Stemcell (Linux) Release Notes

This topic includes release notes for Linux stemcells used with Ops Manager.

Xenial Stemcells

The following sections describe each Xenial stemcell release.

621.x

This section includes release notes for the 621.x line of Linux stemcells used with Ops Manager.

621.252

Available in VMware Tanzu Network

Release Date: June 17, 2022

Metadata:

BOSH Agent Version: 2.268.80

USNs:


Title: USN-5477-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5477-1
Priorities: negligible,low
Description:
Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)

Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)

It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)
CVEs:
- https://ubuntu.com/security/CVE-2017-16879
- https://ubuntu.com/security/CVE-2018-19211
- https://ubuntu.com/security/CVE-2019-17594
- https://ubuntu.com/security/CVE-2019-17595
- https://ubuntu.com/security/CVE-2021-39537
- https://ubuntu.com/security/CVE-2022-29458
- https://ubuntu.com/security/CVE-2017-16879
- https://ubuntu.com/security/CVE-2018-19211
- https://ubuntu.com/security/CVE-2019-17595
- https://ubuntu.com/security/CVE-2019-17594
- https://ubuntu.com/security/CVE-2022-29458
- https://ubuntu.com/security/CVE-2021-39537

Title: LSN-0087-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0087-1
Priorities: high,medium
Description:
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1966)

Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)
CVEs:
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-1972
- https://ubuntu.com/security/CVE-2022-1972
- https://ubuntu.com/security/CVE-2022-1966

621.251

Available in VMware Tanzu Network

Release Date: June 14, 2022

Metadata:

BOSH Agent Version: 2.268.80

USNs:


Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5458-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5458-1
Priorities: low,medium
Description:
It was discovered that Vim was incorrectly handling virtual column
position operations, which could result in an out-of-bounds read. An
attacker could possibly use this issue to expose sensitive
information. (CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks
when updating windows present on a screen, which could result in a
heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly handling window
exchanging operations when in Visual mode, which could result in an
out-of-bounds read. An attacker could possibly use this issue to
expose sensitive information. (CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when
parsing conditional expressions. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2022-0351)

It was discovered that Vim was not properly handling memory
allocation when processing data in Ex mode, which could result in a
heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code.
(CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks
when executing line operations in Visual mode, which could result in
a heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code.
(CVE-2022-0361, CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions
when looking for spell suggestions, which could result in a stack
buffer overflow. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access
when executing buffer operations, which could result in the usage of
freed memory. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-0443)
CVEs:
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0408
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0408

Title: USN-5464-1: e2fsprogs vulnerability
URL: https://ubuntu.com/security/notices/USN-5464-1
Priorities: medium
Description:
Nils Bars discovered that e2fsprogs incorrectly handled certain file
systems. A local attacker could use this issue with a crafted file
system image to possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-1304

Title: USN-5466-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5466-1
Priorities: high,low,medium
Description:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle locking in certain error conditions. A local
attacker could use this to cause a denial of service (kernel deadlock).
(CVE-2021-4149)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2021-3772
- https://ubuntu.com/security/CVE-2021-4149
- https://ubuntu.com/security/CVE-2022-1016
- https://ubuntu.com/security/CVE-2022-1419
- https://ubuntu.com/security/CVE-2022-28356
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1016
- https://ubuntu.com/security/CVE-2021-4149
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-3772
- https://ubuntu.com/security/CVE-2022-28356
- https://ubuntu.com/security/CVE-2022-1419

Title: USN-5465-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5465-1
Priorities: high,medium
Description:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-30594

Title: USN-5454-2: CUPS vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5454-2
Priorities: medium,low
Description:
USN-5454-1 fixed several vulnerabilities in CUPS. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Joshua Mason discovered that CUPS incorrectly handled the secret key used
to access the administrative web interface. A remote attacker could
possibly use this issue to open a session as an administrator and execute
arbitrary code. (CVE-2022-26691)

It was discovered that CUPS incorrectly handled certain memory operations
when handling IPP printing. A remote attacker could possibly use this issue
to cause CUPS to crash, leading to a denial of service, or obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2019-8842, CVE-2020-10001)
CVEs:
- https://ubuntu.com/security/CVE-2022-26691
- https://ubuntu.com/security/CVE-2019-8842
- https://ubuntu.com/security/CVE-2020-10001
- https://ubuntu.com/security/CVE-2022-26691
- https://ubuntu.com/security/CVE-2020-10001
- https://ubuntu.com/security/CVE-2019-8842

Title: USN-5456-1: ImageMagick vulnerability
URL: https://ubuntu.com/security/notices/USN-5456-1
Priorities: medium
Description:
It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into opening a specially
crafted image, an attacker could possibly exploit this issue to cause a
denial of service or other unspecified impact.
CVEs:
- https://ubuntu.com/security/CVE-2022-28463

Title: USN-5462-2: Ruby vulnerability
URL: https://ubuntu.com/security/notices/USN-5462-2
Priorities: low
Description:
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2022-28739
- https://ubuntu.com/security/CVE-2022-28739

621.245

Available in VMware Tanzu Network

Release Date: June 02, 2022

Metadata:

BOSH Agent Version: 2.268.78

USNs:


Title: USN-5449-1: libXv vulnerability
URL: https://ubuntu.com/security/notices/USN-5449-1
Priorities: low
Description:
It was discovered that libXv incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-5407

Title: USN-5437-1: libXfixes vulnerability
URL: https://ubuntu.com/security/notices/USN-5437-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-7944

Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5452-1: NTFS-3G vulnerability
URL: https://ubuntu.com/security/notices/USN-5452-1
Priorities: low
Description:
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-46790

Title: USN-5402-2: OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5402-2
Priorities: medium,low
Description:
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
CVEs:
- https://ubuntu.com/security/CVE-2022-1292
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1292

Title: USN-5446-2: dpkg vulnerability
URL: https://ubuntu.com/security/notices/USN-5446-2
Priorities: medium
Description:
USN-5446-1 fixed a vulnerability in dpkg. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
CVEs:
- https://ubuntu.com/security/CVE-2022-1664

Title: USN-5404-2: Rsyslog vulnerability
URL: https://ubuntu.com/security/notices/USN-5404-2
Priorities: medium
Description:
USN-5404-1 addressed a vulnerability in Rsyslog. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Pieter Agten discovered that Rsyslog incorrectly handled certain requests.
An attacker could possibly use this issue to cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2022-24903

Title: USN-5453-1: FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-5453-1
Priorities: low
Description:
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-27406

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

621.244

Available in VMware Tanzu Network

Release Date: May 25, 2022

Metadata:

BOSH Agent Version: 2.268.77

USNs:


Title: USN-5428-1: libXrandr vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5428-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXrandr incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7947, CVE-2016-7948)
CVEs:
- https://ubuntu.com/security/CVE-2016-7947
- https://ubuntu.com/security/CVE-2016-7948
- https://ubuntu.com/security/CVE-2016-7947
- https://ubuntu.com/security/CVE-2016-7948

Title: USN-5436-1: libXrender vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5436-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXrender incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7949, CVE-2016-7950)
CVEs:
- https://ubuntu.com/security/CVE-2016-7949
- https://ubuntu.com/security/CVE-2016-7950
- https://ubuntu.com/security/CVE-2016-7950
- https://ubuntu.com/security/CVE-2016-7949

Title: USN-5432-1: libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5432-1
Priorities: low
Description:
It was discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2017-12652)

Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2018-14048)
CVEs:
- https://ubuntu.com/security/CVE-2017-12652
- https://ubuntu.com/security/CVE-2018-14048
- https://ubuntu.com/security/CVE-2017-12652
- https://ubuntu.com/security/CVE-2018-14048

Title: USN-5425-1: PCRE vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5425-1
Priorities: low,negligible
Description:
Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)

It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)
CVEs:
- https://ubuntu.com/security/CVE-2019-20838
- https://ubuntu.com/security/CVE-2020-14155
- https://ubuntu.com/security/CVE-2020-14155
- https://ubuntu.com/security/CVE-2019-20838

Title: USN-5421-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5421-1
Priorities: negligible,low,medium
Description:
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)

Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)

It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865)
CVEs:
- https://ubuntu.com/security/CVE-2020-35522
- https://ubuntu.com/security/CVE-2022-0561
- https://ubuntu.com/security/CVE-2022-0562
- https://ubuntu.com/security/CVE-2022-0891
- https://ubuntu.com/security/CVE-2022-0865
- https://ubuntu.com/security/CVE-2022-0891
- https://ubuntu.com/security/CVE-2022-0562
- https://ubuntu.com/security/CVE-2022-0561
- https://ubuntu.com/security/CVE-2020-35522
- https://ubuntu.com/security/CVE-2022-0865

Title: USN-5423-2: ClamAV vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5423-2
Priorities: low,medium
Description:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.


Original advisory details:

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)
CVEs:
- https://ubuntu.com/security/CVE-2022-20770
- https://ubuntu.com/security/CVE-2022-20771
- https://ubuntu.com/security/CVE-2022-20785
- https://ubuntu.com/security/CVE-2022-20792
- https://ubuntu.com/security/CVE-2022-20796
- https://ubuntu.com/security/CVE-2022-20771
- https://ubuntu.com/security/CVE-2022-20796
- https://ubuntu.com/security/CVE-2022-20785
- https://ubuntu.com/security/CVE-2022-20792
- https://ubuntu.com/security/CVE-2022-20770

Title: USN-5424-2: OpenLDAP vulnerability
URL: https://ubuntu.com/security/notices/USN-5424-2
Priorities: medium
Description:
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
CVEs:
- https://ubuntu.com/security/CVE-2022-29155

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

621.241

Available in VMware Tanzu Network

Release Date: May 17, 2022

Metadata:

BOSH Agent Version: 2.268.76

USNs:


Title: USN-5407-1: Cairo vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5407-1
Priorities: low
Description:
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)

Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
CVEs:
- https://ubuntu.com/security/CVE-2016-9082
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2016-9082

Title: USN-5389-1: Libcroco vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5389-1
Priorities: low
Description:
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
CVEs:
- https://ubuntu.com/security/CVE-2017-7960
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2017-7960

Title: USN-5405-1: jbig2dec vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5405-1
Priorities: low
Description:
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)

It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
CVEs:
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268

Title: USN-5259-3: Cron regression
URL: https://ubuntu.com/security/notices/USN-5259-3
Priorities: low
Description:
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5419-1: Rsyslog vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5419-1
Priorities: low
Description:
It was discovered that Rsyslog improperly handled certain invalid input. An
attacker could use this issue to cause Rsyslog to crash.
CVEs:
- https://ubuntu.com/security/CVE-2018-16881
- https://ubuntu.com/security/CVE-2019-17042
- https://ubuntu.com/security/CVE-2019-17041

Title: USN-5413-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5413-1
Priorities: low,medium
Description:
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)

It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-39713)

It was discovered that the Parallel NFS (pNFS) implementation in the Linux
kernel did not properly perform bounds checking in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-4157)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2020-27820
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2020-27820

Title: USN-5418-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5418-1
Priorities: medium,low
Description:
Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre
Variant 2 mitigations for AMD processors on Linux were insufficient in some
situations. A local attacker could possibly use this to expose sensitive
information. (CVE-2021-26401)

Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038,
CVE-2022-23039, CVE-2022-23040, CVE-2022-23042)

It was discovered that the USB Gadget file system interface in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-24958)

It was discovered that the USB gadget subsystem in the Linux kernel did not
properly validate interface descriptor requests. An attacker could possibly
use this to cause a denial of service (system crash). (CVE-2022-25258)

It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in
the Linux kernel did not properly validate the size of the RNDIS_MSG_SET
command. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-25375)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the USB SR9700 ethernet device driver for the Linux
kernel did not properly validate the length of requests from the device. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-26966)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)
CVEs:
- https://ubuntu.com/security/CVE-2021-26401
- https://ubuntu.com/security/CVE-2022-23036
- https://ubuntu.com/security/CVE-2022-23037
- https://ubuntu.com/security/CVE-2022-23038
- https://ubuntu.com/security/CVE-2022-23039
- https://ubuntu.com/security/CVE-2022-23040
- https://ubuntu.com/security/CVE-2022-23042
- https://ubuntu.com/security/CVE-2022-24958
- https://ubuntu.com/security/CVE-2022-25258
- https://ubuntu.com/security/CVE-2022-25375
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-26966
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-23038
- https://ubuntu.com/security/CVE-2022-24958
- https://ubuntu.com/security/CVE-2021-26401
- https://ubuntu.com/security/CVE-2022-23042
- https://ubuntu.com/security/CVE-2022-25258
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-26966
- https://ubuntu.com/security/CVE-2022-23039
- https://ubuntu.com/security/CVE-2022-23040
- https://ubuntu.com/security/CVE-2022-25375
- https://ubuntu.com/security/CVE-2022-23037
- https://ubuntu.com/security/CVE-2022-23036

Title: USN-5179-2: BusyBox vulnerability
URL: https://ubuntu.com/security/notices/USN-5179-2
Priorities: low
Description:
USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)
CVEs:
- https://ubuntu.com/security/CVE-2021-28831
- https://ubuntu.com/security/CVE-2021-28831

Title: USN-5392-1: Mutt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5392-1
Priorities: low,medium
Description:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055)

It was discovered that Mutt incorrectly handled certain input.
An attacker could possibly use this issue to cause a crash,
or expose sensitive information. (CVE-2022-1328)
CVEs:
- https://ubuntu.com/security/CVE-2021-32055
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2021-32055

Title: USN-5391-1: libsepol vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5391-1
Priorities: low
Description:
Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)
CVEs:
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36087
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36087

Title: USN-5409-1: libsndfile vulnerability
URL: https://ubuntu.com/security/notices/USN-5409-1
Priorities: low
Description:
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2021-4156

Title: USN-5385-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5385-1
Priorities: medium,low,negligible
Description:
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
CVEs:
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617

Title: USN-5400-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5400-2
Priorities: medium
Description:
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21417
- https://ubuntu.com/security/CVE-2022-21451
- https://ubuntu.com/security/CVE-2022-21460
- https://ubuntu.com/security/CVE-2022-21444
- https://ubuntu.com/security/CVE-2022-21454
- https://ubuntu.com/security/CVE-2022-21427

Title: USN-5354-2: Twisted vulnerability
URL: https://ubuntu.com/security/notices/USN-5354-2
Priorities: medium
Description:
USN-5354-1 fixed vulnerabilities in Twisted. This update provides the
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
CVEs:
- https://ubuntu.com/security/CVE-2022-21716
- https://ubuntu.com/security/CVE-2022-21716

621.236

Available in VMware Tanzu Network

Release Date: April 21, 2022

Notice:

The kernel patches included in 621.224 are now in the main kernel repository and have been included in this release.

Metadata:

BOSH Agent Version: 2.268.72

USNs:


Title: USN-5371-1: nginx vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5371-1
Priorities: medium,low
Description:
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)

It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)

It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
CVEs:
- https://ubuntu.com/security/CVE-2020-11724
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-11724

Title: USN-5373-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5373-2
Priorities: high,medium
Description:
USN-5373-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain certain column
aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A
remote attacker could possibly use this issue to perform an SQL injection
attack. (CVE-2022-28346)

It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. (CVE-2021-32052)
CVEs:
- https://ubuntu.com/security/CVE-2022-28346
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2022-28346

621.224

Available in VMware Tanzu Network

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 621.216. We have tested this patched kernel against the problems seen in 621.216 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.268.65

USNs:

Title: USN-5322-1: Subversion vulnerability
URL: https://ubuntu.com/security/notices/USN-5322-1
Priorities: medium
Description:
Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-17525

Title: USN-5328-2: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-5328-2
Priorities: high
Description:
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-0778

Title: USN-5320-1: Expat vulnerabilities and regression
URL: https://ubuntu.com/security/notices/USN-5320-1
Priorities: high,medium
Description:
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)

Original advisory details:

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
CVEs:
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25313
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25313

Title: USN-5334-1: man-db vulnerability
URL: https://ubuntu.com/security/notices/USN-5334-1
Priorities: low
Description:
It was discovered that man-db incorrectly handled permission changing
operations in its daily cron job, and was therefore affected by a race
condition. An attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2015-1336

Title: USN-5331-1: tcpdump vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5331-1
Priorities: low
Description:
It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)
CVEs:
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037

Title: USN-5325-1: Zsh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5325-1
Priorities: low
Description:
Sam Foxman discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to regain dropped privileges.
(CVE-2019-20044)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-45444)
CVEs:
- https://ubuntu.com/security/CVE-2019-20044
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2019-20044

Title: USN-5329-1: tar vulnerability
URL: https://ubuntu.com/security/notices/USN-5329-1
Priorities: low
Description:
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-20193

Title: USN-5332-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5332-2
Priorities: medium
Description:
USN-5332-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
CVEs:
- https://ubuntu.com/security/CVE-2021-25220
- https://ubuntu.com/security/CVE-2021-25220

Title: USN-5343-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5343-1
Priorities: high,low,medium,negligible
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)

It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)

It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Asaf Modelevsky discovered that the Intel® Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)

It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)

It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-29650
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-29650

Title: USN-5339-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5339-1
Priorities: high,medium,low
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

It was discovered that the ARM Trusted Execution Environment (TEE)
subsystem in the Linux kernel contained a race condition leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service or possibly execute arbitrary code. (CVE-2021-44733)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095

621.216

Release Date: March 09, 2022

Known Iissues

621.211

Available in VMware Tanzu Network

Release Date: February 21, 2022

Metadata:

BOSH Agent Version: 2.268.61

USNs:


Title: USN-5264-1: Graphviz vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5264-1
Priorities: low,medium
Description:
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)
CVEs:
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2019-11023
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2019-11023

Title: USN-5262-1: GPT fdisk vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5262-1
Priorities: low
Description:
The potential for an out of bounds write due to a missing bounds
check was discovered to impact the sgdisk utility of GPT fdisk.
Exploitation requires the use of a maliciously formatted storage
device and could cause sgdisk to crash as well as possibly
allow for local privilege escalation.
CVEs:
- https://ubuntu.com/security/CVE-2020-0256
- https://ubuntu.com/security/CVE-2021-0308

Title: USN-5280-1: Speex vulnerability
URL: https://ubuntu.com/security/notices/USN-5280-1
Priorities: medium
Description:
It was discovered that Speex incorrectly handled certain WAV files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-23903

Title: USN-5292-3: snapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5292-3
Priorities: medium,high
Description:
USN-5292-1 fixed several vulnerabilities in snapd. This update provides the
corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731

Title: USN-5275-1: BlueZ vulnerability
URL: https://ubuntu.com/security/notices/USN-5275-1
Priorities: medium
Description:
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations
in its gatt server. A remote attacker could possibly use this to cause BlueZ to
crash leading to a denial of service, or potentially remotely execute code.
(CVE-2022-0204)
CVEs:
- https://ubuntu.com/security/CVE-2022-0204
- https://ubuntu.com/security/CVE-2022-0204

Title: USN-5269-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5269-2
Priorities: medium
Description:
USN-5269-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Keryn Knight discovered that Django incorrectly handled certain template
tags. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2022-22818)

Alan Ryan discovered that Django incorrectly handled file uploads. A remote
attacker could possibly use this issue to cause Django to hang, resulting
in a denial of service. (CVE-2022-23833)
CVEs:
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833

621.208

Available in VMware Tanzu Network

Release Date: February 10, 2022

Enhancements

621.198

Available in VMware Tanzu Network

Release Date: January 18, 2022

Fixes

Fixes an issue that caused the bosh-agent to continually fail to start when either the cgroup v1 memory controller or the cgroup v2 controller was mounted in more than one location on the file system.

Metadata:

BOSH Agent Version: 2.268.54

USNs:


Title: USN-5225-1: lxml vulnerability
URL: https://ubuntu.com/security/notices/USN-5225-1
Priorities: medium
Description:
It was discovered that lxml incorrectly handled certain XML and HTML files.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-43818

Title: USN-5212-2: Apache HTTP Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5212-2
Priorities: medium
Description:
USN-5212-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Apache HTTP Server incorrectly handled certain
forward proxy requests. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly perform
a Server Side Request Forgery attack. (CVE-2021-44224)

It was discovered that the Apache HTTP Server Lua module incorrectly
handled memory in the multipart parser. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2021-44790)
CVEs:
- https://ubuntu.com/security/CVE-2021-44224
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44224

621.196

Available in VMware Tanzu Network

Release Date: January 07, 2022

Metadata:

BOSH Agent Version: 2.268.51

USNs:


Title: LSN-0083-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0083-1
Priorities: medium,high
Description:
The BPF subsystem in the Linux kernel before 4.17 mishandles
situations with a long jump over an instruction sequence where inner
instructions require substantial expansions into multiple BPF instructions,
leading to an overflow. This affects kernel/bpf/core.c and
net/core/filter.c.(CVE-2018-25020)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.(CVE-2021-3653)

Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.(CVE-2021-4002)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-3653
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-3653

Title: USN-5211-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5211-1
Priorities: high
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.
CVEs:
- https://ubuntu.com/security/CVE-2021-4002

Title: USN-5209-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5209-1
Priorities: high,low,medium
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this cause a denial of
service. (CVE-2021-20317)

It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)

It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)

It was discovered that an integer overflow could be triggered in the eBPF
implementation in the Linux kernel when preallocating objects for stack
maps. A privileged local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2021-41864)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
CVEs:
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-20317

621.192

Available in VMware Tanzu Network

Release Date: December 17, 2021

Enhancements

621.183

Available in VMware Tanzu Network

Release Date: December 06, 2021

Enhancements

621.176

Available in VMware Tanzu Network

Release Date: November 11, 2021

Metadata:

BOSH Agent Version: 2.268.41

USNs:


Title: USN-5114-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5114-1
Priorities: medium,low
Description:
It was discovered that a race condition existed in the Atheros Ath9k WiFi
driver in the Linux kernel. An attacker could possibly use this to expose
sensitive information (WiFi network traffic). (CVE-2020-3702)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3702
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38198
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42008

Title: USN-5119-1: libcaca vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5119-1
Priorities: medium
Description:
It was discovered that libcaca incorrectly handled certain images. An attacker
could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30499

Title: USN-5136-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5136-1
Priorities: low,medium
Description:
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)

It was discovered that the Qualcomm IPC Router protocol implementation in
the Linux kernel did not properly validate metadata in some situations. A
local attacker could use this to cause a denial of service (system crash)
or expose sensitive information. (CVE-2021-3743)

It was discovered that the virtual terminal (vt) device implementation in
the Linux kernel contained a race condition in its ioctl handling that led
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-3753)

It was discovered that the Linux kernel did not properly account for the
memory usage of certain IPC objects. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2021-3759)

Michael Wakabayashi discovered that the NFSv4 client implementation in the
Linux kernel did not properly order connection setup operations. An
attacker controlling a remote NFS server could use this to cause a denial
of service on the client. (CVE-2021-38199)

It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
CVEs:
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-3655
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-3655

Title: USN-5133-1: ICU vulnerability
URL: https://ubuntu.com/security/notices/USN-5133-1
Priorities: low
Description:
It was discovered that ICU contains a use after free issue.
An attacker could use this issue to cause a denial of service with crafted input.
CVEs:
- https://ubuntu.com/security/CVE-2020-21913

Title: LSN-0082-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0082-1
Priorities: medium,high
Description:
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2020-29661)

De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux
kernel did not properly handle mod32 destination register truncation when
the source register was known to be 0. A local attacker could use this to
expose sensitive information (kernel memory) or possibly execute arbitrary
code.(CVE-2021-3444)

kernel: use-after-free in route4_change() in
net/sched/cls_route.c(CVE-2021-3715)
CVEs:
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3444
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2021-3444

Title: USN-5125-1: PHP vulnerability
URL: https://ubuntu.com/security/notices/USN-5125-1
Priorities: high
Description:
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-21703

Title: USN-5126-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5126-2
Priorities: medium
Description:
USN-5126-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame
cache when processing responses. A remote attacker could possibly use this
issue to cause Bind to consume resources, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-25219

Title: USN-5123-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5123-2
Priorities: medium
Description:
USN-5123-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and
Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html
https://www.oracle.com/security-alerts/cpuoct2021.html
CVEs:
- https://ubuntu.com/security/CVE-2021-35624
- https://ubuntu.com/security/CVE-2021-35604

621.171

Available in VMware Tanzu Network

Release Date: October 25, 2021

Metadata:

BOSH Agent Version: 2.268.36
Bosh-agent is now build with Go 1.17

Features:

Allow to receive nats and blobstore updates via update settings action

USNs:


Title: USN-5109-1: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-5109-1
Priorities: medium
Description:
It was discovered that nginx incorrectly handled files with
certain modification dates. A remote attacker could possibly
use this issue to cause a denial of service or other unspecified
impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-20005

Title: USN-5022-3: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5022-3
Priorities: medium
Description:
USN-5022-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html
https://www.oracle.com/security-alerts/cpujul2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2179
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2162
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2389
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2194
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2146
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2342
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2171
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2180
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2385

Title: USN-5103-1: docker.io vulnerability
URL: https://ubuntu.com/security/notices/USN-5103-1
Priorities: medium
Description:
Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41089

Title: USN-5111-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5111-2
Priorities: medium
Description:
USN-5111-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that strongSwan incorrectly handled replacing
certificates in the cache. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-41991)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41991

Title: USN-5121-1: Mailman vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5121-1
Priorities: high
Description:
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman
did not properly associate cross-site request forgery (CSRF) tokens
to specific accounts. A remote attacker could use this to perform a
CSRF attack to gain access to another account. (CVE-2021-42097)

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s
cross-site request forgery (CSRF) tokens for the options page are
derived from the admin password. A remote attacker could possibly use
this to assist in performing a brute force attack against the admin
password. (CVE-2021-42096)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42097

621.160

Available in VMware Tanzu Network

Release Date: October 01, 2021

Fixes

Fixes an issue introduced in v621.151 that caused frequent udev events and high CPU usage on Azure VMs.

Metadata:

BOSH Agent Version: 2.268.29

621.154

Available in VMware Tanzu Network

Release Date: September 16, 2021

Fixes

621.151

Available in VMware Tanzu Network

Release Date: September 14, 2021

Fixes

621.141

Available in VMware Tanzu Network

Release Date: August 30, 2021

Enhancements

621.136

Available in VMware Tanzu Network

Release Date: July 26, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4336-2: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4336-2
Priorities: low,medium
Description:
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that GNU binutils contained a large number of security
issues. If a user or automated system were tricked into processing a
specially-crafted file, a remote attacker could cause GNU binutils to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19932
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9074
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16828
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7302
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17080
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14130
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14128
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9749
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12458
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9755
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12972
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9138
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7299
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4488
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9742
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17125
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14939
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14129
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12967
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17124
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12934
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7210
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8395
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12459
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9754
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4489
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9073
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12448
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4491
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17794
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14333
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14940
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7223
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18701
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18484
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16832
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9748
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17358
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6543
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7224
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17121
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9041
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19931
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10373
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12697
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18606
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17123
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4492
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16826
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6323
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8394
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16827
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6131
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9747
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12456
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20671
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10535
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4487
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15939
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13033
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9039
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8393
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9744
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12698
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12699
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15996
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9044
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6759
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7208
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6969
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14932
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7614
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000876
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8396
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8397
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12455
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9954
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17360
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14444
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17985
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8398
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18607
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8421
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12799
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15938
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18605
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9042
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12457
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12453
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17359
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9040
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7209
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9077
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6966
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14938

Title: USN-5020-1: Ruby vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5020-1
Priorities: medium,low
Description:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
man-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31799
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31810

Title: LSN-0079-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0079-1
Priorities: high
Description:
It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code.(CVE-2021-3600)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3600
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909

621.135

Available in VMware Tanzu Network

Release Date: July 21, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-5013-2: systemd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5013-2
Priorities: low,high
Description:
USN-5013-1 fixed several vulnerabilities in systemd. This update provides
the corresponding update for Ubuntu 16.04 ESM.


Original advisory details:

It was discovered that systemd incorrectly handled certain mount paths. A
local attacker could possibly use this issue to cause systemd to crash,
resulting in a denial of service. (CVE-2021-33910)

Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW
packets. A remote attacker could possibly use this issue to reconfigure
servers. (CVE-2020-13529)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33910

Title: USN-5018-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5018-1
Priorities: medium,high
Description:
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2021-33909)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly clear received fragments from memory in some situations. A
physically proximate attacker could possibly use this issue to inject
packets or expose sensitive information. (CVE-2020-24586)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled encrypted fragments. A physically proximate attacker
could possibly use this issue to decrypt fragments. (CVE-2020-24587)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly prevent speculative loads in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-31829)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-0129
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24586
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33200
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33034
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26147
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31829
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26558
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32399

Title: USN-5014-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5014-1
Priorities: high
Description:
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909

621.134

Available in VMware Tanzu Network

Release Date: July 19, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: LSN-0078-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0078-1
Priorities: high
Description:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code.(CVE-2021-3609)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3609

621.133

Available in VMware Tanzu Network

Release Date: July 15, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-5006-2: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5006-2
Priorities: low,medium
Description:
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)

It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)

It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of service.
(CVE-2021-21702)

It was discovered that PHP incorrectly handled the pdo_firebase module. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2021-21704)

It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL
check. A remote attacker could possibly use this issue to perform a server-
side request forgery attack. (CVE-2021-21705)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21702
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21705
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21704

Title: USN-5004-1: RabbitMQ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5004-1
Priorities: medium,low
Description:
It was discovered that RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287)

Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-22116)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22116
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11287

Title: USN-5008-2: Avahi vulnerability
URL: https://ubuntu.com/security/notices/USN-5008-2
Priorities: medium
Description:
USN-5008-1 fixed a vulnerability in avahi. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Thomas Kremer discovered that Avahi incorrectly handled termination signals
on the Unix socket. A local attacker could possibly use this issue to cause
Avahi to hang, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3468

Title: USN-5005-1: DjVuLibre vulnerability
URL: https://ubuntu.com/security/notices/USN-5005-1
Priorities: medium
Description:
It was discovered that DjVuLibre incorrectly handled certain djvu files.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3630

621.131

Available in VMware Tanzu Network

Release Date: June 23, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4986-2: rpcbind vulnerability
URL: https://ubuntu.com/security/notices/USN-4986-2
Priorities: low
Description:
USN-4986-1 fixed a vulnerability in rpcbind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8779

Title: USN-4989-2: BlueZ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4989-2
Priorities: medium,low
Description:
USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BlueZ incorrectly checked certain permissions when
pairing. A local attacker could possibly use this issue to impersonate
devices. (CVE-2020-26558)

Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT
events. A local attacker could use this issue to cause BlueZ to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26558
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27153

Title: USN-4971-2: libwebp vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4971-2
Priorities: medium
Description:
USN-4971-1 fixed several vulnerabilities in libwebp. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could use this issue to cause libwebp
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36331
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25009
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36329

Title: USN-5003-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5003-1
Priorities: medium,high
Description:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)

It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code. (CVE-2021-3600)

Or Cohen discovered that the SCTP implementation in the Linux kernel
contained a race condition in some situations, leading to a use-after-free
condition. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-23133)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3609
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3600

Title: USN-4994-2: Apache HTTP Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4994-2
Priorities: medium,low
Description:
USN-4994-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Antonio Morales discovered that the Apache mod_auth_digest module
incorrectly handled certain Digest nonces. A remote attacker could possibly
use this issue to cause Apache to crash, resulting in a denial of service.
(CVE-2020-35452)

Antonio Morales discovered that the Apache mod_session module incorrectly
handled certain Cookie headers. A remote attacker could possibly use this
issue to cause Apache to crash, resulting in a denial of service.
(CVE-2021-26690)

Christophe Jaillet discovered that the Apache mod_session module
incorrectly handled certain SessionHeader values. A remote attacker could
use this issue to cause Apache to crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2021-26691)

Christoph Anton Mitterer discovered that the new MergeSlashes configuration
option resulted in unexpected behaviour in certain situations.
(CVE-2021-30641)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26691
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26690

Title: USN-4991-1: libxml2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4991-1
Priorities: medium,low
Description:
Yunho Kim discovered that libxml2 incorrectly handled certain error
conditions. A remote attacker could exploit this with a crafted XML file to
cause a denial of service, or possibly cause libxml2 to expose sensitive
information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04
ESM. (CVE-2017-8872)

Zhipeng Xie discovered that libxml2 incorrectly handled certain XML
schemas. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 LTS. (CVE-2019-20388)

It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A
remote attacker could possibly exploit this with a crafted XML file to
cause libxml2 to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04
LTS and Ubuntu 20.10. (CVE-2020-24977)

It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A
remote attacker could possibly exploit this with a crafted XML file to
cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517)

It was discovered that libxml2 did not properly handle certain crafted XML
files. A local attacker could exploit this with a crafted input to cause
libxml2 to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-3516, CVE-2021-3518)

It was discovered that libxml2 incorrectly handled error states. A remote
attacker could exploit this with a crafted XML file to cause libxml2 to
crash, resulting in a denial of service. (CVE-2021-3537)

Sebastian Pipping discovered that libxml2 did not properly handle certain
crafted XML files. A remote attacker could exploit this with a crafted XML
file to cause libxml2 to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04.
(CVE-2021-3541)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3516
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3541
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3537
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3517
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3518
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20388

Title: USN-4996-2: OpenEXR vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4996-2
Priorities: medium,low
Description:
USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3605
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26260
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20296
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23215
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3598

621.130

Available in VMware Tanzu Network

Release Date: June 09, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4985-1: Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4985-1
Priorities: medium,high
Description:
It was discovered that some Intel processors may not properly invalidate
cache entries used by Intel Virtualization Technology for Directed I/O
(VT-d). This may allow a local user to perform a privilege escalation
attack. (CVE-2021-24489)

Joseph Nuzman discovered that some Intel processors may not properly apply
EIBRS mitigations (originally developed for CVE-2017-5715) and hence may
allow unauthorized memory reads via sidechannel attacks. A local attacker
could use this to expose sensitive information, including kernel
memory. (CVE-2020-24511)

Travis Downs discovered that some Intel processors did not properly flush
cache-lines for trivial-data values. This may allow an unauthorized user to
infer the presence of these trivial-data-cache-lines via timing sidechannel
attacks. A local attacker could use this to expose sensitive
information. (CVE-2020-24512)

It was discovered that certain Intel Atom processors could expose memory
contents stored in microarchitectural buffers. A local attacker could use
this to expose sensitive information. (CVE-2020-24513)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24512
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24489
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24513
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24511

Title: USN-4967-2: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-4967-2
Priorities: medium
Description:
USN-4967-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23017

Title: USN-4969-2: DHCP vulnerability
URL: https://ubuntu.com/security/notices/USN-4969-2
Priorities: medium
Description:
USN-4969-1 fixed a vulnerability in DHCP. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.


Original advisory details:

Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly
handled lease file parsing. A remote attacker could possibly use this issue
to cause DHCP to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25217

Title: USN-4966-2: libx11 vulnerability
URL: https://ubuntu.com/security/notices/USN-4966-2
Priorities: medium
Description:
USN-4966-1 fixed a vulnerability in libx11. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libx11 incorrectly validated certain parameter
lengths. A remote attacker could possibly use this issue to trick libx11
into emitting extra X protocol requests.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31535

Title: USN-4979-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4979-1
Priorities: medium,low
Description:
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

It was discovered that the Realtek RTL8188EU Wireless device driver in the
Linux kernel did not properly validate ssid lengths in some situations. An
attacker could use this to cause a denial of service (system crash).
(CVE-2021-28660)

Zygo Blaxell discovered that the btrfs file system implementation in the
Linux kernel contained a race condition during certain cloning operations.
A local attacker could possibly use this to cause a denial of service
(system crash). (CVE-2021-28964)

Vince Weaver discovered that the perf subsystem in the Linux kernel did not
properly handle certain PEBS records properly for some Intel Haswell
processors. A local attacker could use this to cause a denial of service
(system crash). (CVE-2021-28971)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that the Qualcomm IPC router implementation in the Linux
kernel did not properly initialize memory passed to user space. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-29647)

Dan Carpenter discovered that the block device manager (dm) implementation
in the Linux kernel contained a buffer overflow in the ioctl for listing
devices. A privileged local attacker could use this to cause a denial of
service (system crash). (CVE-2021-31916)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

Wolfgang Frisch discovered that the ext4 file system implementation in the
Linux kernel contained an integer overflow when handling metadata inode
extents. An attacker could use this to construct a malicious ext4 file
system image that, when mounted, could cause a denial of service (system
crash). (CVE-2021-3428)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31916
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3428
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25670
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25673
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25672
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28971
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29647
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33033
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25671
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28972

Title: USN-4975-2: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4975-2
Priorities: low
Description:
USN-4975-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33203

621.129

Available in VMware Tanzu Network

Release Date: May 26, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4954-1: GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4954-1
Priorities: negligible,low
Description:
Jason Royes and Samuel Dytrych discovered that the memcpy()
implementation for 32 bit ARM processors in the GNU C Library contained
an integer underflow vulnerability. An attacker could possibly use
this to cause a denial of service (application crash) or execute
arbitrary code. (CVE-2020-6096)

It was discovered that the POSIX regex implementation in the GNU C
Library did not properly parse alternatives. An attacker could use this
to cause a denial of service. (CVE-2009-5155)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2009-5155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6096

Title: USN-4934-2: Exim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4934-2
Priorities: medium
Description:
USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28009
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28026
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28007
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28015
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28012

Title: USN-4953-1: AWStats vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4953-1
Priorities: low,medium
Description:
Sean Boran discovered that AWStats incorrectly filtered certain parameters.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-29600)

It was discovered that AWStats incorrectly filtered certain parameters. A
remote attacker could possibly use this issue to access sensitive
information. (CVE-2020-35176)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35176
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29600

Title: USN-4962-1: Babel vulnerability
URL: https://ubuntu.com/security/notices/USN-4962-1
Priorities: medium
Description:
It was discovered that Babel incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20095

Title: USN-4930-1: Samba vulnerability
URL: https://ubuntu.com/security/notices/USN-4930-1
Priorities: medium
Description:
Peter Eriksson discovered that Samba incorrectly handled certain negative
idmap cache entries. This issue could result in certain users gaining
unauthorized access to files, contrary to expected behaviour.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20254

Title: USN-4946-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4946-1
Priorities: low,medium
Description:
It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr
discovered that the Xen paravirtualization backend in the Linux kernel did
not properly propagate errors to frontend drivers in some situations. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-26930)

Jan Beulich discovered that multiple Xen backends in the Linux kernel did
not properly handle certain error conditions under paravirtualization. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-26931)

Jan Beulich discovered that the Xen netback backend in the Linux kernel did
not properly handle certain error conditions under paravirtualization. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-28038)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the Freescale Gianfar Ethernet driver for the Linux
kernel did not properly handle receive queue overrun when jumbo frames were
enabled in some situations. An attacker could use this to cause a denial of
service (system crash). (CVE-2021-29264)

It was discovered that the USB/IP driver in the Linux kernel contained race
conditions during the update of local and shared status. An attacker could
use this to cause a denial of service (system crash). (CVE-2021-29265)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel
did not properly deallocate memory in some situations. A local attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2021-30002)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20292
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29264
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29265
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29650
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28688
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26931
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30002

Title: USN-4941-1: Exiv2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4941-1
Priorities: medium
Description:
It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2021-29457)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29458, CVE-2021-29470)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash. (CVE-2021-3482)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29458
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29457

Title: USN-4964-1: Exiv2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4964-1
Priorities: low,medium
Description:
It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29463)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29464)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29473, CVE-2021-32617)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29623)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32617
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29473

Title: USN-4932-2: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4932-2
Priorities: medium
Description:
USN-4932-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain
filenames. A remote attacker could possibly use this issue to create or
overwrite files in unexpected directories.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31542

Title: USN-4957-2: DjVuLibre vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4957-2
Priorities: medium,low
Description:
USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to hang or crash, resulting in a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32491
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32492
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3500

Title: USN-4965-2: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4965-2
Priorities: medium
Description:
USN-4965-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:

Maik Münch discovered that Apport incorrectly handled certain information
gathering operations. A local attacker could use these issues to read and
write arbitrary files as an administrator, and possibly escalate
privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32549
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32555
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32551
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32548
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32550
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32554
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32557
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32552
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32556

621.125

Available in VMware Tanzu Network

Release Date: April 30, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4924-1: Dnsmasq vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4924-1
Priorities: low
Description:
It was discovered that Dnsmasq incorrectly handled certain wildcard
synthesized NSEC records. A remote attacker could possibly use this issue
to prove the non-existence of hostnames that actually exist.
(CVE-2017-15107)

It was discovered that Dnsmasq incorrectly handled certain large DNS
packets. A remote attacker could possibly use this issue to cause Dnsmasq
to crash, resulting in a denial of service. (CVE-2019-14513)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14513
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15107

Title: USN-4919-1: OpenSLP vulnerability
URL: https://ubuntu.com/security/notices/USN-4919-1
Priorities: medium
Description:
It was discovered that OpenSLP did not properly validate URLs. A remote
attacker could use this issue to cause OpenSLP to crash or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5544

Title: USN-4927-1: File Roller vulnerability
URL: https://ubuntu.com/security/notices/USN-4927-1
Priorities: medium
Description:
It was discovered that File Roller incorrectly handled symlinks.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36314

Title: USN-4918-1: ClamAV vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4918-1
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled parsing Excel documents.
A remote attacker could possibly use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2021-1252)

It was discovered that ClamAV incorrectly handled parsing PDF documents. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2021-1404)

It was discovered that ClamAV incorrectly handled parsing email. A remote
attacker could possibly use this issue to cause ClamAV to crash, resulting
in a denial of service. (CVE-2021-1405)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1405
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1404
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1252

Title: USN-4892-1: OpenJDK vulnerability
URL: https://ubuntu.com/security/notices/USN-4892-1
Priorities: medium
Description:
It was discovered that OpenJDK incorrectly verified Jar signatures. An
attacker could possibly use this issue to bypass intended security
restrictions when using Jar files signed with a disabled algorithm.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2163

Title: USN-4913-1: Underscore vulnerability
URL: https://ubuntu.com/security/notices/USN-4913-1
Priorities: medium
Description:
It was discovered that Underscore incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23358

Title: USN-4926-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4926-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass security restrictions, trick the user into disclosing
confidential information, or execute arbitrary code. (CVE-2021-23994,
CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999,
CVE-2021-24000, CVE-2021-24001, CVE-2021-29945, CVE-2021-29946,
CVE-2021-29947)

A use-after-free was discovered when Responsive Design Mode was
enabled. If a user were tricked into opening a specially crafted
website with Responsive Design Mode enabled, an attacker could
potentially exploit this to cause a denial of service, or execute
arbitrary code. (CVE-2021-23995)

It was discovered that Firefox mishandled ftp URLs with encoded newline
characters. If a user were tricked into clicking on a specially crafted
link, an attacker could potentially exploit this to send arbitrary
FTP commands. (CVE-2021-24002)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24000
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23996
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23995
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29946
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23999
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23998
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24001
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29947

Title: USN-4922-1: Ruby vulnerability
URL: https://ubuntu.com/security/notices/USN-4922-1
Priorities: medium
Description:
Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly
parsed and serialized XML documents. A remote attacker could possibly use
this issue to perform an XML round-trip attack.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28965

Title: USN-4921-1: libcaca vulnerability
URL: https://ubuntu.com/security/notices/USN-4921-1
Priorities: medium
Description:
It was discovered that libcaca incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3410

Title: USN-4916-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4916-1
Priorities: high
Description:
It was discovered that the overlayfs implementation in the Linux kernel did
not properly validate the application of file system capabilities with
respect to user namespaces. A local attacker could use this to gain
elevated privileges. (CVE-2021-3493)

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux
kernel did not properly validate computation of branch displacements in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-29154)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29154

Title: USN-4928-1: GStreamer Good Plugins vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4928-1
Priorities: medium
Description:
It was discovered that GStreamer Good Plugins incorrectly handled certain files.
An attacker could possibly use this issue to cause access sensitive information
or cause a crash. (CVE-2021-3497)

It was discovered that GStreamer Good Plugins incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
20.10. (CVE-2021-3498)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3497

621.123

Available in VMware Tanzu Network

Release Date: April 19, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4899-1: SpamAssassin vulnerability
URL: https://ubuntu.com/security/notices/USN-4899-1
Priorities: medium
Description:
Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF
files. If a user or automated system were tricked into using a specially-
crafted CF file, a remote attacker could possibly run arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1946

Title: USN-4895-1: Squid vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4895-1
Priorities: medium,low
Description:
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)

Jianjun Chen discovered that Squid incorrectly validated certain input. A
remote attacker could use this issue to perform HTTP Request Smuggling and
possibly access services forbidden by the security controls.
(CVE-2020-25097)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25097
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15049

Title: USN-4561-2: Rack vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4561-2
Priorities: low,medium
Description:
USN-4561-1 fixed vulnerabilities in Rack. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8161
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8184

Title: USN-4885-1: Pygments vulnerability
URL: https://ubuntu.com/security/notices/USN-4885-1
Priorities: medium
Description:
It was discovered that Pygments incorrectly handled parsing SML files. If a
user or automated system were tricked into parsing a specially crafted SML
file, a remote attacker could cause Pygments to hang, resulting in a denial
of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20270

Title: USN-4898-1: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4898-1
Priorities: medium
Description:
Viktor Szakats discovered that curl did not strip off user credentials
from referrer header fields. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2021-22876)

Mingtao Yang discovered that curl incorrectly handled session tickets when
using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could
use this issue to bypass certificate checks and intercept communications.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10.
(CVE-2021-22890)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22890
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22876

Title: USN-4893-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4893-1
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982,
CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)

It was discovered that extensions could open popup windows with control
of the window title in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to spook a website and trick the user into providing
credentials. (CVE-2021-23984)

It was discovered that the DevTools remote debugging feature could be
enabled without an indication to the user. If a local attacker could
modify the browser configuration, a remote attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23985)

It was discovered that extensions could read the response of cross
origin requests in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2021-23986)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23986
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23985
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23984
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23982
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23983

Title: USN-4897-1: Pygments vulnerability
URL: https://ubuntu.com/security/notices/USN-4897-1
Priorities: medium
Description:
Ben Caller discovered that Pygments incorrectly handled parsing certain
files. If a user or automated system were tricked into parsing a specially
crafted file, a remote attacker could cause Pygments to hang or consume
resources, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27291

Title: USN-4883-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4883-1
Priorities: high,medium
Description:
Adam Nichols discovered that heap overflows existed in the iSCSI subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)

Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did
not properly restrict access to iSCSI transport handles. A local attacker
could use this to cause a denial of service or expose sensitive information
(kernel pointer addresses). (CVE-2021-27363)

Adam Nichols discovered that an out-of-bounds read existed in the iSCSI
subsystem in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information (kernel
memory). (CVE-2021-27364)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27365
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27363
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27364

Title: USN-4902-1: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4902-1
Priorities: low
Description:
Dennis Brinkrolf discovered that Django incorrectly handled certain
filenames. A remote attacker could possibly use this issue to create or
overwrite files in unexpected directories.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28658

Title: USN-4896-1: lxml vulnerability
URL: https://ubuntu.com/security/notices/USN-4896-1
Priorities: medium
Description:
It was discovered that lxml incorrectly handled certain HTML attributes. A
remote attacker could possibly use this issue to perform cross-site
scripting (XSS) attacks.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28957

Title: USN-4905-1: X.Org X Server vulnerability
URL: https://ubuntu.com/security/notices/USN-4905-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain lengths of XInput extension ChangeFeedbackControl requests. An
attacker could use this issue to cause the server to crash, resulting in a
denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3472

Title: USN-4900-1: OpenEXR vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4900-1
Priorities: medium,low
Description:
It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3476
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3475
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3474
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3477
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3478
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3479

Title: USN-4916-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4916-1
Priorities: high
Description:
It was discovered that the overlayfs implementation in the Linux kernel did
not properly validate the application of file system capabilities with
respect to user namespaces. A local attacker could use this to gain
elevated privileges. (CVE-2021-3493)

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux
kernel did not properly validate computation of branch displacements in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-29154)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29154

621.117

Available in VMware Tanzu Network

Release Date: March 25, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4888-1: ldb vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4888-1
Priorities: high
Description:
Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain LDAP attributes. A remote attacker could possibly use this
issue to cause the LDAP server to crash, resulting in a denial of service.
(CVE-2021-20277)

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain DN strings. A remote attacker could use this issue to
cause the LDAP server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-27840)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27840

Title: USN-4890-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4890-1
Priorities: high
Description:
Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not
properly compute a speculative execution limit on pointer arithmetic in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2020-27171)

Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not
properly apply speculative execution limits on some pointer types. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-27170)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27170
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27171

621.115

Available in VMware Tanzu Network

Release Date: March 22, 2021

Metadata:

BOSH Agent Version: 2.268.21

USNs:


Title: USN-4758-1: Go vulnerability
URL: https://ubuntu.com/security/notices/USN-4758-1
Priorities: low
Description:
It was discovered that Go applications incorrectly handled uploaded content. If
a user were tricked into visiting a malicious page, a remote attacker could
exploit this with a crafted file to conduct cross-site scripting (XSS) attacks.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24553

Title: USN-4761-1: Git vulnerability
URL: https://ubuntu.com/security/notices/USN-4761-1
Priorities: medium
Description:
Matheus Tavares discovered that Git incorrectly handled delay-capable
clean/smudge filters when being used on case-insensitive filesystems. A
remote attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21300

Title: USN-4759-1: GLib vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4759-1
Priorities: medium
Description:
Krzesimir Nowak discovered that GLib incorrectly handled certain large
buffers. A remote attacker could use this issue to cause applications
linked to GLib to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-27218)

Kevin Backhouse discovered that GLib incorrectly handled certain memory
allocations. A remote attacker could use this issue to cause applications
linked to GLib to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-27219)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27219

Title: USN-4763-1: Pillow vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4763-1
Priorities: medium
Description:
It was discovered that Pillow incorrectly handled certain Tiff image files.
If a user or automated system were tricked into opening a specially-crafted
Tiff file, a remote attacker could cause Pillow to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-25289,
CVE-2021-25291)

It was discovered that Pillow incorrectly handled certain Tiff image files.
If a user or automated system were tricked into opening a specially-crafted
Tiff file, a remote attacker could cause Pillow to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2021-25290)

It was discovered that Pillow incorrectly handled certain PDF files. If a
user or automated system were tricked into opening a specially-crafted
PDF file, a remote attacker could cause Pillow to hang, resulting in a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 20.10. (CVE-2021-25292)

It was discovered that Pillow incorrectly handled certain SGI image files.
If a user or automated system were tricked into opening a specially-crafted
SGI file, a remote attacker could possibly cause Pillow to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25293)

Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that
Pillow incorrectly handled certain BLP files. If a user or automated system
were tricked into opening a specially-crafted BLP file, a remote attacker
could possibly cause Pillow to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 20.10. (CVE-2021-27921)

Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that
Pillow incorrectly handled certain ICNS files. If a user or automated
system were tricked into opening a specially-crafted ICNS file, a remote
attacker could possibly cause Pillow to consume resources, resulting in a
denial of service. (CVE-2021-27922)

Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that
Pillow incorrectly handled certain ICO files. If a user or automated
system were tricked into opening a specially-crafted ICO file, a remote
attacker could possibly cause Pillow to consume resources, resulting in a
denial of service. (CVE-2021-27922)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27922
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27921
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25293
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25290
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25292
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25289

621.113

Available in VMware Tanzu Network

Release Date: March 15, 2021

Metadata:

BOSH Agent Version: 2.268.20

USNs:


Title: USN-4755-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4755-1
Priorities: medium
Description:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35523

Title: USN-4756-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4756-1
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, conduct cross-site scripting (XSS) attacks, bypass HTTP auth
phishing warnings, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23971
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23970
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23972
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23969
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23968
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23979

Title: USN-4757-1: wpa_supplicant and hostapd vulnerability
URL: https://ubuntu.com/security/notices/USN-4757-1
Priorities: medium
Description:
It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) provision discovery requests in some situations. A
physically proximate attacker could use this to cause a denial of service
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27803

Title: USN-4754-4: Python 2.7 vulnerability
URL: https://ubuntu.com/security/notices/USN-4754-4
Priorities: medium
Description:
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a
subsequent update removed the fix for CVE-2021-3177. This update reinstates
the security fix for CVE-2021-3177.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3177

621.109

Available in VMware Tanzu Network

Release Date: March 05, 2021

Fixes Issues:


GCP rsyslog behavior is fixed - cf ssh and rsyslog should be working as expected

Important Notice:


As of this release, on all IAASs, rsyslog will not start until /var/log is mounted. When used with a Bosh Agent, /var/log will automatically be mounted, and no further action is required.

If you use this stemcell without a Bosh Agent and do not mount /var/log, then you need to do one of these two actions:

* Remove the ExecStartPre= line from /etc/systemd/system/rsyslog.service
* Blank out the contents of /usr/local/bin/wait_for_var_log_to_be_mounted

Either action will cause rsyslog to no longer wait for /var/log to be mounted before starting.

Metadata:

BOSH Agent Version: 2.268.19

USNs:


Title: USN-4754-1: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4754-1
Priorities: medium,low
Description:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3177
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27619

621.108

Available in VMware Tanzu Network

Release Date: March 01, 2021

Known Issues:

This version of the stemcell has the following issues when used on GCP:
* Attempts to use cf ssh timeout.
* The iptables-logger job fails to deploy

This is because rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

This issue is fixed in stemcell version 621.109.

Metadata:

BOSH Agent Version: 2.268.19

USNs:


Title: USN-4741-1: Jackson vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4741-1
Priorities: medium
Description:
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15095
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7525
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10172

Title: USN-4749-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4749-1
Priorities: medium,low
Description:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)

Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)

It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)

Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27830
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29661
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28941

Title: USN-4748-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4748-1
Priorities: medium,low
Description:
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)

It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29661
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27815

Title: USN-4747-1: GNU Screen vulnerability
URL: https://ubuntu.com/security/notices/USN-4747-1
Priorities: medium
Description:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26937

Title: USN-4746-1: xterm vulnerability
URL: https://ubuntu.com/security/notices/USN-4746-1
Priorities: medium
Description:
Tavis Ormandy discovered that xterm incorrectly handled certain character
sequences. A remote attacker could use this issue to cause xterm to crash,
resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27135

Known Issues: When used on GCP, rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

621.107

Available in VMware Tanzu Network

Release Date: February 24, 2021

Known Issues:

This version of the stemcell has the following issues when used on GCP:
* Attempts to use cf ssh timeout.
* The iptables-logger job fails to deploy

This is because rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

This issue is fixed in stemcell version 621.109.

Metadata:

BOSH Agent Version: 2.268.19

USNs:


Title: USN-4728-1: snapd vulnerability
URL: https://ubuntu.com/security/notices/USN-4728-1
Priorities: high
Description:
Gilad Reti discovered that snapd did not correctly specify cgroup
delegation when generating systemd service units for various container
management snaps. This could allow a local attacker to escalate privileges
via access to arbitrary devices of the container host from within a
compromised or malicious container.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27352

Title: USN-4718-1: fastd vulnerability
URL: https://ubuntu.com/security/notices/USN-4718-1
Priorities: medium
Description:
It was discovered that fastd incorrectly handled certain packets.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27638

Title: USN-4729-1: Open vSwitch vulnerability
URL: https://ubuntu.com/security/notices/USN-4729-1
Priorities: medium
Description:
Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain
network packets. A remote attacker could use this issue to cause a denial
of service, or possibly alter packet classification.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35498

Title: USN-4724-1: OpenLDAP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4724-1
Priorities: medium
Description:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)

It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)

It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)

It was discovered that OpenLDAP incorrectly handled certain cancel
operations. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227)

It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing. A remote attacker could possibly use this
issue to cause OpenLDAP to crash, resulting in a denial of service.
(CVE-2020-36228)

It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36223
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36224
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36222

Title: USN-4737-1: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-4737-1
Priorities: medium
Description:
It was discovered that Bind incorrectly handled GSSAPI security policy
negotiation. A remote attacker could use this issue to cause Bind to crash,
resulting in a denial of service, or possibly execute arbitrary code. In
the default installation, attackers would be isolated by the Bind AppArmor
profile.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8625

Title: USN-4734-1: wpa_supplicant and hostapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4734-1
Priorities: high,medium
Description:
It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) group information in some situations, leading to a
heap overflow. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2021-0326)

It was discovered that hostapd did not properly handle UPnP subscribe
messages in some circumstances. An attacker could use this to cause a
denial of service. (CVE-2020-12695)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-0326
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12695

Title: USN-4720-1: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4720-1
Priorities: medium
Description:
Itai Greenhut discovered that Apport incorrectly parsed certain files in
the /proc filesystem. A local attacker could use this issue to escalate
privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683)

Itai Greenhut discovered that Apport incorrectly handled opening certain
special files. A local attacker could possibly use this issue to cause
Apport to hang, resulting in a denial of service. (CVE-2021-25684)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25682
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25684

Known Issues: When used on GCP, rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

621.101

Available in VMware Tanzu Network

Release Date: February 03, 2021

Metadata:

BOSH Agent Version: 2.268.17

USNs:


Title: USN-4702-1: Pound vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4702-1
Priorities: medium
Description:
It was discovered that Pound incorrectly handled certain HTTP requests
A remote attacker could use it to retrieve some sensitive
information. (CVE-2016-10711, CVE-2018-21245)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-21245
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10711

Title: USN-4708-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4708-1
Priorities: medium,low
Description:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27777
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813

Title: USN-4709-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4709-1
Priorities: high,low
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093

Title: USN-4711-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4711-1
Priorities: high,medium
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25704

Title: USN-4716-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4716-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10.
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html
https://www.oracle.com/security-alerts/cpujan2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2088
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2076
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2061
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2081
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2072
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2122
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2048
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2031
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2087
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2036
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2032
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2011

Title: USN-4717-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4717-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, conduct clickjacking attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23954
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23958
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23960
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23963
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23955
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23961
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23953
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23965

Title: USN-4703-1: Mutt vulnerability
URL: https://ubuntu.com/security/notices/USN-4703-1
Priorities: medium
Description:
It was discovered that Mutt incorrectly handled certain email messages.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3181

Title: USN-4715-1: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4715-1
Priorities: medium
Description:
Wang Baohua discovered that Django incorrectly extracted archive files. A
remote attacker could possibly use this issue to extract files outside of
their expected location.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3281

621.99

Available in VMware Tanzu Network

Release Date: January 27, 2021

Metadata:

BOSH Agent Version: 2.268.16

USNs:


USN: 4705-1
URL: https://ubuntu.com/security/notices/USN-4705-1

USN: 4704-1
URL: https://ubuntu.com/security/notices/USN-4704-1

USN: 4703-1
URL: https://ubuntu.com/security/notices/USN-4703-1

USN: 4702-1
URL: https://ubuntu.com/security/notices/USN-4702-1

USN: 4700-1
URL: https://ubuntu.com/security/notices/USN-4700-1

USN: 4699-1
URL: https://ubuntu.com/security/notices/USN-4699-1

USN: 4698-1
URL: https://ubuntu.com/security/notices/USN-4698-1

USN: 4697-1
URL: https://ubuntu.com/security/notices/USN-4697-1

USN: 4696-1
URL: https://ubuntu.com/security/notices/USN-4696-1

USN: 4695-1
URL: https://ubuntu.com/security/notices/USN-4695-1

USN: 4694-1
URL: https://ubuntu.com/security/notices/USN-4694-1

621.97

Available in VMware Tanzu Network

Release Date: January 15, 2021

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4688-1: JasPer vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4688-1
Priorities: negligible,low,medium
Description:
It was discovered that Jasper incorrectly certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2018-18873)

It was discovered that Jasper incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-19542)

It was discovered that Jasper incorrectly handled certain JPC encoders.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-27828)

It was discovered that Jasper incorrectly handled certain images.
An attacker could possibly use this issue to expose sensitive information
or cause a crash.
(CVE-2017-9782)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18873
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19542
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27828

Title: USN-4672-1: unzip vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4672-1
Priorities: low,negligible
Description:
Rene Freingruber discovered that unzip incorrectly handled certain
specially crafted password protected ZIP archives. If a user or automated
system using unzip were tricked into opening a specially crafted zip file,
an attacker could exploit this to cause a crash, resulting in a denial of
service. (CVE-2018-1000035)

Antonio Carista discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2018-18384)

It was discovered that unzip incorrectly handled certain specially crafted
ZIP archives. If a user or automated system using unzip were tricked into
opening a specially crafted zip file, an attacker could exploit this to
cause resource consumption, resulting in a denial of service.
(CVE-2019-13232)

Martin Carpenter discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2014-9913)

Alexis Vanden Eijnde discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2016-9844)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000035
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18384
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9913
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9844
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13232

Title: USN-4684-1: EDK II vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4684-1
Priorities: low
Description:
Laszlo Ersek discovered that EDK II incorrectly validated certain signed
images. An attacker could possibly use this issue with a specially crafted
image to cause EDK II to hang, resulting in a denial of service. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2019-14562)

It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An
attacker could use this issue to cause EDK II to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-14584)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14562

Title: USN-4670-1: ImageMagick vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4670-1
Priorities: low,negligible
Description:
It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service or other unspecified impact. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10.
(CVE-2019-19948, CVE-2019-19949)

It was discovered that ImageMagick incorrectly handled certain specially
crafted image files. If a user or automated system using ImageMagick were
tricked into opening a specially crafted image, an attacker could exploit
this to cause a denial of service. (CVE-2020-27560)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27560
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19948

Title: USN-4680-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4680-1
Priorities: low,medium
Description:
It was discovered that debugfs in the Linux kernel as used by blktrace
contained a use-after-free in some situations. A privileged local attacker
could possibly use this to cause a denial of service (system crash).
(CVE-2019-19770)

It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)

Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)

Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)

Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0423
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27675
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27777
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25705
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19770
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25668

Title: USN-4687-1: Firefox vulnerability
URL: https://ubuntu.com/security/notices/USN-4687-1
Priorities: medium
Description:
A use-after-free was discovered in Firefox when handling SCTP packets.
An attacker could potentially exploit this to cause a denial of service,
or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16044

Title: USN-4674-1: Dovecot vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4674-1
Priorities: medium
Description:
It was discovered that Dovecot incorrectly handled certain imap hibernation
commands. A remote authenticated attacker could possibly use this issue to
access other users’ email. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-24386)

Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME
parsing. A remote attacker could possibly use this issue to cause Dovecot
to crash, resulting in a denial of service. (CVE-2020-25275)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24386
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25275

Title: USN-4681-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4681-1
Priorities: medium,low
Description:
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver
in the Linux kernel did not properly deallocate memory in some conditions.
A local attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-0148)

It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)

Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)

Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)

Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25668
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-4788
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0148
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27675
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25656

Title: USN-4671-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4671-1
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, bypass the CSS sanitizer, bypass security restrictions,
spoof the URL bar, or execute arbitrary code. (CVE-2020-16042,
CVE-2020-26971, CVE-2020-26972, CVE-2020-26793, CVE-2020-26974,
CVE-2020-26976, CVE-2020-26978, CVE-2020-26979,
CVE-2020-35113, CVE-2020-35114)

It was discovered that the proxy.onRequest API did not catch
view-source URLs. If a user were tricked in to installing an
extension with the proxy permission and opening View Source, an
attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-35111)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26971
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35111
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26972
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35113
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35114
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16042

Title: USN-4666-2: lxml vulnerability
URL: https://ubuntu.com/security/notices/USN-4666-2
Priorities: medium
Description:
USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides
the corresponding additional patch in order to properly fix the vulnerability.

Original advisory details:

It was discovered that lxml incorrectly handled certain HTML.
An attacker could possibly use this issue to cross-site scripting (XSS) attacks.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27783

Title: USN-4686-1: Ghostscript vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4686-1
Priorities: medium,low,negligible
Description:
It was discovered that Ghostscript incorrectly handled certain image
files. If a user or automated system were tricked into processing a
specially crafted file, a remote attacker could use this issue to cause
Ghostscript to crash, resulting in a denial of service, or possibly
execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27845
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6851
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27824
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27843
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8112
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5727

Title: USN-4694-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-4694-1
Priorities: high
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374

621.95

Available in VMware Tanzu Network

Release Date: December 21, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4669-1: SquirrelMail vulnerability
URL: https://ubuntu.com/security/notices/USN-4669-1
Priorities: medium
Description:
It was discovered that a cross-site scripting (XSS) vulnerability in
SquirrelMail allows remote attackers to use malicious script content from
HTML e-mail to execute code and/or provoke a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12970

Title: USN-4657-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4657-1
Priorities: low,medium
Description:
Elena Petrova discovered that the pin controller device tree implementation
in the Linux kernel did not properly handle string references. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-0427)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)

It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel
did not properly handle some edge cases in software scrollback. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2020-25211)

It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)

It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)

It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some
situations. An attacker could use this to expose sensitive information
(unencrypted network traffic). (CVE-2020-25645)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25284
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25211
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25705
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0427
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25645
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28915
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-4788
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14390

Title: USN-4660-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4660-1
Priorities: low,medium
Description:
It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel
did not properly handle some edge cases in software scrollback. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2020-25211)

It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)

It was discovered that a race condition existed in the hugetlb sysctl
implementation in the Linux kernel. A privileged attacker could use this to
cause a denial of service (system crash). (CVE-2020-25285)

It was discovered that the block layer subsystem in the Linux kernel did
not properly handle zero-length requests. A local attacker could use this
to cause a denial of service. (CVE-2020-25641)

It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)

It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some
situations. An attacker could use this to expose sensitive information
(unencrypted network traffic). (CVE-2020-25645)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25284
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25285
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25645
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28915
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-4788
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25211
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25641

Title: USN-4661-1: Snapcraft vulnerability
URL: https://ubuntu.com/security/notices/USN-4661-1
Priorities: medium
Description:
It was discovered that Snapcraft includes the current directory when
configuring LD_LIBRARY_PATH for application commands. If a user were
tricked into installing a malicious snap or downloading a malicious
library, under certain circumstances an attacker could exploit this to
affect strict mode snaps that have access to the library and when
launched from the directory containing the library.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27348

Title: USN-4664-1: Aptdaemon vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4664-1
Priorities: medium
Description:
Kevin Backhouse discovered that Aptdaemon incorrectly handled certain
properties. A local attacker could use this issue to test for the presence
of local files. (CVE-2020-16128)

Kevin Backhouse discovered that Aptdaemon incorrectly handled permission
checks. A local attacker could possibly use this issue to cause a denial of
service. (CVE-2020-27349)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16128

Title: USN-4667-1: APT vulnerability
URL: https://ubuntu.com/security/notices/USN-4667-1
Priorities: medium
Description:
Kevin Backhouse discovered that APT incorrectly handled certain packages.
A local attacker could possibly use this issue to cause APT to crash or
stop responding, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27350

Title: USN-4668-1: python-apt vulnerability
URL: https://ubuntu.com/security/notices/USN-4668-1
Priorities: medium
Description:
Kevin Backhouse discovered that python-apt incorrectly handled resources. A
local attacker could possibly use this issue to cause python-apt to consume
resources, leading to a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27351

Title: USN-4665-1: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4665-1
Priorities: medium,low
Description:
Marc Aldorasi discovered that curl incorrectly handled the libcurl
CURLOPT_CONNECT_ONLY option. This could result in data being sent to the
wrong destination, possibly exposing sensitive information. This issue only
affected Ubuntu 20.10. (CVE-2020-8231)

Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV
responses. An attacker could possibly use this issue to trick curl into
connecting to an arbitrary IP address and be used to perform port scanner
and other information gathering. (CVE-2020-8284)

It was discovered that curl incorrectly handled FTP wildcard matchins. A
remote attacker could possibly use this issue to cause curl to consume
resources and crash, resulting in a denial of service. (CVE-2020-8285)

It was discovered that curl incorrectly handled OCSP response verification.
A remote attacker could possibly use this issue to provide a fraudulent
OCSP response. (CVE-2020-8286)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8286
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8285
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8284

621.94

Available in VMware Tanzu Network

Release Date: December 08, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4652-1: SniffIt vulnerability
URL: https://ubuntu.com/security/notices/USN-4652-1
Priorities: medium
Description:
It was discovered that SniffIt incorrectly handled certain configuration
files. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-5439

Title: USN-4662-1: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-4662-1
Priorities: high
Description:
David Benjamin discovered that OpenSSL incorrectly handled comparing
certificates containing a EDIPartyName name type. A remote attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial of
service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1971

621.93

Available in VMware Tanzu Network

Release Date: December 01, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:

621.92

Available in VMware Tanzu Network

Release Date: November 16, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4587-1: iTALC vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4587-1
Priorities: medium,low
Description:
Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn’t check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)
Josef Gajdusek discovered that iTALC had…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9941
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9942
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15127
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20019
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20748
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20749
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15681

Title: USN-4552-2: Pam-python vulnerability
URL: https://ubuntu.com/security/notices/USN-4552-2
Priorities: medium
Description:
Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16729

621.90

Available in VMware Tanzu Network

Release Date: October 23, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4593-1: FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-4593-1
Priorities: high
Description:
Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15999

621.89

Available in VMware Tanzu Network

Release Date: October 20, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4582-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4582-1
Priorities: low
Description:
It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087)
It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17087
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20807

Title: USN-4579-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4579-1
Priorities: low,medium,high
Description:
Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)
Wen Xu discovered that the XFS file system in the Linux kernel…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10322
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16119
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25285

Title: USN-4591-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4591-1
Priorities: high,medium
Description:
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12352

Title: USN-4589-1: containerd vulnerability
URL: https://ubuntu.com/security/notices/USN-4589-1
Priorities: medium
Description:
It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user’s registry credentials.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15157

Title: USN-4589-2: Docker vulnerability
URL: https://ubuntu.com/security/notices/USN-4589-2
Priorities: medium
Description:
USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io.
Original advisory details:
It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user’s…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15157

Title: USN-4581-1: Python vulnerability
URL: https://ubuntu.com/security/notices/USN-4581-1
Priorities: medium
Description:
It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26116

Title: USN-4584-1: HtmlUnit vulnerability
URL: https://ubuntu.com/security/notices/USN-4584-1
Priorities: medium
Description:
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5529

Title: USN-4583-1: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4583-1
Priorities: medium
Description:
It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069)
It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7069
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7070

621.87

Available in VMware Tanzu Network

Release Date: October 14, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4573-1: Vino vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4573-1
Priorities: medium,low
Description:
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053)
It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-6053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15681
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14397
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14402
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14403
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14404

Title: USN-4554-1: libPGF vulnerability
URL: https://ubuntu.com/security/notices/USN-4554-1
Priorities: medium
Description:
It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-6673

Title: USN-4557-1: Tomcat vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4557-1
Priorities: low,medium
Description:
It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn’t exist. A remote attacker could possibly use this issue to enumerate usernames. (CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-0762
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6794
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6797
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-8735

Title: USN-4578-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4578-1
Priorities: low,medium,high
Description:
Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119)
Wen Xu discovered that the XFS file system in the Linux kernel…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10322
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19448
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16119
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16120
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25212
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26088

Title: USN-4547-2: SSVNC vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4547-2
Priorities: medium
Description:
It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-2024)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20024

Title: USN-4571-1: rack-cors vulnerability
URL: https://ubuntu.com/security/notices/USN-4571-1
Priorities: medium
Description:
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18978

Title: USN-4572-1: Spice vulnerability
URL: https://ubuntu.com/security/notices/USN-4572-1
Priorities: medium
Description:
Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14355

Title: USN-4559-1: Samba update
URL: https://ubuntu.com/security/notices/USN-4559-1
Priorities: medium
Description:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin.
While a previous security update fixed the issue by changing the “server schannel” setting to default to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1472

Title: USN-4551-1: Squid vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4551-1
Priorities: low,medium
Description:
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049)
Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15049
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24606

Title: USN-4564-1: Apache Tika vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4564-1
Priorities: medium,low
Description:
It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service (crash). (CVE-2020-1950, CVE-2020-1951)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1950
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1951

Title: USN-4570-1: urllib3 vulnerability
URL: https://ubuntu.com/security/notices/USN-4570-1
Priorities: medium
Description:
It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26137

Title: USN-4568-1: Brotli vulnerability
URL: https://ubuntu.com/security/notices/USN-4568-1
Priorities: medium
Description:
It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8927

621.85

Available in VMware Tanzu Network

Release Date: September 28, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4500-1: bsdiff vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4500-1
Priorities: medium
Description:
It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9862

Title: USN-4506-1: MCabber vulnerability
URL: https://ubuntu.com/security/notices/USN-4506-1
Priorities: medium
Description:
It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks. (CVE-2016-9928).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9928

Title: USN-4513-1: apng2gif vulnerability
URL: https://ubuntu.com/security/notices/USN-4513-1
Priorities: medium
Description:
Dileep Kumar Jallepalli discovered that apng2gif incorrectly handled loading APNG files. An attacker could exploit this with a crafted APNG file to access sensitive information. (CVE-2017-6960)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6960

Title: USN-4517-1: Email-Address-List vulnerability
URL: https://ubuntu.com/security/notices/USN-4517-1
Priorities: medium
Description:
It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. (CVE-2018-18898)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18898

Title: USN-4507-1: ncmpc vulnerability
URL: https://ubuntu.com/security/notices/USN-4507-1
Priorities: medium
Description:
It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service. (CVE-2018-9240)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9240

Title: USN-4499-1: MilkyTracker vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4499-1
Priorities: medium
Description:
It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14496
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14497

Title: USN-4504-1: OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4504-1
Priorities: low
Description:
Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1551
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1563
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1968

Title: USN-4498-1: Loofah vulnerability
URL: https://ubuntu.com/security/notices/USN-4498-1
Priorities: medium
Description:
It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. (CVE-2019-15587)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15587

Title: USN-4496-1: Apache XML-RPC vulnerability
URL: https://ubuntu.com/security/notices/USN-4496-1
Priorities: medium
Description:
It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-17570)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17570

Title: USN-4526-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4526-1
Priorities: low,medium
Description:
It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808)
It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19061
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19067
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19073
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19074
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9445
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12888
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14356
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16166

Title: USN-4527-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4527-1
Priorities: low,medium
Description:
It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054)
It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19073
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19074
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9445
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9453
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0067
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25212

Title: USN-4520-1: Exim SpamAssassin vulnerability
URL: https://ubuntu.com/security/notices/USN-4520-1
Priorities: medium
Description:
It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19920)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19920

Title: USN-4534-1: Perl DBI module vulnerability
URL: https://ubuntu.com/security/notices/USN-4534-1
Priorities: medium
Description:
It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20919

Title: USN-4535-1: RDFLib vulnerability
URL: https://ubuntu.com/security/notices/USN-4535-1
Priorities: medium
Description:
Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. (CVE-2019-7653)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7653

Title: USN-4528-1: Ceph vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4528-1
Priorities: medium
Description:
Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. (CVE-2020-10753)
Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12059
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1760

Title: USN-4518-1: xawtv vulnerability
URL: https://ubuntu.com/security/notices/USN-4518-1
Priorities: low
Description:
Matthias Gerstner discovered that xawtv incorrectly handled opening files. A local attacker could possibly use this issue to open and write to arbitrary files and escalate privileges. (CVE-2020-13696)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13696

Title: USN-4521-1: pam_tacplus vulnerability
URL: https://ubuntu.com/security/notices/USN-4521-1
Priorities: low
Description:
It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13881

Title: USN-4511-1: QEMU vulnerability
URL: https://ubuntu.com/security/notices/USN-4511-1
Priorities: medium
Description:
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14364

Title: USN-4503-1: Perl DBI module vulnerability
URL: https://ubuntu.com/security/notices/USN-4503-1
Priorities: medium
Description:
It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14392

Title: USN-4537-1: Aptdaemon vulnerability
URL: https://ubuntu.com/security/notices/USN-4537-1
Priorities: medium
Description:
Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15703

Title: USN-4519-1: PulseAudio vulnerability
URL: https://ubuntu.com/security/notices/USN-4519-1
Priorities: medium
Description:
Ratchanan Srirattanamet discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker could use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15710)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15710

Title: USN-4501-1: LuaJIT vulnerability
URL: https://ubuntu.com/security/notices/USN-4501-1
Priorities: low
Description:
It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2020-15890)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15890

Title: USN-4538-1: PackageKit vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4538-1
Priorities: low,medium
Description:
Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. (CVE-2020-16121)
Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16121
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16122

Title: USN-4514-1: libproxy vulnerability
URL: https://ubuntu.com/security/notices/USN-4514-1
Priorities: medium
Description:
It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25219

Title: USN-4508-1: StoreBackup vulnerability
URL: https://ubuntu.com/security/notices/USN-4508-1
Priorities: medium
Description:
It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7040

Title: USN-4515-1: Pure-FTPd vulnerability
URL: https://ubuntu.com/security/notices/USN-4515-1
Priorities: low
Description:
Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9274

621.84

Available in VMware Tanzu Network

Release Date: September 09, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4470-1: sane-backends vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4470-1
Priorities: low,medium
Description:
Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318)
It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6318
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12862
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12863
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12864
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12866
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12867

Title: USN-4485-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4485-1
Priorities: low,medium,negligible
Description:
Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19947
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10766
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10781
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12771
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15393
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24394

Title: USN-4476-1: NSS vulnerability
URL: https://ubuntu.com/security/notices/USN-4476-1
Priorities: medium
Description:
It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12403

Title: USN-4490-1: X.Org X Server vulnerability
URL: https://ubuntu.com/security/notices/USN-4490-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14345

Title: USN-4489-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-4489-1
Priorities: high
Description:
Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386

Title: USN-4471-1: Net-SNMP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4471-1
Priorities: medium
Description:
Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861)
It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15862

Title: USN-4482-1: Ark vulnerability
URL: https://ubuntu.com/security/notices/USN-4482-1
Priorities: medium
Description:
Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24654

621.82

Available in VMware Tanzu Network

Release Date: August 21, 2020

This release changes the way the Linux Google light stemcell works to reference a source image. It will lead to a decrease in the time it takes to upload the light stemcell. This change will also help mitigate the impact of the new GCP image creation rate limit which any user uploading more than 6 GCP stemcells an hour would hit.

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4459-1: Salt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4459-1
Priorities: medium
Description:
It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute abritrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17361
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11651
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11652

Title: USN-4463-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4463-1
Priorities: low
Description:
It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771)
Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12771
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15393

621.81

Available in VMware Tanzu Network

Release Date: August 19, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:

Title: USN-4427-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4427-1
Priorities: negligible,low,medium
Description:
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12380
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19947
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20908
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10766
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13974

Title: USN-4446-1: Squid vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4446-1
Priorities: medium
Description:
Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520)
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12520
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676

Title: USN-4426-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4426-1
Priorities: medium
Description:
Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908)
Fan Yang discovered that the mremap implementation in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20908
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10757
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15780

Title: USN-4432-1: GRUB 2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4432-1
Priorities: high,medium
Description:
Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)
Chris Coulson discovered that the GRUB2 function…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10713
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15705
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15706
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15707

Title: USN-4449-1: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4449-1
Priorities: medium
Description:
Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15701
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15702

Title: USN-4456-1: Dovecot vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4456-1
Priorities: medium
Description:
It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. (CVE-2020-12100)
It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote attacker could possibly use this issue to cause…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12100
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12673
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12674

Title: USN-4455-1: NSS vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4455-1
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12400
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12401
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6829

Title: USN-4448-1: Tomcat vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4448-1
Priorities: medium,low
Description:
It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. (CVE-2020-13935)
It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9484

Title: USN-4454-1: Samba vulnerability
URL: https://ubuntu.com/security/notices/USN-4454-1
Priorities: medium
Description:
Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14303

Title: USN-4441-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4441-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.31.
In addition to security fixes, the updated packages contain bug fixes, new features, and…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14539
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14540
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14550
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14559
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14575
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14576
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14586
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14591
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14597
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14619
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14620
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14624
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14631
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14632
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14633
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14634
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14651
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14663
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14680
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14697
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14702

Title: USN-4453-1: OpenJDK 8 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4453-1
Priorities: medium
Description:
Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556)
Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server’s X.509 certificates. An attacker could possibly use this issue to obtain sensitive…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14556
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14578
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14581
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14621

Title: USN-4443-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4443-1
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15652
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15653
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15658
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15659
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6514

Title: USN-4451-1: ppp vulnerability
URL: https://ubuntu.com/security/notices/USN-4451-1
Priorities: medium
Description:
Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15704

Title: USN-4447-1: libssh vulnerability
URL: https://ubuntu.com/security/notices/USN-4447-1
Priorities: medium
Description:
It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16135

621.78

Available in VMware Tanzu Network

Release Date: July 30, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4427-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4427-1
Priorities: low,medium,negligible
Description:
It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947)
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12380
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19947
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20908
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10766
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13974

Title: USN-4426-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4426-1
Priorities: medium
Description:
Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908)
Fan Yang discovered that the mremap implementation in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20908
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10757
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15780

Title: USN-4436-1: librsvg vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4436-1
Priorities: low
Description:
It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464)
It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20446

Title: USN-4435-1: ClamAV vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4435-1
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327)
It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3327
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3481

Title: USN-4434-1: LibVNCServer vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4434-1
Priorities: medium
Description:
Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839)
It was discovered that LibVNCServer did not properly access byte-aligned data. A remote…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20839
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14396
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14397
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14398
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14399
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14400
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14401
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14402
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14403
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14404
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14405

Title: USN-4431-1: FFmpeg vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4431-1
Priorities: low,medium
Description:
It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see: https://usn.ubuntu.com/usn/usn-3967-1 (CVE-2018-15822,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15822
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11338
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12730
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17539
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17542
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12284
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13904

Title: USN-4428-1: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4428-1
Priorities: low,medium
Description:
It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17514)
It was discovered that Python incorrectly handled certain TAR…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17514
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9674
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14422

Title: USN-4424-1: snapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4424-1
Priorities: medium
Description:
It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption….
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11933
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11934

Title: USN-4421-1: Thunderbird vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4421-1
Priorities: medium
Description:
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12398
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12399
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12405
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12406
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12410
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12417
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12418
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12419
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12420
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12421

Title: USN-4419-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4419-1
Priorities: low,medium
Description:
It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-10690)
Matthew Sheets discovered that the SELinux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10690
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12770
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8992

Title: USN-4414-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4414-1
Priorities: low,medium,negligible
Description:
It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089)
It was discovered that the btrfs file system implementation in the Linux kernel did not properly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12380
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16089
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19036
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19039
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19318
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19377
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12770
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13143

Title: USN-4416-1: GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4416-1
Priorities: low,medium
Description:
Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133)
It was discovered that the GNU C Library…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18269
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11236
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11237
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19591
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6485
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19126
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10029
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1752

Title: USN-4415-1: coTURN vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4415-1
Priorities: medium
Description:
Felix Dörre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-4067)
It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-4067
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6061
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6062

Title: USN-4408-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4408-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. (CVE-2020-12415, CVE-2020-12416, CVE-2020-12417,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12415
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12416
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12417
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12418
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12419
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12420
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12421
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12422
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12424
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12425
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12426

Title: USN-4409-1: Samba vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4409-1
Priorities: medium
Description:
Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730)
Douglas Bagnall discovered that Samba…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10730
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10760

Title: USN-4407-1: LibVNCServer vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4407-1
Priorities: low,medium
Description:
It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680)
It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18922
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15680
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15681
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15690
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20788

Title: USN-4403-1: Mutt vulnerability and regression
URL: https://ubuntu.com/security/notices/USN-4403-1
Priorities: medium
Description:
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954)
This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14954

Title: USN-4402-1: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4402-1
Priorities: medium
Description:
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters. An attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8177

621.77

Available in VMware Tanzu Network

Release Date: July 20, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4397-1: NSS vulnerabilities
URL: https://usn.ubuntu.com/4397-1/
Priorities: low,medium
Description:
It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023)
Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12399

Title: USN-4400-1: nfs-utils vulnerability
URL: https://usn.ubuntu.com/4400-1/
Priorities: low
Description:
It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3689

Title: USN-4396-1: libexif vulnerabilities
URL: https://usn.ubuntu.com/4396-1/
Priorities: low,medium
Description:
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-0093, CVE-2020-0182)
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. (CVE-2020-0198)
It was…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0093
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0182
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0198
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13112
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13113
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13114

Title: USN-4395-1: fwupd vulnerability
URL: https://usn.ubuntu.com/4395-1/
Priorities: medium
Description:
Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10759

Title: USN-4398-1: DBus vulnerability
URL: https://usn.ubuntu.com/4398-1/
Priorities: medium
Description:
Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12049

Title: USN-4401-1: Mutt vulnerabilities
URL: https://usn.ubuntu.com/4401-1/
Priorities: medium,low
Description:
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14093)
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the user rejects an expired intermediate…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14093
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14154

621.76

Available in VMware Tanzu Network

Release Date: June 17, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4385-1: Intel Microcode vulnerabilities
URL: https://usn.ubuntu.com/4385-1/
Priorities: medium
Description:
It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information….
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0543
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0548
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0549

Title: LSN-0068-1: Kernel Live Patch Security Notice
URL: https://usn.ubuntu.com/lsn/0068-1/
Priorities: medium
Description:
Several security issues were fixed in the kernel.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0543
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8647
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8648
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11494
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12114

Title: USN-4386-1: libjpeg-turbo vulnerability
URL: https://usn.ubuntu.com/4386-1/
Priorities: medium
Description:
It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13790

Known Issue:

If you use the NSX-T Container Plugin (NCP) tile v3.0.1 or earlier, do not upgrade to stemcell 621.76. 621.76 is not compatible with the NCP tile v3.0.1 and causes the openvswitch job to fail when you deploy. Please upgrade the NCP tile to 3.0.2 before updating to stemcell 621.76 or newer.

621.75

Available in VMware Tanzu Network

Release Date: June 09, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4358-1: libexif vulnerabilities
URL: https://usn.ubuntu.com/4358-1/
Priorities: low,medium
Description:
It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030)
It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20030
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12767

Title: USN-4351-1: Linux firmware vulnerability
URL: https://usn.ubuntu.com/4351-1/
Priorities: medium
Description:
Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5383

Title: USN-4364-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4364-1/
Priorities: low,medium
Description:
It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)
It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10942
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11494
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11565
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11608
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11609
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11668

Title: USN-4354-1: Mailman vulnerability
URL: https://usn.ubuntu.com/4354-1/
Priorities: medium
Description:
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12108

Title: USN-4352-1: OpenLDAP vulnerability
URL: https://usn.ubuntu.com/4352-1/
Priorities: medium
Description:
It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12243

Title: USN-4353-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4353-1/
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12392
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12394
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12395
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12396
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6831

Title: USN-4360-1: json-c vulnerability
URL: https://usn.ubuntu.com/4360-1/
Priorities: medium
Description:
It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12762

Title: USN-4350-1: MySQL vulnerabilities
URL: https://usn.ubuntu.com/4350-1/
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30.
In addition to security fixes, the updated packages contain bug fixes,…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2759
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2760
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2762
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2763
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2765
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2780
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2804
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2892
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2893
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2898
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2903
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2904
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2921
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2922
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2928
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2930

Title: USN-4359-1: APT vulnerability
URL: https://usn.ubuntu.com/4359-1/
Priorities: medium
Description:
It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3810

Title: USN-4365-1: Bind vulnerabilities
URL: https://usn.ubuntu.com/4365-1/
Priorities: medium
Description:
Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616)
Tobias Klein discovered that Bind incorrectly handled…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8617

Title: LSN-0066-1: Kernel Live Patch Security Notice
URL: https://usn.ubuntu.com/lsn/0066-1/
Priorities: medium
Description:
Several security issues were fixed in the Linux kernel.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8647
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8648
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8649

621.74

Available in VMware Tanzu Network

Release Date: May 12, 2020

Metadata:

BOSH Agent Version: 2.268.16

USNs:


Title: USN-4339-1: OpenEXR vulnerabilities
URL: https://usn.ubuntu.com/4339-1/
Priorities: low,medium
Description:
Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115)
Tan Jie…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9111
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9113
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9115
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18444
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11758
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11759
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11760
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11761
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11762
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11763
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11764
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11765

Title: USN-4348-1: Mailman vulnerabilities
URL: https://usn.ubuntu.com/4348-1/
Priorities: low,medium
Description:
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618)
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796)
It was discovered…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0618
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12137

Title: USN-4349-1: EDK II vulnerabilities
URL: https://usn.ubuntu.com/4349-1/
Priorities: medium,low
Description:
A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178)
A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12178
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12180
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12181
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14558
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14559
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14563
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14575
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14586
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14587

Title: USN-4346-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4346-1/
Priorities: low,medium
Description:
It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16234
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8648
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9383

Title: USN-4345-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4345-1/
Priorities: low,medium,high
Description:
Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884)
It was discovered that the Intel Wi-Fi driver in the Linux kernel did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16234
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10942
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11608
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11609
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11668
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11884
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8648
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9383

Title: USN-4340-1: CUPS vulnerabilities
URL: https://usn.ubuntu.com/4340-1/
Priorities: low,medium
Description:
It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228)
Stephan Zeisberg discovered that…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3898

Title: USN-4341-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4341-1/
Priorities: medium
Description:
Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700)
It was discovered that Samba incorrectly handled certain LDAP…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10704

621.71

Available in VMware Tanzu Network

Release Date: April 23, 2020

Metadata:

BOSH Agent Version: 2.268.15

USNs:


Title: USN-4333-1: Python vulnerabilities
URL: https://usn.ubuntu.com/4333-1/
Priorities: medium,low
Description:
It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348)
It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8492

Title: USN-4334-1: Git vulnerability
URL: https://usn.ubuntu.com/4334-1/
Priorities: medium
Description:
Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11008

Title: USN-4332-1: File Roller vulnerability
URL: https://usn.ubuntu.com/4332-1/
Priorities: medium
Description:
It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11736

621.69

Available in VMware Tanzu Network

Release Date: April 21, 2020

Metadata:

BOSH Agent Version: 2.268.15

USNs:


Title: USN-4326-1: libiberty vulnerabilities
URL: https://usn.ubuntu.com/4326-1/
Priorities: low,medium
Description:
It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12697
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12698
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12934
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17794
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17985
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18484
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18701
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9138
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9071

Title: USN-4323-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4323-1/
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822, CVE-2020-6824, CVE-2020-6825, CVE-2020-6826)
It was discovered that…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6821
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6822
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6823
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6824
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6825
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6826

Title: USN-4320-1: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4320-1/
Priorities: medium
Description:
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8428

Title: USN-4318-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4318-1/
Priorities: medium,low
Description:
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428)
Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8428
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8834
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8992

Title: USN-4324-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4324-1/
Priorities: medium,low
Description:
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428)
Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8428
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8992

621.64

Available in VMware Tanzu Network

Release Date: April 06, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:


Title: USN-4311-1: BlueZ vulnerabilities
URL: https://usn.ubuntu.com/4311-1/
Priorities: low,medium
Description:
It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556)
It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7837
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0556

Title: USN-4316-1: GD Graphics Library vulnerabilities
URL: https://usn.ubuntu.com/4316-1/
Priorities: low
Description:
It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553)
It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11038

Title: USN-4134-3: IBus vulnerability
URL: https://usn.ubuntu.com/4134-3/
Priorities: medium
Description:
USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability.
We apologize for the inconvenience.
Original advisory details:
Simon McVittie discovered that IBus did…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14822

Title: USN-4314-1: pam-krb5 vulnerability
URL: https://usn.ubuntu.com/4314-1/
Priorities: medium
Description:
Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10595

Title: USN-4317-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4317-1/
Priorities: high
Description:
Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6819
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6820

Title: USN-4315-1: Apport vulnerabilities
URL: https://usn.ubuntu.com/4315-1/
Priorities: high,medium
Description:
Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831)
Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8833

621.61

Available in VMware Tanzu Network

Release Date: March 24, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:


Title: USN-4298-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4298-1/
Priorities: medium,low
Description:
It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)
It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327

Title: USN-4299-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4299-1/
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6806
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6807
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6809
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6811
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6812
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6814
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6815

Title: USN-4296-1: Django vulnerability
URL: https://usn.ubuntu.com/4296-1/
Priorities: medium
Description:
Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9402

621.59

Available in VMware Tanzu Network

Release Date: March 03, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:


Title: USN-4279-2: PHP regression
URL: https://usn.ubuntu.com/4279-2/
Priorities: low
Description:
USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9253

Title: USN-4290-1: libpam-radius-auth vulnerability
URL: https://usn.ubuntu.com/4290-1/
Priorities: medium
Description:
It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9542

Title: USN-4292-1: rsync vulnerabilities
URL: https://usn.ubuntu.com/4292-1/
Priorities: low
Description:
It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4289-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4289-1/
Priorities: medium
Description:
Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528)
Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12528
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8517

Title: USN-4293-1: libarchive vulnerabilities
URL: https://usn.ubuntu.com/4293-1/
Priorities: low,medium
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221)
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9308

Title: USN-4278-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4278-2/
Priorities: medium
Description:
USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6796
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6798
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6800
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6801

Title: USN-4288-1: ppp vulnerability
URL: https://usn.ubuntu.com/4288-1/
Priorities: medium
Description:
It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8597

621.57

Available in VMware Tanzu Network

Release Date: February 19, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:


Title: USN-4277-1: libexif vulnerabilities
URL: https://usn.ubuntu.com/4277-1/
Priorities: low,medium
Description:
Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328)
Lili Xu and Bingchang Liu discovered that libexif incorrectly handled…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7544
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9278

Title: USN-4275-1: Qt vulnerabilities
URL: https://usn.ubuntu.com/4275-1/
Priorities: low,medium
Description:
It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872)
It was discovered that Qt incorrectly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18281
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0570

Title: USN-4272-1: Pillow vulnerabilities
URL: https://usn.ubuntu.com/4272-1/
Priorities: low,medium
Description:
It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911)
It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312)
It was discovered that…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19911
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5312
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5313

Title: USN-4273-1: ReportLab vulnerability
URL: https://usn.ubuntu.com/4273-1/
Priorities: medium
Description:
It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17626

Title: USN-4274-1: libxml2 vulnerabilities
URL: https://usn.ubuntu.com/4274-1/
Priorities: low,medium
Description:
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595

621.55

Available in VMware Tanzu Network

Release Date: February 06, 2020

Metadata:

BOSH Agent Version: 2.268.12

USNs:


Title: USN-4259-1: Apache Solr vulnerability
URL: https://usn.ubuntu.com/4259-1/
Priorities: high
Description:
Michael Stepankin and Olga Barinova discovered that Apache Solr was vulnerable to an XXE attack. An attacker could use this vulnerability to remotely execute code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12629

Title: USN-4252-1: tcpdump vulnerabilities
URL: https://usn.ubuntu.com/4252-1/
Priorities: low,medium
Description:
Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16808
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19519
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167

Title: USN-4254-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4254-1/
Priorities: medium,negligible,low
Description:
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15291
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18885
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19057
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19062
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Title: USN-4255-2: Linux kernel (HWE) vulnerabilities
URL: https://usn.ubuntu.com/4255-2/
Priorities: medium
Description:
USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7053

Title: USN-4263-1: Sudo vulnerability
URL: https://usn.ubuntu.com/4263-1/
Priorities: low
Description:
Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18634

Title: USN-4256-1: Cyrus SASL vulnerability
URL: https://usn.ubuntu.com/4256-1/
Priorities: medium
Description:
It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19906

Title: USN-4265-1: SpamAssassin vulnerabilities
URL: https://usn.ubuntu.com/4265-1/
Priorities: medium
Description:
It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1931

Title: USN-4250-1: MySQL vulnerabilities
URL: https://usn.ubuntu.com/4250-1/
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2570
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2572
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2574
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2577
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2579
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2584
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2588
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2589
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2627
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2679
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2686
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2694

Title: USN-4257-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4257-1/
Priorities: low,medium
Description:
It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583)
It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2583
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2590
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2593
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2601
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2604
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2654
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-2659

621.51

Available in VMware Tanzu Network

Release Date: January 24, 2020

Bug Fixes


* Addresses https://github.com/cloudfoundry/bosh/issues/2223 - prevent AWS from overriding search domains

Metadata:

BOSH Agent Version: 2.268.11

USNs:


Title: USN-4246-1: zlib vulnerabilities
URL: https://usn.ubuntu.com/4246-1/
Priorities: low
Description:
It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4248-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4248-1/
Priorities: medium
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4244-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4244-1/
Priorities: low,medium
Description:
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities
URL: https://usn.ubuntu.com/4247-1/
Priorities: medium
Description:
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted repositories, contrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4249-1: e2fsprogs vulnerability
URL: https://usn.ubuntu.com/4249-1/
Priorities: medium
Description:
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4245-1: PySAML2 vulnerability
URL: https://usn.ubuntu.com/4245-1/
Priorities: medium
Description:
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

621.50

Available in VMware Tanzu Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.268.10

USNs:


Title: USN-4232-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4232-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities
URL: https://usn.ubuntu.com/4237-1/
Priorities: medium
Description:
It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805)
It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities
URL: https://usn.ubuntu.com/4238-1/
Priorities: medium,low
Description:
It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability
URL: https://usn.ubuntu.com/4240-1/
Priorities: high
Description:
It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities
URL: https://usn.ubuntu.com/4239-1/
Priorities: low
Description:
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability
URL: https://usn.ubuntu.com/4236-2/
Priorities: medium
Description:
USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4227-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4228-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability
URL: https://usn.ubuntu.com/4230-1/
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability
URL: https://usn.ubuntu.com/4231-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4234-1/
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability
URL: https://usn.ubuntu.com/4235-1/
Priorities: medium
Description:
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

621.41

Available in VMware Tanzu Network

Release Date: February 04, 2020

BOSH Agent version: 2.268.9
USNs:

Title: USN-4222-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4222-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11638
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12935
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12936
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12937
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13063
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13064
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13737
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13775
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13776
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13777

Title: USN-4216-2: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4216-2/
Priorities: medium
Description:
USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17005
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17014

Title: USN-4220-1: Git vulnerabilities
URL: https://usn.ubuntu.com/4220-1/
Priorities: medium,low
Description:
Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1348
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1349
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1350
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1351
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1353
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1354
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1387
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19604

Title: USN-4217-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4217-1/
Priorities: medium
Description:
Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861)
Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14870

Title: USN-4219-1: libssh vulnerability
URL: https://usn.ubuntu.com/4219-1/
Priorities: medium
Description:
It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14889

Title: USN-4221-1: libpcap vulnerability
URL: https://usn.ubuntu.com/4221-1/
Priorities: medium
Description:
It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15165

Title: USN-4214-2: RabbitMQ vulnerability
URL: https://usn.ubuntu.com/4214-2/
Priorities: medium
Description:
USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18609

Title: USN-4224-1: Django vulnerability
URL: https://usn.ubuntu.com/4224-1/
Priorities: high
Description:
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19844

Title: USN-4223-1: OpenJDK vulnerabilities
URL: https://usn.ubuntu.com/4223-1/
Priorities: medium
Description:
Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894)
It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2894
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2949
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2973
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2983
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2987
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2988
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2989
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2992
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2999

621.29

Available in VMware Tanzu Network

Release Date: December 10, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description:
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)
Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description:
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description:
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description:
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description:
Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

621.26

Release Date: November 26, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description:
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

621.23

Release Date: November 18, 2019

BOSH Agent version: 2.268.6
USNs:

Title: USN-4186-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4186-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2215

Title: USN-4185-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4185-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12207
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15098
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17053
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17054
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17055
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666

Title: USN-4190-1: libjpeg-turbo vulnerabilities
URL: https://usn.ubuntu.com/4190-1/
Priorities: low,medium
Description:
It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498)
It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19664
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-2201

Title: USN-4185-3: Linux kernel vulnerability and regression
URL: https://usn.ubuntu.com/4185-3/
Priorities: high
Description:
USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4186-3: Linux kernel vulnerability
URL: https://usn.ubuntu.com/4186-3/
Priorities: high
Description:
USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0155

Title: USN-4182-1: Intel Microcode update
URL: https://usn.ubuntu.com/4182-1/
Priorities: high,medium
Description:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11139

Title: USN-4191-1: QEMU vulnerabilities
URL: https://usn.ubuntu.com/4191-1/
Priorities: low
Description:
It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068)
Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13164
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14378
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15890

Title: USN-4192-1: ImageMagick vulnerabilities
URL: https://usn.ubuntu.com/4192-1/
Priorities: low,negligible,medium
Description:
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12975
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12976
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12979
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13135
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13137
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13295
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13297
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13304
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13305
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13306
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13308
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13310
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13311
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13391
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14981
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15140
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16708
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16711
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16713

621.12

Release Date: November 12, 2019

BOSH Agent version: 2.268.5
USNs:

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description:
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description:
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description:
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

621.5

Release Date: October 31, 2019

New stemcell line!

* rev the stemcell_api_version to 3 for upcoming signed url feature - https://www.pivotaltracker.com/epic/show/4392899
* blacklist nouveau kernel module (#96)



BOSH Agent version: 2.268.3

456.x

This section includes release notes for the 456.x line of Linux stemcells used with Ops Manager.

456.274

Available in VMware Tanzu Network

Release Date: June 17, 2022

Metadata:

BOSH Agent Version: 2.234.66

USNs:


Title: USN-5477-1: ncurses vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5477-1
Priorities: negligible,low
Description:
Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)

Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)

It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)

It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)

It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)

It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)
CVEs:
- https://ubuntu.com/security/CVE-2017-16879
- https://ubuntu.com/security/CVE-2018-19211
- https://ubuntu.com/security/CVE-2019-17594
- https://ubuntu.com/security/CVE-2019-17595
- https://ubuntu.com/security/CVE-2021-39537
- https://ubuntu.com/security/CVE-2022-29458
- https://ubuntu.com/security/CVE-2017-16879
- https://ubuntu.com/security/CVE-2018-19211
- https://ubuntu.com/security/CVE-2019-17595
- https://ubuntu.com/security/CVE-2019-17594
- https://ubuntu.com/security/CVE-2022-29458
- https://ubuntu.com/security/CVE-2021-39537

Title: LSN-0087-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0087-1
Priorities: high,medium
Description:
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1966)

Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)
CVEs:
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-1972
- https://ubuntu.com/security/CVE-2022-1972
- https://ubuntu.com/security/CVE-2022-1966

456.273

Available in VMware Tanzu Network

Release Date: June 14, 2022

Metadata:

BOSH Agent Version: 2.234.66

USNs:


Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5458-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5458-1
Priorities: low,medium
Description:
It was discovered that Vim was incorrectly handling virtual column
position operations, which could result in an out-of-bounds read. An
attacker could possibly use this issue to expose sensitive
information. (CVE-2021-4193)

It was discovered that Vim was not properly performing bounds checks
when updating windows present on a screen, which could result in a
heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2022-0213)

It was discovered that Vim was incorrectly handling window
exchanging operations when in Visual mode, which could result in an
out-of-bounds read. An attacker could possibly use this issue to
expose sensitive information. (CVE-2022-0319)

It was discovered that Vim was incorrectly handling recursion when
parsing conditional expressions. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2022-0351)

It was discovered that Vim was not properly handling memory
allocation when processing data in Ex mode, which could result in a
heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code.
(CVE-2022-0359)

It was discovered that Vim was not properly performing bounds checks
when executing line operations in Visual mode, which could result in
a heap buffer overflow. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code.
(CVE-2022-0361, CVE-2022-0368)

It was discovered that Vim was not properly handling loop conditions
when looking for spell suggestions, which could result in a stack
buffer overflow. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2022-0408)

It was discovered that Vim was incorrectly handling memory access
when executing buffer operations, which could result in the usage of
freed memory. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-0443)
CVEs:
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0408
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2022-0361
- https://ubuntu.com/security/CVE-2021-4193
- https://ubuntu.com/security/CVE-2022-0359
- https://ubuntu.com/security/CVE-2022-0319
- https://ubuntu.com/security/CVE-2022-0443
- https://ubuntu.com/security/CVE-2022-0368
- https://ubuntu.com/security/CVE-2022-0213
- https://ubuntu.com/security/CVE-2022-0351
- https://ubuntu.com/security/CVE-2022-0408

Title: USN-5464-1: e2fsprogs vulnerability
URL: https://ubuntu.com/security/notices/USN-5464-1
Priorities: medium
Description:
Nils Bars discovered that e2fsprogs incorrectly handled certain file
systems. A local attacker could use this issue with a crafted file
system image to possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-1304

Title: USN-5466-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5466-1
Priorities: high,low,medium
Description:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle locking in certain error conditions. A local
attacker could use this to cause a denial of service (kernel deadlock).
(CVE-2021-4149)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the virtual graphics memory manager implementation
in the Linux kernel was subject to a race condition, potentially leading to
an information leak. (CVE-2022-1419)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not
properly perform reference counting in some error conditions. A local
attacker could use this to cause a denial of service. (CVE-2022-28356)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2021-3772
- https://ubuntu.com/security/CVE-2021-4149
- https://ubuntu.com/security/CVE-2022-1016
- https://ubuntu.com/security/CVE-2022-1419
- https://ubuntu.com/security/CVE-2022-28356
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1016
- https://ubuntu.com/security/CVE-2021-4149
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-3772
- https://ubuntu.com/security/CVE-2022-28356
- https://ubuntu.com/security/CVE-2022-1419

Title: USN-5465-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5465-1
Priorities: high,medium
Description:
It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did
not properly handle the removal of stateful expressions in some situations,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1966)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1966
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-30594

Title: USN-5454-2: CUPS vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5454-2
Priorities: medium,low
Description:
USN-5454-1 fixed several vulnerabilities in CUPS. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Joshua Mason discovered that CUPS incorrectly handled the secret key used
to access the administrative web interface. A remote attacker could
possibly use this issue to open a session as an administrator and execute
arbitrary code. (CVE-2022-26691)

It was discovered that CUPS incorrectly handled certain memory operations
when handling IPP printing. A remote attacker could possibly use this issue
to cause CUPS to crash, leading to a denial of service, or obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2019-8842, CVE-2020-10001)
CVEs:
- https://ubuntu.com/security/CVE-2022-26691
- https://ubuntu.com/security/CVE-2019-8842
- https://ubuntu.com/security/CVE-2020-10001
- https://ubuntu.com/security/CVE-2022-26691
- https://ubuntu.com/security/CVE-2020-10001
- https://ubuntu.com/security/CVE-2019-8842

Title: USN-5456-1: ImageMagick vulnerability
URL: https://ubuntu.com/security/notices/USN-5456-1
Priorities: medium
Description:
It was discovered that ImageMagick incorrectly handled memory under
certain circumstances. If a user were tricked into opening a specially
crafted image, an attacker could possibly exploit this issue to cause a
denial of service or other unspecified impact.
CVEs:
- https://ubuntu.com/security/CVE-2022-28463

Title: USN-5462-2: Ruby vulnerability
URL: https://ubuntu.com/security/notices/USN-5462-2
Priorities: low
Description:
USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2022-28739
- https://ubuntu.com/security/CVE-2022-28739

456.269

Available in VMware Tanzu Network

Release Date: June 02, 2022

Metadata:

BOSH Agent Version: 2.234.64

USNs:


Title: USN-5449-1: libXv vulnerability
URL: https://ubuntu.com/security/notices/USN-5449-1
Priorities: low
Description:
It was discovered that libXv incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-5407

Title: USN-5437-1: libXfixes vulnerability
URL: https://ubuntu.com/security/notices/USN-5437-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-7944

Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5452-1: NTFS-3G vulnerability
URL: https://ubuntu.com/security/notices/USN-5452-1
Priorities: low
Description:
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-46790

Title: USN-5402-2: OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5402-2
Priorities: medium,low
Description:
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
CVEs:
- https://ubuntu.com/security/CVE-2022-1292
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1292

Title: USN-5404-2: Rsyslog vulnerability
URL: https://ubuntu.com/security/notices/USN-5404-2
Priorities: medium
Description:
USN-5404-1 addressed a vulnerability in Rsyslog. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Pieter Agten discovered that Rsyslog incorrectly handled certain requests.
An attacker could possibly use this issue to cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2022-24903

Title: USN-5453-1: FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-5453-1
Priorities: low
Description:
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-27406

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

456.267

Available in VMware Tanzu Network

Release Date: May 25, 2022

Metadata:

BOSH Agent Version: 2.234.63

USNs:


Title: USN-5428-1: libXrandr vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5428-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXrandr incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7947, CVE-2016-7948)
CVEs:
- https://ubuntu.com/security/CVE-2016-7947
- https://ubuntu.com/security/CVE-2016-7948
- https://ubuntu.com/security/CVE-2016-7947
- https://ubuntu.com/security/CVE-2016-7948

Title: USN-5436-1: libXrender vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5436-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXrender incorrectly handled certain
responses. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
(CVE-2016-7949, CVE-2016-7950)
CVEs:
- https://ubuntu.com/security/CVE-2016-7949
- https://ubuntu.com/security/CVE-2016-7950
- https://ubuntu.com/security/CVE-2016-7950
- https://ubuntu.com/security/CVE-2016-7949

Title: USN-5432-1: libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5432-1
Priorities: low
Description:
It was discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2017-12652)

Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possible execute
arbitrary code. (CVE-2018-14048)
CVEs:
- https://ubuntu.com/security/CVE-2017-12652
- https://ubuntu.com/security/CVE-2018-14048
- https://ubuntu.com/security/CVE-2017-12652
- https://ubuntu.com/security/CVE-2018-14048

Title: USN-5425-1: PCRE vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5425-1
Priorities: low,negligible
Description:
Yunho Kim discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to expose sensitive
information. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838)

It was discovered that PCRE incorrectly handled memory when
handling certain regular expressions. An attacker could possibly use
this issue to cause applications using PCRE to have unexpected
behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155)
CVEs:
- https://ubuntu.com/security/CVE-2019-20838
- https://ubuntu.com/security/CVE-2020-14155
- https://ubuntu.com/security/CVE-2020-14155
- https://ubuntu.com/security/CVE-2019-20838

Title: USN-5421-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5421-1
Priorities: negligible,low,medium
Description:
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)

Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)

It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865)
CVEs:
- https://ubuntu.com/security/CVE-2020-35522
- https://ubuntu.com/security/CVE-2022-0561
- https://ubuntu.com/security/CVE-2022-0562
- https://ubuntu.com/security/CVE-2022-0891
- https://ubuntu.com/security/CVE-2022-0865
- https://ubuntu.com/security/CVE-2022-0891
- https://ubuntu.com/security/CVE-2022-0562
- https://ubuntu.com/security/CVE-2022-0561
- https://ubuntu.com/security/CVE-2020-35522
- https://ubuntu.com/security/CVE-2022-0865

Title: USN-5423-2: ClamAV vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5423-2
Priorities: low,medium
Description:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.


Original advisory details:

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files.
A remote attacker could possibly use this issue to cause ClamAV to stop
responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF
files. A remote attacker could possibly use this issue to cause ClamAV to
stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML
files. A remote attacker could possibly use this issue to cause ClamAV to
consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the
signature database. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly
handled the scan verdict cache check. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service, or
possibly execute arbitrary code.(CVE-2022-20796)
CVEs:
- https://ubuntu.com/security/CVE-2022-20770
- https://ubuntu.com/security/CVE-2022-20771
- https://ubuntu.com/security/CVE-2022-20785
- https://ubuntu.com/security/CVE-2022-20792
- https://ubuntu.com/security/CVE-2022-20796
- https://ubuntu.com/security/CVE-2022-20771
- https://ubuntu.com/security/CVE-2022-20796
- https://ubuntu.com/security/CVE-2022-20785
- https://ubuntu.com/security/CVE-2022-20792
- https://ubuntu.com/security/CVE-2022-20770

Title: USN-5424-2: OpenLDAP vulnerability
URL: https://ubuntu.com/security/notices/USN-5424-2
Priorities: medium
Description:
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
CVEs:
- https://ubuntu.com/security/CVE-2022-29155

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

456.265

Available in VMware Tanzu Network

Release Date: May 17, 2022

Metadata:

BOSH Agent Version: 2.234.62

USNs:


Title: USN-5398-1: Simple DirectMedia Layer vulnerability
URL: https://ubuntu.com/security/notices/USN-5398-1
Priorities:
Description:
It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:


Title: USN-5407-1: Cairo vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5407-1
Priorities: low
Description:
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)

Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
CVEs:
- https://ubuntu.com/security/CVE-2016-9082
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2016-9082

Title: USN-5389-1: Libcroco vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5389-1
Priorities: low
Description:
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
CVEs:
- https://ubuntu.com/security/CVE-2017-7960
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2017-7960

Title: USN-5405-1: jbig2dec vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5405-1
Priorities: low
Description:
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)

It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
CVEs:
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268

Title: USN-5259-3: Cron regression
URL: https://ubuntu.com/security/notices/USN-5259-3
Priorities: low
Description:
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5413-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5413-1
Priorities: low,medium
Description:
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)

It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-39713)

It was discovered that the Parallel NFS (pNFS) implementation in the Linux
kernel did not properly perform bounds checking in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-4157)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2020-27820
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2020-27820

Title: USN-5179-2: BusyBox vulnerability
URL: https://ubuntu.com/security/notices/USN-5179-2
Priorities: low
Description:
USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)
CVEs:
- https://ubuntu.com/security/CVE-2021-28831
- https://ubuntu.com/security/CVE-2021-28831

Title: USN-5392-1: Mutt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5392-1
Priorities: low,medium
Description:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055)

It was discovered that Mutt incorrectly handled certain input.
An attacker could possibly use this issue to cause a crash,
or expose sensitive information. (CVE-2022-1328)
CVEs:
- https://ubuntu.com/security/CVE-2021-32055
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2021-32055

Title: USN-5391-1: libsepol vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5391-1
Priorities: low
Description:
Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)
CVEs:
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36087
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36087

Title: USN-5409-1: libsndfile vulnerability
URL: https://ubuntu.com/security/notices/USN-5409-1
Priorities: low
Description:
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2021-4156

Title: USN-5385-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5385-1
Priorities: medium,low,negligible
Description:
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
CVEs:
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617

Title: USN-5400-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5400-2
Priorities: medium
Description:
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21417
- https://ubuntu.com/security/CVE-2022-21451
- https://ubuntu.com/security/CVE-2022-21460
- https://ubuntu.com/security/CVE-2022-21444
- https://ubuntu.com/security/CVE-2022-21454
- https://ubuntu.com/security/CVE-2022-21427

Title: USN-5354-2: Twisted vulnerability
URL: https://ubuntu.com/security/notices/USN-5354-2
Priorities: medium
Description:
USN-5354-1 fixed vulnerabilities in Twisted. This update provides the
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
CVEs:
- https://ubuntu.com/security/CVE-2022-21716
- https://ubuntu.com/security/CVE-2022-21716

456.261

Available in VMware Tanzu Network

Release Date: April 21, 2022

Notice:

The kernel patches included in 456.252 are now in the main kernel repository and have been included in this release.

Metadata:

BOSH Agent Version: 2.234.58

USNs:


Title: USN-5371-1: nginx vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5371-1
Priorities: medium,low
Description:
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)

It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)

It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
CVEs:
- https://ubuntu.com/security/CVE-2020-11724
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-36309
- https://ubuntu.com/security/CVE-2021-3618
- https://ubuntu.com/security/CVE-2020-11724

Title: USN-5373-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5373-2
Priorities: high,medium
Description:
USN-5373-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain certain column
aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A
remote attacker could possibly use this issue to perform an SQL injection
attack. (CVE-2022-28346)

It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. (CVE-2021-32052)
CVEs:
- https://ubuntu.com/security/CVE-2022-28346
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2021-32052
- https://ubuntu.com/security/CVE-2022-28346

456.252

Available in VMware Tanzu Network

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 456.244. We have tested this patched kernel against the problems seen in 456.244 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.234.54

USNs:


Title: USN-5322-1: Subversion vulnerability
URL: https://ubuntu.com/security/notices/USN-5322-1
Priorities: medium
Description:
Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-17525

Title: USN-5328-2: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-5328-2
Priorities: high
Description:
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-0778

Title: USN-5320-1: Expat vulnerabilities and regression
URL: https://ubuntu.com/security/notices/USN-5320-1
Priorities: high,medium
Description:
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)

Original advisory details:

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
CVEs:
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25313
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25313

Title: USN-5334-1: man-db vulnerability
URL: https://ubuntu.com/security/notices/USN-5334-1
Priorities: low
Description:
It was discovered that man-db incorrectly handled permission changing
operations in its daily cron job, and was therefore affected by a race
condition. An attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2015-1336

Title: USN-5331-1: tcpdump vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5331-1
Priorities: low
Description:
It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)
CVEs:
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037

Title: USN-5325-1: Zsh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5325-1
Priorities: low
Description:
Sam Foxman discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to regain dropped privileges.
(CVE-2019-20044)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-45444)
CVEs:
- https://ubuntu.com/security/CVE-2019-20044
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2019-20044

Title: USN-5329-1: tar vulnerability
URL: https://ubuntu.com/security/notices/USN-5329-1
Priorities: low
Description:
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-20193

Title: USN-5332-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5332-2
Priorities: medium
Description:
USN-5332-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
CVEs:
- https://ubuntu.com/security/CVE-2021-25220
- https://ubuntu.com/security/CVE-2021-25220

Title: USN-5343-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5343-1
Priorities: high,low,medium,negligible
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)

It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)

It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Asaf Modelevsky discovered that the Intel® Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)

It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)

It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-29650
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-29650

Title: USN-5339-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5339-1
Priorities: high,medium,low
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

It was discovered that the ARM Trusted Execution Environment (TEE)
subsystem in the Linux kernel contained a race condition leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service or possibly execute arbitrary code. (CVE-2021-44733)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095

456.244

Release Date: March 09, 2022

Known Iissues

456.239

Available in VMware Tanzu Network

Release Date: February 21, 2022

Metadata:

BOSH Agent Version: 2.234.49

USNs:


Title: USN-5264-1: Graphviz vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5264-1
Priorities: low,medium
Description:
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)
CVEs:
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2019-11023
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2019-11023

Title: USN-5262-1: GPT fdisk vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5262-1
Priorities: low
Description:
The potential for an out of bounds write due to a missing bounds
check was discovered to impact the sgdisk utility of GPT fdisk.
Exploitation requires the use of a maliciously formatted storage
device and could cause sgdisk to crash as well as possibly
allow for local privilege escalation.
CVEs:
- https://ubuntu.com/security/CVE-2020-0256
- https://ubuntu.com/security/CVE-2021-0308

Title: USN-5280-1: Speex vulnerability
URL: https://ubuntu.com/security/notices/USN-5280-1
Priorities: medium
Description:
It was discovered that Speex incorrectly handled certain WAV files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-23903

Title: USN-5292-3: snapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5292-3
Priorities: medium,high
Description:
USN-5292-1 fixed several vulnerabilities in snapd. This update provides the
corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731

Title: USN-5275-1: BlueZ vulnerability
URL: https://ubuntu.com/security/notices/USN-5275-1
Priorities: medium
Description:
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations
in its gatt server. A remote attacker could possibly use this to cause BlueZ to
crash leading to a denial of service, or potentially remotely execute code.
(CVE-2022-0204)
CVEs:
- https://ubuntu.com/security/CVE-2022-0204
- https://ubuntu.com/security/CVE-2022-0204

Title: USN-5269-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5269-2
Priorities: medium
Description:
USN-5269-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Keryn Knight discovered that Django incorrectly handled certain template
tags. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2022-22818)

Alan Ryan discovered that Django incorrectly handled file uploads. A remote
attacker could possibly use this issue to cause Django to hang, resulting
in a denial of service. (CVE-2022-23833)
CVEs:
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833

456.236

Available in VMware Tanzu Network

Release Date: February 10, 2022

Metadata:

BOSH Agent Version: 2.234.47

USNs:


Title: USN-5254-1: shadow vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5254-1
Priorities: low
Description:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
CVEs:
- https://ubuntu.com/security/CVE-2017-12424
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2017-12424

Title: USN-5259-1: Cron vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5259-1
Priorities: low
Description:
It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5234-1: Byobu vulnerability
URL: https://ubuntu.com/security/notices/USN-5234-1
Priorities: low
Description:
Sander Bos discovered that Byobu incorrectly handled certain Apport data.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2019-7306

Title: USN-5244-1: DBus vulnerability
URL: https://ubuntu.com/security/notices/USN-5244-1
Priorities: low
Description:
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-35512

Title: USN-5268-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5268-1
Priorities: medium
Description:
Keyu Man discovered that the ICMP implementation in the Linux kernel did
not properly handle received ICMP error packets. A remote attacker could
use this to facilitate attacks on UDP based services that depend on source
port randomization. (CVE-2021-20322)

It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)

Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)

Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
CVEs:
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-42739
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-42739

Title: USN-5021-2: curl vulnerability
URL: https://ubuntu.com/security/notices/USN-5021-2
Priorities: low,medium
Description:
USN-5021-1 fixed vulnerabilities in curl. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled
TELNET connections when the -t option was used on the command line.
Uninitialized data possibly containing sensitive information could be sent
to the remote server, contrary to expectations. (CVE-2021-22898,
CVE-2021-22925)
CVEs:
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925

Title: USN-5064-2: GNU cpio vulnerability
URL: https://ubuntu.com/security/notices/USN-5064-2
Priorities: medium
Description:
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://ubuntu.com/security/CVE-2021-38185

Title: USN-5193-2: X.Org X Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5193-2
Priorities: medium
Description:
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.
CVEs:
- https://ubuntu.com/security/CVE-2021-4009
- https://ubuntu.com/security/CVE-2021-4008
- https://ubuntu.com/security/CVE-2021-4011

Title: USN-5252-2: PolicyKit vulnerability
URL: https://ubuntu.com/security/notices/USN-5252-2
Priorities: high
Description:
USN-5252-1 fixed a vulnerability in policykit-1. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
CVEs:
- https://ubuntu.com/security/CVE-2021-4034

Title: USN-5235-1: Ruby vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5235-1
Priorities: medium
Description:
It was discovered that Ruby incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
(CVE-2021-41816)

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a regular expression
denial of service. (CVE-2021-41817)

It was discovered that Ruby incorrectly handled certain cookie names.
An attacker could possibly use this issue to access or expose
sensitive information. (CVE-2021-41819)
CVEs:
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41817
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41817

Title: USN-5260-3: Samba vulnerability
URL: https://ubuntu.com/security/notices/USN-5260-3
Priorities: high
Description:
USN-5260-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled
certain memory operations. A remote attacker could use this issue to cause
Samba to crash, resulting in a denial of service, or possibly execute
arbitrary code as root. (CVE-2021-44142)
CVEs:
- https://ubuntu.com/security/CVE-2021-44142
- https://ubuntu.com/security/CVE-2021-44142

Title: USN-5250-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5250-2
Priorities: medium
Description:
USN-5250-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
CVEs:
- https://ubuntu.com/security/CVE-2021-45079

Title: USN-5243-2: AIDE vulnerability
URL: https://ubuntu.com/security/notices/USN-5243-2
Priorities: medium
Description:
USN-5243-1 fixed a vulnerability in aide. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.


Original advisory details:

David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-45417

Title: USN-5233-2: ClamAV vulnerability
URL: https://ubuntu.com/security/notices/USN-5233-2
Priorities: medium
Description:
USN-5233-1 fixed a vulnerability in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled memory when the
CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker
could possibly use this issue to cause ClamAV to crash, resulting in a
denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-20698

Title: USN-5270-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5270-2
Priorities: medium
Description:
USN-5270-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.7.37 in Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html
https://www.oracle.com/security-alerts/cpujan2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21304
- https://ubuntu.com/security/CVE-2022-21344
- https://ubuntu.com/security/CVE-2022-21367
- https://ubuntu.com/security/CVE-2022-21303
- https://ubuntu.com/security/CVE-2022-21270
- https://ubuntu.com/security/CVE-2022-21245

456.227

Available in VMware Tanzu Network

Release Date: January 18, 2022

Fixes

Fixes an issue that caused the bosh-agent to continually fail to start when either the cgroup v1 memory controller or the cgroup v2 controller was mounted in more than one location on the file system.

Metadata:

BOSH Agent Version: 2.234.42

USNs:


Title: USN-5225-1: lxml vulnerability
URL: https://ubuntu.com/security/notices/USN-5225-1
Priorities: medium
Description:
It was discovered that lxml incorrectly handled certain XML and HTML files.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-43818

Title: USN-5212-2: Apache HTTP Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5212-2
Priorities: medium
Description:
USN-5212-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Apache HTTP Server incorrectly handled certain
forward proxy requests. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly perform
a Server Side Request Forgery attack. (CVE-2021-44224)

It was discovered that the Apache HTTP Server Lua module incorrectly
handled memory in the multipart parser. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2021-44790)
CVEs:
- https://ubuntu.com/security/CVE-2021-44224
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44224

456.224

Available in VMware Tanzu Network

Release Date: January 07, 2022

Metadata:

BOSH Agent Version: 2.234.39

USNs:


Title: LSN-0083-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0083-1
Priorities: medium,high
Description:
The BPF subsystem in the Linux kernel before 4.17 mishandles
situations with a long jump over an instruction sequence where inner
instructions require substantial expansions into multiple BPF instructions,
leading to an overflow. This affects kernel/bpf/core.c and
net/core/filter.c.(CVE-2018-25020)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.(CVE-2021-3653)

Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.(CVE-2021-4002)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-3653
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-3653

Title: USN-5211-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5211-1
Priorities: high
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.
CVEs:
- https://ubuntu.com/security/CVE-2021-4002

Title: USN-5209-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5209-1
Priorities: high,low,medium
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this cause a denial of
service. (CVE-2021-20317)

It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)

It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)

It was discovered that an integer overflow could be triggered in the eBPF
implementation in the Linux kernel when preallocating objects for stack
maps. A privileged local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2021-41864)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
CVEs:
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-20317

456.220

Available in VMware Tanzu Network

Release Date: December 17, 2021

Fixes

456.213

Available in VMware Tanzu Network

Release Date: December 06, 2021

Enhancements

456.207

Available in VMware Tanzu Network

Release Date: November 11, 2021

Metadata:

BOSH Agent Version: 2.234.31

USNs:


Title: USN-5114-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5114-1
Priorities: medium,low
Description:
It was discovered that a race condition existed in the Atheros Ath9k WiFi
driver in the Linux kernel. An attacker could possibly use this to expose
sensitive information (WiFi network traffic). (CVE-2020-3702)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3702
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38198
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42008

Title: USN-5119-1: libcaca vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5119-1
Priorities: medium
Description:
It was discovered that libcaca incorrectly handled certain images. An attacker
could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30499

Title: USN-5136-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5136-1
Priorities: low,medium
Description:
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)

It was discovered that the Qualcomm IPC Router protocol implementation in
the Linux kernel did not properly validate metadata in some situations. A
local attacker could use this to cause a denial of service (system crash)
or expose sensitive information. (CVE-2021-3743)

It was discovered that the virtual terminal (vt) device implementation in
the Linux kernel contained a race condition in its ioctl handling that led
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-3753)

It was discovered that the Linux kernel did not properly account for the
memory usage of certain IPC objects. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2021-3759)

Michael Wakabayashi discovered that the NFSv4 client implementation in the
Linux kernel did not properly order connection setup operations. An
attacker controlling a remote NFS server could use this to cause a denial
of service on the client. (CVE-2021-38199)

It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
CVEs:
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-3655
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-3655

Title: USN-5133-1: ICU vulnerability
URL: https://ubuntu.com/security/notices/USN-5133-1
Priorities: low
Description:
It was discovered that ICU contains a use after free issue.
An attacker could use this issue to cause a denial of service with crafted input.
CVEs:
- https://ubuntu.com/security/CVE-2020-21913

Title: LSN-0082-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0082-1
Priorities: medium,high
Description:
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2020-29661)

De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux
kernel did not properly handle mod32 destination register truncation when
the source register was known to be 0. A local attacker could use this to
expose sensitive information (kernel memory) or possibly execute arbitrary
code.(CVE-2021-3444)

kernel: use-after-free in route4_change() in
net/sched/cls_route.c(CVE-2021-3715)
CVEs:
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3444
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2021-3444

Title: USN-5125-1: PHP vulnerability
URL: https://ubuntu.com/security/notices/USN-5125-1
Priorities: high
Description:
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-21703

Title: USN-5126-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5126-2
Priorities: medium
Description:
USN-5126-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame
cache when processing responses. A remote attacker could possibly use this
issue to cause Bind to consume resources, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-25219

Title: USN-5123-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5123-2
Priorities: medium
Description:
USN-5123-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and
Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html
https://www.oracle.com/security-alerts/cpuoct2021.html
CVEs:
- https://ubuntu.com/security/CVE-2021-35624
- https://ubuntu.com/security/CVE-2021-35604

456.202

Available in VMware Tanzu Network

Release Date: October 25, 2021

Metadata:

BOSH Agent Version: 2.234.25
Bosh-agent is now build with Go 1.17

USNs:


Title: USN-5109-1: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-5109-1
Priorities: medium
Description:
It was discovered that nginx incorrectly handled files with
certain modification dates. A remote attacker could possibly
use this issue to cause a denial of service or other unspecified
impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-20005

Title: USN-5022-3: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5022-3
Priorities: medium
Description:
USN-5022-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html
https://www.oracle.com/security-alerts/cpujul2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2179
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2162
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2389
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2194
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2146
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2342
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2171
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2180
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2385

Title: USN-5103-1: docker.io vulnerability
URL: https://ubuntu.com/security/notices/USN-5103-1
Priorities: medium
Description:
Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41089

Title: USN-5111-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5111-2
Priorities: medium
Description:
USN-5111-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that strongSwan incorrectly handled replacing
certificates in the cache. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-41991)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41991

Title: USN-5121-1: Mailman vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5121-1
Priorities: high
Description:
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman
did not properly associate cross-site request forgery (CSRF) tokens
to specific accounts. A remote attacker could use this to perform a
CSRF attack to gain access to another account. (CVE-2021-42097)

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s
cross-site request forgery (CSRF) tokens for the options page are
derived from the admin password. A remote attacker could possibly use
this to assist in performing a brute force attack against the admin
password. (CVE-2021-42096)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42097

456.194

Available in VMware Tanzu Network

Release Date: October 01, 2021

Fixes

Fixes an issue that caused frequent udev events and high CPU usage on Azure VMs.

Metadata:

BOSH Agent Version: 2.234.20

456.188

Available in VMware Tanzu Network

Release Date: September 16, 2021

Fixes

456.186

Available in VMware Tanzu Network

Release Date: September 14, 2021

Fixes

  • Updates the /var/vcap/bosh/bin/monit wrapper script to refer to monit-actual by absolute path, rather than relative path. This allows folks who reset or clear the PATH environment variable to actually be able to use the monit CLI. Prior to this fix, folks who cleared their PATH environment variable would see an error like: /var/vcap/bosh/bin/monit: line 9: exec: monit-actual: not found.
  • Fixes the “incorrect used memory reporting” issue introduced in stemcell version 456.176. The Bosh Agent will now report the correct amount of memory used by all processes in the VM that it manages, rather than just the processes in its cgroup.

    #### Known issues
  • We’ve seen failures with this version of the stemcell in vSphere when attempting to attach a persistent disk to a running VM. We are currently planning to address this issue with an update to the vSphere CPI. It should be fixed in vSphere CPI release >= v69. We have pulled the vSphere version of this stemcell.

    NOTE: This is resolved in stemcell version v456.188.

    #### Metadata:
    BOSH Agent Version: 2.234.18

    #### USNs:

    Title: USN-5066-2: PySAML2 vulnerability
    URL: https://ubuntu.com/security/notices/USN-5066-2
    Priorities: medium
    Description:
    USN-5066-1 fixed a vulnerability in PySAML2. This update provides
    the corresponding update for Ubuntu 16.04 ESM.

    Original advisory details:

    Brian Wolff discovered that PySAML2 incorrectly validated cryptographic
    signatures. A remote attacker could possibly use this issue to alter SAML
    documents.
    CVEs:

456.176

Available in VMware Tanzu Network

Release Date: August 30, 2021

Enhancements

456.171

Available in VMware Tanzu Network

Release Date: July 26, 2021

Metadata:

BOSH Agent Version: 2.234.12

USNs:


Title: USN-4336-2: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4336-2
Priorities: low,medium
Description:
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that GNU binutils contained a large number of security
issues. If a user or automated system were tricked into processing a
specially-crafted file, a remote attacker could cause GNU binutils to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19932
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9074
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18309
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16828
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7302
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17080
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14130
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14128
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9749
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12458
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9755
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12972
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7300
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9138
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7299
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4488
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9742
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17125
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14939
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14250
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14129
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12967
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17124
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12934
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7210
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8395
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12459
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9754
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4489
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9073
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12448
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4491
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17794
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13710
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14333
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14940
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7223
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6965
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18701
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18484
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16832
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9748
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16831
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17358
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6543
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7224
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17121
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9041
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19931
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9756
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18700
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10373
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17451
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12697
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18606
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17123
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4492
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16826
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9753
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6323
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8394
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16827
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-6131
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9747
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12456
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20671
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10535
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4487
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15939
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7643
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13033
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9039
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8393
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9744
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7642
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9752
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12698
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12699
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15996
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9044
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6759
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9745
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7208
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6969
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12449
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14932
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7614
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12454
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000876
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8396
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8397
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12455
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9954
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17360
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14444
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17985
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8398
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18607
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8421
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17450
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12799
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15938
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7301
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18605
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9042
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12457
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12453
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17359
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9040
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7209
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9077
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6966
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14938

Title: USN-5020-1: Ruby vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5020-1
Priorities: medium,low
Description:
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
man-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31799
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32066
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31810

Title: LSN-0079-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0079-1
Priorities: high
Description:
It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code.(CVE-2021-3600)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3600
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909

456.169

Available in VMware Tanzu Network

Release Date: July 21, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-5013-2: systemd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5013-2
Priorities: low,high
Description:
USN-5013-1 fixed several vulnerabilities in systemd. This update provides
the corresponding update for Ubuntu 16.04 ESM.


Original advisory details:

It was discovered that systemd incorrectly handled certain mount paths. A
local attacker could possibly use this issue to cause systemd to crash,
resulting in a denial of service. (CVE-2021-33910)

Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW
packets. A remote attacker could possibly use this issue to reconfigure
servers. (CVE-2020-13529)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33910

Title: USN-5018-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5018-1
Priorities: medium,high
Description:
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2021-33909)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly enforce limits for pointer operations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-33200)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did
not properly clear received fragments from memory in some situations. A
physically proximate attacker could possibly use this issue to inject
packets or expose sensitive information. (CVE-2020-24586)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled encrypted fragments. A physically proximate attacker
could possibly use this issue to decrypt fragments. (CVE-2020-24587)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel
did not properly prevent speculative loads in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-31829)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-0129
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24586
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23134
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33200
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33034
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26139
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26147
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31829
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26558
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32399

Title: USN-5014-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5014-1
Priorities: high
Description:
It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909

456.168

Available in VMware Tanzu Network

Release Date: July 19, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: LSN-0078-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0078-1
Priorities: high
Description:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code.(CVE-2021-3609)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3609

456.167

Available in VMware Tanzu Network

Release Date: July 15, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-5006-2: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5006-2
Priorities: low,medium
Description:
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)

It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)

It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of service.
(CVE-2021-21702)

It was discovered that PHP incorrectly handled the pdo_firebase module. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2021-21704)

It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL
check. A remote attacker could possibly use this issue to perform a server-
side request forgery attack. (CVE-2021-21705)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21702
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7071
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21705
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7068
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21704

Title: USN-5004-1: RabbitMQ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5004-1
Priorities: medium,low
Description:
It was discovered that RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287)

Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-22116)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22116
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11287

Title: USN-5008-2: Avahi vulnerability
URL: https://ubuntu.com/security/notices/USN-5008-2
Priorities: medium
Description:
USN-5008-1 fixed a vulnerability in avahi. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Thomas Kremer discovered that Avahi incorrectly handled termination signals
on the Unix socket. A local attacker could possibly use this issue to cause
Avahi to hang, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3468

Title: USN-5005-1: DjVuLibre vulnerability
URL: https://ubuntu.com/security/notices/USN-5005-1
Priorities: medium
Description:
It was discovered that DjVuLibre incorrectly handled certain djvu files.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3630

456.166

Available in VMware Tanzu Network

Release Date: June 23, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-4986-2: rpcbind vulnerability
URL: https://ubuntu.com/security/notices/USN-4986-2
Priorities: low
Description:
USN-4986-1 fixed a vulnerability in rpcbind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that rpcbind incorrectly handled certain large data
sizes. A remote attacker could use this issue to cause rpcbind to consume
resources, leading to a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8779

Title: USN-4989-2: BlueZ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4989-2
Priorities: medium,low
Description:
USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BlueZ incorrectly checked certain permissions when
pairing. A local attacker could possibly use this issue to impersonate
devices. (CVE-2020-26558)

Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT
events. A local attacker could use this issue to cause BlueZ to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26558
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27153

Title: USN-4971-2: libwebp vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4971-2
Priorities: medium
Description:
USN-4971-1 fixed several vulnerabilities in libwebp. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could use this issue to cause libwebp
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36331
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36328
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25012
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25009
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-25010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36330
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36329

Title: USN-5003-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5003-1
Priorities: medium,high
Description:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)

It was discovered that the eBPF implementation in the Linux kernel did not
properly track bounds information for 32 bit registers when performing div
and mod operations. A local attacker could use this to possibly execute
arbitrary code. (CVE-2021-3600)

Or Cohen discovered that the SCTP implementation in the Linux kernel
contained a race condition in some situations, leading to a use-after-free
condition. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-23133)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3609
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3600

Title: USN-4994-2: Apache HTTP Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4994-2
Priorities: medium,low
Description:
USN-4994-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Antonio Morales discovered that the Apache mod_auth_digest module
incorrectly handled certain Digest nonces. A remote attacker could possibly
use this issue to cause Apache to crash, resulting in a denial of service.
(CVE-2020-35452)

Antonio Morales discovered that the Apache mod_session module incorrectly
handled certain Cookie headers. A remote attacker could possibly use this
issue to cause Apache to crash, resulting in a denial of service.
(CVE-2021-26690)

Christophe Jaillet discovered that the Apache mod_session module
incorrectly handled certain SessionHeader values. A remote attacker could
use this issue to cause Apache to crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2021-26691)

Christoph Anton Mitterer discovered that the new MergeSlashes configuration
option resulted in unexpected behaviour in certain situations.
(CVE-2021-30641)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26691
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35452
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30641
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26690

Title: USN-4991-1: libxml2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4991-1
Priorities: medium,low
Description:
Yunho Kim discovered that libxml2 incorrectly handled certain error
conditions. A remote attacker could exploit this with a crafted XML file to
cause a denial of service, or possibly cause libxml2 to expose sensitive
information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04
ESM. (CVE-2017-8872)

Zhipeng Xie discovered that libxml2 incorrectly handled certain XML
schemas. A remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 LTS. (CVE-2019-20388)

It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A
remote attacker could possibly exploit this with a crafted XML file to
cause libxml2 to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04
LTS and Ubuntu 20.10. (CVE-2020-24977)

It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A
remote attacker could possibly exploit this with a crafted XML file to
cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517)

It was discovered that libxml2 did not properly handle certain crafted XML
files. A local attacker could exploit this with a crafted input to cause
libxml2 to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-3516, CVE-2021-3518)

It was discovered that libxml2 incorrectly handled error states. A remote
attacker could exploit this with a crafted XML file to cause libxml2 to
crash, resulting in a denial of service. (CVE-2021-3537)

Sebastian Pipping discovered that libxml2 did not properly handle certain
crafted XML files. A remote attacker could exploit this with a crafted XML
file to cause libxml2 to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04.
(CVE-2021-3541)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3516
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8872
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3541
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3537
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3517
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3518
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20388

Title: USN-4996-2: OpenEXR vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4996-2
Priorities: medium,low
Description:
USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that OpenEXR incorrectly handled certain malformed EXR
image files. If a user were tricked into opening a crafted EXR image file,
a remote attacker could cause a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3605
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26260
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20296
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23215
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3598

456.165

Available in VMware Tanzu Network

Release Date: June 09, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-4985-1: Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4985-1
Priorities: medium,high
Description:
It was discovered that some Intel processors may not properly invalidate
cache entries used by Intel Virtualization Technology for Directed I/O
(VT-d). This may allow a local user to perform a privilege escalation
attack. (CVE-2021-24489)

Joseph Nuzman discovered that some Intel processors may not properly apply
EIBRS mitigations (originally developed for CVE-2017-5715) and hence may
allow unauthorized memory reads via sidechannel attacks. A local attacker
could use this to expose sensitive information, including kernel
memory. (CVE-2020-24511)

Travis Downs discovered that some Intel processors did not properly flush
cache-lines for trivial-data values. This may allow an unauthorized user to
infer the presence of these trivial-data-cache-lines via timing sidechannel
attacks. A local attacker could use this to expose sensitive
information. (CVE-2020-24512)

It was discovered that certain Intel Atom processors could expose memory
contents stored in microarchitectural buffers. A local attacker could use
this to expose sensitive information. (CVE-2020-24513)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24512
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24489
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24513
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24511

Title: USN-4967-2: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-4967-2
Priorities: medium
Description:
USN-4967-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23017

Title: USN-4969-2: DHCP vulnerability
URL: https://ubuntu.com/security/notices/USN-4969-2
Priorities: medium
Description:
USN-4969-1 fixed a vulnerability in DHCP. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.


Original advisory details:

Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly
handled lease file parsing. A remote attacker could possibly use this issue
to cause DHCP to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25217

Title: USN-4966-2: libx11 vulnerability
URL: https://ubuntu.com/security/notices/USN-4966-2
Priorities: medium
Description:
USN-4966-1 fixed a vulnerability in libx11. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libx11 incorrectly validated certain parameter
lengths. A remote attacker could possibly use this issue to trick libx11
into emitting extra X protocol requests.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31535

Title: USN-4979-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4979-1
Priorities: medium,low
Description:
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

It was discovered that the Realtek RTL8188EU Wireless device driver in the
Linux kernel did not properly validate ssid lengths in some situations. An
attacker could use this to cause a denial of service (system crash).
(CVE-2021-28660)

Zygo Blaxell discovered that the btrfs file system implementation in the
Linux kernel contained a race condition during certain cloning operations.
A local attacker could possibly use this to cause a denial of service
(system crash). (CVE-2021-28964)

Vince Weaver discovered that the perf subsystem in the Linux kernel did not
properly handle certain PEBS records properly for some Intel Haswell
processors. A local attacker could use this to cause a denial of service
(system crash). (CVE-2021-28971)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that the Qualcomm IPC router implementation in the Linux
kernel did not properly initialize memory passed to user space. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2021-29647)

Dan Carpenter discovered that the block device manager (dm) implementation
in the Linux kernel contained a buffer overflow in the ioctl for listing
devices. A privileged local attacker could use this to cause a denial of
service (system crash). (CVE-2021-31916)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

Wolfgang Frisch discovered that the ext4 file system implementation in the
Linux kernel contained an integer overflow when handling metadata inode
extents. An attacker could use this to construct a malicious ext4 file
system image that, when mounted, could cause a denial of service (system
crash). (CVE-2021-3428)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31916
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3428
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25670
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25673
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25672
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28971
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29647
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3483
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33033
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25671
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28972

Title: USN-4975-2: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4975-2
Priorities: low
Description:
USN-4975-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33203

456.164

Available in VMware Tanzu Network

Release Date: May 26, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-4954-1: GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4954-1
Priorities: negligible,low
Description:
Jason Royes and Samuel Dytrych discovered that the memcpy()
implementation for 32 bit ARM processors in the GNU C Library contained
an integer underflow vulnerability. An attacker could possibly use
this to cause a denial of service (application crash) or execute
arbitrary code. (CVE-2020-6096)

It was discovered that the POSIX regex implementation in the GNU C
Library did not properly parse alternatives. An attacker could use this
to cause a denial of service. (CVE-2009-5155)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2009-5155
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-6096

Title: USN-4934-2: Exim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4934-2
Priorities: medium
Description:
USN-4934-1 fixed several vulnerabilities in Exim. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
CVE-2020-28026 only affected Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Exim contained multiple security issues. An attacker
could use these issues to cause a denial of service, execute arbitrary
code remotely, obtain sensitive information, or escalate local privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28011
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28009
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28026
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28007
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28013
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28008
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28015
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28012

Title: USN-4953-1: AWStats vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4953-1
Priorities: low,medium
Description:
Sean Boran discovered that AWStats incorrectly filtered certain parameters.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-29600)

It was discovered that AWStats incorrectly filtered certain parameters. A
remote attacker could possibly use this issue to access sensitive
information. (CVE-2020-35176)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35176
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29600

Title: USN-4962-1: Babel vulnerability
URL: https://ubuntu.com/security/notices/USN-4962-1
Priorities: medium
Description:
It was discovered that Babel incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20095

Title: USN-4930-1: Samba vulnerability
URL: https://ubuntu.com/security/notices/USN-4930-1
Priorities: medium
Description:
Peter Eriksson discovered that Samba incorrectly handled certain negative
idmap cache entries. This issue could result in certain users gaining
unauthorized access to files, contrary to expected behaviour.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20254

Title: USN-4946-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4946-1
Priorities: low,medium
Description:
It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr
discovered that the Xen paravirtualization backend in the Linux kernel did
not properly propagate errors to frontend drivers in some situations. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-26930)

Jan Beulich discovered that multiple Xen backends in the Linux kernel did
not properly handle certain error conditions under paravirtualization. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-26931)

Jan Beulich discovered that the Xen netback backend in the Linux kernel did
not properly handle certain error conditions under paravirtualization. An
attacker in a guest VM could possibly use this to cause a denial of service
(host domain crash). (CVE-2021-28038)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the Freescale Gianfar Ethernet driver for the Linux
kernel did not properly handle receive queue overrun when jumbo frames were
enabled in some situations. An attacker could use this to cause a denial of
service (system crash). (CVE-2021-29264)

It was discovered that the USB/IP driver in the Linux kernel contained race
conditions during the update of local and shared status. An attacker could
use this to cause a denial of service (system crash). (CVE-2021-29265)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel
did not properly deallocate memory in some situations. A local attacker
could use this to cause a denial of service (memory exhaustion).
(CVE-2021-30002)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20292
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29264
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29265
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29650
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28688
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26931
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30002

Title: USN-4941-1: Exiv2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4941-1
Priorities: medium
Description:
It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2021-29457)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29458, CVE-2021-29470)

It was discovered that Exiv2 incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code or
cause a crash. (CVE-2021-3482)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29458
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3482
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29470
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29457

Title: USN-4964-1: Exiv2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4964-1
Priorities: low,medium
Description:
It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29463)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29464)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-29473, CVE-2021-32617)

It was discovered that Exiv2 incorrectly handled certain files.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04.
(CVE-2021-29623)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29464
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29463
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32617
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29473

Title: USN-4932-2: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4932-2
Priorities: medium
Description:
USN-4932-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain
filenames. A remote attacker could possibly use this issue to create or
overwrite files in unexpected directories.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31542

Title: USN-4957-2: DjVuLibre vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4957-2
Priorities: medium,low
Description:
USN-4957-1 fixed several vulnerabilities in DjVuLibre. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to hang or crash, resulting in a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32491
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32492
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3500

Title: USN-4965-2: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4965-2
Priorities: medium
Description:
USN-4965-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:

Maik Münch discovered that Apport incorrectly handled certain information
gathering operations. A local attacker could use these issues to read and
write arbitrary files as an administrator, and possibly escalate
privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32549
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32555
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32551
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32548
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32550
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32554
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32553
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32557
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32552
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32556

456.160

Available in VMware Tanzu Network

Release Date: April 30, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-4924-1: Dnsmasq vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4924-1
Priorities: low
Description:
It was discovered that Dnsmasq incorrectly handled certain wildcard
synthesized NSEC records. A remote attacker could possibly use this issue
to prove the non-existence of hostnames that actually exist.
(CVE-2017-15107)

It was discovered that Dnsmasq incorrectly handled certain large DNS
packets. A remote attacker could possibly use this issue to cause Dnsmasq
to crash, resulting in a denial of service. (CVE-2019-14513)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14513
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15107

Title: USN-4919-1: OpenSLP vulnerability
URL: https://ubuntu.com/security/notices/USN-4919-1
Priorities: medium
Description:
It was discovered that OpenSLP did not properly validate URLs. A remote
attacker could use this issue to cause OpenSLP to crash or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5544

Title: USN-4927-1: File Roller vulnerability
URL: https://ubuntu.com/security/notices/USN-4927-1
Priorities: medium
Description:
It was discovered that File Roller incorrectly handled symlinks.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36314

Title: USN-4918-1: ClamAV vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4918-1
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled parsing Excel documents.
A remote attacker could possibly use this issue to cause ClamAV to hang,
resulting in a denial of service. (CVE-2021-1252)

It was discovered that ClamAV incorrectly handled parsing PDF documents. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2021-1404)

It was discovered that ClamAV incorrectly handled parsing email. A remote
attacker could possibly use this issue to cause ClamAV to crash, resulting
in a denial of service. (CVE-2021-1405)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1405
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1404
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-1252

Title: USN-4892-1: OpenJDK vulnerability
URL: https://ubuntu.com/security/notices/USN-4892-1
Priorities: medium
Description:
It was discovered that OpenJDK incorrectly verified Jar signatures. An
attacker could possibly use this issue to bypass intended security
restrictions when using Jar files signed with a disabled algorithm.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2163

Title: USN-4913-1: Underscore vulnerability
URL: https://ubuntu.com/security/notices/USN-4913-1
Priorities: medium
Description:
It was discovered that Underscore incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23358

Title: USN-4926-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4926-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass security restrictions, trick the user into disclosing
confidential information, or execute arbitrary code. (CVE-2021-23994,
CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999,
CVE-2021-24000, CVE-2021-24001, CVE-2021-29945, CVE-2021-29946,
CVE-2021-29947)

A use-after-free was discovered when Responsive Design Mode was
enabled. If a user were tricked into opening a specially crafted
website with Responsive Design Mode enabled, an attacker could
potentially exploit this to cause a denial of service, or execute
arbitrary code. (CVE-2021-23995)

It was discovered that Firefox mishandled ftp URLs with encoded newline
characters. If a user were tricked into clicking on a specially crafted
link, an attacker could potentially exploit this to send arbitrary
FTP commands. (CVE-2021-24002)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24000
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23996
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23995
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29946
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23999
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23998
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29945
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24001
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-24002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29947

Title: USN-4922-1: Ruby vulnerability
URL: https://ubuntu.com/security/notices/USN-4922-1
Priorities: medium
Description:
Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly
parsed and serialized XML documents. A remote attacker could possibly use
this issue to perform an XML round-trip attack.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28965

Title: USN-4921-1: libcaca vulnerability
URL: https://ubuntu.com/security/notices/USN-4921-1
Priorities: medium
Description:
It was discovered that libcaca incorrectly handled certain images.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3410

Title: USN-4916-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4916-1
Priorities: high
Description:
It was discovered that the overlayfs implementation in the Linux kernel did
not properly validate the application of file system capabilities with
respect to user namespaces. A local attacker could use this to gain
elevated privileges. (CVE-2021-3493)

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux
kernel did not properly validate computation of branch displacements in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-29154)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3493
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29154

Title: USN-4928-1: GStreamer Good Plugins vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4928-1
Priorities: medium
Description:
It was discovered that GStreamer Good Plugins incorrectly handled certain files.
An attacker could possibly use this issue to cause access sensitive information
or cause a crash. (CVE-2021-3497)

It was discovered that GStreamer Good Plugins incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
20.10. (CVE-2021-3498)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3497

456.158

Available in VMware Tanzu Network

Release Date: April 19, 2021

Metadata:

BOSH Agent Version: 2.234.11

USNs:


Title: USN-4899-1: SpamAssassin vulnerability
URL: https://ubuntu.com/security/notices/USN-4899-1
Priorities: medium
Description:
Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF
files. If a user or automated system were tricked into using a specially-
crafted CF file, a remote attacker could possibly run arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1946

Title: USN-4895-1: Squid vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4895-1
Priorities: medium,low
Description:
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled
certain Content-Length headers. A remote attacker could possibly use this
issue to perform an HTTP request smuggling attack, resulting in cache
poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049)

Jianjun Chen discovered that Squid incorrectly validated certain input. A
remote attacker could use this issue to perform HTTP Request Smuggling and
possibly access services forbidden by the security controls.
(CVE-2020-25097)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25097
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15049

Title: USN-4561-2: Rack vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4561-2
Priorities: low,medium
Description:
USN-4561-1 fixed vulnerabilities in Rack. This update provides the
corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.

Original advisory details:

It was discovered that Rack incorrectly handled certain paths. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-8161)

It was discovered that Rack incorrectly validated cookies. An attacker
could possibly use this issue to forge a secure cookie. (CVE-2020-8184)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8161
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8184

Title: USN-4885-1: Pygments vulnerability
URL: https://ubuntu.com/security/notices/USN-4885-1
Priorities: medium
Description:
It was discovered that Pygments incorrectly handled parsing SML files. If a
user or automated system were tricked into parsing a specially crafted SML
file, a remote attacker could cause Pygments to hang, resulting in a denial
of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-20270

Title: USN-4898-1: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4898-1
Priorities: medium
Description:
Viktor Szakats discovered that curl did not strip off user credentials
from referrer header fields. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2021-22876)

Mingtao Yang discovered that curl incorrectly handled session tickets when
using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could
use this issue to bypass certificate checks and intercept communications.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10.
(CVE-2021-22890)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22890
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22876

Title: USN-4893-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4893-1
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982,
CVE-2021-23983, CVE-2021-23987, CVE-2021-23988)

It was discovered that extensions could open popup windows with control
of the window title in some circumstances. If a user were tricked into
installing a specially crafted extension, an attacker could potentially
exploit this to spook a website and trick the user into providing
credentials. (CVE-2021-23984)

It was discovered that the DevTools remote debugging feature could be
enabled without an indication to the user. If a local attacker could
modify the browser configura