Ubuntu 6586 Published by

The following updates are available for Ubuntu Linux:

[USN-6747-1] Firefox vulnerabilities
[USN-6748-1] Sanitize vulnerabilities
[USN-6743-3] Linux kernel (Azure) vulnerabilities
[USN-6657-2] Dnsmasq vulnerabilities
[USN-6749-1] FreeRDP vulnerabilities




[USN-6747-1] Firefox vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6747-1
April 24, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-3852,
CVE-2024-3864, CVE-2024-3865)

Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)

Gary Kwong discovered that Firefox did not properly manage memory when
running garbage collection during realm initialization. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-3853)

Lukas Bernhard discovered that Firefox did not properly manage memory
during JIT optimisations, leading to an out-of-bounds read vulnerability.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-3854, CVE-2024-3855)

Nan Wang discovered that Firefox did not properly manage memory during
WASM garbage collection. An attacker could potentially exploit this issue
to cause a denial of service, or execute arbitrary code. (CVE-2024-3856)

Lukas Bernhard discovered that Firefox did not properly manage memory
when handling JIT created code during garbage collection. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-3857)

Lukas Bernhard discovered that Firefox did not properly manage memory when
tracing in JIT. An attacker could potentially exploit this issue to cause
a denial of service. (CVE-2024-3858)

Ronald Crane discovered that Firefox did not properly manage memory in the
OpenType sanitizer on 32-bit devices, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-3859)

Garry Kwong discovered that Firefox did not properly manage memory when
tracing empty shape lists in JIT. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-3860)

Ronald Crane discovered that Firefox did not properly manage memory when
handling an AlignedBuffer. An attacker could potentially exploit this
issue to cause denial of service, or execute arbitrary code.
(CVE-2024-3861)

Ronald Crane discovered that Firefox did not properly manage memory when
handling code in MarkStack. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2024-3862)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
firefox 125.0.2+build1-0ubuntu0.20.04.2

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-6747-1
CVE-2024-3302, CVE-2024-3852, CVE-2024-3853, CVE-2024-3854,
CVE-2024-3855, CVE-2024-3856, CVE-2024-3857, CVE-2024-3858,
CVE-2024-3859, CVE-2024-3860, CVE-2024-3861, CVE-2024-3862,
CVE-2024-3864, CVE-2024-3865

Package Information:
https://launchpad.net/ubuntu/+source/firefox/125.0.2+build1-0ubuntu0.20.04.2



[USN-6748-1] Sanitize vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6748-1
April 24, 2024

ruby-sanitize vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Sanitize.

Software Description:
- ruby-sanitize: Allowlist-based HTML and CSS sanitizer

Details:

It was discovered that Sanitize incorrectly handled noscript elements
under certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-23627)

It was discovered that Sanitize incorrectly handled style elements under
certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. (CVE-2023-36823)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
ruby-sanitize 6.0.0-1.1ubuntu0.23.10.1

Ubuntu 22.04 LTS:
ruby-sanitize 6.0.0-1ubuntu0.1

Ubuntu 20.04 LTS:
ruby-sanitize 4.6.6-2.1~0.20.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6748-1
CVE-2023-23627, CVE-2023-36823

Package Information:
https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1.1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/ruby-sanitize/6.0.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-sanitize/4.6.6-2.1~0.20.04.2



[USN-6743-3] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6743-3
April 24, 2024

linux-azure-6.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-6.5: Linux kernel for Microsoft Azure cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.5.0-1019-azure 6.5.0-1019.20~22.04.1
linux-image-6.5.0-1019-azure-fde 6.5.0-1019.20~22.04.1
linux-image-azure 6.5.0.1019.20~22.04.1
linux-image-azure-fde 6.5.0.1019.20~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6743-3
https://ubuntu.com/security/notices/USN-6743-1
CVE-2023-52600, CVE-2023-52603, CVE-2024-26581, CVE-2024-26589,
CVE-2024-26591

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-6.5/6.5.0-1019.20~22.04.1



[USN-6657-2] Dnsmasq vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6657-2
April 24, 2024

dnsmasq vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Dnsmasq.

Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server

Details:

USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)

It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
dnsmasq-base 2.90-0ubuntu0.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
dnsmasq-base 2.90-0ubuntu0.16.04.1+esm1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to reboot your computer to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6657-2
https://ubuntu.com/security/notices/USN-6657-1
CVE-2023-28450, CVE-2023-50387, CVE-2023-50868



[USN-6749-1] FreeRDP vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6749-1
April 24, 2024

freerdp2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in FreeRDP.

Software Description:
- freerdp2: RDP client for Windows Terminal Services

Details:

It was discovered that FreeRDP incorrectly handled certain context resets.
If a user were tricked into connecting to a malicious server, a remote
attacker could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2024-22211)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32041, CVE-2024-32458,
CVE-2024-32460)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
FreeRDP clients and servers to crash, resulting in a denial of service.
(CVE-2024-32459)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libfreerdp2-2 2.10.0+dfsg1-1.1ubuntu1.2

Ubuntu 22.04 LTS:
libfreerdp2-2 2.6.1+dfsg1-3ubuntu2.6

Ubuntu 20.04 LTS:
libfreerdp2-2 2.6.1+dfsg1-0ubuntu0.20.04.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6749-1
CVE-2024-22211, CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460

Package Information:
https://launchpad.net/ubuntu/+source/freerdp2/2.10.0+dfsg1-1.1ubuntu1.2
https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.6
https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-0ubuntu0.20.04.1