Skip to content

Releases: cloudfoundry/bosh-linux-stemcell-builder

ubuntu jammy v1.222

07 Sep 18:59
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.222
3244e87
Compare
Choose a tag to compare
ubuntu jammy v1.222

Metadata:

BOSH Agent Version: 2.578.0

USNs:

Title: USN-6336-1: Docker Registry vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6336-1
Priorities: low,medium
Description:
It was discovered that Docker Registry incorrectly handled certain crafted
input, which allowed remote attackers to cause a denial of service. This
issue only affected Ubuntu 16.04 LTS. (CVE-2017-11468)

It was discovered that Docker Registry incorrectly handled certain crafted
input. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-11468)
CVEs:

Title: USN-6306-1: Fast DDS vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6306-1
Priorities: medium
Description:
It was discovered that Fast DDS incorrectly handled certain inputs.
A remote attacker could possibly use this issue to cause a denial of
service and information exposure. This issue only affected Ubuntu
22.04 LTS. (CVE-2021-38425)

It was discovered that Fast DDS incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947,
CVE-2023-39948, CVE-2023-39949)
CVEs:

Title: USN-6332-1: Linux kernel (Azure) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6332-1
Priorities: medium,low,high
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)

William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)

Seth Jenkins discovered that the Linux kernel did not properly perform
address randomization for a per-cpu memory management structure. A local
attacker could use this to expose sensitive information (kernel memory) or
in conjunction with another kernel vulnerability. (CVE-2023-0597)

It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)

It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)

Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)

It was discovered that the SLIMpro I2C device driver in the Linux kernel
did not properly validate user-supplied data in some situations, leading to
an out-of-bounds write vulnerability. A privileged attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-2194)

It was discovered that the perf subsystem in the Linux kernel contained a
use-after-free vulnerability. A privileged local attacker could possibly
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-2235)

Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)

It was discovered that the ARM Mali Display Processor driver implementation
in the Linux kernel did not properly handle certain error conditions. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-23004)

It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the DA9150 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-30772)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly validate pointers in some situations, leading to a
null pointer dereference vulnerability. A remote attacker could use this to
cause a denial of service (system crash). (CVE-2023-32248)

It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux
kernel did not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33203)

It was discovered that the BQ24190 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33288)

It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)

It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)

It was discovered that the Rockchip Video Decoder IP driver in the Linux
kernel contained a...

Read more
Assets 2
Loading

ubuntu jammy v1.207

29 Aug 09:01
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.207
8d222c6
Compare
Choose a tag to compare
ubuntu jammy v1.207

Metadata:

BOSH Agent Version: 2.572.0

Notice

  • update the azure blobstore

USNs:

Title: USN-6295-1: Podman vulnerability
URL: https://ubuntu.com/security/notices/USN-6295-1
Priorities: medium
Description:
It was discovered that Podman incorrectly handled certain supplementary groups.
An attacker could possibly use this issue to expose sensitive information
or execute binary code.
CVEs:

Title: USN-6286-1: Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6286-1
Priorities: medium
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear
microarchitectural state after speculative execution of various instructions. A
local unprivileged user could use this to obtain to sensitive
information. (CVE-2022-40982)

It was discovered that some Intel(R) Xeon(R) Processors did not properly
restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged
user could use this to further escalate their privileges. (CVE-2022-41804)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors
did not properly restrict access in some situations. A local privileged attacker
could use this to obtain sensitive information. (CVE-2023-23908)
CVEs:

Title: USN-6290-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6290-1
Priorities: medium,low
Description:
It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-48281)

It was discovered that LibTIFF incorrectly handled certain image files. If
a user were tricked into opening a specially crafted image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 23.04. (CVE-2023-2731)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-2908)

It was discovered that LibTIFF incorrectly handled certain file paths. If
a user were tricked into specifying certain output paths, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2023-3618)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966)

It was discovered that LibTIFF did not properly managed memory when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-26965)

It was discovered that LibTIFF contained an arithmetic overflow. If a user
were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-38288, CVE-2023-38289)
CVEs:

Title: USN-6293-1: OpenStack Heat vulnerability
URL: https://ubuntu.com/security/notices/USN-6293-1
Priorities: medium
Description:
It was discovered that OpenStack Heat incorrectly handled certain hidden
parameter values. A remote authenticated user could possibly use this issue
to obtain sensitive data.
CVEs:

Title: USN-6288-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6288-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.34 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-34.html
https://www.oracle.com/security-alerts/cpujul2023.html
CVEs:

Title: USN-6289-1: WebKitGTK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6289-1
Priorities: medium
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
CVEs:

Title: USN-6294-1: HAProxy vulnerability
URL: https://ubuntu.com/security/notices/USN-6294-1
Priorities: medium
Description:
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
CVEs:

Assets 2
Loading

ubuntu jammy v1.199

14 Aug 09:05
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.199
37c01f0
Compare
Choose a tag to compare
ubuntu jammy v1.199

Metadata:

BOSH Agent Version: 2.568.0

Important Notice.

  • the kernel has been updated to 6.2 see #296
  • added support for the azure blob storage #295

USNs:

Title: USN-6277-2: Dompdf vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6277-2
Priorities: low,medium
Description:
USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Dompdf was not properly validating untrusted input when
processing HTML content under certain circumstances. An attacker could
possibly use this issue to expose sensitive information or execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)

It was discovered that Dompdf was not properly validating processed HTML
content that referenced PHAR files, which could result in the deserialization
of untrusted data. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-3838)

It was discovered that Dompdf was not properly validating processed HTML
content that referenced both a remote base and a local file, which could
result in the bypass of a chroot check. An attacker could possibly use this
issue to expose sensitive information. (CVE-2022-2400)
CVEs:

Title: USN-6273-1: poppler vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6273-1
Priorities: low,medium
Description:
Jieyong Ma discovered that poppler incorrectly handled certain malformed
PDF files. A remote attacker could possibly use this issue to cause poppler
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-27337)

It was discovered that poppler incorrectly handled certain malformed PDF
files. A remote attacker could possibly use this issue to cause poppler to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.04. (CVE-2023-34872)
CVEs:

Title: USN-6285-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6285-1
Priorities: medium,high,low
Description:
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)

It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)

Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in
the Ubuntu Linux kernel did not properly perform permission checks in
certain situations. A local attacker could possibly use this to gain
elevated privileges. (CVE-2023-32629)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3390)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)

It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)

It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
CVEs:

Title: USN-6260-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6260-1
Priorities: medium,high,low
Description:
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)

It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code....

Read more
Assets 2
Loading

ubuntu jammy v1.181

26 Jul 14:48
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.181
46e4720
Compare
Choose a tag to compare
ubuntu jammy v1.181

Metadata:

BOSH Agent Version: 2.560.0

USNs:

Title: USN-6243-1: Graphite-Web vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6243-1
Priorities: medium
Description:
It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
server-side request forgery and obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638)

It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
cross site scripting and obtain sensitive information. (CVE-2022-4728,
CVE-2022-4729, CVE-2022-4730)
CVEs:

Title: USN-6244-1: AMD Microcode vulnerability
URL: https://ubuntu.com/security/notices/USN-6244-1
Priorities: high
Description:
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local attacker
could use this to expose sensitive information.
CVEs:

Title: USN-6241-1: OpenStack vulnerability
URL: https://ubuntu.com/security/notices/USN-6241-1
Priorities: medium
Description:
Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.

This update may require configuration changes, please see the upstream
advisory and the other links below for more information:

https://security.openstack.org/ossa/OSSA-2023-003.html
https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051
https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html
CVEs:

Title: USN-6246-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6246-1
Priorities: high,medium
Description:
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)

Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3389)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3390)

Lin Ma discovered that a race condition existed in the MCTP implementation
in the Linux kernel, leading to a use-after-free vulnerability. A
privileged attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-3439)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)
CVEs:

Assets 2
Loading

ubuntu jammy v1.179

24 Jul 20:55
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.179
46e4720
Compare
Choose a tag to compare
ubuntu jammy v1.179

Metadata:

BOSH Agent Version: 2.560.0

USNs:

Title: USN-6200-1: ImageMagick vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6200-1
Priorities: negligible,medium,low
Description:
It was discovered that ImageMagick incorrectly handled the "-authenticate"
option for password-protected PDF files. An attacker could possibly use
this issue to inject additional shell commands and perform arbitrary code
execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)

It was discovered that ImageMagick incorrectly handled certain values
when processing PDF files. If a user or automated system using ImageMagick
were tricked into opening a specially crafted PDF file, an attacker could
exploit this to cause a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20224)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain
values when processing image data. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could exploit this to cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)

It was discovered that ImageMagick incorrectly handled certain values
when processing visual effects based image files. By tricking a user into
opening a specially crafted image file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-20244, CVE-2021-20309)

It was discovered that ImageMagick incorrectly handled certain values
when performing resampling operations. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20246)

It was discovered that ImageMagick incorrectly handled certain values
when processing thumbnail image data. By tricking a user into opening
a specially crafted image file, an attacker could crash the application
causing a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20312)

It was discovered that ImageMagick incorrectly handled memory cleanup
when performing certain cryptographic operations. Under certain conditions
sensitive cryptographic information could be disclosed. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-20313)

It was discovered that ImageMagick did not use the correct rights when
specifically excluded by a module policy. An attacker could use this issue
to read and write certain restricted files. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-39212)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,
CVE-2023-3428)

It was discovered that ImageMagick incorrectly handled certain values
when processing specially crafted SVG files. By tricking a user into
opening a specially crafted SVG file, an attacker could crash the
application causing a denial of service. This issue only affected Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
tiff file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)

It was discovered that ImageMagick incorrectly handled memory under certain
circumstances. If a user were tricked into opening a specially crafted
image file, an attacker could possibly exploit this issue to cause a denial
of service or other unspecified impact. (CVE-2023-34151)
CVEs:

Title: USN-6236-1: ConnMan vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6236-1
Priorities: medium
Description:
It was discovered that ConnMan could be made to write out of bounds. A
remote attacker could possibly use this issue to cause ConnMan to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-26675, CVE-2021-33833)

It was discovered that ConnMan could be made to leak sensitive information
via the gdhcp component. A remote attacker could possibly use this issue
to obtain information for further exploitation. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676)

It was discovered that ConnMan could be made to read out of bounds. A
remote attacker could possibly use this issue to case ConnMan to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-23096, CVE-2022-23097)

It was discovered that ConnMan could be made to run into an infinite loop.
A remote attacker could possibly use this issue to cause ConnMan to
consume resources and to stop operating, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098)

It was discovered that ConnMan could be made to write out of bounds via
the gweb component. A remote attacker could possibly use this issue to
cause ConnMan to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292)

It was discovered that ConnMan did not properly manage memory under
certain circumstances. A remote attacker could possibly use this issue to
cause ConnMan to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293)

It was discovered that ConnMan could be made to write out of bounds via
the gdhcp component. A remote attacker could possibly use this issue to
cause ConnMan to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-28488)
CVEs:

Title: USN-6189-1: etcd vulnerability
URL: https://ubuntu.com/security/notices/USN-6189-1
Priorities: medium
Description:
It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd
authentication credentials and possibly escalate privileges on
systems using etcd.
CVEs:

Read more
Assets 2
Loading

ubuntu jammy v1.148

29 Jun 20:55
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.148
07f5718
Compare
Choose a tag to compare
ubuntu jammy v1.148

Metadata:

BOSH Agent Version: 2.548.0

USNs:

Title: USN-6161-2: .NET regression
URL: https://ubuntu.com/security/notices/USN-6161-2
Priorities: medium
Description:
USN-6161-1 fixed vulnerabilities in .NET. The update introduced
a regression with regards to how the runtime imported X.509
certificates. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that .NET did not properly enforce certain
restrictions when deserializing a DataSet or DataTable from
XML. An attacker could possibly use this issue to elevate their
privileges. (CVE-2023-24936)

Kevin Jones discovered that .NET did not properly handle the
AIA fetching process for X.509 client certificates. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-29331)

Kalle Niemitalo discovered that the .NET package manager,
NuGet, was susceptible to a potential race condition. An
attacker could possibly use this issue to perform remote
code execution. (CVE-2023-29337)

Tom Deseyn discovered that .NET did not properly process certain
arguments when extracting the contents of a tar file. An attacker
could possibly use this issue to elevate their privileges. This
issue only affected the dotnet7 package. (CVE-2023-32032)

It was discovered that .NET did not properly handle memory in
certain circumstances. An attacker could possibly use this issue
to cause a denial of service or perform remote code execution.
(CVE-2023-33128)
CVEs:

Title: USN-6184-1: CUPS vulnerability
URL: https://ubuntu.com/security/notices/USN-6184-1
Priorities: medium
Description:
It was discovered that CUPS incorrectly handled certain memory operations.
An attacker could possibly use this issue to cause CUPS to crash, resulting
in a denial of service, or possibly obtain sensitive information.
CVEs:

Title: USN-6192-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6192-1
Priorities: high
Description:
Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the
Linux kernel did not properly handle locking when IOPOLL mode is being
used. A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-2430)

It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)
CVEs:

Assets 2
Loading

ubuntu jammy v1.147

26 Jun 19:54
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.147
07f5718
Compare
Choose a tag to compare
ubuntu jammy v1.147

Metadata:

BOSH Agent Version: 2.548.0

USNs:

Title: USN-6180-1: VLC media player vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6180-1
Priorities: low,medium
Description:
It was discovered that VLC could be made to read out of bounds when
decoding image files. If a user were tricked into opening a crafted image
file, a remote attacker could possibly use this issue to cause VLC to
crash, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721)

It was discovered that VLC could be made to write out of bounds when
processing H.264 video files. If a user were tricked into opening a
crafted H.264 video file, a remote attacker could possibly use this issue
to cause VLC to crash, leading to a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-13428)

It was discovered that VLC could be made to read out of bounds when
processing AVI video files. If a user were tricked into opening a crafted
AVI video file, a remote attacker could possibly use this issue to cause
VLC to crash, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801,
CVE-2021-25802, CVE-2021-25803, CVE-2021-25804)

It was discovered that the VNC module of VLC contained an arithmetic
overflow. If a user were tricked into opening a crafted playlist or
connecting to a rouge VNC server, a remote attacker could possibly use
this issue to cause VLC to crash, leading to a denial of service, or
possibly execute arbitrary code. (CVE-2022-41325)
CVEs:

Title: USN-6163-1: pano13 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6163-1
Priorities: medium
Description:
It was discovered that pano13 did not properly validate the prefix provided
for PTcrop's output. An attacker could use this issue to cause pano13 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307)

It was discovered that pano13 did not properly handle certain crafted TIFF
images. An attacker could use this issue to cause pano13 to crash,
resulting in a denial of service. (CVE-2021-33293)
CVEs:

Title: USN-6146-1: Netatalk vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6146-1
Priorities: medium,high
Description:
It was discovered that Netatalk did not properly validate the length of
user-supplied data in the DSI structures. A remote attacker could possibly
use this issue to execute arbitrary code with the privileges of the user
invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2021-31439)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the ad_addcomment function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-0194)

It was discovered that Netatalk did not properly handle errors when parsing
AppleDouble entries. A remote attacker could possibly use this issue to
execute arbitrary code with root privileges. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-23121)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the setfilparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23122)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the getdirparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the get_finderinfo function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23124)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the copyapplfile function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the dsi_writeinit function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu
22.10. (CVE-2022-43634)

It was discovered that Netatalk did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted .appl file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-45188)
CVEs:

Title: USN-6167-1: QEMU vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6167-1
Priorities: low,medium
Description:
It was discovered that QEMU did not properly manage the guest drivers when
shared buffers are not allocated. A malicious guest driver could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)

It was discovered that QEMU did not properly check the size of the
structure pointed to by the guest physical address pqxl. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2022-4144)

It was discovered that QEMU did not properly manage memory in the ACPI
Error Record Serialization Table (ERST) device. A malicious guest attacker
could use this issue to cause QEMU to crash, resulting in a denial of
service. This issue only affected Ubuntu 22.10. (CVE-2022-4172)

It was discovered that QEMU did not properly manage memory when DMA memory
writes happen repeatedly in the lsi53c895a device. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. (CVE-2023-0330)
CVEs:

Title: USN-6169-1: GNU SASL vulnerability
URL: https://ubuntu.com/security/notices/USN-6169-1
Priorities: low
Description:
It was discovered that GNU SASL's GSSAPI server could make an
out-of-bounds reads if given specially crafted GSS-API authentication
data. A remote attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
CVEs:

Title: USN-6145-1: Sysstat vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6145-1
Priorities: medium
Description:
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)

It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications in 64-bit systems, as a result of an incomplete fi...

Read more
Assets 2
Loading

ubuntu bionic v1.204

02 Jun 15:31
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-bionic/v1.204
f1a6cd9
Compare
Choose a tag to compare
ubuntu bionic v1.204

Metadata:

BOSH Agent Version: 2.536.0

USNs:

Title: USN-6117-1: Apache Batik vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6117-1
Priorities: medium
Description:
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
CVEs:

Title: USN-6099-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6099-1
Priorities: negligible,medium
Description:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)

It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
CVEs:

Title: USN-6076-1: Synapse vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6076-1
Priorities: medium,low
Description:
It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2019-18835, CVE-2018-12291, CVE-2018-10657)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to hijack the
session. (CVE-2019-11842, CVE-2018-12423)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
spoofing or user impersonation. (CVE-2019-5885, CVE-2018-16515)
CVEs:

Title: USN-6098-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6098-1
Priorities: medium,low
Description:
It was discovered that Jhead did not properly handle certain crafted images
while processing the JFIF markers. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2019-19035)

It was discovered that Jhead did not properly handle certain crafted images
while processing longitude tags. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301)

It was discovered that Jhead did not properly handle certain crafted images
while processing IPTC data. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302)

Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing the DQT data. An attacker could cause Jhead to crash.
(CVE-2020-6624)

Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing longitude data. An attacker could cause Jhead to crash.
(CVE-2020-6625)

Feng Zhao Yang discovered that Jhead did not properly handle certain crafted
images while reading JPEG sections. An attacker could cause Jhead to crash.
(CVE-2020-26208)

It was discovered that Jhead did not properly handle certain crafted images
while processing Canon images. An attacker could cause Jhead to crash.
(CVE-2021-28276)

It was discovered that Jhead did not properly handle certain crafted images
when removing a certain type of sections. An attacker could cause Jhead to
crash. (CVE-2021-28278)
CVEs:

Title: USN-6108-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6108-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted images
while rotating them. An attacker could possibly use this issue to crash Jhead,
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images while regenerating the Exif thumbnail. An attacker could possibly use
this issue to execute arbitrary commands. (CVE-2022-41751)
CVEs:

Title: USN-6110-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6110-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
CVEs:

Read more
Assets 2
Loading

ubuntu jammy v1.125

02 Jun 15:32
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.125
954951b
Compare
Choose a tag to compare
ubuntu jammy v1.125

Metadata:

BOSH Agent Version: 2.536.0

USNs:

Title: USN-6117-1: Apache Batik vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6117-1
Priorities: medium
Description:
It was discovered that Apache Batik incorrectly handled certain inputs. An
attacker could possibly use this to perform a cross site request forgery
attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)

It was discovered that Apache Batik incorrectly handled Jar URLs in some
situations. A remote attacker could use this issue to access files on the
server. (CVE-2022-40146)

It was discovered that Apache Batik allowed running untrusted Java code from
an SVG. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)
CVEs:

Title: USN-6099-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6099-1
Priorities: negligible,medium
Description:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)

It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
CVEs:

Title: USN-6102-1: xmldom vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6102-1
Priorities: medium
Description:
It was discovered that xmldom incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause
unexpected syntactic changes during XML processing. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-21366)

It was discovered that xmldom incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-37616, CVE-2022-39353)
CVEs:

Title: USN-6108-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6108-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted images
while rotating them. An attacker could possibly use this issue to crash Jhead,
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images while regenerating the Exif thumbnail. An attacker could possibly use
this issue to execute arbitrary commands. (CVE-2022-41751)
CVEs:

Title: USN-6110-1: Jhead vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6110-1
Priorities: medium
Description:
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)

It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)

It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
CVEs:

Title: USN-6126-1: libvirt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6126-1
Priorities: low,medium
Description:
It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-0897)

It was discovered that libvirt incorrectly handled queries for the SR-IOV
PCI device capabilities. A local attacker could possibly use this issue to
cause libvirt to consume resources, leading to a denial of service.
(CVE-2023-2700)
CVEs:

Title: USN-6116-1: hawk vulnerability
URL: https://ubuntu.com/security/notices/USN-6116-1
Priorities: medium
Description:
It was discovered that hawk incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
CVEs:

Title: USN-6089-1: Linux kernel (OEM) vulnerability
URL: https://ubuntu.com/security/notices/USN-6089-1
Priorities: medium
Description:
It was discovered that the Intel i915 graphics driver in the Linux kernel
did not perform a GPU TLB flush in some situations. A local attacker could
use this to cause a denial of service or possibly execute arbitrary code.
CVEs:

Title: USN-6125-1: snapd vulnerability
URL: https://ubuntu.com/security/notices/USN-6125-1
Priorities: medium
Description:
It was discovered that the snap sandbox did not restrict the use of the
ioctl system call with a TIOCLINUX request. This could be exploited by a
malicious snap to inject commands into the controlling terminal which would
then be executed outside of the snap sandbox once the snap had exited. This
could allow an attacker to execute arbitrary commands outside of the
confined snap sandbox. Note: graphical terminal emulators like xterm,
gnome-terminal and others are not affected - this can only be exploited
when snaps are run on a virtual console.
CVEs:

Title: USN-6101-1: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6101-1
Priorities: medium,low
Description:
It was discovered that GNU binutils incorrectly handled certain DWARF
files. An attacker could possibly use this issue to cause a crash or
execute arbitrary code. This issue only affected Ubuntu 22.10.
(CVE-2023-1579)

It was discovered that GNU binutils did not properly verify the version
definitions in zer0-lengthverdef table. An attacker could possibly use this
issue to cause a crash or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 22.10 and Ub...

Read more
Assets 2
Loading

ubuntu jammy v1.117

22 May 22:48
@cf-bosh-ci-bot cf-bosh-ci-bot
ubuntu-jammy/v1.117
82972c4
Compare
Choose a tag to compare
ubuntu jammy v1.117

Metadata:

BOSH Agent Version: 2.533.0

USNs:

Title: USN-6049-1: Netty vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6049-1
Priorities: medium
Description:
It was discovered that Netty's Zlib decoders did not limit memory
allocations. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-11612)

It was discovered that Netty created temporary files with excessive
permissions. A local attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu
18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)

It was discovered that Netty did not properly validate content-length
headers. A remote attacker could possibly use this issue to smuggle
requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,
CVE-2021-21409)

It was discovered that Netty's Bzip2 decompression decoder did not limit
the decompressed output data size. A remote attacker could possibly use
this issue to cause Netty to exhaust memory via malicious input, leading
to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu
20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)

It was discovered that Netty's Snappy frame decoder function did not limit
chunk lengths. A remote attacker could possibly use this issue to cause
Netty to exhaust memory via malicious input, leading to a denial of
service. (CVE-2021-37137)

It was discovered that Netty did not properly handle control chars at the
beginning and end of header names. A remote attacker could possibly use
this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM,
Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)

It was discovered that Netty could be made into an infinite recursion when
parsing a malformed crafted message. A remote attacker could possibly use
this issue to cause Netty to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-41881)

It was discovered that Netty did not validate header values under certain
circumstances. A remote attacker could possibly use this issue to perform
HTTP response splitting via malicious header values. This issue only
affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu
22.10. (CVE-2022-41915)
CVEs:

Title: USN-6067-1: OpenStack Neutron vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6067-1
Priorities: medium
Description:
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)

Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)

Pavel Toporkov discovered that OpenStack Neutron incorrectly handled
extra_dhcp_opts values. An attacker could possibly use this issue to
reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS. (CVE-2021-40085)

Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the
routes middleware. An attacker could possibly use this issue to cause the
API worker to consume memory, leading to a denial of service. This issue
only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40797)

It was discovered that OpenStack Neutron incorrectly handled certain
queries. A remote authenticated user could possibly use this issue to cause
resource consumption, leading to a denial of service. (CVE-2022-3277)
CVEs:

Title: USN-6037-1: Apache Commons Net vulnerability
URL: https://ubuntu.com/security/notices/USN-6037-1
Priorities: medium
Description:
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted
the host from PASV responses by default. A remote attacker with a
malicious FTP server could redirect the client to another server, which
could possibly result in leaked information about services running on the
private network of the client.
CVEs:

Title: USN-6063-1: Ceph vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6063-1
Priorities: low,medium
Description:
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.
An attacker could possibly use this issue to create non-random encryption
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3979)

It was discovered that Ceph incorrectly handled the volumes plugin. An
attacker could possibly use this issue to obtain access to any share. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-0670)

It was discovered that Ceph incorrectly handled crash dumps. A local
attacker could possibly use this issue to escalate privileges to root. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-3650)

It was discovered that Ceph incorrectly handled URL processing on RGW
backends. An attacker could possibly use this issue to cause RGW to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 22.10. (CVE-2022-3854)
CVEs:

Title: USN-6079-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6079-1
Priorities: medium,low,negligible
Description:
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-48423)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48424)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer lengths, leading to a heap-based buffer overflow.
A remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2023-0210)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

...

Read more
Assets 2
Loading