[USN-5799-1] Linux kernel (OEM) vulnerability
== Ubuntu Security Notice USN-5799-1 January 11, 2023 linux-oem-5.17, linux-oem-6.0 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux-oem-5.17: Linux kernel for OEM systems - linux-oem-6.0: Linux kernel for OEM systems Details: Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.17.0-1026-oem 5.17.0-1026.27 linux-image-6.0.0-1010-oem 6.0.0-1010.10 linux-image-oem-22.04 5.17.0.1026.24 linux-image-oem-22.04a 5.17.0.1026.24 linux-image-oem-22.04b 6.0.0.1010.10 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5799-1 CVE-2022-4378 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1026.27 https://launchpad.net/ubuntu/+source/linux-oem-6.0/6.0.0-1010.10 OpenPGP_signature Description: OpenPGP digital signature
[USN-5793-4] Linux kernel (IBM) vulnerabilities
== Ubuntu Security Notice USN-5793-4 January 10, 2023 linux-ibm vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-ibm: Linux kernel for IBM cloud systems Details: It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3910) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Sunplus Ethernet driver in the Linux kernel contained a read-after-free vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory) (CVE-2022-3541) It was discovered that a memory leak existed in the Unix domain socket implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3543) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3544, CVE-2022-3646) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that a race condition existed in the MCTP implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3977) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: linux-image-5.19.0-1014-ibm 5.19.0-1014.15 linux-image-ibm 5.19.0.1014.11 After a standard system update you need to reboot your computer to make all
[USN-5793-3] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-5793-3 January 10, 2023 linux-gcp, linux-oracle vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-oracle: Linux kernel for Oracle Cloud systems Details: It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3910) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that the Sunplus Ethernet driver in the Linux kernel contained a read-after-free vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory) (CVE-2022-3541) It was discovered that a memory leak existed in the Unix domain socket implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3543) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3544, CVE-2022-3646) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that a race condition existed in the MCTP implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3977) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: linux-image-5.19.0-1014-gcp 5.19.0-1014.15 linux-image-5.19.0-1014-oracle
[USN-5791-3] Linux kernel (Azure) vulnerabilities
== Ubuntu Security Notice USN-5791-3 January 10, 2023 linux-azure-5.4, linux-azure-fde vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Details: It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1100-azure-fde 5.4.0-1100.106+cvm1.1 linux-image-azure-fde 5.4.0.1100.106+cvm1.35 Ubuntu 18.04 LTS: linux-image-5.4.0-1100-azure5.4.0-1100.106~18.04.1 linux-image-azure 5.4.0.1100.73 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5791-3 https://ubuntu.com/security/notices/USN-5791-1 CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303, CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307, CVE-2022-4095, CVE-2022-43750 Package Information: https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1100.106+cvm1.1 https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1100.106~18.04.1 OpenPGP_signature Description: OpenPGP digital signature
[USN-5798-1] .NET 6 vulnerability
== Ubuntu Security Notice USN-5798-1 January 10, 2023 dotnet6 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: dotnet6 could be made to crash if it received specially crafted network traffic. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-host 6.0.113-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-sdk-6.06.0.113-0ubuntu1~22.10.1 dotnet6 6.0.113-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-host6.0.113-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.113-0ubuntu1~22.04.1 dotnet6 6.0.113-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5798-1 CVE-2023-21538 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.113-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.113-0ubuntu1~22.04.1 OpenPGP_signature Description: OpenPGP digital signature
[USN-5796-2] w3m vulnerability
== Ubuntu Security Notice USN-5796-2 January 10, 2023 w3m vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: w3m could be made to crash or run programs as your login if it opened a malicious website. Software Description: - w3m: WWW browsable pager with excellent tables/frames support Details: USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: w3m 0.5.3-15ubuntu0.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5796-2 https://ubuntu.com/security/notices/USN-5796-1 CVE-2022-38223 signature.asc Description: PGP signature
[USN-5782-3] Firefox regressions
== Ubuntu Security Notice USN-5782-3 January 10, 2023 firefox regressions == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5782-1 caused some minor regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-46878, CVE-2022-46879) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: firefox 108.0.2+build1-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: firefox 108.0.2+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5782-3 https://ubuntu.com/security/notices/USN-5782-1 https://launchpad.net/bugs/2002377 Package Information: https://launchpad.net/ubuntu/+source/firefox/108.0.2+build1-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/firefox/108.0.2+build1-0ubuntu0.18.04.1 signature.asc Description: PGP signature