[USN-5612-1] Intel Microcode vulnerability
== Ubuntu Security Notice USN-5612-1 September 15, 2022 intel-microcode vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: A security issue was fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: intel-microcode 3.20220809.0ubuntu0.22.04.1 Ubuntu 20.04 LTS: intel-microcode 3.20220809.0ubuntu0.20.04.1 Ubuntu 18.04 LTS: intel-microcode 3.20220809.0ubuntu0.18.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5612-1 CVE-2022-21233 Package Information: https://launchpad.net/ubuntu/+source/intel-microcode/3.20220809.0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20220809.0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/intel-microcode/3.20220809.0ubuntu0.18.04.1 signature.asc Description: PGP signature
[USN-5606-2] poppler regression
== Ubuntu Security Notice USN-5606-2 September 14, 2022 poppler regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: USN-5606-1 caused a regression in poppler. Software Description: - poppler: PDF rendering library Details: USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpoppler-private-dev 0.62.0-2ubuntu2.14 libpoppler730.62.0-2ubuntu2.14 poppler-utils 0.62.0-2ubuntu2.14 Ubuntu 16.04 ESM: libpoppler-private-dev 0.41.0-0ubuntu1.16+esm2 libpoppler580.41.0-0ubuntu1.16+esm2 poppler-utils 0.41.0-0ubuntu1.16+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5606-2 https://ubuntu.com/security/notices/USN-5606-1 https://launchpad.net/bugs/1989515 Package Information: https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.14 signature.asc Description: PGP signature
[USN-5611-1] WebKitGTK vulnerability
== Ubuntu Security Notice USN-5611-1 September 14, 2022 webkit2gtk vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.0-372.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1 libwebkit2gtk-4.0-372.36.7-0ubuntu0.20.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5611-1 CVE-2022-32893 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.20.04.1 OpenPGP_signature Description: OpenPGP digital signature
[USN-5610-1] rust-regex vulnerability
== Ubuntu Security Notice USN-5610-1 September 14, 2022 rust-regex vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: rust-regex could be made to crash if it received specially crafted input. Software Description: - rust-regex: Regular expressions for Rust Details: Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions (regex) it parses. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: librust-regex-dev 1.5.4-1ubuntu0.1 Ubuntu 20.04 LTS: librust-regex-dev 1.2.1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5610-1 CVE-2022-24713 Package Information: https://launchpad.net/ubuntu/+source/rust-regex/1.5.4-1ubuntu0.1 https://launchpad.net/ubuntu/+source/rust-regex/1.2.1-3ubuntu0.1 OpenPGP_0x196D412138F33F64.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
