[USN-6503-1] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-6503-1 November 21, 2023 linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-laptop: Linux kernel for Lenovo X13s ARM laptops - linux-lowlatency: Linux low latency kernel - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-starfive: Linux kernel for StarFive processors - linux-oem-6.5: Linux kernel for OEM systems Details: Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345) Murray McAllister discovered that the VMware Virtual GPU DRM driver in the Linux kernel did not properly handle memory objects when storing surfaces, leading to a use-after-free vulnerability. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5633) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: linux-image-6.5.0-1004-starfive 6.5.0-1004.5 linux-image-6.5.0-1006-laptop 6.5.0-1006.9 linux-image-6.5.0-1007-raspi6.5.0-1007.9 linux-image-6.5.0-1010-aws 6.5.0-1010.10 linux-image-6.5.0-1012-oracle 6.5.0-1012.12 linux-image-6.5.0-13-generic6.5.0-13.13 linux-image-6.5.0-13-generic-64k 6.5.0-13.13 linux-image-6.5.0-13-lowlatency 6.5.0-13.13.1 linux-image-6.5.0-13-lowlatency-64k 6.5.0-13.13.1 linux-image-aws 6.5.0.1010.10 linux-image-generic 6.5.0.13.15 linux-image-generic-64k 6.5.0.13.15 linux-image-generic-lpae6.5.0.13.15 linux-image-kvm 6.5.0.13.15 linux-image-laptop-23.106.5.0.1006.9 linux-image-lowlatency 6.5.0.13.13.11 linux-image-lowlatency-64k 6.5.0.13.13.11 linux-image-oracle 6.5.0.1012.12 linux-image-raspi 6.5.0.1007.8 linux-image-raspi-nolpae6.5.0.1007.8 linux-image-starfive6.5.0.1004.6 linux-image-virtual 6.5.0.13.15 Ubuntu 22.04 LTS: linux-image-6.5.0-1008-oem 6.5.0-1008.8 linux-image-oem-22.04d 6.5.0.1008.10 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6503-1 CVE-2023-31085, CVE-2023-4244, CVE-2023-5090, CVE-2023-5345, CVE-2023-5633 Package Information: https://launchpad.net/ubuntu/+source/linux/6.5.0-13.13 https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1010.10 https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1006.9 https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-13.13.1 https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1012.12 https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1007.9 https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1004.5 https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1008.8 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6502-1] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-6502-1 November 21, 2023 linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-starfive vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-raspi: Linux kernel for Raspberry Pi systems - linux-starfive: Linux kernel for StarFive processors - linux-aws-6.2: Linux kernel for Amazon Web Services (AWS) systems - linux-hwe-6.2: Linux hardware enablement (HWE) kernel - linux-lowlatency-hwe-6.2: Linux low latency kernel Details: Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: linux-image-6.2.0-1009-starfive 6.2.0-1009.10 linux-image-6.2.0-1016-aws 6.2.0-1016.16 linux-image-6.2.0-1017-kvm 6.2.0-1017.17 linux-image-6.2.0-1017-lowlatency 6.2.0-1017.17 linux-image-6.2.0-1017-lowlatency-64k 6.2.0-1017.17 linux-image-6.2.0-1017-raspi6.2.0-1017.19 linux-image-6.2.0-37-generic6.2.0-37.38 linux-image-6.2.0-37-generic-64k 6.2.0-37.38 linux-image-6.2.0-37-generic-lpae 6.2.0-37.38 linux-image-aws 6.2.0.1016.17 linux-image-generic 6.2.0.37.37 linux-image-generic-64k 6.2.0.37.37 linux-image-generic-lpae6.2.0.37.37 linux-image-kvm 6.2.0.1017.17 linux-image-lowlatency 6.2.0.1017.17 linux-image-lowlatency-64k 6.2.0.1017.17 linux-image-raspi 6.2.0.1017.20 linux-image-raspi-nolpae6.2.0.1017.20 linux-image-starfive6.2.0.1009.12 linux-image-virtual 6.2.0.37.37 Ubuntu 22.04 LTS: linux-image-6.2.0-1016-aws 6.2.0-1016.16~22.04.1 linux-image-6.2.0-1017-lowlatency 6.2.0-1017.17~22.04.1 linux-image-6.2.0-1017-lowlatency-64k 6.2.0-1017.17~22.04.1 linux-image-6.2.0-37-generic6.2.0-37.38~22.04.1 linux-image-6.2.0-37-generic-64k 6.2.0-37.38~22.04.1 linux-image-6.2.0-37-generic-lpae 6.2.0-37.38~22.04.1 linux-image-aws 6.2.0.1016.16~22.04.1 linux-image-generic-64k-hwe-22.04 6.2.0.37.38~22.04.15 linux-image-generic-hwe-22.04 6.2.0.37.38~22.04.15 linux-image-generic-lpae-hwe-22.04 6.2.0.37.38~22.04.15 linux-image-lowlatency-64k-hwe-22.04 6.2.0.1017.17~22.04.14 linux-image-lowlatency-hwe-22.04 6.2.0.1017.17~22.04.14 linux-image-virtual-hwe-22.04 6.2.0.37.38~22.04.15 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6502-1 CVE-2023-25775, CVE-2023-31085, CVE-2023-45871, CVE-2023-5090, CVE-20
[USN-6501-1] RabbitMQ vulnerability
== Ubuntu Security Notice USN-6501-1 November 21, 2023 rabbitmq-server vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: RabbitMQ could be made to denial of service if it received a specially crafted HTTP request. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: rabbitmq-server 3.12.1-1ubuntu0.1 Ubuntu 23.04: rabbitmq-server 3.10.8-1.1ubuntu0.1 Ubuntu 22.04 LTS: rabbitmq-server 3.9.13-1ubuntu0.22.04.2 Ubuntu 20.04 LTS: rabbitmq-server 3.8.2-0ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6501-1 CVE-2023-46118 Package Information: https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.10.8-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.9.13-1ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.2-0ubuntu1.5 signature.asc Description: PGP signature
[USN-6494-1] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-6494-1 November 21, 2023 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-oracle: Linux kernel for Oracle Cloud systems Details: Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): linux-image-4.15.0-1147-kvm 4.15.0-1147.152 linux-image-4.15.0-1163-aws 4.15.0-1163.176 linux-image-4.15.0-220-generic 4.15.0-220.231 linux-image-4.15.0-220-lowlatency 4.15.0-220.231 linux-image-aws-lts-18.04 4.15.0.1163.161 linux-image-generic 4.15.0.220.204 linux-image-kvm 4.15.0.1147.138 linux-image-lowlatency 4.15.0.220.204 linux-image-virtual 4.15.0.220.204 Ubuntu 16.04 LTS (Available with Ubuntu Pro): linux-image-4.15.0-1126-oracle 4.15.0-1126.137~16.04.1 linux-image-4.15.0-1163-aws 4.15.0-1163.176~16.04.1 linux-image-4.15.0-220-generic 4.15.0-220.231~16.04.1 linux-image-4.15.0-220-lowlatency 4.15.0-220.231~16.04.1 linux-image-aws-hwe 4.15.0.1163.146 linux-image-generic-hwe-16.04 4.15.0.220.4 linux-image-lowlatency-hwe-16.04 4.15.0.220.4 linux-image-oem 4.15.0.220.4 linux-image-oracle 4.15.0.1126.107 linux-image-virtual-hwe-16.04 4.15.0.220.4 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules
[USN-6495-1] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-6495-1 November 21, 2023 linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-bluefield: Linux kernel for NVIDIA BlueField platforms - linux-ibm: Linux kernel for IBM cloud systems - linux-iot: Linux kernel for IoT platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1026-iot 5.4.0-1026.27 linux-image-5.4.0-1034-xilinx-zynqmp 5.4.0-1034.38 linux-image-5.4.0-1061-ibm 5.4.0-1061.66 linux-image-5.4.0-1075-bluefield 5.4.0-1075.81 linux-image-5.4.0-1098-raspi5.4.0-1098.110 linux-image-5.4.0-1103-kvm 5.4.0-1103.110 linux-image-5.4.0-1113-oracle 5.4.0-1113.122 linux-image-5.4.0-1114-aws 5.4.0-1114.124 linux-image-5.4.0-167-generic 5.4.0-167.184 linux-image-5.4.0-167-generic-lpae 5.4.0-167.184 linux-image-5.4.0-167-lowlatency 5.4.0-167.184 linux-image-aws-lts-20.04 5.4.0.1114.111 linux-image-bluefield 5.4.0.1075.70 linux-image-generic 5.4.0.167.164 linux-image-generic-lpae5.4.0.167.164 linux-image-ibm-lts-20.04 5.4.0.1061.90 linux-image-kvm 5.4.0.1103.99 linux-image-lowlatency 5.4.0.167.164 linux-image-oem 5.4.0.167.164 linux-image-oem-osp15.4.0.167.164 linux-image-oracle-lts-20.045.4.0.1113.106 linux-image-raspi 5.4.0.1098.128 linux-image-raspi2 5.4.0.1098.128 linux-image-virtual 5.4.0.167.164 linux-image-xilinx-zynqmp 5.4.0.1034.34 Ubuntu 18.04 LTS (Available with Ubuntu Pro): linux-image-5.4.0-1061-ibm 5.4.0-1061.66~18.04.1 linux-image-5.4.0-1098-raspi5.4.0-1098.110~18.04.2 linux-image-5.4.0-1113-oracle 5.4.0-1113.122~18.04.1 linux-image-5.4.0-1114-aws 5.4.0-1114.124~18.04.1 linux-image-5.4.0-167-generic 5.4.0-167.184~18.04.1 linux-image-5.4.0-167-lowlatency 5.4.0-167.184~18.04.1 linux-image-aws 5.4.0.1114.92 linux-image-generic-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-ibm 5.4.0.1061.72 linux-image-lowlatency-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-oem 5.4.0.167.184~18.04.135 linux-image-oem-osp15.4.0.167.184~18.04.135 linux-image-oracle 5.4.0.1113.122~18.04.85 linux-image-raspi-hwe-18.04 5.4.0.1098.95 linux-image-snapdragon-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-virtual-hwe-18.04 5.4.0.167.184~18.04.135 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6495-1 CVE-2023-31085, CVE-2023-45871 Package Information: https://launchpad.net/ubuntu/+source/linux/5.4.0-167.184 https
[USN-6496-1] Linux kernel vulnerabilities
== Ubuntu Security Notice USN-6496-1 November 21, 2023 linux, linux-aws, linux-aws-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-nvidia: Linux kernel for NVIDIA systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems - linux-hwe-5.15: Linux hardware enablement (HWE) kernel - linux-ibm-5.15: Linux kernel for IBM cloud systems - linux-lowlatency-hwe-5.15: Linux low latency kernel - linux-oracle-5.15: Linux kernel for Oracle Cloud systems Details: Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1041-nvidia 5.15.0-1041.41 linux-image-5.15.0-1041-nvidia-lowlatency 5.15.0-1041.41 linux-image-5.15.0-1043-ibm 5.15.0-1043.46 linux-image-5.15.0-1043-raspi 5.15.0-1043.46 linux-image-5.15.0-1047-kvm 5.15.0-1047.52 linux-image-5.15.0-1048-oracle 5.15.0-1048.54 linux-image-5.15.0-1050-aws 5.15.0-1050.55 linux-image-5.15.0-89-generic 5.15.0-89.99 linux-image-5.15.0-89-generic-64k 5.15.0-89.99 linux-image-5.15.0-89-generic-lpae 5.15.0-89.99 linux-image-5.15.0-89-lowlatency 5.15.0-89.99 linux-image-5.15.0-89-lowlatency-64k 5.15.0-89.99 linux-image-aws-lts-22.04 5.15.0.1050.49 linux-image-generic 5.15.0.89.86 linux-image-generic-64k 5.15.0.89.86 linux-image-generic-lpae5.15.0.89.86 linux-image-ibm 5.15.0.1043.39 linux-image-kvm 5.15.0.1047.43 linux-image-lowlatency 5.15.0.89.91 linux-image-lowlatency-64k 5.15.0.89.91 linux-image-nvidia 5.15.0.1041.41 linux-image-nvidia-lowlatency 5.15.0.1041.41 linux-image-oracle 5.15.0.1048.43 linux-image-oracle-lts-22.045.15.0.1048.43 linux-image-raspi 5.15.0.1043.41 linux-image-raspi-nolpae5.15.0.1043.41 linux-image-virtual 5.15.0.89.86 Ubuntu 20.04 LTS: linux-image-5.15.0-1043-ibm 5.15.0-1043.46~20.04.1 linux-image-5.15.0-1048-oracle 5.15.0-1048.54~20.04.1 linux-image-5.15.0-1050-aws 5.15.0-1050.55~20.04.1 linux-image-5.15.0-89-generic 5.15.0-89.99~20.04.1 linux-image-5.15.0-89-generic-64k 5.15.0-89.99~20.04.1 linux-image-5.15.0-89-generic-lpae 5.15.0-89.99~20.04.1 linux-image-5.15.0-89-lowlatency 5.15.0-89.99~20.04.1 linux-image-5.15.0-89-lowlatency-64k 5.15.0-89.99~20.04.1 linux-image-aws 5.15.0.1050.55~20.04.38 linux-image-generic-64k-hwe-20.04 5.15.0.89.99~20.04.47 linux-image-generic-hwe-20.04 5.15.0.89.99~20.04.47 linux-image-generic-lpae-hwe-20.04 5.15.0.89.99~20.04.47 linux-image-ibm 5.15.0.1043.46~20.04.15 linux-image-lowlatency-64k-hwe-20.04 5.15.0.89.99~20.04.44 linux-image-lowlatency-hwe-20.04 5.15.0.89.99~20.04.44 linux-image-oem-20.04 5.15.0.89.99~20.04.47 linux-image-oem-20.04b 5.15.0.89.99~20.04.47 linux-image-oem-20.04c 5.15.0.89.99~20.04.47 linux-image-oem-20.04d 5.15.0.89.99~20.04.47 linux-image-oracle 5.15.0.1048.54~20.04.1 linux-image-virtual-hwe-20.04 5.15.0.89.99~20.04.47 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidabl
[USN-6497-1] Linux kernel (OEM) vulnerabilities
== Ubuntu Security Notice USN-6497-1 November 21, 2023 linux-oem-6.1 vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-6.1: Linux kernel for OEM systems Details: Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-6.1.0-1026-oem 6.1.0-1026.26 linux-image-oem-22.04 6.1.0.1026.27 linux-image-oem-22.04a 6.1.0.1026.27 linux-image-oem-22.04b 6.1.0.1026.27 linux-image-oem-22.04c 6.1.0.1026.27 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6497-1 CVE-2023-5090, CVE-2023-5178, CVE-2023-5717 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1026.26 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6499-1] GnuTLS vulnerability
== Ubuntu Security Notice USN-6499-1 November 21, 2023 gnutls28 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GnuTLS could be made to expose sensitive information over the network. Software Description: - gnutls28: GNU TLS library Details: It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libgnutls30 3.8.1-4ubuntu1.1 Ubuntu 23.04: libgnutls30 3.7.8-5ubuntu1.1 Ubuntu 22.04 LTS: libgnutls30 3.7.3-4ubuntu1.3 Ubuntu 20.04 LTS: libgnutls30 3.6.13-2ubuntu1.9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6499-1 CVE-2023-5981 Package Information: https://launchpad.net/ubuntu/+source/gnutls28/3.8.1-4ubuntu1.1 https://launchpad.net/ubuntu/+source/gnutls28/3.7.8-5ubuntu1.1 https://launchpad.net/ubuntu/+source/gnutls28/3.7.3-4ubuntu1.3 https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.9 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6500-1] Squid vulnerabilities
== Ubuntu Security Notice USN-6500-1 November 21, 2023 squid vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Squid. Software Description: - squid: Web proxy cache server Details: Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724) Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-46728) Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the chunked decoder. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2023-46846) Joshua Rogers discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46847) Joshua Rogers discovered that Squid incorrectly handled certain FTP urls. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46848) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: squid 6.1-2ubuntu1.1 Ubuntu 23.04: squid 5.7-1ubuntu3.1 Ubuntu 22.04 LTS: squid 5.7-0ubuntu0.22.04.2 Ubuntu 20.04 LTS: squid 4.10-1ubuntu1.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6500-1 CVE-2023-46724, CVE-2023-46728, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848 Package Information: https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu1.1 https://launchpad.net/ubuntu/+source/squid/5.7-1ubuntu3.1 https://launchpad.net/ubuntu/+source/squid/5.7-0ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.8 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6498-1] FRR vulnerabilities
== Ubuntu Security Notice USN-6498-1 November 21, 2023 frr vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in FRR. Software Description: - frr: FRRouting suite of internet protocols Details: It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: frr 8.4.4-1.1ubuntu1.2 Ubuntu 23.04: frr 8.4.2-1ubuntu1.6 Ubuntu 22.04 LTS: frr 8.1-1ubuntu1.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6498-1 CVE-2023-38406, CVE-2023-38407, CVE-2023-47234, CVE-2023-47235 Package Information: https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu1.2 https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.6 https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.8 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6492-1] Mosquitto vulnerabilities
== Ubuntu Security Notice USN-6492-1 November 21, 2023 mosquitto vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Mosquitto. Software Description: - mosquitto: MQTT version 3.1/3.1.1 compatible message broker Details: Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34431) Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause an authorisation bypass. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2021-34434) Zhanxiang Song, Bin Yuan, DeQing Zou, and Hai Jin discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-41039) Zhengjie Du discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0809) It was discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-3592) Mischa Bachmann discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-28366) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: mosquitto 2.0.11-1.2ubuntu0.1 Ubuntu 22.04 LTS: mosquitto 2.0.11-1ubuntu1.1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): mosquitto 1.6.9-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6492-1 CVE-2021-34431, CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-28366, CVE-2023-3592 Package Information: https://launchpad.net/ubuntu/+source/mosquitto/2.0.11-1.2ubuntu0.1 https://launchpad.net/ubuntu/+source/mosquitto/2.0.11-1ubuntu1.1 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6493-2] hibagent update
== Ubuntu Security Notice USN-6493-2 November 21, 2023 hibagent update == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: A security improvement was added to hibagent. Software Description: - hibagent: Agent that triggers hibernation on EC2 instances Details: USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): hibagent1.0.1-0ubuntu1.18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): hibagent1.0.1-0ubuntu1~16.04.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6493-2 https://ubuntu.com/security/notices/USN-6493-1 https://launchpad.net/bugs/ signature.asc Description: PGP signature
[USN-6493-1] hibagent update
== Ubuntu Security Notice USN-6493-1 November 21, 2023 hibagent update == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: A security improvement was added to hibagent. Software Description: - hibagent: Agent that triggers hibernation on EC2 instances Details: On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: hibagent1.0.1+git20230216.9ac1209f7-0ubuntu1.23.10.1 Ubuntu 23.04: hibagent1.0.1+git20230216.9ac1209f7-0ubuntu1.23.04.1 Ubuntu 22.04 LTS: hibagent1.0.1-0ubuntu2.22.04.2 Ubuntu 20.04 LTS: hibagent1.0.1-0ubuntu1.20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6493-1 https://launchpad.net/bugs/2043739 Package Information: https://launchpad.net/ubuntu/+source/hibagent/1.0.1+git20230216.9ac1209f7-0ubuntu1.23.10.1 https://launchpad.net/ubuntu/+source/hibagent/1.0.1+git20230216.9ac1209f7-0ubuntu1.23.04.1 https://launchpad.net/ubuntu/+source/hibagent/1.0.1-0ubuntu2.22.04.2 https://launchpad.net/ubuntu/+source/hibagent/1.0.1-0ubuntu1.20.04.2 OpenPGP_signature.asc Description: OpenPGP digital signature
[USN-6491-1] Node.js vulnerabilities
== Ubuntu Security Notice USN-6491-1 November 21, 2023 nodejs vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Node.js. Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment. Details: Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-32212) Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.2 libnode72 12.22.9~dfsg-1ubuntu3.2 nodejs 12.22.9~dfsg-1ubuntu3.2 nodejs-doc 12.22.9~dfsg-1ubuntu3.2 Ubuntu 20.04 LTS: libnode-dev 10.19.0~dfsg-3ubuntu1.3 libnode64 10.19.0~dfsg-3ubuntu1.3 nodejs 10.19.0~dfsg-3ubuntu1.3 nodejs-doc 10.19.0~dfsg-3ubuntu1.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): nodejs 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6491-1 CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256, CVE-2022-43548 Package Information: https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.2 https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.3 OpenPGP_signature.asc Description: OpenPGP digital signature
