Ubuntu 6586 Published by

The following security updates are available for Ubuntu Linux:

[USN-6736-1] klibc vulnerabilities
[USN-6735-1] Node.js vulnerabilities
[USN-6725-2] Linux kernel (AWS) vulnerabilities
[USN-6724-2] Linux kernel vulnerabilities
[USN-6726-2] Linux kernel (IoT) vulnerabilities




[USN-6736-1] klibc vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6736-1
April 16, 2024

klibc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in klibc.

Software Description:
- klibc: small utilities built with klibc for early boot

Details:

It was discovered that zlib, vendored in klibc, incorrectly handled pointer
arithmetic. An attacker could use this issue to cause klibc to crash or to
possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain deflating operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2018-25032)

Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain inflate operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2022-37434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  klibc-utils                    2.0.13-1ubuntu0.1
  libklibc                        2.0.13-1ubuntu0.1

Ubuntu 22.04 LTS:
  klibc-utils                    2.0.10-4ubuntu0.1
  libklibc                        2.0.10-4ubuntu0.1

Ubuntu 20.04 LTS:
  klibc-utils                    2.0.7-1ubuntu5.2
  libklibc                        2.0.7-1ubuntu5.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  klibc-utils                    2.0.4-9ubuntu2.2+esm1
  libklibc                        2.0.4-9ubuntu2.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  klibc-utils                    2.0.4-8ubuntu1.16.04.4+esm2
  libklibc                        2.0.4-8ubuntu1.16.04.4+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  klibc-utils                    2.0.3-0ubuntu1.14.04.3+esm3
  libklibc                        2.0.3-0ubuntu1.14.04.3+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6736-1
  CVE-2016-9840, CVE-2016-9841, CVE-2018-25032, CVE-2022-37434

Package Information:
  https://launchpad.net/ubuntu/+source/klibc/2.0.13-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/klibc/2.0.10-4ubuntu0.1
  https://launchpad.net/ubuntu/+source/klibc/2.0.7-1ubuntu5.2



[USN-6735-1] Node.js vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6735-1
April 16, 2024

nodejs vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Node.js.

Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)

It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)

It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libnode-dev 18.13.0+dfsg1-1ubuntu2.2
libnode108 18.13.0+dfsg1-1ubuntu2.2
nodejs 18.13.0+dfsg1-1ubuntu2.2
nodejs-doc 18.13.0+dfsg1-1ubuntu2.2

Ubuntu 22.04 LTS:
libnode-dev 12.22.9~dfsg-1ubuntu3.5
libnode72 12.22.9~dfsg-1ubuntu3.5
nodejs 12.22.9~dfsg-1ubuntu3.5
nodejs-doc 12.22.9~dfsg-1ubuntu3.5

Ubuntu 20.04 LTS:
libnode-dev 10.19.0~dfsg-3ubuntu1.6
libnode64 10.19.0~dfsg-3ubuntu1.6
nodejs 10.19.0~dfsg-3ubuntu1.6
nodejs-doc 10.19.0~dfsg-3ubuntu1.6

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
nodejs 8.10.0~dfsg-2ubuntu0.4+esm5
nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm5
nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm5

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
nodejs 4.2.6~dfsg-1ubuntu4.2+esm3
nodejs-dev 4.2.6~dfsg-1ubuntu4.2+esm3
nodejs-legacy 4.2.6~dfsg-1ubuntu4.2+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
nodejs 0.10.25~dfsg2-2ubuntu1.2+esm2
nodejs-dev 0.10.25~dfsg2-2ubuntu1.2+esm2
nodejs-legacy 0.10.25~dfsg2-2ubuntu1.2+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6735-1
CVE-2023-30588, CVE-2023-30589, CVE-2023-30590

Package Information:
https://launchpad.net/ubuntu/+source/nodejs/18.13.0+dfsg1-1ubuntu2.2
https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.5
https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.6



[USN-6725-2] Linux kernel (AWS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6725-2
April 16, 2024

linux-aws, linux-aws-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems

Details:

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)

Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, leading to a use-
after-free vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32258)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an integer
underflow and out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38427)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate packet header sizes in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38431)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly handle session setup requests, leading to an out-of-bounds read
vulnerability. A remote attacker could use this to expose sensitive
information. (CVE-2023-3867)

Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)

It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)

Yang Chaoming discovered that the KSMBD implementation in the Linux kernel
did not properly validate request buffer sizes, leading to an out-of-bounds
read vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2024-22705)

Chenyuan Yang discovered that the btrfs file system in the Linux kernel did
not properly handle read operations on newly created subvolumes in certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-23850)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- Block layer;
- Cryptographic API;
- Android drivers;
- EDAC drivers;
- GPU drivers;
- Media drivers;
- Multifunction device drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- TTY drivers;
- Userspace I/O drivers;
- EFI Variable file system;
- F2FS file system;
- GFS2 file system;
- SMB network file system;
- BPF subsystem;
- IPv6 Networking;
- Network Traffic Control;
- AppArmor security module;
(CVE-2023-52463, CVE-2023-52445, CVE-2023-52462, CVE-2023-52609,
CVE-2023-52448, CVE-2023-52457, CVE-2023-52464, CVE-2023-52456,
CVE-2023-52454, CVE-2023-52438, CVE-2023-52480, CVE-2023-52443,
CVE-2023-52442, CVE-2024-26631, CVE-2023-52439, CVE-2023-52612,
CVE-2024-26598, CVE-2024-26586, CVE-2024-26589, CVE-2023-52444,
CVE-2023-52436, CVE-2024-26633, CVE-2024-26597, CVE-2023-52458,
CVE-2024-26591, CVE-2023-52449, CVE-2023-52467, CVE-2023-52441,
CVE-2023-52610, CVE-2023-52451, CVE-2023-52469, CVE-2023-52470)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1057-aws 5.15.0-1057.63
linux-image-aws-lts-22.04 5.15.0.1057.58

Ubuntu 20.04 LTS:
linux-image-5.15.0-1057-aws 5.15.0-1057.63~20.04.1
linux-image-aws 5.15.0.1057.63~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6725-2
https://ubuntu.com/security/notices/USN-6725-1
CVE-2023-1194, CVE-2023-32254, CVE-2023-32258, CVE-2023-38427,
CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46838,
CVE-2023-52340, CVE-2023-52429, CVE-2023-52436, CVE-2023-52438,
CVE-2023-52439, CVE-2023-52441, CVE-2023-52442, CVE-2023-52443,
CVE-2023-52444, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449,
CVE-2023-52451, CVE-2023-52454, CVE-2023-52456, CVE-2023-52457,
CVE-2023-52458, CVE-2023-52462, CVE-2023-52463, CVE-2023-52464,
CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52480,
CVE-2023-52609, CVE-2023-52610, CVE-2023-52612, CVE-2024-22705,
CVE-2024-23850, CVE-2024-23851, CVE-2024-24860, CVE-2024-26586,
CVE-2024-26589, CVE-2024-26591, CVE-2024-26597, CVE-2024-26598,
CVE-2024-26631, CVE-2024-26633

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1057.63
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1057.63~20.04.1



[USN-6724-2] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6724-2
April 16, 2024

linux-aws-6.5, linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-6.5: Linux kernel for Amazon Web Services (AWS) systems

Details:

Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that the Habana's AI Processors driver in the Linux
kernel did not properly initialize certain data structures before passing
them to user space. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2023-50431)

It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-6610)

Yang Chaoming discovered that the KSMBD implementation in the Linux kernel
did not properly validate request buffer sizes, leading to an out-of-bounds
read vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2024-22705)

Chenyuan Yang discovered that the btrfs file system in the Linux kernel did
not properly handle read operations on newly created subvolumes in certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-23850)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Android drivers;
- Userspace I/O drivers;
- F2FS file system;
- SMB network file system;
- Networking core;
(CVE-2023-52434, CVE-2023-52436, CVE-2023-52435, CVE-2023-52439,
CVE-2023-52438)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1014-raspi 6.5.0-1014.17
linux-image-raspi 6.5.0.1014.15
linux-image-raspi-nolpae 6.5.0.1014.15

Ubuntu 22.04 LTS:
linux-image-6.5.0-1017-aws 6.5.0-1017.17~22.04.2
linux-image-aws 6.5.0.1017.17~22.04.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6724-2
https://ubuntu.com/security/notices/USN-6724-1
CVE-2023-46838, CVE-2023-50431, CVE-2023-52429, CVE-2023-52434,
CVE-2023-52435, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439,
CVE-2023-6610, CVE-2024-22705, CVE-2024-23850, CVE-2024-23851

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1014.17
https://launchpad.net/ubuntu/+source/linux-aws-6.5/6.5.0-1017.17~22.04.2



[USN-6726-2] Linux kernel (IoT) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6726-2
April 16, 2024

linux-iot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-iot: Linux kernel for IoT platforms

Details:

Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)

It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)

Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- Cryptographic API;
- Android drivers;
- EDAC drivers;
- GPU drivers;
- Media drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- TTY drivers;
- Userspace I/O drivers;
- F2FS file system;
- GFS2 file system;
- IPv6 Networking;
- AppArmor security module;
(CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,
CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597,
CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469,
CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,
CVE-2023-52436, CVE-2023-52438)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1034-iot 5.4.0-1034.35

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6726-2
https://ubuntu.com/security/notices/USN-6726-1
CVE-2023-46838, CVE-2023-52340, CVE-2023-52429, CVE-2023-52436,
CVE-2023-52438, CVE-2023-52439, CVE-2023-52443, CVE-2023-52444,
CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451,
CVE-2023-52454, CVE-2023-52457, CVE-2023-52464, CVE-2023-52469,
CVE-2023-52470, CVE-2023-52609, CVE-2023-52612, CVE-2024-0607,
CVE-2024-23851, CVE-2024-26597, CVE-2024-26633

Package Information:
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1034.35