conditional expressions. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2022-0351)

It was discovered that Vim was not properly handling memory allocation when
processing data in Ex mode, which could result in a heap buffer overflow.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks when
executing line operations in Visual mode, which could result in a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,
CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions when
looking for spell suggestions, which could result in a stack buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access when
executing buffer operations, which could result in the usage of freed
memory. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2022-0443)

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks for
column numbers when replacing tabs with spaces or spaces with tabs, which
could cause a heap buffer overflow. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2022-0572)

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-0629)

It was discovered that Vim was not properly performing validation of data
that contained special multi-byte characters, which could cause an
out-of-bounds read. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to define
indentation in a file, which could cause a heap buffer overflow. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular
expression patterns and strings, which could cause an out-of-bounds read.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0729)

It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the corruption of sensitive
information, a crash, or arbitrary code execution. (CVE-2022-2207)
CVEs:

Title: USN-6012-1: Smarty vulnerability
URL: https://ubuntu.com/security/notices/USN-6012-1
Priorities: medium
Description:
It was discovered that Smarty incorrectly parsed blocks' names and
included files' names. A remote attacker with template writing permissions
could use this issue to execute arbitrary PHP code. (CVE-2022-29221)
CVEs:

Title: USN-6008-1: Exo vulnerability
URL: https://ubuntu.com/security/notices/USN-6008-1
Priorities: medium
Description:
It was discovered that Exo did not properly sanitized desktop files.
A remote attacker could possibly use this issue to to cause a crash or
arbitrary code execution.
CVEs:

Title: USN-6025-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6025-1
Priorities: high,medium
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

It was disco...

Read more

ubuntu bionic v1.195

21 Apr 00:58
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.525.0

USNs:

Title: USN-6022-1: Kamailio vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6022-1
Priorities: medium
Description:
It was discovered that Kamailio did not properly sanitize SIP messages under
certain circumstances. An attacker could use this vulnerability to cause a
denial of service or possibly execute arbitrary code. This issue only affected
Ubuntu 16.04 ESM and 18.04 ESM. (CVE-2018-16657)

It was discovered that Kamailio did not properly validate INVITE requests
under certain circumstances. An attacker could use this vulnerability to
cause a denial of service or possibly execute arbitrary code. (CVE-2020-27507)
CVEs:

Title: USN-6026-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6026-1
Priorities: medium,low
Description:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)

It was discovered that Vim was using freed memory when dealing with regular
expressions inside a visual selection. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-4192)

It was discovered that Vim was incorrectly handling virtual column position
operations, which could result in an out-of-bounds read. An attacker could
possibly use this issue to expose sensitive information. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks when
updating windows present on a screen, which could result in a heap buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly performing read and write
operations when in visual block mode, going beyond the end of a line and
causing a heap buffer overflow. If a user were tricked into opening a
specially crafted file, an attacker could crash the application, leading to a
denial of service, or possibly achieve code execution with user privileges.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2022-0261, CVE-2022-0318)

It was discovered that Vim was incorrectly handling window exchanging
operations when in Visual mode, which could result in an out-of-bounds read.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when parsing
conditional expressions. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2022-0351)

It was discovered that Vim was not properly handling memory allocation when
processing data in Ex mode, which could result in a heap buffer overflow.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks when
executing line operations in Visual mode, which could result in a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,
CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions when
looking for spell suggestions, which could result in a stack buffer
overflow. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access when
executing buffer operations, which could result in the usage of freed
memory. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2022-0443)

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks for
column numbers when replacing tabs with spaces or spaces with tabs, which
could cause a heap buffer overflow. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2022-0572)

It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-0629)

It was discovered that Vim was not properly performing validation of data
that contained special multi-byte characters, which could cause an
out-of-bounds read. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to define
indentation in a file, which could cause a heap buffer overflow. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular
expression patterns and strings, which could cause an out-of-bounds read.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-0729)

It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the corruption of sensitive
information, a crash, or arbitrary code execution. (CVE-2022-2207)
CVEs:

Title: USN-6023-1: LibreOffice vulnerability
URL: https://ubuntu.com/security/notices/USN-6023-1
Priorities: low
Description:
It was discovered that LibreOffice may be configured to add an
empty entry to the Java class path. This may lead to run arbitrary
Java code from the current directory.
CVEs:

Title: LSN-0094-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0094-1
Priorities: high
Description:
Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).(CVE-2023-0468)

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1281)
CVEs:

Title: USN-6027-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6027-1
Priorities: high,medium,low
Description:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)

It was discovered that the in...

Read more

ubuntu bionic v1.192

21 Apr 07:36
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.524.0

USNs:

Title: USN-5971-1: Graphviz vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5971-1
Priorities: low,medium
Description:
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file can cause
a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-10196)

It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file can cause
a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu
18.04 LTS. (CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow vulnerability.
Exploitation via a specially crafted input file can cause a denial of
service or possibly allow for arbitrary code execution. These issues only
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-18032)
CVEs:

Title: USN-5973-1: url-parse vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5973-1
Priorities: medium,low
Description:
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. (CVE-2018-3774)

It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass input
validation. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8124)

Yaniv Nizry discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-27515)

It was discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-3664)

It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691)

Rohan Sharma discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0686)
CVEs:

Title: USN-5998-1: Apache Log4j vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5998-1
Priorities: medium,low
Description:
It was discovered that the SocketServer component of Apache Log4j 1.2
incorrectly handled deserialization. An attacker could possibly use this issue
to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.
(CVE-2019-17571)

It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly
handled deserialization. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-23302)

It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL
statements. A remote attacker could possibly use this issue to perform an SQL
injection attack and alter the database. This issue was only fixed in Ubuntu
18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305)

It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly
handled deserialization. An attacker could possibly use this issue to execute
arbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2022-23307)
CVEs:

Title: USN-5997-1: IPMItool vulnerability
URL: https://ubuntu.com/security/notices/USN-5997-1
Priorities: medium
Description:
It was discovered that IPMItool was not properly checking the data received
from a remote LAN party. A remote attacker could possibly use this issue to
to cause a crash or arbitrary code execution.
CVEs:

Title: USN-6016-1: thenify vulnerability
URL: https://ubuntu.com/security/notices/USN-6016-1
Priorities: medium
Description:
It was discovered that thenify incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code.
CVEs:

Title: USN-6011-1: Json-smart vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6011-1
Priorities: medium
Description:
It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed quotes.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2021-31684)

It was discovered that Json-smart incorrectly handled memory
when processing input containing unclosed brackets.
A remote attacker could possibly use this issue to cause
applications using Json-smart to crash, leading to a
denial of service. (CVE-2023-1370)
CVEs:

Title: USN-5999-1: trim-newlines vulnerability
URL: https://ubuntu.com/security/notices/USN-5999-1
Priorities: medium
Description:
It was discovered that trim-newlines incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2021-33623)
CVEs:

Title: USN-5985-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5985-1
Priorities: low,medium
Description:
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)

Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)
CVEs:

Title: USN-5984-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5984-1
Priorities: low,medium
Description:
It was discovered that the System V IPC i...

Read more

ubuntu jammy v1.102

12 Apr 19:12
Compare
Choose a tag to compare

Metadata:

BOSH Agent Version: 2.523.0

USNs:

Title: USN-5995-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5995-1
Priorities: medium,low
Description:
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,
CVE-2022-2923)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,
CVE-2022-2344)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 22.10. (CVE-2022-2946)

It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-2980)
CVEs:

Title: USN-5987-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5987-1
Priorities: medium,low
Description:
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)

It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)

Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-48423)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48424)

José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer lengths, leading to a heap-based buffer overflow.
A remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2023-0210)

It was discovered that a use-after-free vulnerability existed in the
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-0266)

Kyle Zeng discovered that the class-based queuing discipline implementation
in the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23454)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in
the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23455)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly handle a loop termination condition, leading to an
out-of-bounds read vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-26606)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
CVEs:

Read more