Ubuntu 6614 Published by

The following security updates have been released for Ubuntu Linux:

[USN-6598-1] Paramiko vulnerability
[USN-6597-1] Puma vulnerability
[USN-6600-1] MariaDB vulnerabilities
[USN-6599-1] Jinja2 vulnerabilities
[USN-6604-1] Linux kernel vulnerabilities
[USN-6605-1] Linux kernel vulnerabilities
[USN-6603-1] Linux kernel (AWS) vulnerabilities
[USN-6606-1] Linux kernel (OEM) vulnerabilities
[USN-6602-1] Linux kernel vulnerabilities
[USN-6601-1] Linux kernel vulnerability
[USN-6608-1] Linux kernel vulnerabilities
[USN-6607-1] Linux kernel (Azure) vulnerabilities
[USN-6609-1] Linux kernel vulnerabilities



[USN-6598-1] Paramiko vulnerability


==========================================================================
Ubuntu Security Notice USN-6598-1
January 25, 2024

paramiko vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

A protocol flaw was fixed in Paramiko.

Software Description:
- paramiko: Python SSH2 library

Details:

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
python3-paramiko 2.12.0-2ubuntu1.23.10.2

Ubuntu 22.04 LTS:
python3-paramiko 2.9.3-0ubuntu1.2

Ubuntu 20.04 LTS:
python3-paramiko 2.6.0-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6598-1
CVE-2023-48795

Package Information:
https://launchpad.net/ubuntu/+source/paramiko/2.12.0-2ubuntu1.23.10.2
https://launchpad.net/ubuntu/+source/paramiko/2.9.3-0ubuntu1.2
https://launchpad.net/ubuntu/+source/paramiko/2.6.0-2ubuntu0.3



[USN-6597-1] Puma vulnerability


==========================================================================
Ubuntu Security Notice USN-6597-1
January 25, 2024

puma vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04

Summary:

Puma could be made to consume resources if it received specially crafted
network traffic.

Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications

Details:

It was discovered that Puma incorrectly handled parsing chunked transfer
encoding bodies. A remote attacker could possibly use this issue to cause
Puma to consume resources, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
puma 5.6.5-4ubuntu2.1

Ubuntu 23.04:
puma 5.6.5-3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6597-1
CVE-2024-21647

Package Information:
https://launchpad.net/ubuntu/+source/puma/5.6.5-4ubuntu2.1
https://launchpad.net/ubuntu/+source/puma/5.6.5-3ubuntu1.2



[USN-6600-1] MariaDB vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6600-1
January 25, 2024

mariadb, mariadb-10.3, mariadb-10.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in MariaDB.

Software Description:
- mariadb: MariaDB database
- mariadb-10.6: MariaDB database
- mariadb-10.3: MariaDB database

Details:

Several security issues were discovered in MariaDB and this update
includes new upstream MariaDB versions to fix these issues.

MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16
in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10.

CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  mariadb-server                  1:10.11.6-0ubuntu0.23.10.2

Ubuntu 22.04 LTS:
  mariadb-server                  1:10.6.16-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  mariadb-server                  1:10.3.39-0ubuntu0.20.04.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-6600-1
  CVE-2022-47015, CVE-2023-22084

Package Information:
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.6-0ubuntu0.23.10.2
https://launchpad.net/ubuntu/+source/mariadb-10.6/1:10.6.16-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.39-0ubuntu0.20.04.2



[USN-6599-1] Jinja2 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6599-1
January 25, 2024

jinja2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in jinja2.

Software Description:
- jinja2: documentation for the Jinja2 Python library

Details:

Yeting Li discovered that Jinja incorrectly handled certain regex.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS. (CVE-2020-28493)

It was discovered that Jinja incorrectly handled certain HTML passed with
xmlatter filter. An attacker could inject arbitrary HTML attributes
keys and values potentially leading to XSS. (CVE-2024-22195)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
python3-jinja2 3.1.2-1ubuntu0.23.10.1

Ubuntu 22.04 LTS:
python3-jinja2 3.0.3-1ubuntu0.1

Ubuntu 20.04 LTS:
python-jinja2 2.10.1-2ubuntu0.2
python3-jinja2 2.10.1-2ubuntu0.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python-jinja2 2.10-1ubuntu0.18.04.1+esm1
python3-jinja2 2.10-1ubuntu0.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
python-jinja2 2.8-1ubuntu0.1+esm2
python3-jinja2 2.8-1ubuntu0.1+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python-jinja2 2.7.2-2ubuntu0.1~esm2
python3-jinja2 2.7.2-2ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6599-1
CVE-2020-28493, CVE-2024-22195

Package Information:
https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.1
https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.2



[USN-6604-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6604-1
January 25, 2024

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oracle: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1148-kvm 4.15.0-1148.153
linux-image-4.15.0-1158-gcp 4.15.0-1158.175
linux-image-4.15.0-1164-aws 4.15.0-1164.177
linux-image-4.15.0-221-generic 4.15.0-221.232
linux-image-4.15.0-221-lowlatency 4.15.0-221.232
linux-image-aws-lts-18.04 4.15.0.1164.162
linux-image-gcp-lts-18.04 4.15.0.1158.172
linux-image-generic 4.15.0.221.205
linux-image-kvm 4.15.0.1148.139
linux-image-lowlatency 4.15.0.221.205
linux-image-virtual 4.15.0.221.205

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.15.0-1127-oracle 4.15.0-1127.138~16.04.1
linux-image-4.15.0-1158-gcp 4.15.0-1158.175~16.04.1
linux-image-4.15.0-1164-aws 4.15.0-1164.177~16.04.1
linux-image-4.15.0-221-generic 4.15.0-221.232~16.04.1
linux-image-4.15.0-221-lowlatency 4.15.0-221.232~16.04.1
linux-image-aws-hwe 4.15.0.1164.147
linux-image-gcp 4.15.0.1158.148
linux-image-generic-hwe-16.04 4.15.0.221.5
linux-image-gke 4.15.0.1158.148
linux-image-lowlatency-hwe-16.04 4.15.0.221.5
linux-image-oem 4.15.0.221.5
linux-image-oracle 4.15.0.1127.108
linux-image-virtual-hwe-16.04 4.15.0.221.5

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6604-1
CVE-2023-1079, CVE-2023-20588, CVE-2023-45863, CVE-2023-6606,
CVE-2023-6931, CVE-2023-6932



[USN-6605-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6605-1
January 25, 2024

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-iot, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-iot: Linux kernel for IoT platforms
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not
properly validate network family support while creating a new netfilter
table. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1029-iot 5.4.0-1029.30
linux-image-5.4.0-1036-xilinx-zynqmp 5.4.0-1036.40
linux-image-5.4.0-1064-ibm 5.4.0-1064.69
linux-image-5.4.0-1077-bluefield 5.4.0-1077.83
linux-image-5.4.0-1084-gkeop 5.4.0-1084.88
linux-image-5.4.0-1101-raspi 5.4.0-1101.113
linux-image-5.4.0-1116-oracle 5.4.0-1116.125
linux-image-5.4.0-1117-aws 5.4.0-1117.127
linux-image-5.4.0-1121-gcp 5.4.0-1121.130
linux-image-5.4.0-1122-azure 5.4.0-1122.129
linux-image-5.4.0-170-generic 5.4.0-170.188
linux-image-5.4.0-170-generic-lpae 5.4.0-170.188
linux-image-5.4.0-170-lowlatency 5.4.0-170.188
linux-image-aws-lts-20.04 5.4.0.1117.114
linux-image-azure-lts-20.04 5.4.0.1122.115
linux-image-bluefield 5.4.0.1077.72
linux-image-gcp-lts-20.04 5.4.0.1121.123
linux-image-generic 5.4.0.170.168
linux-image-generic-lpae 5.4.0.170.168
linux-image-gkeop 5.4.0.1084.82
linux-image-gkeop-5.4 5.4.0.1084.82
linux-image-ibm-lts-20.04 5.4.0.1064.93
linux-image-lowlatency 5.4.0.170.168
linux-image-oem 5.4.0.170.168
linux-image-oem-osp1 5.4.0.170.168
linux-image-oracle-lts-20.04 5.4.0.1116.109
linux-image-raspi 5.4.0.1101.131
linux-image-raspi2 5.4.0.1101.131
linux-image-virtual 5.4.0.170.168
linux-image-xilinx-zynqmp 5.4.0.1036.36

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1064-ibm 5.4.0-1064.69~18.04.1
linux-image-5.4.0-1101-raspi 5.4.0-1101.113~18.04.1
linux-image-5.4.0-1116-oracle 5.4.0-1116.125~18.04.1
linux-image-5.4.0-1117-aws 5.4.0-1117.127~18.04.1
linux-image-5.4.0-1121-gcp 5.4.0-1121.130~18.04.1
linux-image-5.4.0-1122-azure 5.4.0-1122.129~18.04.1
linux-image-5.4.0-170-generic 5.4.0-170.188~18.04.1
linux-image-5.4.0-170-lowlatency 5.4.0-170.188~18.04.1
linux-image-aws 5.4.0.1117.95
linux-image-azure 5.4.0.1122.95
linux-image-gcp 5.4.0.1121.97
linux-image-generic-hwe-18.04 5.4.0.170.188~18.04.138
linux-image-ibm 5.4.0.1064.74
linux-image-lowlatency-hwe-18.04 5.4.0.170.188~18.04.138
linux-image-oem 5.4.0.170.188~18.04.138
linux-image-oem-osp1 5.4.0.170.188~18.04.138
linux-image-oracle 5.4.0.1116.125~18.04.88
linux-image-raspi-hwe-18.04 5.4.0.1101.98
linux-image-snapdragon-hwe-18.04 5.4.0.170.188~18.04.138
linux-image-virtual-hwe-18.04 5.4.0.170.188~18.04.138

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6605-1
CVE-2023-6040, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-170.188
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1117.127
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1122.129
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1077.83
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1121.130
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1084.88
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1064.69
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1029.30
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1116.125
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1101.113
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1036.40



[USN-6603-1] Linux kernel (AWS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6603-1
January 25, 2024

linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1165-aws 4.4.0-1165.180
linux-image-aws 4.4.0.1165.169

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6603-1
CVE-2023-6606, CVE-2023-6931, CVE-2023-6932



[USN-6606-1] Linux kernel (OEM) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6606-1
January 25, 2024

linux-oem-6.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem-6.1: Linux kernel for OEM systems

Details:

It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.1.0-1029-oem 6.1.0-1029.29
linux-image-oem-22.04 6.1.0.1029.30
linux-image-oem-22.04a 6.1.0.1029.30
linux-image-oem-22.04b 6.1.0.1029.30
linux-image-oem-22.04c 6.1.0.1029.30

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6606-1
CVE-2023-51779, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931,
CVE-2024-0193

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1029.29



[USN-6602-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6602-1
January 25, 2024

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-kvm: Linux kernel for cloud environments
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1128-kvm 4.4.0-1128.138
linux-image-4.4.0-250-generic 4.4.0-250.284
linux-image-4.4.0-250-lowlatency 4.4.0-250.284
linux-image-generic 4.4.0.250.256
linux-image-generic-lts-xenial 4.4.0.250.256
linux-image-kvm 4.4.0.1128.125
linux-image-lowlatency 4.4.0.250.256
linux-image-lowlatency-lts-xenial 4.4.0.250.256
linux-image-virtual 4.4.0.250.256
linux-image-virtual-lts-xenial 4.4.0.250.256

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1127-aws 4.4.0-1127.133
linux-image-4.4.0-250-generic 4.4.0-250.284~14.04.1
linux-image-4.4.0-250-lowlatency 4.4.0-250.284~14.04.1
linux-image-aws 4.4.0.1127.124
linux-image-generic-lts-xenial 4.4.0.250.217
linux-image-lowlatency-lts-xenial 4.4.0.250.217
linux-image-virtual-lts-xenial 4.4.0.250.217

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6602-1
CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931,
CVE-2023-6932



[USN-6601-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-6601-1
January 25, 2024

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
linux-image-3.13.0-195-generic 3.13.0-195.246
linux-image-3.13.0-195-lowlatency 3.13.0-195.246
linux-image-generic 3.13.0.195.205
linux-image-generic-lts-trusty 3.13.0.195.205
linux-image-lowlatency 3.13.0.195.205
linux-image-server 3.13.0.195.205
linux-image-virtual 3.13.0.195.205

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6601-1
CVE-2023-6932



[USN-6608-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6608-1
January 25, 2024

linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop,
linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle,
linux-raspi, linux-starfive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-laptop: Linux kernel for Lenovo X13s ARM laptops
- linux-lowlatency: Linux low latency kernel
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-starfive: Linux kernel for StarFive processors
- linux-aws-6.2: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-6.2: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-6.2: Linux kernel for Microsoft Azure CVM cloud systems
- linux-hwe-6.5: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-6.5: Linux low latency kernel
- linux-oem-6.5: Linux kernel for OEM systems

Details:

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1006-starfive 6.5.0-1006.7
linux-image-6.5.0-1008-laptop 6.5.0-1008.11
linux-image-6.5.0-1009-raspi 6.5.0-1009.12
linux-image-6.5.0-1011-azure 6.5.0-1011.11
linux-image-6.5.0-1011-azure-fde 6.5.0-1011.11
linux-image-6.5.0-1011-gcp 6.5.0-1011.11
linux-image-6.5.0-1012-aws 6.5.0-1012.12
linux-image-6.5.0-1014-oracle 6.5.0-1014.14
linux-image-6.5.0-15-generic 6.5.0-15.15
linux-image-6.5.0-15-generic-64k 6.5.0-15.15
linux-image-6.5.0-15-lowlatency 6.5.0-15.15.1
linux-image-6.5.0-15-lowlatency-64k 6.5.0-15.15.1
linux-image-aws 6.5.0.1012.12
linux-image-azure 6.5.0.1011.13
linux-image-azure-fde 6.5.0.1011.13
linux-image-gcp 6.5.0.1011.11
linux-image-generic 6.5.0.15.17
linux-image-generic-64k 6.5.0.15.17
linux-image-generic-lpae 6.5.0.15.17
linux-image-kvm 6.5.0.15.17
linux-image-laptop-23.10 6.5.0.1008.11
linux-image-lowlatency 6.5.0.15.15.13
linux-image-lowlatency-64k 6.5.0.15.15.13
linux-image-oracle 6.5.0.1014.14
linux-image-raspi 6.5.0.1009.10
linux-image-raspi-nolpae 6.5.0.1009.10
linux-image-starfive 6.5.0.1006.8
linux-image-virtual 6.5.0.15.17

Ubuntu 22.04 LTS:
linux-image-6.2.0-1018-aws 6.2.0-1018.18~22.04.1
linux-image-6.2.0-1019-azure 6.2.0-1019.19~22.04.1
linux-image-6.2.0-1019-azure-fde 6.2.0-1019.19~22.04.1.1
linux-image-6.5.0-1013-oem 6.5.0-1013.14
linux-image-6.5.0-15-generic 6.5.0-15.15~22.04.1
linux-image-6.5.0-15-generic-64k 6.5.0-15.15~22.04.1
linux-image-6.5.0-15-lowlatency 6.5.0-15.15.1.1~22.04.1
linux-image-6.5.0-15-lowlatency-64k 6.5.0-15.15.1.1~22.04.1
linux-image-aws 6.2.0.1018.18~22.04.1
linux-image-azure 6.2.0.1019.19~22.04.1
linux-image-azure-fde 6.2.0.1019.19~22.04.1.16
linux-image-generic-64k-hwe-22.04 6.5.0.15.15~22.04.8
linux-image-generic-hwe-22.04 6.5.0.15.15~22.04.8
linux-image-lowlatency-64k-hwe-22.04 6.5.0.15.15.1.1~22.04.5
linux-image-lowlatency-hwe-22.04 6.5.0.15.15.1.1~22.04.5
linux-image-oem-22.04d 6.5.0.1013.15
linux-image-virtual-hwe-22.04 6.5.0.15.15~22.04.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6608-1
CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932,
CVE-2024-0193

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.5.0-15.15
https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1012.12
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1011.11
https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1011.11
https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1008.11
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-15.15.1
https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1014.14
https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1009.12
https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1006.7
https://launchpad.net/ubuntu/+source/linux-aws-6.2/6.2.0-1018.18~22.04.1
https://launchpad.net/ubuntu/+source/linux-azure-6.2/6.2.0-1019.19~22.04.1

https://launchpad.net/ubuntu/+source/linux-azure-fde-6.2/6.2.0-1019.19~22.04.1.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.5/6.5.0-15.15~22.04.1

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.5/6.5.0-15.15.1.1~22.04.1
https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1013.14



[USN-6607-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6607-1
January 25, 2024

linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems

Details:

It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not
properly validate network family support while creating a new netfilter
table. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1054-azure 5.15.0-1054.62
linux-image-5.15.0-1054-azure-fde 5.15.0-1054.62.1
linux-image-azure-fde-lts-22.04 5.15.0.1054.62.32
linux-image-azure-lts-22.04 5.15.0.1054.50

Ubuntu 20.04 LTS:
linux-image-5.15.0-1054-azure 5.15.0-1054.62~20.04.1
linux-image-5.15.0-1054-azure-fde 5.15.0-1054.62~20.04.1.1
linux-image-azure 5.15.0.1054.62~20.04.43
linux-image-azure-cvm 5.15.0.1054.62~20.04.43
linux-image-azure-fde 5.15.0.1054.62~20.04.1.32

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6607-1
CVE-2023-5345, CVE-2023-6040, CVE-2023-6606, CVE-2023-6817,
CVE-2023-6931, CVE-2023-6932, CVE-2024-0193

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1054.62
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1054.62.1
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1054.62~20.04.1

https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1054.62~20.04.1.1



[USN-6609-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6609-1
January 26, 2024

linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-lowlatency-hwe-5.15: Linux low latency kernel

Details:

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not
properly validate network family support while creating a new netfilter
table. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1035-gkeop 5.15.0-1035.41
linux-image-5.15.0-1045-ibm 5.15.0-1045.48
linux-image-5.15.0-1045-raspi 5.15.0-1045.48
linux-image-5.15.0-1049-gcp 5.15.0-1049.57
linux-image-5.15.0-1049-gke 5.15.0-1049.54
linux-image-5.15.0-1049-kvm 5.15.0-1049.54
linux-image-5.15.0-1052-aws 5.15.0-1052.57
linux-image-5.15.0-92-generic 5.15.0-92.102
linux-image-5.15.0-92-generic-64k 5.15.0-92.102
linux-image-5.15.0-92-generic-lpae 5.15.0-92.102
linux-image-aws-lts-22.04 5.15.0.1052.51
linux-image-gcp-lts-22.04 5.15.0.1049.45
linux-image-generic 5.15.0.92.89
linux-image-generic-64k 5.15.0.92.89
linux-image-generic-lpae 5.15.0.92.89
linux-image-gke 5.15.0.1049.48
linux-image-gke-5.15 5.15.0.1049.48
linux-image-gkeop 5.15.0.1035.34
linux-image-gkeop-5.15 5.15.0.1035.34
linux-image-ibm 5.15.0.1045.41
linux-image-kvm 5.15.0.1049.45
linux-image-raspi 5.15.0.1045.43
linux-image-raspi-nolpae 5.15.0.1045.43
linux-image-virtual 5.15.0.92.89

Ubuntu 20.04 LTS:
linux-image-5.15.0-1035-gkeop 5.15.0-1035.41~20.04.1
linux-image-5.15.0-1045-ibm 5.15.0-1045.48~20.04.1
linux-image-5.15.0-1049-gcp 5.15.0-1049.57~20.04.1
linux-image-5.15.0-1052-aws 5.15.0-1052.57~20.04.1
linux-image-5.15.0-92-generic 5.15.0-92.102~20.04.1
linux-image-5.15.0-92-generic-64k 5.15.0-92.102~20.04.1
linux-image-5.15.0-92-generic-lpae 5.15.0-92.102~20.04.1
linux-image-5.15.0-92-lowlatency 5.15.0-92.102~20.04.1
linux-image-5.15.0-92-lowlatency-64k 5.15.0-92.102~20.04.1
linux-image-aws 5.15.0.1052.57~20.04.40
linux-image-gcp 5.15.0.1049.57~20.04.1
linux-image-generic-64k-hwe-20.04 5.15.0.92.102~20.04.49
linux-image-generic-hwe-20.04 5.15.0.92.102~20.04.49
linux-image-generic-lpae-hwe-20.04 5.15.0.92.102~20.04.49
linux-image-gkeop-5.15 5.15.0.1035.41~20.04.31
linux-image-ibm 5.15.0.1045.48~20.04.17
linux-image-lowlatency-64k-hwe-20.04 5.15.0.92.102~20.04.46
linux-image-lowlatency-hwe-20.04 5.15.0.92.102~20.04.46
linux-image-oem-20.04 5.15.0.92.102~20.04.49
linux-image-oem-20.04b 5.15.0.92.102~20.04.49
linux-image-oem-20.04c 5.15.0.92.102~20.04.49
linux-image-oem-20.04d 5.15.0.92.102~20.04.49
linux-image-virtual-hwe-20.04 5.15.0.92.102~20.04.49

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6609-1
CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931,
CVE-2023-6932, CVE-2024-0193

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-92.102
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1052.57
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1049.57
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1049.54
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1035.41
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1045.48
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1049.54
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1045.48
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1052.57~20.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1049.57~20.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1035.41~20.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-92.102~20.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1045.48~20.04.1

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-92.102~20.04.1