[USN-6038-2] Go vulnerabilities
[USN-6571-1] Monit vulnerability
[USN-6570-1] PostgreSQL vulnerabilities
[USN-6548-4] Linux kernel (GKE) vulnerabilities
[USN-6572-1] Linux kernel (Azure) vulnerabilities
[USN-6573-1] Linux kernel (Azure) vulnerabilities
[USN-6038-2] Go vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6038-2
January 09, 2024
golang-1.13, golang-1.16 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Go.
Software Description:
- golang-1.13: Go programming language compiler
- golang-1.16: Go programming language compiler
Details:
USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides
the corresponding updates for Go 1.13 and Go 1.16.
CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16.
Original advisory details:
It was discovered that the Go net/http module incorrectly handled
Transfer-Encoding headers in the HTTP/1 client. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-1705)
It was discovered that Go did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a panic
resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,
CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,
CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715,
CVE-2022-41717, CVE-2023-24534, CVE-2023-24537)
It was discovered that Go did not properly implemented the maximum size of
file headers in Reader.Read. An attacker could possibly use this issue to
cause a panic resulting into a denial of service. (CVE-2022-2879)
It was discovered that the Go net/http module incorrectly handled query
parameters in requests forwarded by ReverseProxy. A remote attacker could
possibly use this issue to perform an HTTP Query Parameter Smuggling
attack.
(CVE-2022-2880)
It was discovered that Go did not properly manage the permissions for
Faccessat function. A attacker could possibly use this issue to expose
sensitive information. (CVE-2022-29526)
It was discovered that Go did not properly generate the values for
ticket_age_add in session tickets. An attacker could possibly use this
issue to observe TLS handshakes to correlate successive connections by
comparing ticket ages during session resumption. (CVE-2022-30629)
It was discovered that Go did not properly manage client IP addresses in
net/http. An attacker could possibly use this issue to cause ReverseProxy
to set the client IP as the value of the X-Forwarded-For header.
(CVE-2022-32148)
It was discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and do not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. (CVE-2023-24538)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
golang-1.13 1.13.8-1ubuntu2.22.04.2
golang-1.13-go 1.13.8-1ubuntu2.22.04.2
golang-1.13-src 1.13.8-1ubuntu2.22.04.2
Ubuntu 20.04 LTS:
golang-1.13 1.13.8-1ubuntu1.2
golang-1.13-go 1.13.8-1ubuntu1.2
golang-1.13-src 1.13.8-1ubuntu1.2
golang-1.16 1.16.2-0ubuntu1~20.04.1
golang-1.16-go 1.16.2-0ubuntu1~20.04.1
golang-1.16-src 1.16.2-0ubuntu1~20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
golang-1.13 1.13.8-1ubuntu1~18.04.4+esm1
golang-1.13-go 1.13.8-1ubuntu1~18.04.4+esm1
golang-1.13-src 1.13.8-1ubuntu1~18.04.4+esm1
golang-1.16 1.16.2-0ubuntu1~18.04.2+esm1
golang-1.16-go 1.16.2-0ubuntu1~18.04.2+esm1
golang-1.16-src 1.16.2-0ubuntu1~18.04.2+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
golang-1.13 1.13.8-1ubuntu1~16.04.3+esm3
golang-1.13-go 1.13.8-1ubuntu1~16.04.3+esm3
golang-1.13-src 1.13.8-1ubuntu1~16.04.3+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6038-2
https://ubuntu.com/security/notices/USN-6038-1
CVE-2022-1705, CVE-2022-27664, CVE-2022-28131, CVE-2022-2879,
CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630,
CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635,
CVE-2022-32148, CVE-2022-32189, CVE-2022-41717, CVE-2023-24534,
CVE-2023-24537, CVE-2023-24538
Package Information:
https://launchpad.net/ubuntu/+source/golang-1.13/1.13.8-1ubuntu2.22.04.2
https://launchpad.net/ubuntu/+source/golang-1.13/1.13.8-1ubuntu1.2
https://launchpad.net/ubuntu/+source/golang-1.16/1.16.2-0ubuntu1~20.04.1
[USN-6571-1] Monit vulnerability
==========================================================================
Ubuntu Security Notice USN-6571-1
January 09, 2024
monit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Monit could be made to bypass authentication checks for disabled accounts.
Software Description:
- monit: utility for monitoring and managing daemons or similar programs
Details:
Youssef Rebahi-Gilbert discovered that Monit did not properly process
credentials for disabled accounts. An attacker could possibly use this
issue to login to the platform with an expired account and a valid
password.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
monit 1:5.31.0-1ubuntu0.1~esm1
Ubuntu 20.04 LTS (Available with Ubuntu Pro):
monit 1:5.26.0-4ubuntu0.1~esm1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
monit 1:5.25.1-1ubuntu0.1~esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
monit 1:5.16-2ubuntu0.2+esm2
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
monit 1:5.6-2ubuntu0.1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6571-1
CVE-2022-26563
[USN-6570-1] PostgreSQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6570-1
January 09, 2024
postgresql-9.5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)
Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-2023-5870)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm6
postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm6
After a standard system update you need to restart PostgreSQL to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6570-1
CVE-2023-5869, CVE-2023-5870
[USN-6548-4] Linux kernel (GKE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6548-4
January 09, 2024
linux-gkeop vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
Details:
It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)
It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)
Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)
Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)
Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)
Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)
Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)
Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)
It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1083-gkeop 5.4.0-1083.87
linux-image-gkeop 5.4.0.1083.81
linux-image-gkeop-5.4 5.4.0.1083.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6548-4
https://ubuntu.com/security/notices/USN-6548-1
CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,
CVE-2023-5717, CVE-2023-6176
Package Information:
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1083.87
[USN-6572-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6572-1
January 09, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a
denial of service (host kernel crash). (CVE-2023-5090)
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)
Murray McAllister discovered that the VMware Virtual GPU DRM driver in the
Linux kernel did not properly handle memory objects when storing surfaces,
leading to a use-after-free vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5633)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
linux-image-6.5.0-1009-azure 6.5.0-1009.9
linux-image-6.5.0-1009-azure-fde 6.5.0-1009.9
linux-image-azure 6.5.0.1009.11
linux-image-azure-fde 6.5.0.1009.11
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6572-1
CVE-2023-31085, CVE-2023-4244, CVE-2023-5090, CVE-2023-5345,
CVE-2023-5633
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1009.9
[USN-6573-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6573-1
January 09, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)
Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)
Yikebaer Aizezi discovered that the ext4 file system implementation in the
Linux kernel contained a use-after-free vulnerability when handling inode
extent metadata. An attacker could use this to construct a malicious ext4
file system image that, when mounted, could cause a denial of service
(system crash). (CVE-2023-45898)
Jason Wang discovered that the virtio ring implementation in the Linux
kernel did not properly handle iov buffers in some situations. A local
attacker in a guest VM could use this to cause a denial of service (host
system crash). (CVE-2023-5158)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)
Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
linux-image-6.5.0-1010-azure 6.5.0-1010.10
linux-image-6.5.0-1010-azure-fde 6.5.0-1010.10
linux-image-azure 6.5.0.1010.12
linux-image-azure-fde 6.5.0.1010.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6573-1
CVE-2023-39189, CVE-2023-42754, CVE-2023-45898, CVE-2023-5158,
CVE-2023-5178, CVE-2023-5717
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1010.10