Stemcell (Linux) Release Notes

Xenial Stemcells
- 621.x
- 456.x

621.224

Available in VMware Tanzu Network

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 621.216. We have tested this patched kernel against the problems seen in 621.216 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.268.65

USNs:

Title: USN-5322-1: Subversion vulnerability
URL: https://ubuntu.com/security/notices/USN-5322-1
Priorities: medium
Description:
Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-17525

Title: USN-5328-2: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-5328-2
Priorities: high
Description:
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-0778

Title: USN-5320-1: Expat vulnerabilities and regression
URL: https://ubuntu.com/security/notices/USN-5320-1
Priorities: high,medium
Description:
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)

Original advisory details:

It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
CVEs:
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25313
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25236
- https://ubuntu.com/security/CVE-2022-25314
- https://ubuntu.com/security/CVE-2022-25315
- https://ubuntu.com/security/CVE-2022-25313

Title: USN-5334-1: man-db vulnerability
URL: https://ubuntu.com/security/notices/USN-5334-1
Priorities: low
Description:
It was discovered that man-db incorrectly handled permission changing
operations in its daily cron job, and was therefore affected by a race
condition. An attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2015-1336

Title: USN-5331-1: tcpdump vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5331-1
Priorities: low
Description:
It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)
CVEs:
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037
- https://ubuntu.com/security/CVE-2018-16301
- https://ubuntu.com/security/CVE-2020-8037

Title: USN-5325-1: Zsh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5325-1
Priorities: low
Description:
Sam Foxman discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to regain dropped privileges.
(CVE-2019-20044)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-45444)
CVEs:
- https://ubuntu.com/security/CVE-2019-20044
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2021-45444
- https://ubuntu.com/security/CVE-2019-20044

Title: USN-5329-1: tar vulnerability
URL: https://ubuntu.com/security/notices/USN-5329-1
Priorities: low
Description:
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-20193

Title: USN-5332-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5332-2
Priorities: medium
Description:
USN-5332-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
CVEs:
- https://ubuntu.com/security/CVE-2021-25220
- https://ubuntu.com/security/CVE-2021-25220

Title: USN-5343-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5343-1
Priorities: high,low,medium,negligible
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)

It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)

It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)

Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)

It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)

It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)

It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)

It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)

It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)

It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)

Asaf Modelevsky discovered that the Intel® Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)

It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)

It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)

Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)

It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-29650
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2020-25673
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-39648
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-20292
- https://ubuntu.com/security/CVE-2020-25671
- https://ubuntu.com/security/CVE-2020-12655
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2018-5995
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2020-25670
- https://ubuntu.com/security/CVE-2021-38198
- https://ubuntu.com/security/CVE-2021-40490
- https://ubuntu.com/security/CVE-2021-33033
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-38160
- https://ubuntu.com/security/CVE-2020-26139
- https://ubuntu.com/security/CVE-2016-2853
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-33098
- https://ubuntu.com/security/CVE-2021-3573
- https://ubuntu.com/security/CVE-2021-45469
- https://ubuntu.com/security/CVE-2021-28688
- https://ubuntu.com/security/CVE-2021-38208
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2020-25672
- https://ubuntu.com/security/CVE-2016-2854
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26555
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-23134
- https://ubuntu.com/security/CVE-2021-32399
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-29650

Title: USN-5339-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5339-1
Priorities: high,medium,low
Description:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)

It was discovered that the ARM Trusted Execution Environment (TEE)
subsystem in the Linux kernel contained a race condition leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service or possibly execute arbitrary code. (CVE-2021-44733)

It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
CVEs:
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2021-43976
- https://ubuntu.com/security/CVE-2021-3506
- https://ubuntu.com/security/CVE-2021-44733
- https://ubuntu.com/security/CVE-2021-45095

621.216

Release Date: March 09, 2022

Known Iissues

There are currently reported issues with this stemcell and TAS Diego Cells. We have removed this stemcell until we can resolve the issue. If you need access, please contact support.

#### Metadata:
BOSH Agent Version: 2.268.63

#### USNs:

Title: USN-5300-1: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5300-1
Priorities: low,medium
Description:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)
CVEs:
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707
  
  Title: USN-5299-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5299-1
  Priorities: medium,low
  Description:
  Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
  reassemble mixed encrypted and plaintext fragments. A physically proximate
  attacker could possibly use this issue to inject packets or exfiltrate
  selected fragments. (CVE-2020-26147)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly perform access control. An authenticated attacker could possibly
  use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
  
  It was discovered that the RPA PCI Hotplug driver implementation in the
  Linux kernel did not properly handle device name writes via sysfs, leading
  to a buffer overflow. A privileged attacker could use this to cause a
  denial of service (system crash) or possibly execute arbitrary code.
  (CVE-2021-28972)
  
  It was discovered that a use-after-free existed in the Bluetooth HCI driver
  of the Linux kernel. A local attacker could use this to cause a denial of
  service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
  
  Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
  implementation in the Linux kernel did not properly initialize memory in
  some situations. A local attacker could use this to expose sensitive
  information (kernel memory). (CVE-2021-34693)
  
  马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
  the Linux kernel did not properly perform reference counting in some
  situations, leading to a use-after-free vulnerability. A local attacker
  could use this to cause a denial of service (system crash) or possibly
  execute arbitrary code. (CVE-2021-3483)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device initialization failure, leading to a double-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3564)
  
  Murray McAllister discovered that the joystick device interface in the
  Linux kernel did not properly validate data passed via an ioctl(). A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code on systems with a joystick device
  registered. (CVE-2021-3612)
  
  It was discovered that the tracing subsystem in the Linux kernel did not
  properly keep track of per-cpu ring buffer state. A privileged attacker
  could use this to cause a denial of service. (CVE-2021-3679)
  
  It was discovered that the MAX-3421 host USB device driver in the Linux
  kernel did not properly handle device removal events. A physically
  proximate attacker could use this to cause a denial of service (system
  crash). (CVE-2021-38204)
  
  It was discovered that the 6pack network protocol driver in the Linux
  kernel did not properly perform validation checks. A privileged attacker
  could use this to cause a denial of service (system crash) or execute
  arbitrary code. (CVE-2021-42008)
  
  Amit Klein discovered that the IPv6 implementation in the Linux kernel
  could disclose internal state in some situations. An attacker could
  possibly use this to expose sensitive information. (CVE-2021-45485)
  CVEs:
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-3612
  
  Title: USN-5298-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5298-1
  Priorities: medium,low
  Description:
  It was discovered that the Packet network protocol implementation in the
  Linux kernel contained a double-free vulnerability. A local attacker could
  use this to cause a denial of service (system crash) or possibly execute
  arbitrary code. (CVE-2021-22600)
  
  Jürgen Groß discovered that the Xen subsystem within the Linux kernel did
  not adequately limit the number of events driver domains (unprivileged PV
  backends) could send to other guest VMs. An attacker in a driver domain
  could use this to cause a denial of service in other guest VMs.
  (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)
  
  Jürgen Groß discovered that the Xen network backend driver in the Linux
  kernel did not adequately limit the amount of queued packets when a guest
  did not process them. An attacker in a guest VM can use this to cause a
  denial of service (excessive kernel memory consumption) in the network
  backend domain. (CVE-2021-28714, CVE-2021-28715)
  
  Szymon Heidrich discovered that the USB Gadget subsystem in the Linux
  kernel did not properly restrict the size of control requests for certain
  gadget types, leading to possible out of bounds reads or writes. A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code. (CVE-2021-39685)
  
  Jann Horn discovered a race condition in the Unix domain socket
  implementation in the Linux kernel that could result in a read-after-free.
  A local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code. (CVE-2021-4083)
  
  Kirill Tkhai discovered that the XFS file system implementation in the
  Linux kernel did not calculate size correctly when pre-allocating space in
  some situations. A local attacker could use this to expose sensitive
  information. (CVE-2021-4155)
  
  Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
  the Linux kernel contained a race condition, leading to a use-after-free
  vulnerability. A local attacker could use this to cause a denial of service
  (system crash) or possibly execute arbitrary code. (CVE-2021-4202)
  
  Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in
  the Linux kernel did not perform a GPU TLB flush in some situations. A
  local attacker could use this to cause a denial of service or possibly
  execute arbitrary code. (CVE-2022-0330)
  
  It was discovered that the VMware Virtual GPU driver in the Linux kernel
  did not properly handle certain failure conditions, leading to a stale
  entry in the file descriptor table. A local attacker could use this to
  expose sensitive information or possibly gain administrative privileges.
  (CVE-2022-22942)
  CVEs:
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202
  
  Title: USN-5292-4: snapd regression
  URL: https://ubuntu.com/security/notices/USN-5292-4
  Priorities: medium,high
  Description:
  USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
  a regression that could break the fish shell. This update fixes the problem.
  
  We apologize for the inconvenience.
  
  Original advisory details:
  
  James Troup discovered that snap did not properly manage the permissions for
  the snap directories. A local attacker could possibly use this issue to expose
  sensitive information. (CVE-2021-3155)
  
  Ian Johnson discovered that snapd did not properly validate content interfaces
  and layout paths. A local attacker could possibly use this issue to inject
  arbitrary AppArmor policy rules, resulting in a bypass of intended access
  restrictions. (CVE-2021-4120)
  
  The Qualys Research Team discovered that snapd did not properly validate the
  location of the snap-confine binary. A local attacker could possibly use this
  issue to execute other arbitrary binaries and escalate privileges.
  (CVE-2021-44730)
  
  The Qualys Research Team discovered that a race condition existed in the snapd
  snap-confine binary when preparing a private mount namespace for a snap. A
  local attacker could possibly use this issue to escalate privileges and
  execute arbitrary code. (CVE-2021-44731)
  CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731
  
  Title: USN-5310-2: GNU C Library vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5310-2
  Priorities: medium,low
  Description:
  USN-5310-1 fixed several vulnerabilities in GNU. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that the GNU C library getcwd function incorrectly
  handled buffers. An attacker could use this issue to cause the GNU C
  Library to crash, resulting in a denial of service, or possibly execute
  arbitrary code. (CVE-2021-3999)
  
  It was discovered that the GNU C Library sunrpc module incorrectly handled
  buffer lengths. An attacker could possibly use this issue to cause the GNU
  C Library to crash, resulting in a denial of service. (CVE-2022-23218,
  CVE-2022-23219)
  CVEs:
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2022-23219
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23219
  
  Title: USN-5319-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5319-1
  Priorities: high
  Description:
  Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
  Giuffrida discovered that hardware mitigations added by Intel to their
  processors to address Spectre-BTI were insufficient. A local attacker could
  potentially use this to expose sensitive information.
  CVEs:
- https://ubuntu.com/security/CVE-2022-0001
- https://ubuntu.com/security/CVE-2022-0002
  
  Title: USN-5301-2: Cyrus SASL vulnerability
  URL: https://ubuntu.com/security/notices/USN-5301-2
  Priorities: high
  Description:
  USN-5301-1 fixed a vulnerability in Cyrus. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
  input. A remote attacker could use this issue to execute arbitrary SQL
  commands.
  CVEs:
- https://ubuntu.com/security/CVE-2022-24407

621.211

Available in VMware Tanzu Network

Release Date: February 21, 2022

Metadata:

BOSH Agent Version: 2.268.61

USNs:

Title: USN-5264-1: Graphviz vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5264-1
Priorities: low,medium
Description:
It was discovered that graphviz contains null pointer dereference
vulnerabilities. Exploitation via a specially crafted input file
can cause a denial of service.
(CVE-2018-10196, CVE-2019-11023)

It was discovered that graphviz contains a buffer overflow
vulnerability. Exploitation via a specially crafted input file can cause
a denial of service or possibly allow for arbitrary code execution.
(CVE-2020-18032)
CVEs:
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2019-11023
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2018-10196
- https://ubuntu.com/security/CVE-2020-18032
- https://ubuntu.com/security/CVE-2019-11023

Title: USN-5262-1: GPT fdisk vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5262-1
Priorities: low
Description:
The potential for an out of bounds write due to a missing bounds
check was discovered to impact the sgdisk utility of GPT fdisk.
Exploitation requires the use of a maliciously formatted storage
device and could cause sgdisk to crash as well as possibly
allow for local privilege escalation.
CVEs:
- https://ubuntu.com/security/CVE-2020-0256
- https://ubuntu.com/security/CVE-2021-0308

Title: USN-5280-1: Speex vulnerability
URL: https://ubuntu.com/security/notices/USN-5280-1
Priorities: medium
Description:
It was discovered that Speex incorrectly handled certain WAV files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-23903

Title: USN-5292-3: snapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5292-3
Priorities: medium,high
Description:
USN-5292-1 fixed several vulnerabilities in snapd. This update provides the
corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)
CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731

Title: USN-5275-1: BlueZ vulnerability
URL: https://ubuntu.com/security/notices/USN-5275-1
Priorities: medium
Description:
Ziming Zhang discovered that BlueZ incorrectly handled memory write operations
in its gatt server. A remote attacker could possibly use this to cause BlueZ to
crash leading to a denial of service, or potentially remotely execute code.
(CVE-2022-0204)
CVEs:
- https://ubuntu.com/security/CVE-2022-0204
- https://ubuntu.com/security/CVE-2022-0204

Title: USN-5269-2: Django vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5269-2
Priorities: medium
Description:
USN-5269-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Keryn Knight discovered that Django incorrectly handled certain template
tags. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2022-22818)

Alan Ryan discovered that Django incorrectly handled file uploads. A remote
attacker could possibly use this issue to cause Django to hang, resulting
in a denial of service. (CVE-2022-23833)
CVEs:
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833
- https://ubuntu.com/security/CVE-2022-22818
- https://ubuntu.com/security/CVE-2022-23833

621.208

Available in VMware Tanzu Network

Release Date: February 10, 2022

Enhancements

/opt is now mounted to the ephemeral disk rather than the root disk. This is not a recommended storage point for bosh workloads, but some agents deployed on stemcells write their logs to this folder and that could cause the root disk to fill up.

#### Metadata:
BOSH Agent Version: 2.268.59

#### USNs:

Title: USN-5254-1: shadow vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5254-1
Priorities: low
Description:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
CVEs:
- https://ubuntu.com/security/CVE-2017-12424
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2017-12424
  
  Title: USN-5259-1: Cron vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5259-1
  Priorities: low
  Description:
  It was discovered that the postinst maintainer script in Cron unsafely
  handled file permissions during package install or update operations.
  An attacker could possibly use this issue to perform a privilege
  escalation attack. (CVE-2017-9525)
  
  Florian Weimer discovered that Cron incorrectly handled certain memory
  operations during crontab file creation. An attacker could possibly use
  this issue to cause a denial of service. (CVE-2019-9704)
  
  It was discovered that Cron incorrectly handled user input during crontab
  file creation. An attacker could possibly use this issue to cause a denial
  of service. (CVE-2019-9705)
  
  It was discovered that Cron contained a use-after-free vulnerability in
  its force_rescan_user function. An attacker could possibly use this issue
  to cause a denial of service. (CVE-2019-9706)
  CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525
  
  Title: USN-5234-1: Byobu vulnerability
  URL: https://ubuntu.com/security/notices/USN-5234-1
  Priorities: low
  Description:
  Sander Bos discovered that Byobu incorrectly handled certain Apport data.
  An attacker could possibly use this issue to expose sensitive information.
  CVEs:
- https://ubuntu.com/security/CVE-2019-7306
  
  Title: USN-5244-1: DBus vulnerability
  URL: https://ubuntu.com/security/notices/USN-5244-1
  Priorities: low
  Description:
  Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
  caused by the incorrect handling of usernames sharing the same UID. An
  attacker could possibly use this issue to cause DBus to crash, resulting
  in a denial of service.
  CVEs:
- https://ubuntu.com/security/CVE-2020-35512
  
  Title: USN-5268-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5268-1
  Priorities: medium
  Description:
  Keyu Man discovered that the ICMP implementation in the Linux kernel did
  not properly handle received ICMP error packets. A remote attacker could
  use this to facilitate attacks on UDP based services that depend on source
  port randomization. (CVE-2021-20322)
  
  It was discovered that the Bluetooth subsystem in the Linux kernel
  contained a use-after-free vulnerability. A local attacker could use this
  to cause a denial of service (system crash) or possibly execute arbitrary
  code. (CVE-2021-3640)
  
  Likang Luo discovered that a race condition existed in the Bluetooth
  subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code. (CVE-2021-3752)
  
  Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
  did not properly perform bounds checking in some situations. A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code. (CVE-2021-42739)
  CVEs:
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-42739
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-42739
  
  Title: USN-5021-2: curl vulnerability
  URL: https://ubuntu.com/security/notices/USN-5021-2
  Priorities: low,medium
  Description:
  USN-5021-1 fixed vulnerabilities in curl. This update provides
  the corresponding updates for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled
  TELNET connections when the -t option was used on the command line.
  Uninitialized data possibly containing sensitive information could be sent
  to the remote server, contrary to expectations. (CVE-2021-22898,
  CVE-2021-22925)
  CVEs:
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925
  
  Title: USN-5064-2: GNU cpio vulnerability
  URL: https://ubuntu.com/security/notices/USN-5064-2
  Priorities: medium
  Description:
  USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
  the corresponding updates for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
  certain pattern files. A remote attacker could use this issue to cause cpio
  to crash, resulting in a denial of service, or possibly execute arbitrary
  code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-38185
  
  Title: USN-5193-2: X.Org X Server vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5193-2
  Priorities: medium
  Description:
  USN-5193-1 fixed several vulnerabilities in X.Org. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
  certain inputs. An attacker could use this issue to cause the server to
  crash, resulting in a denial of service, or possibly execute arbitrary
  code and escalate privileges.
  CVEs:
- https://ubuntu.com/security/CVE-2021-4009
- https://ubuntu.com/security/CVE-2021-4008
- https://ubuntu.com/security/CVE-2021-4011
  
  Title: USN-5252-2: PolicyKit vulnerability
  URL: https://ubuntu.com/security/notices/USN-5252-2
  Priorities: high
  Description:
  USN-5252-1 fixed a vulnerability in policykit-1. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that the PolicyKit pkexec tool incorrectly handled
  command-line arguments. A local attacker could use this issue to escalate
  privileges to an administrator.
  CVEs:
- https://ubuntu.com/security/CVE-2021-4034
  
  Title: USN-5235-1: Ruby vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5235-1
  Priorities: medium
  Description:
  It was discovered that Ruby incorrectly handled certain HTML files.
  An attacker could possibly use this issue to cause a crash. This
  issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
  (CVE-2021-41816)
  
  It was discovered that Ruby incorrectly handled certain regular expressions.
  An attacker could possibly use this issue to cause a regular expression
  denial of service. (CVE-2021-41817)
  
  It was discovered that Ruby incorrectly handled certain cookie names.
  An attacker could possibly use this issue to access or expose
  sensitive information. (CVE-2021-41819)
  CVEs:
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41817
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41817
  
  Title: USN-5260-3: Samba vulnerability
  URL: https://ubuntu.com/security/notices/USN-5260-3
  Priorities: high
  Description:
  USN-5260-1 fixed a vulnerability in Samba. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled
  certain memory operations. A remote attacker could use this issue to cause
  Samba to crash, resulting in a denial of service, or possibly execute
  arbitrary code as root. (CVE-2021-44142)
  CVEs:
- https://ubuntu.com/security/CVE-2021-44142
- https://ubuntu.com/security/CVE-2021-44142
  
  Title: USN-5250-2: strongSwan vulnerability
  URL: https://ubuntu.com/security/notices/USN-5250-2
  Priorities: medium
  Description:
  USN-5250-1 fixed a vulnerability in strongSwan. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
  authentication. A remote attacker could use this issue to cause strongSwan
  to crash, resulting in a denial of service, or possibly bypass client and
  server authentication.
  CVEs:
- https://ubuntu.com/security/CVE-2021-45079
  
  Title: USN-5243-2: AIDE vulnerability
  URL: https://ubuntu.com/security/notices/USN-5243-2
  Priorities: medium
  Description:
  USN-5243-1 fixed a vulnerability in aide. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  David Bouman discovered that AIDE incorrectly handled base64 operations. A
  local attacker could use this issue to cause AIDE to crash, resulting in a
  denial of service, or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-45417
  
  Title: USN-5233-2: ClamAV vulnerability
  URL: https://ubuntu.com/security/notices/USN-5233-2
  Priorities: medium
  Description:
  USN-5233-1 fixed a vulnerability in ClamAV. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that ClamAV incorrectly handled memory when the
  CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker
  could possibly use this issue to cause ClamAV to crash, resulting in a
  denial of service.
  CVEs:
- https://ubuntu.com/security/CVE-2022-20698
  
  Title: USN-5270-2: MySQL vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5270-2
  Priorities: medium
  Description:
  USN-5270-1 fixed several vulnerabilities in MySQL. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Multiple security issues were discovered in MySQL and this update includes
  new upstream MySQL versions to fix these issues.
  
  MySQL has been updated to 5.7.37 in Ubuntu 16.04 ESM.
  
  In addition to security fixes, the updated packages contain bug fixes, new
  features, and possibly incompatible changes.
  
  Please see the following for more information:
  
  https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html
  https://www.oracle.com/security-alerts/cpujan2022.html
  CVEs:
- https://ubuntu.com/security/CVE-2022-21304
- https://ubuntu.com/security/CVE-2022-21344
- https://ubuntu.com/security/CVE-2022-21367
- https://ubuntu.com/security/CVE-2022-21303
- https://ubuntu.com/security/CVE-2022-21270
- https://ubuntu.com/security/CVE-2022-21245

621.198

Available in VMware Tanzu Network

Release Date: January 18, 2022

Fixes

Fixes an issue that caused the bosh-agent to continually fail to start when either the cgroup v1 memory controller or the cgroup v2 controller was mounted in more than one location on the file system.

Metadata:

BOSH Agent Version: 2.268.54

USNs:

Title: USN-5225-1: lxml vulnerability
URL: https://ubuntu.com/security/notices/USN-5225-1
Priorities: medium
Description:
It was discovered that lxml incorrectly handled certain XML and HTML files.
An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-43818

Title: USN-5212-2: Apache HTTP Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5212-2
Priorities: medium
Description:
USN-5212-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Apache HTTP Server incorrectly handled certain
forward proxy requests. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly perform
a Server Side Request Forgery attack. (CVE-2021-44224)

It was discovered that the Apache HTTP Server Lua module incorrectly
handled memory in the multipart parser. A remote attacker could use this
issue to cause the server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2021-44790)
CVEs:
- https://ubuntu.com/security/CVE-2021-44224
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44790
- https://ubuntu.com/security/CVE-2021-44224

621.196

Available in VMware Tanzu Network

Release Date: January 07, 2022

Metadata:

BOSH Agent Version: 2.268.51

USNs:

Title: LSN-0083-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0083-1
Priorities: medium,high
Description:
The BPF subsystem in the Linux kernel before 4.17 mishandles
situations with a long jump over an instruction sequence where inner
instructions require substantial expansions into multiple BPF instructions,
leading to an overflow. This affects kernel/bpf/core.c and
net/core/filter.c.(CVE-2018-25020)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory.(CVE-2021-3653)

Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.(CVE-2021-4002)

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-22555)

It was discovered that the virtual file system implementation in the Linux
kernel contained an unsigned to signed integer conversion error. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2021-33909)
CVEs:
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-3653
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2021-33909
- https://ubuntu.com/security/CVE-2018-25020
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-22555
- https://ubuntu.com/security/CVE-2021-3653

Title: USN-5211-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5211-1
Priorities: high
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages.
CVEs:
- https://ubuntu.com/security/CVE-2021-4002

Title: USN-5209-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5209-1
Priorities: high,low,medium
Description:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel
did not perform TLB flushes under certain conditions. A local attacker
could use this to leak or alter data from other processes that use huge
pages. (CVE-2021-4002)

It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this cause a denial of
service. (CVE-2021-20317)

It was discovered that a race condition existed in the overlay file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2021-20321)

It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2021-3760)

It was discovered that an integer overflow could be triggered in the eBPF
implementation in the Linux kernel when preallocating objects for stack
maps. A privileged local attacker could use this to cause a denial of
service or possibly execute arbitrary code. (CVE-2021-41864)

It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
CVEs:
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-20317
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-4002
- https://ubuntu.com/security/CVE-2021-43389
- https://ubuntu.com/security/CVE-2021-20321
- https://ubuntu.com/security/CVE-2021-3760
- https://ubuntu.com/security/CVE-2021-41864
- https://ubuntu.com/security/CVE-2021-20317

621.192

Available in VMware Tanzu Network

Release Date: December 17, 2021

Enhancements

/var/opt is now mounted to the ephemeral disk rather than the root disk. This is not a recommended storage point for bosh workloads, but some agents deployed on stemcells write their logs to this folder and that could cause the root disk to fill up.

#### Fixes
This release reverts the NATS firewall enhancement added in 621.183. Changes associated with this feature caused VMs to report a networking failed state and prevented monit firewall rules from being applied. The NATS firewall enhancement will be reintroduced in a future release.

#### Metadata:
BOSH Agent Version: 2.268.49

#### USNs:

Title: USN-5202-1: OpenJDK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5202-1
Priorities: medium
Description:
Varnavas Papaioannou discovered that the FTP client implementation in
OpenJDK accepted alternate server IP addresses when connecting with FTP
passive mode. An attacker controlling an FTP server that an application
connects to could possibly use this to expose sensitive information
(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)

Markus Loewe discovered that OpenJDK did not properly handle JAR files
containing multiple manifest files. An attacker could possibly use
this to bypass JAR signature verification. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
21.04. (CVE-2021-2369)

Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly
perform range check elimination in some situations. An attacker could
possibly use this to construct a Java class that could bypass Java
sandbox restrictions. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388)

Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by
default. An attacker could possibly use this to expose sensitive
information. (CVE-2021-35550)

It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35556)

It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35559)

Markus Loewe discovered that the HashMap and HashSet implementations in
OpenJDK did not properly validate load factors during deserialization. An
attacker could use this to cause a denial of service (excessive memory
consumption). (CVE-2021-35561)

It was discovered that the Keytool component in OpenJDK did not properly
handle certificates with validity ending dates in the far future. An
attacker could use this to specially craft a certificate that when imported
could corrupt a keystore. (CVE-2021-35564)

Tristen Hayfield discovered that the HTTP server implementation in OpenJDK
did not properly handle TLS session close in some situations. A remote
attacker could possibly use this to cause a denial of service (application
infinite loop). (CVE-2021-35565)

Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not
correctly report subject principals when using Kerberos Constrained
Delegation. An attacker could possibly use this to cause incorrect Kerberos
tickets to be used. (CVE-2021-35567)

it was discovered that the TLS implementation in OpenJDK did not properly
handle TLS handshakes in certain situations where a Java application is
acting as a TLS server. A remote attacker could possibly use this to cause
a denial of service (application crash). (CVE-2021-35578)

it was discovered that OpenJDK did not properly restrict the amount of
memory allocated when processing BMP images. An attacker could use this to
specially craft a BMP image file that could cause a denial of service.
(CVE-2021-35586)

It was discovered that the HotSpot VM in OpenJDK 8 did not properly perform
validation of inner class index values in some situations. An attacker
could use this to specially craft a class file that when loaded could cause
a denial of service (Java VM crash). (CVE-2021-35588)

Artem Smotrakov discovered that the TLS implementation in OpenJDK used non-
constant time comparisons during TLS handshakes. A remote attacker could
use this to expose sensitive information. (CVE-2021-35603)
CVEs:
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-2388
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-2388
  
  Title: USN-5189-1: GLib vulnerability
  URL: https://ubuntu.com/security/notices/USN-5189-1
  Priorities: medium
  Description:
  It was discovered that GLib incorrectly handled certain environment variables.
  An attacker could possibly use this issue to escalate privileges.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3800
  
  Title: USN-5168-4: NSS regression
  URL: https://ubuntu.com/security/notices/USN-5168-4
  Priorities: high
  Description:
  USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced
  a regression that could break SSL connections. This update fixes the problem.
  
  We apologize for the inconvenience.
  
  Original advisory details:
  
  Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
  signatures. A remote attacker could use this issue to cause NSS to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-43527
  
  Title: USN-5192-2: Apache Log4j 2 vulnerability
  URL: https://ubuntu.com/security/notices/USN-5192-2
  Priorities: high
  Description:
  USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run
  programs via a special crafted input. An attacker could use this vulnerability
  to cause a denial of service or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-44228

621.183

Available in VMware Tanzu Network

Release Date: December 06, 2021

Enhancements

Added firewall rules to restrict access to the NATS message bus except by the bosh agent. This provides an additional layer of security so even if an attacker is able to gain access to the NATS credentials, they would be unable to use those from a workload on a Bosh deployed VM. If you are attempting to debug NATS connectivity problems by directly connecting to the Bosh NATS server, you will need additional access; instructions can be found here.

#### Known issues
Errors are present in the networking service post-start scripts for all BOSH-managed VMs which:
Causes networking service to report a failed state
Incorrectly allows external connections to the monit service
Incorrectly allows external connections to the NATS service

#### Metadata:
BOSH Agent Version: 2.268.45

#### USNs:

Title: USN-5147-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5147-1
Priorities: low,medium
Description:
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)

It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. This issue only affected Ubuntu 14.04 ESM.
(CVE-2019-20807)

Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3903)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3927)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3928)
CVEs:
- https://ubuntu.com/security/CVE-2017-17087
- https://ubuntu.com/security/CVE-2019-20807
- https://ubuntu.com/security/CVE-2021-3872
- https://ubuntu.com/security/CVE-2021-3903
- https://ubuntu.com/security/CVE-2021-3927
- https://ubuntu.com/security/CVE-2021-3928
- https://ubuntu.com/security/CVE-2021-3928
- https://ubuntu.com/security/CVE-2021-3927
- https://ubuntu.com/security/CVE-2017-17087
- https://ubuntu.com/security/CVE-2019-20807
- https://ubuntu.com/security/CVE-2021-3903
- https://ubuntu.com/security/CVE-2021-3872
  
  Title: USN-5158-1: ImageMagick vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5158-1
  Priorities: low
  Description:
  It was discovered that ImageMagick incorrectly handled certain values
  when processing visual effects based image files. By tricking a user into
  opening a specially crafted image file, an attacker could crash the
  application causing a denial of service. (CVE-2021-20244)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when performing resampling operations. By tricking a user into opening
  a specially crafted image file, an attacker could crash the application
  causing a denial of service. (CVE-2021-20246)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when processing visual effects based image files. By tricking a user into
  opening a specially crafted image file, an attacker could crash the
  application causing a denial of service (CVE-2021-20309)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when processing thumbnail image data. By tricking a user into opening
  a specially crafted image file, an attacker could crash the application
  causing a denial of service. (CVE-2021-20312)
  
  It was discovered that ImageMagick incorrectly handled memory cleanup
  when performing certain cryptographic operations. Under certain conditions
  sensitive cryptographic information could be disclosed. (CVE-2021-20313)
  CVEs:
- https://ubuntu.com/security/CVE-2021-20244
- https://ubuntu.com/security/CVE-2021-20246
- https://ubuntu.com/security/CVE-2021-20309
- https://ubuntu.com/security/CVE-2021-20312
- https://ubuntu.com/security/CVE-2021-20313
- https://ubuntu.com/security/CVE-2021-20244
- https://ubuntu.com/security/CVE-2021-20246
- https://ubuntu.com/security/CVE-2021-20309
- https://ubuntu.com/security/CVE-2021-20312
- https://ubuntu.com/security/CVE-2021-20313
  
  Title: USN-5144-1: OpenEXR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5144-1
  Priorities: medium
  Description:
  It was discovered that OpenEXR incorrectly handled certain EXR
  image files. An attacker could possibly use this issue to cause a crash
  or execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3933
  
  Title: USN-5150-1: OpenEXR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5150-1
  Priorities: medium
  Description:
  It was discovered that OpenEXR incorrectly handled certain EXR image files.
  An attacker could possibly use this issue to cause a crash.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3941
  
  Title: USN-5168-3: NSS vulnerability
  URL: https://ubuntu.com/security/notices/USN-5168-3
  Priorities: high
  Description:
  USN-5168-1 fixed a vulnerability in NSS. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
  signatures. A remote attacker could use this issue to cause NSS to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-43527

621.176

Available in VMware Tanzu Network

Release Date: November 11, 2021

Metadata:

BOSH Agent Version: 2.268.41

USNs:

Title: USN-5114-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5114-1
Priorities: medium,low
Description:
It was discovered that a race condition existed in the Atheros Ath9k WiFi
driver in the Linux kernel. An attacker could possibly use this to expose
sensitive information (WiFi network traffic). (CVE-2020-3702)

It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)

It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)

It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-3702
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40490
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38198
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42008

Title: USN-5119-1: libcaca vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5119-1
Priorities: medium
Description:
It was discovered that libcaca incorrectly handled certain images. An attacker
could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-30499

Title: USN-5136-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5136-1
Priorities: low,medium
Description:
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)

It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)

It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)

Ilja Van Sprundel discovered that the SCTP implementation in the Linux
kernel did not properly perform size validations on incoming packets in
some situations. An attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2021-3655)

It was discovered that the Qualcomm IPC Router protocol implementation in
the Linux kernel did not properly validate metadata in some situations. A
local attacker could use this to cause a denial of service (system crash)
or expose sensitive information. (CVE-2021-3743)

It was discovered that the virtual terminal (vt) device implementation in
the Linux kernel contained a race condition in its ioctl handling that led
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-3753)

It was discovered that the Linux kernel did not properly account for the
memory usage of certain IPC objects. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2021-3759)

Michael Wakabayashi discovered that the NFSv4 client implementation in the
Linux kernel did not properly order connection setup operations. An
attacker controlling a remote NFS server could use this to cause a denial
of service on the client. (CVE-2021-38199)

It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller
implementation in the Linux kernel did not properly perform boundary checks
in some situations, allowing out-of-bounds write access. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. In Ubuntu, this issue only affected systems running
armhf kernels. (CVE-2021-42252)
CVEs:
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2021-3655
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-38199
- https://ubuntu.com/security/CVE-2020-36322
- https://ubuntu.com/security/CVE-2021-3759
- https://ubuntu.com/security/CVE-2021-3753
- https://ubuntu.com/security/CVE-2020-36385
- https://ubuntu.com/security/CVE-2019-19449
- https://ubuntu.com/security/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-42252
- https://ubuntu.com/security/CVE-2021-3655

Title: USN-5133-1: ICU vulnerability
URL: https://ubuntu.com/security/notices/USN-5133-1
Priorities: low
Description:
It was discovered that ICU contains a use after free issue.
An attacker could use this issue to cause a denial of service with crafted input.
CVEs:
- https://ubuntu.com/security/CVE-2020-21913

Title: LSN-0082-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0082-1
Priorities: medium,high
Description:
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2020-29661)

De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux
kernel did not properly handle mod32 destination register truncation when
the source register was known to be 0. A local attacker could use this to
expose sensitive information (kernel memory) or possibly execute arbitrary
code.(CVE-2021-3444)

kernel: use-after-free in route4_change() in
net/sched/cls_route.c(CVE-2021-3715)
CVEs:
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3444
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2020-29660
- https://ubuntu.com/security/CVE-2020-29661
- https://ubuntu.com/security/CVE-2021-3715
- https://ubuntu.com/security/CVE-2021-3444

Title: USN-5125-1: PHP vulnerability
URL: https://ubuntu.com/security/notices/USN-5125-1
Priorities: high
Description:
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-21703

Title: USN-5126-2: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-5126-2
Priorities: medium
Description:
USN-5126-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame
cache when processing responses. A remote attacker could possibly use this
issue to cause Bind to consume resources, resulting in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-25219

Title: USN-5123-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5123-2
Priorities: medium
Description:
USN-5123-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and
Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html
https://www.oracle.com/security-alerts/cpuoct2021.html
CVEs:
- https://ubuntu.com/security/CVE-2021-35624
- https://ubuntu.com/security/CVE-2021-35604

621.171

Available in VMware Tanzu Network

Release Date: October 25, 2021

Metadata:

BOSH Agent Version: 2.268.36
Bosh-agent is now build with Go 1.17

Features:

Allow to receive nats and blobstore updates via update settings action

USNs:

Title: USN-5109-1: nginx vulnerability
URL: https://ubuntu.com/security/notices/USN-5109-1
Priorities: medium
Description:
It was discovered that nginx incorrectly handled files with
certain modification dates. A remote attacker could possibly
use this issue to cause a denial of service or other unspecified
impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-20005

Title: USN-5022-3: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5022-3
Priorities: medium
Description:
USN-5022-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to MySQL 5.7.35 on Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html
https://www.oracle.com/security-alerts/cpujul2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2179
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2162
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2389
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2390
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2194
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2146
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2372
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2342
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2169
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2171
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2180
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2154
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2166
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2307
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2385

Title: USN-5103-1: docker.io vulnerability
URL: https://ubuntu.com/security/notices/USN-5103-1
Priorities: medium
Description:
Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in
Docker incorrectly allowed the docker cp command to make permissions
changes in the host filesystem in some situations. A local attacker
could possibly use to this to expose sensitive information or gain
administrative privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41089

Title: USN-5111-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5111-2
Priorities: medium
Description:
USN-5111-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that strongSwan incorrectly handled replacing
certificates in the cache. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-41991)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41991

Title: USN-5121-1: Mailman vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5121-1
Priorities: high
Description:
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman
did not properly associate cross-site request forgery (CSRF) tokens
to specific accounts. A remote attacker could use this to perform a
CSRF attack to gain access to another account. (CVE-2021-42097)

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s
cross-site request forgery (CSRF) tokens for the options page are
derived from the admin password. A remote attacker could possibly use
this to assist in performing a brute force attack against the admin
password. (CVE-2021-42096)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42096
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42097

621.160

Available in VMware Tanzu Network

Release Date: October 01, 2021

Fixes

Fixes an issue introduced in v621.151 that caused frequent udev events and high CPU usage on Azure VMs.

Metadata:

BOSH Agent Version: 2.268.29

621.154

Available in VMware Tanzu Network

Release Date: September 16, 2021

Fixes

Fixes an issue introduced in v621.151 that caused persistent disks to frequently fail to mount.

#### Metadata:
BOSH Agent Version: 2.268.27

#### USNs:

Title: USN-5077-2: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5077-2
Priorities: medium
Description:
USN-5077-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Maik Münch and Stephen Röttger discovered that Apport incorrectly handled
certain information gathering operations. A local attacker could use this
issue to gain read access to arbitrary files, possibly containing sensitive
information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3710
  
  Title: USN-5076-1: Git vulnerability
  URL: https://ubuntu.com/security/notices/USN-5076-1
  Priorities: medium
  Description:
  It was discovered that Git allowed newline characters in
  certain repository paths. An attacker could potentially use this issue to perform
  cross-protocol requests.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40330

621.151

Available in VMware Tanzu Network

Release Date: September 14, 2021

Fixes

Updates the /var/vcap/bosh/bin/monit wrapper script to refer to monit-actual by absolute path, rather than relative path. This allows folks who reset or clear the PATH environment variable to actually be able to use the monit CLI. Prior to this fix, folks who cleared their PATH environment variable would see an error like: /var/vcap/bosh/bin/monit: line 9: exec: monit-actual: not found.
Fixes the “incorrect used memory reporting” issue introduced in stemcell version 621.141. The Bosh Agent will now report the correct amount of memory used by all processes in the VM that it manages, rather than just the processes in its cgroup.

#### Known issues
We’ve seen failures with this version of the stemcell in vSphere when attempting to attach a persistent disk to a running VM. We are currently planning to address this issue with an update to the vSphere CPI. It should be fixed in vSphere CPI release >= v69. We have pulled the vSphere version of this stemcell for now.

Note: This issue is fixed in stemcell version 621.154

#### Metadata:
BOSH Agent Version: 2.268.27

#### USNs:

Title: USN-5066-2: PySAML2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5066-2
Priorities: medium
Description:
USN-5066-1 fixed a vulnerability in PySAML2. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic
signatures. A remote attacker could possibly use this issue to alter SAML
documents.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21239
  
  Title: USN-5039-1: Linux kernel vulnerability
  URL: https://ubuntu.com/security/notices/USN-5039-1
  Priorities: high
  Description:
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: LSN-0080-1: Kernel Live Patch Security Notice
  URL: https://ubuntu.com/security/notices/LSN-0080-1
  Priorities: high
  Description:
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.(CVE-2021-22555)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: USN-5028-1: Exiv2 vulnerability
  URL: https://ubuntu.com/security/notices/USN-5028-1
  Priorities: medium
  Description:
  It was discovered that Exiv2 incorrectly handled certain images.
  An attacker could possibly use this issue to cause a denial of service.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31291
  
  Title: USN-5025-2: libsndfile vulnerability
  URL: https://ubuntu.com/security/notices/USN-5025-2
  Priorities: medium
  Description:
  USN-5025-1 fixed a vulnerability in libsndfile. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that libsndfile incorrectly handled certain malformed
  files. A remote attacker could use this issue to cause libsndfile to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3246
  
  Title: USN-5027-2: PEAR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5027-2
  Priorities: medium
  Description:
  USN-5027-1 fixed a vulnerability in PEAR. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that PEAR incorrectly handled symbolic links in archives.
  A remote attacker could possibly use this issue to execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32610
  
  Title: USN-5044-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5044-1
  Priorities: medium
  Description:
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device initialization failure, leading to a double-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3564)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device detach events, leading to a use-after-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3573)
  
  It was discovered that the NFC implementation in the Linux kernel did not
  properly handle failed connect events leading to a NULL pointer
  dereference. A local attacker could use this to cause a denial of service.
  (CVE-2021-3587)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3564
  
  Title: USN-5073-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5073-1
  Priorities: medium,low,high
  Description:
  Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
  implementation for AMD processors in the Linux kernel allowed a guest VM to
  disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
  guest VM could use this to read or write portions of the host’s physical
  memory. (CVE-2021-3656)
  
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory. (CVE-2021-3653)
  
  Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
  implementation in the Linux kernel did not properly initialize memory in
  some situations. A local attacker could use this to expose sensitive
  information (kernel memory). (CVE-2021-34693)
  
  Murray McAllister discovered that the joystick device interface in the
  Linux kernel did not properly validate data passed via an ioctl(). A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code on systems with a joystick device
  registered. (CVE-2021-3612)
  
  It was discovered that the Virtio console implementation in the Linux
  kernel did not properly validate input lengths in some situations. A local
  attacker could possibly use this to cause a denial of service (system
  crash). (CVE-2021-38160)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3612
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34693
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38160
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
  
  Title: USN-5062-1: Linux kernel vulnerability
  URL: https://ubuntu.com/security/notices/USN-5062-1
  Priorities: high
  Description:
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
  
  Title: LSN-0081-1: Kernel Live Patch Security Notice
  URL: https://ubuntu.com/security/notices/LSN-0081-1
  Priorities: high
  Description:
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory.(CVE-2021-3653)
  
  Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
  implementation for AMD processors in the Linux kernel allowed a guest VM to
  disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
  guest VM could use this to read or write portions of the host’s physical
  memory.(CVE-2021-3656)
  
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.(CVE-2021-22555)
  
  It was discovered that the virtual file system implementation in the Linux
  kernel contained an unsigned to signed integer conversion error. A local
  attacker could use this to cause a denial of service (system crash) or
  execute arbitrary code.(CVE-2021-33909)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909
  
  Title: USN-5034-2: c-ares vulnerability
  URL: https://ubuntu.com/security/notices/USN-5034-2
  Priorities: medium
  Description:
  USN-5034-1 fixed a vulnerability in c-ares. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
  validated certain hostnames returned by DNS servers. A remote attacker
  could possibly use this issue to perform Domain Hijacking attacks.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3672
  
  Title: USN-5026-2: QPDF vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5026-2
  Priorities: medium,low
  Description:
  USN-5026-1 fixed several vulnerabilities in QPDF. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  Original advisory details:
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to consume
  resources, resulting in a denial of service. (CVE-2018-18020)
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  (CVE-2021-36978)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-36978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18020
  
  Title: USN-5051-2: OpenSSL vulnerability
  URL: https://ubuntu.com/security/notices/USN-5051-2
  Priorities: medium
  Description:
  USN-5051-1 fixed a vulnerability in OpenSSL. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1
  strings. A remote attacker could use this issue to cause OpenSSL to crash,
  resulting in a denial of service, or possibly obtain sensitive information.
  (CVE-2021-3712)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3712
  
  Title: USN-5043-1: Exiv2 vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5043-1
  Priorities: medium
  Description:
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  (CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622)
  
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04.
  (CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618,
  CVE-2021-37619, CVE-2021-37621, CVE-2021-37623)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37622
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37621
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37620
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37618
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34335
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37619
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34334
  
  Title: USN-5055-1: GNOME grilo vulnerability
  URL: https://ubuntu.com/security/notices/USN-5055-1
  Priorities: medium
  Description:
  Michael Catanzaro discovered that grilo incorrectly handled certain TLS
  certificate verification. An attacker could possibly use this issue to
  MITM attacks.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-39365
  
  Title: USN-5068-1: GD library vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5068-1
  Priorities: medium,low
  Description:
  It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
  An attacker could possibly use this issue to cause a crash or expose sensitive information.
  This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
  (CVE-2017-6363)
  
  It was discovered that GD Graphics Library incorrectly handled certain TGA files.
  An attacker could possibly use this issue to cause a denial of service or
  expose sensitive information. (CVE-2021-381)
  
  It was discovered that GD Graphics Library incorrectly handled certain files.
  An attacker could possibly use this issue to cause a crash.
  (CVE-2021-40145)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38115
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6363

621.141

Available in VMware Tanzu Network

Release Date: August 30, 2021

Enhancements

Added firewall rules to restrict Monit API access to the Monit CLI and BOSH Agent. To see how to grant your program access to the Monit API, examine the new monit wrapper script, found at /var/vcap/bosh/bin/monit.

#### Known issues
The memory used by the VM that a Bosh Agent manages is incorrectly reported. The Agent will report very significantly smaller amounts of memory used by the VM than are actually used. This means that the “memory used” information in the output of bosh vms --vitals and related commands is incorrect. For now, avoid using this stemcell version, if you rely on the VM memory usage information reported by the Bosh Agent, Director, or the bosh CLI.
NOTE: This issue has been resolved in Stemcell version 621.151.

#### Metadata:
BOSH Agent Version: 2.268.23

#### USNs:

Title: USN-5039-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5039-1
Priorities: high
Description:
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: LSN-0080-1: Kernel Live Patch Security Notice
  URL: https://ubuntu.com/security/notices/LSN-0080-1
  Priorities: high
  Description:
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.(CVE-2021-22555)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: USN-5028-1: Exiv2 vulnerability
  URL: https://ubuntu.com/security/notices/USN-5028-1
  Priorities: medium
  Description:
  It was discovered that Exiv2 incorrectly handled certain images.
  An attacker could possibly use this issue to cause a denial of service.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31291
  
  Title: USN-5025-2: libsndfile vulnerability
  URL: https://ubuntu.com/security/notices/USN-5025-2
  Priorities: medium
  Description:
  USN-5025-1 fixed a vulnerability in libsndfile. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that libsndfile incorrectly handled certain malformed
  files. A remote attacker could use this issue to cause libsndfile to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3246
  
  Title: USN-5027-2: PEAR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5027-2
  Priorities: medium
  Description:
  USN-5027-1 fixed a vulnerability in PEAR. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that PEAR incorrectly handled symbolic links in archives.
  A remote attacker could possibly use this issue to execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32610
  
  Title: USN-5044-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5044-1
  Priorities: medium
  Description:
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device initialization failure, leading to a double-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3564)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device detach events, leading to a use-after-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3573)
  
  It was discovered that the NFC implementation in the Linux kernel did not
  properly handle failed connect events leading to a NULL pointer
  dereference. A local attacker could use this to cause a denial of service.
  (CVE-2021-3587)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3564
  
  Title: USN-5034-2: c-ares vulnerability
  URL: https://ubuntu.com/security/notices/USN-5034-2
  Priorities: medium
  Description:
  USN-5034-1 fixed a vulnerability in c-ares. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
  validated certain hostnames returned by DNS servers. A remote attacker
  could possibly use this issue to perform Domain Hijacking attacks.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3672
  
  Title: USN-5026-2: QPDF vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5026-2
  Priorities: medium,low
  Description:
  USN-5026-1 fixed several vulnerabilities in QPDF. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  Original advisory details:
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to consume
  resources, resulting in a denial of service. (CVE-2018-18020)
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  (CVE-2021-36978)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-36978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18020
  
  Title: USN-5043-1: Exiv2 vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5043-1
  Priorities: medium
  Description:
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  (CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622)
  
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04.
  (CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618,
  CVE-2021-37619, CVE-2021-37621, CVE-2021-37623)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37622
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37621
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37620
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37618
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34335
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37619
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34334

621.136

Available in VMware Tanzu Network

Release Date: July 26, 2021

Metadata:

BOSH Agent Version: 2.268.21

As of this release, on all IAASs, rsyslog will not start until /var/log is mounted. When used with a Bosh Agent, /var/log will automatically be mounted, and no further action is required.

If you use this stemcell without a Bosh Agent and do not mount /var/log, then you need to do one of these two actions:

* Remove the ExecStartPre= line from /etc/systemd/system/rsyslog.service
* Blank out the contents of /usr/local/bin/wait_for_var_log_to_be_mounted

Either action will cause rsyslog to no longer wait for /var/log to be mounted before starting.

Metadata:

BOSH Agent Version: 2.268.19

USNs:

Title: USN-4754-1: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4754-1
Priorities: medium,low
Description:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3177
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27619

621.108

Available in VMware Tanzu Network

Release Date: March 01, 2021

Known Issues:

This version of the stemcell has the following issues when used on GCP:
* Attempts to use cf ssh timeout.
* The iptables-logger job fails to deploy

This is because rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

This issue is fixed in stemcell version 621.109.

Metadata:

BOSH Agent Version: 2.268.19

USNs:

Title: USN-4741-1: Jackson vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4741-1
Priorities: medium
Description:
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15095
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7525
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10172

Title: USN-4749-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4749-1
Priorities: medium,low
Description:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)

Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)

It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)

Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27830
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29569
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29661
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28941

Title: USN-4748-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4748-1
Priorities: medium,low
Description:
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)

It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)

Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)

Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)

Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29661
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29568
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27815

Title: USN-4747-1: GNU Screen vulnerability
URL: https://ubuntu.com/security/notices/USN-4747-1
Priorities: medium
Description:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-26937

Title: USN-4746-1: xterm vulnerability
URL: https://ubuntu.com/security/notices/USN-4746-1
Priorities: medium
Description:
Tavis Ormandy discovered that xterm incorrectly handled certain character
sequences. A remote attacker could use this issue to cause xterm to crash,
resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27135

Known Issues: When used on GCP, rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

621.107

Available in VMware Tanzu Network

Release Date: February 24, 2021

Metadata:

BOSH Agent Version: 2.268.19

USNs:

Title: USN-4728-1: snapd vulnerability
URL: https://ubuntu.com/security/notices/USN-4728-1
Priorities: high
Description:
Gilad Reti discovered that snapd did not correctly specify cgroup
delegation when generating systemd service units for various container
management snaps. This could allow a local attacker to escalate privileges
via access to arbitrary devices of the container host from within a
compromised or malicious container.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27352

Title: USN-4718-1: fastd vulnerability
URL: https://ubuntu.com/security/notices/USN-4718-1
Priorities: medium
Description:
It was discovered that fastd incorrectly handled certain packets.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27638

Title: USN-4729-1: Open vSwitch vulnerability
URL: https://ubuntu.com/security/notices/USN-4729-1
Priorities: medium
Description:
Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain
network packets. A remote attacker could use this issue to cause a denial
of service, or possibly alter packet classification.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35498

Title: USN-4724-1: OpenLDAP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4724-1
Priorities: medium
Description:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)

It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)

It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)

It was discovered that OpenLDAP incorrectly handled certain cancel
operations. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227)

It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing. A remote attacker could possibly use this
issue to cause OpenLDAP to crash, resulting in a denial of service.
(CVE-2020-36228)

It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36223
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36226
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36227
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36230
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36229
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36224
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36225
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36228
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-36222

Title: USN-4737-1: Bind vulnerability
URL: https://ubuntu.com/security/notices/USN-4737-1
Priorities: medium
Description:
It was discovered that Bind incorrectly handled GSSAPI security policy
negotiation. A remote attacker could use this issue to cause Bind to crash,
resulting in a denial of service, or possibly execute arbitrary code. In
the default installation, attackers would be isolated by the Bind AppArmor
profile.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8625

Title: USN-4734-1: wpa_supplicant and hostapd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4734-1
Priorities: high,medium
Description:
It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) group information in some situations, leading to a
heap overflow. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2021-0326)

It was discovered that hostapd did not properly handle UPnP subscribe
messages in some circumstances. An attacker could use this to cause a
denial of service. (CVE-2020-12695)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-0326
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12695

Title: USN-4720-1: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4720-1
Priorities: medium
Description:
Itai Greenhut discovered that Apport incorrectly parsed certain files in
the /proc filesystem. A local attacker could use this issue to escalate
privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683)

Itai Greenhut discovered that Apport incorrectly handled opening certain
special files. A local attacker could possibly use this issue to cause
Apport to hang, resulting in a denial of service. (CVE-2021-25684)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25683
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25682
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-25684

Known Issues: When used on GCP, rsyslog is started before /var/log is mounted. This causes it to log to the root filesystem rather than the mounted persistent disk.

621.101

Available in VMware Tanzu Network

Release Date: February 03, 2021

Metadata:

BOSH Agent Version: 2.268.17

USNs:

Title: USN-4702-1: Pound vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4702-1
Priorities: medium
Description:
It was discovered that Pound incorrectly handled certain HTTP requests
A remote attacker could use it to retrieve some sensitive
information. (CVE-2016-10711, CVE-2018-21245)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-21245
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10711

Title: USN-4708-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4708-1
Priorities: medium,low
Description:
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)

Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27777
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813

Title: USN-4709-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4709-1
Priorities: high,low
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)

Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19816
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19813
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-13093

Title: USN-4711-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4711-1
Priorities: high,medium
Description:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)

Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28374
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25704

Title: USN-4716-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4716-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10.
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html
https://www.oracle.com/security-alerts/cpujan2021.html
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2088
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2076
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2061
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2081
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2070
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2002
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2072
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2122
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2048
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2038
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2031
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2056
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2087
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2010
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2036
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2021
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2014
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2032
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2058
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-2011

Title: USN-4717-1: Firefox vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4717-1
Priorities: medium
Description:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, conduct clickjacking attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23954
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23964
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23958
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23960
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23963
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23955
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23961
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23962
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23953
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23956
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-23965

Title: USN-4703-1: Mutt vulnerability
URL: https://ubuntu.com/security/notices/USN-4703-1
Priorities: medium
Description:
It was discovered that Mutt incorrectly handled certain email messages.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3181

Title: USN-4715-1: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-4715-1
Priorities: medium
Description:
Wang Baohua discovered that Django incorrectly extracted archive files. A
remote attacker could possibly use this issue to extract files outside of
their expected location.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3281

621.99

Available in VMware Tanzu Network

Release Date: January 27, 2021

Metadata:

BOSH Agent Version: 2.268.16

621.92

Available in VMware Tanzu Network

Release Date: November 16, 2020

Metadata:

BOSH Agent Version: 2.268.16

Title: USN-4470-1: sane-backends vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4470-1
Priorities: low,medium
Description:
Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318)
It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6318
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12862
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12863
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12864
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12865
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12866
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12867

Title: USN-4485-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4485-1
Priorities: low,medium,negligible
Description:
Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669)
It was discovered that the Kvaser CAN/USB driver in the Linux kernel…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19947
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20810
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10732
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10766
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10767
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10768
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10781
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12655
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12771
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13974
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15393
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24394

Title: USN-4476-1: NSS vulnerability
URL: https://ubuntu.com/security/notices/USN-4476-1
Priorities: medium
Description:
It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12403

Title: USN-4490-1: X.Org X Server vulnerability
URL: https://ubuntu.com/security/notices/USN-4490-1
Priorities: medium
Description:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14345

Title: USN-4489-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-4489-1
Priorities: high
Description:
Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14386

Title: USN-4471-1: Net-SNMP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4471-1
Priorities: medium
Description:
Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861)
It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15861
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15862

Title: USN-4482-1: Ark vulnerability
URL: https://ubuntu.com/security/notices/USN-4482-1
Priorities: medium
Description:
Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-24654

621.82

Available in VMware Tanzu Network

Release Date: August 21, 2020

This release changes the way the Linux Google light stemcell works to reference a source image. It will lead to a decrease in the time it takes to upload the light stemcell. This change will also help mitigate the impact of the new GCP image creation rate limit which any user uploading more than 6 GCP stemcells an hour would hit.

Metadata:

BOSH Agent Version: 2.268.16

USNs:

Title: USN-4459-1: Salt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4459-1
Priorities: medium
Description:
It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. (CVE-2018-15750)
It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute abritrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15750
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15751
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17361
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11651
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11652

Title: USN-4463-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-4463-1
Priorities: low
Description:
It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771)
Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12771
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15393

621.81

Available in VMware Tanzu Network

Release Date: August 19, 2020

Metadata:

BOSH Agent Version: 2.268.16

Available in VMware Tanzu Network

Release Date: March 24, 2020

Metadata:

BOSH Agent Version: 2.268.12

621.51

Available in VMware Tanzu Network

Release Date: January 24, 2020

Bug Fixes

* Addresses https://github.com/cloudfoundry/bosh/issues/2223 - prevent AWS from overriding search domains

Metadata:

BOSH Agent Version: 2.268.11

USNs:

Title: USN-4246-1: zlib vulnerabilities
URL: https://usn.ubuntu.com/4246-1/
Priorities: low
Description:
It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9840
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9841
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9842
- https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9843

Title: USN-4248-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4248-1/
Priorities: medium
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16545
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16547
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16669
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17498
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17500
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17501
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17502
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17503
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17782
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17783

Title: USN-4244-1: Samba vulnerabilities
URL: https://usn.ubuntu.com/4244-1/
Priorities: low,medium
Description:
It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14902
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14907
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19344

Title: USN-4247-1: python-apt vulnerabilities
URL: https://usn.ubuntu.com/4247-1/
Priorities: medium
Description:
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795)
It was discovered that python-apt could install packages from untrusted repositories, contrary…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15795
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15796

Title: USN-4249-1: e2fsprogs vulnerability
URL: https://usn.ubuntu.com/4249-1/
Priorities: medium
Description:
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5188

Title: USN-4245-1: PySAML2 vulnerability
URL: https://usn.ubuntu.com/4245-1/
Priorities: medium
Description:
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2020-5390

621.50

Available in VMware Tanzu Network

Release Date: January 21, 2020

Metadata:

BOSH Agent Version: 2.268.10

USNs:

Title: USN-4232-1: GraphicsMagick vulnerabilities
URL: https://usn.ubuntu.com/4232-1/
Priorities: medium,low
Description:
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14165
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14314
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14504
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14649
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14733
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14994
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14997
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15930
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16352
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16353

Title: USN-4237-1: SpamAssassin vulnerabilities
URL: https://usn.ubuntu.com/4237-1/
Priorities: medium
Description:
It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805)
It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11805
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12420

Title: USN-4238-1: SDL_image vulnerabilities
URL: https://usn.ubuntu.com/4238-1/
Priorities: medium,low
Description:
It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-3977
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12216
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12217
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12218
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12219
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12220
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12221
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12222
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5051
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-7635

Title: USN-4240-1: Kamailio vulnerability
URL: https://usn.ubuntu.com/4240-1/
Priorities: high
Description:
It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8828

Title: USN-4239-1: PHP vulnerabilities
URL: https://usn.ubuntu.com/4239-1/
Priorities: low
Description:
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11046
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11047
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11050

Title: USN-4236-2: Libgcrypt vulnerability
URL: https://usn.ubuntu.com/4236-2/
Priorities: medium
Description:
USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13627

Title: USN-4227-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4227-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16231
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16233
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19045
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19083
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19529
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19807

Title: USN-4228-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4228-1/
Priorities: medium,low
Description:
It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14895
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14896
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14897
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14901
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18660
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19052
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19524
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19534

Title: USN-4230-1: ClamAV vulnerability
URL: https://usn.ubuntu.com/4230-1/
Priorities: medium
Description:
It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Title: USN-4231-1: NSS vulnerability
URL: https://usn.ubuntu.com/4231-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17006

Title: USN-4234-1: Firefox vulnerabilities
URL: https://usn.ubuntu.com/4234-1/
Priorities: medium,low
Description:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17016
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17017
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17022
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17023
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17024
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17025
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17026

Title: USN-4235-1: nginx vulnerability
URL: https://usn.ubuntu.com/4235-1/
Priorities: medium
Description:
Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20372

621.41

Available in VMware Tanzu Network

Release Date: February 04, 2020

621.29

Available in VMware Tanzu Network

Release Date: December 10, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4211-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4211-1/
Priorities: medium,negligible
Description:
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)
Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20784
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133

Title: USN-4205-1: SQLite vulnerabilities
URL: https://usn.ubuntu.com/4205-1/
Priorities: low,medium
Description:
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8740
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16168
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19242
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19244
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5018
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5827

Title: USN-4203-1: NSS vulnerability
URL: https://usn.ubuntu.com/4203-1/
Priorities: medium
Description:
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745

Title: USN-4213-1: Squid vulnerabilities
URL: https://usn.ubuntu.com/4213-1/
Priorities: medium,low
Description:
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523)
Jeriko One discovered that Squid incorrectly handed URN…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12523
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12526
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12854
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18676
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18677
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18678
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Title: USN-4210-1: Linux kernel vulnerabilities
URL: https://usn.ubuntu.com/4210-1/
Priorities: medium,negligible,low
Description:
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
Nicolas Waisman discovered that the WiFi driver stack in the Linux…
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16746
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17075
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17133
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19060
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19065
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19075

Title: USN-4204-1: psutil vulnerability
URL: https://usn.ubuntu.com/4204-1/
Priorities: medium
Description:
Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18874

621.26

Release Date: November 26, 2019

BOSH Agent version: 2.268.7
USNs:

Title: USN-4198-1: DjVuLibre vulnerabilities
URL: https://usn.ubuntu.com/4198-1/
Priorities: low
Description:
It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15142
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15143
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15144
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18804

621.23

Release Date: November 18, 2019

621.12

Release Date: November 12, 2019

BOSH Agent version: 2.268.5
USNs:

Title: USN-4176-1: GNU cpio vulnerability
URL: https://usn.ubuntu.com/4176-1/
Priorities: medium
Description:
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14866

Title: USN-4174-1: HAproxy vulnerability
URL: https://usn.ubuntu.com/4174-1/
Priorities: medium
Description:
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18277

Title: USN-4175-1: Nokogiri vulnerability
URL: https://usn.ubuntu.com/4175-1/
Priorities: medium
Description:
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5477

621.5

Release Date: October 31, 2019

New stemcell line!

* rev the stemcell_api_version to 3 for upcoming signed url feature - https://www.pivotaltracker.com/epic/show/4392899
* blacklist nouveau kernel module (#96)

—

BOSH Agent version: 2.268.3

456.x

USNs:

Title: USN-5449-1: libXv vulnerability
URL: https://ubuntu.com/security/notices/USN-5449-1
Priorities: low
Description:
It was discovered that libXv incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-5407

Title: USN-5437-1: libXfixes vulnerability
URL: https://ubuntu.com/security/notices/USN-5437-1
Priorities: low
Description:
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2016-7944

Title: LSN-0086-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0086-1
Priorities: high,medium
Description:
It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2021-39713)

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges.(CVE-2022-0492)

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-1055)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-1116)

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)

Nick Gregory discovered that the Linux kernel incorrectly handled network
offload functionality. A local attacker could use this to cause a denial of
service or possibly execute arbitrary code.(CVE-2022-25636)

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code.(CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions.(CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1055
- https://ubuntu.com/security/CVE-2022-0492
- https://ubuntu.com/security/CVE-2022-25636
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-1116
- https://ubuntu.com/security/CVE-2022-21499
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-29581

Title: USN-5452-1: NTFS-3G vulnerability
URL: https://ubuntu.com/security/notices/USN-5452-1
Priorities: low
Description:
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-46790

Title: USN-5402-2: OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5402-2
Priorities: medium,low
Description:
USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
CVEs:
- https://ubuntu.com/security/CVE-2022-1292
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1473
- https://ubuntu.com/security/CVE-2022-1292

Title: USN-5404-2: Rsyslog vulnerability
URL: https://ubuntu.com/security/notices/USN-5404-2
Priorities: medium
Description:
USN-5404-1 addressed a vulnerability in Rsyslog. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Pieter Agten discovered that Rsyslog incorrectly handled certain requests.
An attacker could possibly use this issue to cause a crash.
CVEs:
- https://ubuntu.com/security/CVE-2022-24903

Title: USN-5453-1: FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-5453-1
Priorities: low
Description:
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-27406

Title: USN-5443-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5443-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVEs:
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594
- https://ubuntu.com/security/CVE-2022-29581
- https://ubuntu.com/security/CVE-2022-30594

456.267

Available in VMware Tanzu Network

Release Date: May 25, 2022

Metadata:

BOSH Agent Version: 2.234.63

USNs:

456.265

Available in VMware Tanzu Network

Release Date: May 17, 2022

Metadata:

BOSH Agent Version: 2.234.62

USNs:

Title: USN-5398-1: Simple DirectMedia Layer vulnerability
URL: https://ubuntu.com/security/notices/USN-5398-1
Priorities:
Description:
It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled
certain files. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.
CVEs:

Title: USN-5407-1: Cairo vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5407-1
Priorities: low
Description:
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)

Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
CVEs:
- https://ubuntu.com/security/CVE-2016-9082
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2017-9814
- https://ubuntu.com/security/CVE-2020-35492
- https://ubuntu.com/security/CVE-2019-6462
- https://ubuntu.com/security/CVE-2016-9082

Title: USN-5389-1: Libcroco vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5389-1
Priorities: low
Description:
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
CVEs:
- https://ubuntu.com/security/CVE-2017-7960
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2020-12825
- https://ubuntu.com/security/CVE-2017-8834
- https://ubuntu.com/security/CVE-2017-8871
- https://ubuntu.com/security/CVE-2017-7960

Title: USN-5405-1: jbig2dec vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5405-1
Priorities: low
Description:
It was discovered that jbig2dec incorrectly handled memory when parsing
invalid files. An attacker could use this issue to cause jbig2dec to crash,
leading to a denial of service. (CVE-2017-9216)

It was discovered that jbig2dec incorrectly handled memory when processing
untrusted input. An attacker could use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-12268)
CVEs:
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268
- https://ubuntu.com/security/CVE-2017-9216
- https://ubuntu.com/security/CVE-2020-12268

Title: USN-5259-3: Cron regression
URL: https://ubuntu.com/security/notices/USN-5259-3
Priorities: low
Description:
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5413-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5413-1
Priorities: low,medium
Description:
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of
the Linux kernel during device removal. A privileged or physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2020-27820)

It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-39713)

It was discovered that the Parallel NFS (pNFS) implementation in the Linux
kernel did not properly perform bounds checking in some situations. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-4157)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

It was discovered that the Xilinx USB2 device gadget driver in the Linux
kernel did not properly validate endpoint indices from the host. A
physically proximate attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-27223)

It was discovered that the EMS CAN/USB interface implementation in the
Linux kernel contained a double-free vulnerability when handling certain
error conditions. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-28390)
CVEs:
- https://ubuntu.com/security/CVE-2020-27820
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-4157
- https://ubuntu.com/security/CVE-2022-26490
- https://ubuntu.com/security/CVE-2022-28390
- https://ubuntu.com/security/CVE-2021-39713
- https://ubuntu.com/security/CVE-2022-27223
- https://ubuntu.com/security/CVE-2020-27820

Title: USN-5179-2: BusyBox vulnerability
URL: https://ubuntu.com/security/notices/USN-5179-2
Priorities: low
Description:
USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)
CVEs:
- https://ubuntu.com/security/CVE-2021-28831
- https://ubuntu.com/security/CVE-2021-28831

Title: USN-5392-1: Mutt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5392-1
Priorities: low,medium
Description:
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055)

It was discovered that Mutt incorrectly handled certain input.
An attacker could possibly use this issue to cause a crash,
or expose sensitive information. (CVE-2022-1328)
CVEs:
- https://ubuntu.com/security/CVE-2021-32055
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2022-1328
- https://ubuntu.com/security/CVE-2021-32055

Title: USN-5391-1: libsepol vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5391-1
Priorities: low
Description:
Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)
CVEs:
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36087
- https://ubuntu.com/security/CVE-2021-36086
- https://ubuntu.com/security/CVE-2021-36085
- https://ubuntu.com/security/CVE-2021-36084
- https://ubuntu.com/security/CVE-2021-36087

Title: USN-5409-1: libsndfile vulnerability
URL: https://ubuntu.com/security/notices/USN-5409-1
Priorities: low
Description:
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2021-4156

Title: USN-5385-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5385-1
Priorities: medium,low,negligible
Description:
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
CVEs:
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2022-24448
- https://ubuntu.com/security/CVE-2022-24959
- https://ubuntu.com/security/CVE-2021-43975
- https://ubuntu.com/security/CVE-2022-0617

Title: USN-5400-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5400-2
Priorities: medium
Description:
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21417
- https://ubuntu.com/security/CVE-2022-21451
- https://ubuntu.com/security/CVE-2022-21460
- https://ubuntu.com/security/CVE-2022-21444
- https://ubuntu.com/security/CVE-2022-21454
- https://ubuntu.com/security/CVE-2022-21427

Title: USN-5354-2: Twisted vulnerability
URL: https://ubuntu.com/security/notices/USN-5354-2
Priorities: medium
Description:
USN-5354-1 fixed vulnerabilities in Twisted. This update provides the
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
CVEs:
- https://ubuntu.com/security/CVE-2022-21716
- https://ubuntu.com/security/CVE-2022-21716

456.261

Available in VMware Tanzu Network

Release Date: April 21, 2022

Notice:

The kernel patches included in 456.252 are now in the main kernel repository and have been included in this release.

Metadata:

BOSH Agent Version: 2.234.58

USNs:

456.252

Available in VMware Tanzu Network

Release Date: March 23, 2022

Notice:

This stemcell contains a patched version of the kernel to address the issues found in 456.244. We have tested this patched kernel against the problems seen in 456.244 and no longer see the problem. We will release another stemcell in mid-April when that kernel patch makes it into the main kernel repository.

Metadata:

BOSH Agent Version: 2.234.54

USNs:

456.244

Release Date: March 09, 2022

Known Iissues

There are currently reported issues with this stemcell and TAS Diego Cells. We have removed this stemcell until we can resolve the issue. If you need access, please contact support.

#### Metadata:
BOSH Agent Version: 2.234.51

#### USNs:

Title: USN-5300-1: PHP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5300-1
Priorities: low,medium
Description:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)
CVEs:
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707
- https://ubuntu.com/security/CVE-2017-8923
- https://ubuntu.com/security/CVE-2017-9118
- https://ubuntu.com/security/CVE-2017-9120
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2017-9119
- https://ubuntu.com/security/CVE-2021-21707
  
  Title: USN-5299-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5299-1
  Priorities: medium,low
  Description:
  Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
  reassemble mixed encrypted and plaintext fragments. A physically proximate
  attacker could possibly use this issue to inject packets or exfiltrate
  selected fragments. (CVE-2020-26147)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly perform access control. An authenticated attacker could possibly
  use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
  
  It was discovered that the RPA PCI Hotplug driver implementation in the
  Linux kernel did not properly handle device name writes via sysfs, leading
  to a buffer overflow. A privileged attacker could use this to cause a
  denial of service (system crash) or possibly execute arbitrary code.
  (CVE-2021-28972)
  
  It was discovered that a use-after-free existed in the Bluetooth HCI driver
  of the Linux kernel. A local attacker could use this to cause a denial of
  service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
  
  Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
  implementation in the Linux kernel did not properly initialize memory in
  some situations. A local attacker could use this to expose sensitive
  information (kernel memory). (CVE-2021-34693)
  
  马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
  the Linux kernel did not properly perform reference counting in some
  situations, leading to a use-after-free vulnerability. A local attacker
  could use this to cause a denial of service (system crash) or possibly
  execute arbitrary code. (CVE-2021-3483)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device initialization failure, leading to a double-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3564)
  
  Murray McAllister discovered that the joystick device interface in the
  Linux kernel did not properly validate data passed via an ioctl(). A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code on systems with a joystick device
  registered. (CVE-2021-3612)
  
  It was discovered that the tracing subsystem in the Linux kernel did not
  properly keep track of per-cpu ring buffer state. A privileged attacker
  could use this to cause a denial of service. (CVE-2021-3679)
  
  It was discovered that the MAX-3421 host USB device driver in the Linux
  kernel did not properly handle device removal events. A physically
  proximate attacker could use this to cause a denial of service (system
  crash). (CVE-2021-38204)
  
  It was discovered that the 6pack network protocol driver in the Linux
  kernel did not properly perform validation checks. A privileged attacker
  could use this to cause a denial of service (system crash) or execute
  arbitrary code. (CVE-2021-42008)
  
  Amit Klein discovered that the IPv6 implementation in the Linux kernel
  could disclose internal state in some situations. An attacker could
  possibly use this to expose sensitive information. (CVE-2021-45485)
  CVEs:
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-3612
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2020-26558
- https://ubuntu.com/security/CVE-2021-3564
- https://ubuntu.com/security/CVE-2021-34693
- https://ubuntu.com/security/CVE-2021-3483
- https://ubuntu.com/security/CVE-2020-26147
- https://ubuntu.com/security/CVE-2021-28972
- https://ubuntu.com/security/CVE-2021-33034
- https://ubuntu.com/security/CVE-2021-42008
- https://ubuntu.com/security/CVE-2021-45485
- https://ubuntu.com/security/CVE-2021-38204
- https://ubuntu.com/security/CVE-2021-0129
- https://ubuntu.com/security/CVE-2021-3679
- https://ubuntu.com/security/CVE-2021-3612
  
  Title: USN-5298-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5298-1
  Priorities: medium,low
  Description:
  It was discovered that the Packet network protocol implementation in the
  Linux kernel contained a double-free vulnerability. A local attacker could
  use this to cause a denial of service (system crash) or possibly execute
  arbitrary code. (CVE-2021-22600)
  
  Jürgen Groß discovered that the Xen subsystem within the Linux kernel did
  not adequately limit the number of events driver domains (unprivileged PV
  backends) could send to other guest VMs. An attacker in a driver domain
  could use this to cause a denial of service in other guest VMs.
  (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)
  
  Jürgen Groß discovered that the Xen network backend driver in the Linux
  kernel did not adequately limit the amount of queued packets when a guest
  did not process them. An attacker in a guest VM can use this to cause a
  denial of service (excessive kernel memory consumption) in the network
  backend domain. (CVE-2021-28714, CVE-2021-28715)
  
  Szymon Heidrich discovered that the USB Gadget subsystem in the Linux
  kernel did not properly restrict the size of control requests for certain
  gadget types, leading to possible out of bounds reads or writes. A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code. (CVE-2021-39685)
  
  Jann Horn discovered a race condition in the Unix domain socket
  implementation in the Linux kernel that could result in a read-after-free.
  A local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code. (CVE-2021-4083)
  
  Kirill Tkhai discovered that the XFS file system implementation in the
  Linux kernel did not calculate size correctly when pre-allocating space in
  some situations. A local attacker could use this to expose sensitive
  information. (CVE-2021-4155)
  
  Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
  the Linux kernel contained a race condition, leading to a use-after-free
  vulnerability. A local attacker could use this to cause a denial of service
  (system crash) or possibly execute arbitrary code. (CVE-2021-4202)
  
  Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in
  the Linux kernel did not perform a GPU TLB flush in some situations. A
  local attacker could use this to cause a denial of service or possibly
  execute arbitrary code. (CVE-2022-0330)
  
  It was discovered that the VMware Virtual GPU driver in the Linux kernel
  did not properly handle certain failure conditions, leading to a stale
  entry in the file descriptor table. A local attacker could use this to
  expose sensitive information or possibly gain administrative privileges.
  (CVE-2022-22942)
  CVEs:
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-39685
- https://ubuntu.com/security/CVE-2021-28715
- https://ubuntu.com/security/CVE-2021-28711
- https://ubuntu.com/security/CVE-2021-4083
- https://ubuntu.com/security/CVE-2021-28713
- https://ubuntu.com/security/CVE-2022-0330
- https://ubuntu.com/security/CVE-2021-28712
- https://ubuntu.com/security/CVE-2021-28714
- https://ubuntu.com/security/CVE-2021-22600
- https://ubuntu.com/security/CVE-2022-22942
- https://ubuntu.com/security/CVE-2021-4155
- https://ubuntu.com/security/CVE-2021-4202
  
  Title: USN-5292-4: snapd regression
  URL: https://ubuntu.com/security/notices/USN-5292-4
  Priorities: medium,high
  Description:
  USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
  a regression that could break the fish shell. This update fixes the problem.
  
  We apologize for the inconvenience.
  
  Original advisory details:
  
  James Troup discovered that snap did not properly manage the permissions for
  the snap directories. A local attacker could possibly use this issue to expose
  sensitive information. (CVE-2021-3155)
  
  Ian Johnson discovered that snapd did not properly validate content interfaces
  and layout paths. A local attacker could possibly use this issue to inject
  arbitrary AppArmor policy rules, resulting in a bypass of intended access
  restrictions. (CVE-2021-4120)
  
  The Qualys Research Team discovered that snapd did not properly validate the
  location of the snap-confine binary. A local attacker could possibly use this
  issue to execute other arbitrary binaries and escalate privileges.
  (CVE-2021-44730)
  
  The Qualys Research Team discovered that a race condition existed in the snapd
  snap-confine binary when preparing a private mount namespace for a snap. A
  local attacker could possibly use this issue to escalate privileges and
  execute arbitrary code. (CVE-2021-44731)
  CVEs:
- https://ubuntu.com/security/CVE-2021-3155
- https://ubuntu.com/security/CVE-2021-4120
- https://ubuntu.com/security/CVE-2021-44730
- https://ubuntu.com/security/CVE-2021-44731
  
  Title: USN-5310-2: GNU C Library vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5310-2
  Priorities: medium,low
  Description:
  USN-5310-1 fixed several vulnerabilities in GNU. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that the GNU C library getcwd function incorrectly
  handled buffers. An attacker could use this issue to cause the GNU C
  Library to crash, resulting in a denial of service, or possibly execute
  arbitrary code. (CVE-2021-3999)
  
  It was discovered that the GNU C Library sunrpc module incorrectly handled
  buffer lengths. An attacker could possibly use this issue to cause the GNU
  C Library to crash, resulting in a denial of service. (CVE-2022-23218,
  CVE-2022-23219)
  CVEs:
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2022-23219
- https://ubuntu.com/security/CVE-2022-23218
- https://ubuntu.com/security/CVE-2021-3999
- https://ubuntu.com/security/CVE-2022-23219
  
  Title: USN-5319-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5319-1
  Priorities: high
  Description:
  Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
  Giuffrida discovered that hardware mitigations added by Intel to their
  processors to address Spectre-BTI were insufficient. A local attacker could
  potentially use this to expose sensitive information.
  CVEs:
- https://ubuntu.com/security/CVE-2022-0001
- https://ubuntu.com/security/CVE-2022-0002
  
  Title: USN-5301-2: Cyrus SASL vulnerability
  URL: https://ubuntu.com/security/notices/USN-5301-2
  Priorities: high
  Description:
  USN-5301-1 fixed a vulnerability in Cyrus. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
  input. A remote attacker could use this issue to execute arbitrary SQL
  commands.
  CVEs:
- https://ubuntu.com/security/CVE-2022-24407

456.239

Available in VMware Tanzu Network

Release Date: February 21, 2022

Metadata:

BOSH Agent Version: 2.234.49

USNs:

456.236

Available in VMware Tanzu Network

Release Date: February 10, 2022

Metadata:

BOSH Agent Version: 2.234.47

USNs:

Title: USN-5254-1: shadow vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5254-1
Priorities: low
Description:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)

It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
CVEs:
- https://ubuntu.com/security/CVE-2017-12424
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2018-7169
- https://ubuntu.com/security/CVE-2017-12424

Title: USN-5259-1: Cron vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5259-1
Priorities: low
Description:
It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)
CVEs:
- https://ubuntu.com/security/CVE-2017-9525
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2019-9704
- https://ubuntu.com/security/CVE-2019-9705
- https://ubuntu.com/security/CVE-2019-9706
- https://ubuntu.com/security/CVE-2017-9525

Title: USN-5234-1: Byobu vulnerability
URL: https://ubuntu.com/security/notices/USN-5234-1
Priorities: low
Description:
Sander Bos discovered that Byobu incorrectly handled certain Apport data.
An attacker could possibly use this issue to expose sensitive information.
CVEs:
- https://ubuntu.com/security/CVE-2019-7306

Title: USN-5244-1: DBus vulnerability
URL: https://ubuntu.com/security/notices/USN-5244-1
Priorities: low
Description:
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2020-35512

Title: USN-5268-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5268-1
Priorities: medium
Description:
Keyu Man discovered that the ICMP implementation in the Linux kernel did
not properly handle received ICMP error packets. A remote attacker could
use this to facilitate attacks on UDP based services that depend on source
port randomization. (CVE-2021-20322)

It was discovered that the Bluetooth subsystem in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-3640)

Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)

Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel
did not properly perform bounds checking in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2021-42739)
CVEs:
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-42739
- https://ubuntu.com/security/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-20322
- https://ubuntu.com/security/CVE-2021-3640
- https://ubuntu.com/security/CVE-2021-42739

Title: USN-5021-2: curl vulnerability
URL: https://ubuntu.com/security/notices/USN-5021-2
Priorities: low,medium
Description:
USN-5021-1 fixed vulnerabilities in curl. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled
TELNET connections when the -t option was used on the command line.
Uninitialized data possibly containing sensitive information could be sent
to the remote server, contrary to expectations. (CVE-2021-22898,
CVE-2021-22925)
CVEs:
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925
- https://ubuntu.com/security/CVE-2021-22898
- https://ubuntu.com/security/CVE-2021-22925

Title: USN-5064-2: GNU cpio vulnerability
URL: https://ubuntu.com/security/notices/USN-5064-2
Priorities: medium
Description:
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
CVEs:
- https://ubuntu.com/security/CVE-2021-38185

Title: USN-5193-2: X.Org X Server vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5193-2
Priorities: medium
Description:
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.
CVEs:
- https://ubuntu.com/security/CVE-2021-4009
- https://ubuntu.com/security/CVE-2021-4008
- https://ubuntu.com/security/CVE-2021-4011

Title: USN-5252-2: PolicyKit vulnerability
URL: https://ubuntu.com/security/notices/USN-5252-2
Priorities: high
Description:
USN-5252-1 fixed a vulnerability in policykit-1. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
CVEs:
- https://ubuntu.com/security/CVE-2021-4034

Title: USN-5235-1: Ruby vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5235-1
Priorities: medium
Description:
It was discovered that Ruby incorrectly handled certain HTML files.
An attacker could possibly use this issue to cause a crash. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10.
(CVE-2021-41816)

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a regular expression
denial of service. (CVE-2021-41817)

It was discovered that Ruby incorrectly handled certain cookie names.
An attacker could possibly use this issue to access or expose
sensitive information. (CVE-2021-41819)
CVEs:
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41817
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41816
- https://ubuntu.com/security/CVE-2021-41819
- https://ubuntu.com/security/CVE-2021-41817

Title: USN-5260-3: Samba vulnerability
URL: https://ubuntu.com/security/notices/USN-5260-3
Priorities: high
Description:
USN-5260-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled
certain memory operations. A remote attacker could use this issue to cause
Samba to crash, resulting in a denial of service, or possibly execute
arbitrary code as root. (CVE-2021-44142)
CVEs:
- https://ubuntu.com/security/CVE-2021-44142
- https://ubuntu.com/security/CVE-2021-44142

Title: USN-5250-2: strongSwan vulnerability
URL: https://ubuntu.com/security/notices/USN-5250-2
Priorities: medium
Description:
USN-5250-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
CVEs:
- https://ubuntu.com/security/CVE-2021-45079

Title: USN-5243-2: AIDE vulnerability
URL: https://ubuntu.com/security/notices/USN-5243-2
Priorities: medium
Description:
USN-5243-1 fixed a vulnerability in aide. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2021-45417

Title: USN-5233-2: ClamAV vulnerability
URL: https://ubuntu.com/security/notices/USN-5233-2
Priorities: medium
Description:
USN-5233-1 fixed a vulnerability in ClamAV. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled memory when the
CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker
could possibly use this issue to cause ClamAV to crash, resulting in a
denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2022-20698

Title: USN-5270-2: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5270-2
Priorities: medium
Description:
USN-5270-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.7.37 in Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html
https://www.oracle.com/security-alerts/cpujan2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21304
- https://ubuntu.com/security/CVE-2022-21344
- https://ubuntu.com/security/CVE-2022-21367
- https://ubuntu.com/security/CVE-2022-21303
- https://ubuntu.com/security/CVE-2022-21270
- https://ubuntu.com/security/CVE-2022-21245

456.227

Available in VMware Tanzu Network

Release Date: January 18, 2022

Fixes

Metadata:

BOSH Agent Version: 2.234.42

USNs:

456.224

Available in VMware Tanzu Network

Release Date: January 07, 2022

Metadata:

BOSH Agent Version: 2.234.39

USNs:

456.220

Available in VMware Tanzu Network

Release Date: December 17, 2021

Fixes

This release reverts the NATS firewall enhancement added in 456.213. Changes associated with this feature caused VMs to report a networking failed state and prevented monit firewall rules from being applied. The NATS firewall enhancement will be reintroduced in a future release.

#### Metadata:
BOSH Agent Version: 2.234.37

#### USNs:

Title: USN-5202-1: OpenJDK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5202-1
Priorities: medium
Description:
Varnavas Papaioannou discovered that the FTP client implementation in
OpenJDK accepted alternate server IP addresses when connecting with FTP
passive mode. An attacker controlling an FTP server that an application
connects to could possibly use this to expose sensitive information
(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)

Markus Loewe discovered that OpenJDK did not properly handle JAR files
containing multiple manifest files. An attacker could possibly use
this to bypass JAR signature verification. This issue only affected
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
21.04. (CVE-2021-2369)

Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly
perform range check elimination in some situations. An attacker could
possibly use this to construct a Java class that could bypass Java
sandbox restrictions. This issue only affected Ubuntu 16.04 ESM,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388)

Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by
default. An attacker could possibly use this to expose sensitive
information. (CVE-2021-35550)

It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35556)

It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not
properly restrict the amount of memory allocated in some situations. An
attacker could use this to specially craft an RTF file that caused a denial
of service. (CVE-2021-35559)

Markus Loewe discovered that the HashMap and HashSet implementations in
OpenJDK did not properly validate load factors during deserialization. An
attacker could use this to cause a denial of service (excessive memory
consumption). (CVE-2021-35561)

It was discovered that the Keytool component in OpenJDK did not properly
handle certificates with validity ending dates in the far future. An
attacker could use this to specially craft a certificate that when imported
could corrupt a keystore. (CVE-2021-35564)

Tristen Hayfield discovered that the HTTP server implementation in OpenJDK
did not properly handle TLS session close in some situations. A remote
attacker could possibly use this to cause a denial of service (application
infinite loop). (CVE-2021-35565)

Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not
correctly report subject principals when using Kerberos Constrained
Delegation. An attacker could possibly use this to cause incorrect Kerberos
tickets to be used. (CVE-2021-35567)

it was discovered that the TLS implementation in OpenJDK did not properly
handle TLS handshakes in certain situations where a Java application is
acting as a TLS server. A remote attacker could possibly use this to cause
a denial of service (application crash). (CVE-2021-35578)

it was discovered that OpenJDK did not properly restrict the amount of
memory allocated when processing BMP images. An attacker could use this to
specially craft a BMP image file that could cause a denial of service.
(CVE-2021-35586)

It was discovered that the HotSpot VM in OpenJDK 8 did not properly perform
validation of inner class index values in some situations. An attacker
could use this to specially craft a class file that when loaded could cause
a denial of service (Java VM crash). (CVE-2021-35588)

Artem Smotrakov discovered that the TLS implementation in OpenJDK used non-
constant time comparisons during TLS handshakes. A remote attacker could
use this to expose sensitive information. (CVE-2021-35603)
CVEs:
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-2388
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35556
- https://ubuntu.com/security/CVE-2021-35561
- https://ubuntu.com/security/CVE-2021-35588
- https://ubuntu.com/security/CVE-2021-35578
- https://ubuntu.com/security/CVE-2021-2341
- https://ubuntu.com/security/CVE-2021-35564
- https://ubuntu.com/security/CVE-2021-35603
- https://ubuntu.com/security/CVE-2021-35559
- https://ubuntu.com/security/CVE-2021-35586
- https://ubuntu.com/security/CVE-2021-35550
- https://ubuntu.com/security/CVE-2021-35567
- https://ubuntu.com/security/CVE-2021-2369
- https://ubuntu.com/security/CVE-2021-35565
- https://ubuntu.com/security/CVE-2021-2388
  
  Title: USN-5189-1: GLib vulnerability
  URL: https://ubuntu.com/security/notices/USN-5189-1
  Priorities: medium
  Description:
  It was discovered that GLib incorrectly handled certain environment variables.
  An attacker could possibly use this issue to escalate privileges.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3800
  
  Title: USN-5168-4: NSS regression
  URL: https://ubuntu.com/security/notices/USN-5168-4
  Priorities: high
  Description:
  USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced
  a regression that could break SSL connections. This update fixes the problem.
  
  We apologize for the inconvenience.
  
  Original advisory details:
  
  Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
  signatures. A remote attacker could use this issue to cause NSS to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-43527
  
  Title: USN-5192-2: Apache Log4j 2 vulnerability
  URL: https://ubuntu.com/security/notices/USN-5192-2
  Priorities: high
  Description:
  USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run
  programs via a special crafted input. An attacker could use this vulnerability
  to cause a denial of service or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-44228

456.213

Available in VMware Tanzu Network

Release Date: December 06, 2021

Enhancements

Added firewall rules to restrict access to the NATS message bus except by the bosh agent. This provides an additional layer of security so even if an attacker is able to gain access to the NATS credentials, they would be unable to use those from a workload on a Bosh deployed VM. If you are attempting to debug NATS connectivity problems by directly connecting to the Bosh NATS server, you will need additional access; instructions can be found here.

#### Known Issue:
Errors are present in the networking service post-start scripts for all BOSH-managed VMs which:
Causes networking service to report a failed state
Incorrectly allows external connections to the monit service
Incorrectly allows external connections to the NATS service

#### Metadata:
BOSH Agent Version: 2.234.35

#### USNs:

Title: USN-5147-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5147-1
Priorities: low,medium
Description:
It was discovered that Vim incorrectly handled permissions on the .swp
file. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087)

It was discovered that Vim incorrectly handled restricted mode. A local
attacker could possibly use this issue to bypass restricted mode and
execute arbitrary commands. Note: This update only makes executing shell
commands more difficult. Restricted mode should not be considered a
complete security measure. This issue only affected Ubuntu 14.04 ESM.
(CVE-2019-20807)

Brian Carpenter discovered that vim incorrectly handled memory
when opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3903)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3927)

It was discovered that vim incorrectly handled memory when
opening certain files. If a user was tricked into opening
a specially crafted file, a remote attacker could crash the
application, leading to a denial of service, or possible execute
arbitrary code with user privileges. (CVE-2021-3928)
CVEs:
- https://ubuntu.com/security/CVE-2017-17087
- https://ubuntu.com/security/CVE-2019-20807
- https://ubuntu.com/security/CVE-2021-3872
- https://ubuntu.com/security/CVE-2021-3903
- https://ubuntu.com/security/CVE-2021-3927
- https://ubuntu.com/security/CVE-2021-3928
- https://ubuntu.com/security/CVE-2021-3928
- https://ubuntu.com/security/CVE-2021-3927
- https://ubuntu.com/security/CVE-2017-17087
- https://ubuntu.com/security/CVE-2019-20807
- https://ubuntu.com/security/CVE-2021-3903
- https://ubuntu.com/security/CVE-2021-3872
  
  Title: USN-5158-1: ImageMagick vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5158-1
  Priorities: low
  Description:
  It was discovered that ImageMagick incorrectly handled certain values
  when processing visual effects based image files. By tricking a user into
  opening a specially crafted image file, an attacker could crash the
  application causing a denial of service. (CVE-2021-20244)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when performing resampling operations. By tricking a user into opening
  a specially crafted image file, an attacker could crash the application
  causing a denial of service. (CVE-2021-20246)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when processing visual effects based image files. By tricking a user into
  opening a specially crafted image file, an attacker could crash the
  application causing a denial of service (CVE-2021-20309)
  
  It was discovered that ImageMagick incorrectly handled certain values
  when processing thumbnail image data. By tricking a user into opening
  a specially crafted image file, an attacker could crash the application
  causing a denial of service. (CVE-2021-20312)
  
  It was discovered that ImageMagick incorrectly handled memory cleanup
  when performing certain cryptographic operations. Under certain conditions
  sensitive cryptographic information could be disclosed. (CVE-2021-20313)
  CVEs:
- https://ubuntu.com/security/CVE-2021-20244
- https://ubuntu.com/security/CVE-2021-20246
- https://ubuntu.com/security/CVE-2021-20309
- https://ubuntu.com/security/CVE-2021-20312
- https://ubuntu.com/security/CVE-2021-20313
- https://ubuntu.com/security/CVE-2021-20244
- https://ubuntu.com/security/CVE-2021-20246
- https://ubuntu.com/security/CVE-2021-20309
- https://ubuntu.com/security/CVE-2021-20312
- https://ubuntu.com/security/CVE-2021-20313
  
  Title: USN-5144-1: OpenEXR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5144-1
  Priorities: medium
  Description:
  It was discovered that OpenEXR incorrectly handled certain EXR
  image files. An attacker could possibly use this issue to cause a crash
  or execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3933
  
  Title: USN-5150-1: OpenEXR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5150-1
  Priorities: medium
  Description:
  It was discovered that OpenEXR incorrectly handled certain EXR image files.
  An attacker could possibly use this issue to cause a crash.
  CVEs:
- https://ubuntu.com/security/CVE-2021-3941
  
  Title: USN-5168-3: NSS vulnerability
  URL: https://ubuntu.com/security/notices/USN-5168-3
  Priorities: high
  Description:
  USN-5168-1 fixed a vulnerability in NSS. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
  signatures. A remote attacker could use this issue to cause NSS to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://ubuntu.com/security/CVE-2021-43527

BOSH Agent Version: 2.234.20

456.188

Available in VMware Tanzu Network

Release Date: September 16, 2021

Fixes

Fixes an issue introduced in v456.186 that caused persistent disks to frequently fail to mount.

#### Metadata:
BOSH Agent Version: 2.234.18

#### USNs:

Title: USN-5077-2: Apport vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5077-2
Priorities: medium
Description:
USN-5077-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Maik Münch and Stephen Röttger discovered that Apport incorrectly handled
certain information gathering operations. A local attacker could use this
issue to gain read access to arbitrary files, possibly containing sensitive
information.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3709
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3710
  
  Title: USN-5076-1: Git vulnerability
  URL: https://ubuntu.com/security/notices/USN-5076-1
  Priorities: medium
  Description:
  It was discovered that Git allowed newline characters in
  certain repository paths. An attacker could potentially use this issue to perform
  cross-protocol requests.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40330

456.186

Available in VMware Tanzu Network

Release Date: September 14, 2021

Fixes

Updates the /var/vcap/bosh/bin/monit wrapper script to refer to monit-actual by absolute path, rather than relative path. This allows folks who reset or clear the PATH environment variable to actually be able to use the monit CLI. Prior to this fix, folks who cleared their PATH environment variable would see an error like: /var/vcap/bosh/bin/monit: line 9: exec: monit-actual: not found.
Fixes the “incorrect used memory reporting” issue introduced in stemcell version 456.176. The Bosh Agent will now report the correct amount of memory used by all processes in the VM that it manages, rather than just the processes in its cgroup.

#### Known issues
We’ve seen failures with this version of the stemcell in vSphere when attempting to attach a persistent disk to a running VM. We are currently planning to address this issue with an update to the vSphere CPI. It should be fixed in vSphere CPI release >= v69. We have pulled the vSphere version of this stemcell.

NOTE: This is resolved in stemcell version v456.188.

#### Metadata:
BOSH Agent Version: 2.234.18

#### USNs:

Title: USN-5066-2: PySAML2 vulnerability
URL: https://ubuntu.com/security/notices/USN-5066-2
Priorities: medium
Description:
USN-5066-1 fixed a vulnerability in PySAML2. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic
signatures. A remote attacker could possibly use this issue to alter SAML
documents.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21239
  
  Title: USN-5073-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5073-1
  Priorities: medium,low,high
  Description:
  Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
  implementation for AMD processors in the Linux kernel allowed a guest VM to
  disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
  guest VM could use this to read or write portions of the host’s physical
  memory. (CVE-2021-3656)
  
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory. (CVE-2021-3653)
  
  Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
  implementation in the Linux kernel did not properly initialize memory in
  some situations. A local attacker could use this to expose sensitive
  information (kernel memory). (CVE-2021-34693)
  
  Murray McAllister discovered that the joystick device interface in the
  Linux kernel did not properly validate data passed via an ioctl(). A local
  attacker could use this to cause a denial of service (system crash) or
  possibly execute arbitrary code on systems with a joystick device
  registered. (CVE-2021-3612)
  
  It was discovered that the Virtio console implementation in the Linux
  kernel did not properly validate input lengths in some situations. A local
  attacker could possibly use this to cause a denial of service (system
  crash). (CVE-2021-38160)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3612
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34693
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38160
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
  
  Title: USN-5062-1: Linux kernel vulnerability
  URL: https://ubuntu.com/security/notices/USN-5062-1
  Priorities: high
  Description:
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
  
  Title: LSN-0081-1: Kernel Live Patch Security Notice
  URL: https://ubuntu.com/security/notices/LSN-0081-1
  Priorities: high
  Description:
  Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
  processors in the Linux kernel did not properly prevent a guest VM from
  enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
  to write to portions of the host’s physical memory.(CVE-2021-3653)
  
  Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
  implementation for AMD processors in the Linux kernel allowed a guest VM to
  disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
  guest VM could use this to read or write portions of the host’s physical
  memory.(CVE-2021-3656)
  
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.(CVE-2021-22555)
  
  It was discovered that the virtual file system implementation in the Linux
  kernel contained an unsigned to signed integer conversion error. A local
  attacker could use this to cause a denial of service (system crash) or
  execute arbitrary code.(CVE-2021-33909)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3653
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3656
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-33909
  
  Title: USN-5051-2: OpenSSL vulnerability
  URL: https://ubuntu.com/security/notices/USN-5051-2
  Priorities: medium
  Description:
  USN-5051-1 fixed a vulnerability in OpenSSL. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1
  strings. A remote attacker could use this issue to cause OpenSSL to crash,
  resulting in a denial of service, or possibly obtain sensitive information.
  (CVE-2021-3712)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3712
  
  Title: USN-5055-1: GNOME grilo vulnerability
  URL: https://ubuntu.com/security/notices/USN-5055-1
  Priorities: medium
  Description:
  Michael Catanzaro discovered that grilo incorrectly handled certain TLS
  certificate verification. An attacker could possibly use this issue to
  MITM attacks.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-39365
  
  Title: USN-5068-1: GD library vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5068-1
  Priorities: medium,low
  Description:
  It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
  An attacker could possibly use this issue to cause a crash or expose sensitive information.
  This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
  (CVE-2017-6363)
  
  It was discovered that GD Graphics Library incorrectly handled certain TGA files.
  An attacker could possibly use this issue to cause a denial of service or
  expose sensitive information. (CVE-2021-381)
  
  It was discovered that GD Graphics Library incorrectly handled certain files.
  An attacker could possibly use this issue to cause a crash.
  (CVE-2021-40145)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-40145
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38115
- https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6363

456.176

Available in VMware Tanzu Network

Release Date: August 30, 2021

Enhancements

Added firewall rules to restrict Monit API access to the Monit CLI and BOSH Agent. To see how to grant your program access to the Monit API, examine the new monit wrapper script, found at /var/vcap/bosh/bin/monit.

#### Known issues
The memory used by the VM that a Bosh Agent manages is incorrectly reported. The Agent will report very significantly smaller amounts of memory used by the VM than are actually used. This means that the “memory used” information in the output of bosh vms --vitals and related commands is incorrect. For now, avoid using this stemcell version, if you rely on the VM memory usage information reported by the Bosh Agent, Director, or the bosh CLI.
NOTE: This issue has been resolved in Stemcell version 456.186.

#### Metadata:
BOSH Agent Version: 2.234.14

#### USNs:

Title: USN-5039-1: Linux kernel vulnerability
URL: https://ubuntu.com/security/notices/USN-5039-1
Priorities: high
Description:
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
contained an out-of-bounds write in its setsockopt() implementation. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: LSN-0080-1: Kernel Live Patch Security Notice
  URL: https://ubuntu.com/security/notices/LSN-0080-1
  Priorities: high
  Description:
  Andy Nguyen discovered that the netfilter subsystem in the Linux kernel
  contained an out-of-bounds write in its setsockopt() implementation. A
  local attacker could use this to cause a denial of service (system crash)
  or possibly execute arbitrary code.(CVE-2021-22555)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-22555
  
  Title: USN-5025-2: libsndfile vulnerability
  URL: https://ubuntu.com/security/notices/USN-5025-2
  Priorities: medium
  Description:
  USN-5025-1 fixed a vulnerability in libsndfile. This update provides
  the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that libsndfile incorrectly handled certain malformed
  files. A remote attacker could use this issue to cause libsndfile to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3246
  
  Title: USN-5027-2: PEAR vulnerability
  URL: https://ubuntu.com/security/notices/USN-5027-2
  Priorities: medium
  Description:
  USN-5027-1 fixed a vulnerability in PEAR. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  It was discovered that PEAR incorrectly handled symbolic links in archives.
  A remote attacker could possibly use this issue to execute arbitrary code.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32610
  
  Title: USN-5044-1: Linux kernel vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5044-1
  Priorities: medium
  Description:
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device initialization failure, leading to a double-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3564)
  
  It was discovered that the bluetooth subsystem in the Linux kernel did not
  properly handle HCI device detach events, leading to a use-after-free
  vulnerability. An attacker could use this to cause a denial of service or
  possibly execute arbitrary code. (CVE-2021-3573)
  
  It was discovered that the NFC implementation in the Linux kernel did not
  properly handle failed connect events leading to a NULL pointer
  dereference. A local attacker could use this to cause a denial of service.
  (CVE-2021-3587)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3573
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3587
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3564
  
  Title: USN-5034-2: c-ares vulnerability
  URL: https://ubuntu.com/security/notices/USN-5034-2
  Priorities: medium
  Description:
  USN-5034-1 fixed a vulnerability in c-ares. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  
  Original advisory details:
  
  Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
  validated certain hostnames returned by DNS servers. A remote attacker
  could possibly use this issue to perform Domain Hijacking attacks.
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3672
  
  Title: USN-5026-2: QPDF vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5026-2
  Priorities: medium,low
  Description:
  USN-5026-1 fixed several vulnerabilities in QPDF. This update provides
  the corresponding update for Ubuntu 16.04 ESM.
  Original advisory details:
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to consume
  resources, resulting in a denial of service. (CVE-2018-18020)
  
  It was discovered that QPDF incorrectly handled certain malformed PDF
  files. A remote attacker could use this issue to cause QPDF to crash,
  resulting in a denial of service, or possibly execute arbitrary code.
  (CVE-2021-36978)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-36978
- https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18020
  
  Title: USN-5043-1: Exiv2 vulnerabilities
  URL: https://ubuntu.com/security/notices/USN-5043-1
  Priorities: medium
  Description:
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  (CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622)
  
  It was discovered that Exiv2 incorrectly handled certain image files.
  An attacker could possibly use this issue to cause a denial of service.
  These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04.
  (CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618,
  CVE-2021-37619, CVE-2021-37621, CVE-2021-37623)
  CVEs:
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37622
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-32815
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37623
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37621
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37620
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37618
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34335
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37615
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37619
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-37616
- https://people.canonical.com/~ubuntu-security/cve/CVE-2021-34334

456.158

Available in VMware Tanzu Network

Release Date: April 19, 2021

Metadata:

BOSH Agent Version: 2.234.11