Ubuntu 6286 Published by

Updated Firefox, Go, and Linux kernel packages are available for Ubuntu Linux:

[USN-6562-2] Firefox regressions
[USN-6574-1] Go vulnerabilities
[USN-6576-1] Linux kernel (OEM) vulnerability
[USN-6577-1] Linux kernel (AWS) vulnerabilities
[USN-6549-5] Linux kernel vulnerabilities
[USN-6548-5] Linux kernel (IoT) vulnerabilities




[USN-6562-2] Firefox regressions


==========================================================================
Ubuntu Security Notice USN-6562-2
January 11, 2024

firefox regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-6562-1 caused some minor regressions in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

USN-6562-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code.(CVE-2023-6865,
CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6866, CVE-2023-6867,
CVE-2023-6861, CVE-2023-6869, CVE-2023-6871, CVE-2023-6872, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6873)

DoHyun Lee discovered that Firefox did not properly manage memory when used
on systems with the Mesa VM driver. An attacker could potentially exploit
this issue to execute arbitrary code. (CVE-2023-6856)

George Pantela and Hubert Kario discovered that Firefox using multiple NSS
NIST curves which were susceptible to a side-channel attack known as
"Minerva". An attacker could potentially exploit this issue to obtain
sensitive information. (CVE-2023-6135)

Andrew Osmond discovered that Firefox did not properly validate the textures
produced by remote decoders. An attacker could potentially exploit this
issue to escape the sandbox. (CVE-2023-6860)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
firefox 121.0.1+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-6562-2
https://ubuntu.com/security/notices/USN-6562-1
https://launchpad.net/bugs/2048961

Package Information:
https://launchpad.net/ubuntu/+source/firefox/121.0.1+build1-0ubuntu0.20.04.1



[USN-6574-1] Go vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6574-1
January 11, 2024

Go vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Go.

Software Description:
- golang-1.20: Go programming language compiler
- golang-1.21: Go programming language compiler

Details:

Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a cross
site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-39318, CVE-2023-39319)

It was discovered that Go did not properly validate the "//go:cgo_"
directives during compilation. An attacker could possibly use this issue to
inject arbitrary code during compile time. (CVE-2023-39323)

It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
(CVE-2023-39325, CVE-2023-44487)

It was discovered that the Go net/http module did not properly validate the
chunk extensions reading from a request or response body. An attacker could
possibly use this issue to read sensitive information. (CVE-2023-39326)

It was discovered that Go did not properly validate the insecure "git://"
protocol when using go get to fetch a module with the ".git" suffix. An
attacker could possibly use this issue to bypass secure protocol checks.
(CVE-2023-45285)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
golang-1.20 1.20.8-1ubuntu0.23.10.1
golang-1.20-go 1.20.8-1ubuntu0.23.10.1
golang-1.20-src 1.20.8-1ubuntu0.23.10.1
golang-1.21 1.21.1-1ubuntu0.23.10.1
golang-1.21-go 1.21.1-1ubuntu0.23.10.1
golang-1.21-src 1.21.1-1ubuntu0.23.10.1

Ubuntu 23.04:
golang-1.20 1.20.3-1ubuntu0.2
golang-1.20-go 1.20.3-1ubuntu0.2
golang-1.20-src 1.20.3-1ubuntu0.2
golang-1.21 1.21.1-1~ubuntu23.04.2
golang-1.21-go 1.21.1-1~ubuntu23.04.2
golang-1.21-src 1.21.1-1~ubuntu23.04.2

Ubuntu 22.04 LTS:
golang-1.20 1.20.3-1ubuntu0.1~22.04.1
golang-1.20-go 1.20.3-1ubuntu0.1~22.04.1
golang-1.20-src 1.20.3-1ubuntu0.1~22.04.1
golang-1.21 1.21.1-1~ubuntu22.04.2
golang-1.21-go 1.21.1-1~ubuntu22.04.2
golang-1.21-src 1.21.1-1~ubuntu22.04.2

Ubuntu 20.04 LTS:
golang-1.20 1.20.3-1ubuntu0.1~20.04.1
golang-1.20-go 1.20.3-1ubuntu0.1~20.04.1
golang-1.20-src 1.20.3-1ubuntu0.1~20.04.1
golang-1.21 1.21.1-1~ubuntu20.04.2
golang-1.21-go 1.21.1-1~ubuntu20.04.2
golang-1.21-src 1.21.1-1~ubuntu20.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6574-1
CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39325,
CVE-2023-39326, CVE-2023-44487, CVE-2023-45285

Package Information:
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.8-1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu23.04.2
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1~22.04.1
https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu22.04.2
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1~20.04.1
https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu20.04.2



[USN-6576-1] Linux kernel (OEM) vulnerability


==========================================================================
Ubuntu Security Notice USN-6576-1
January 10, 2024

linux-oem-6.1 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux-oem-6.1: Linux kernel for OEM systems

Details:

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle an expired catchall element in some situations, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-6.1.0-1028-oem 6.1.0-1028.28
linux-image-oem-22.04 6.1.0.1028.29
linux-image-oem-22.04a 6.1.0.1028.29
linux-image-oem-22.04b 6.1.0.1028.29
linux-image-oem-22.04c 6.1.0.1028.29

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6576-1
CVE-2023-6111

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1028.28



[USN-6577-1] Linux kernel (AWS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6577-1
January 10, 2024

linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
linux-image-4.4.0-1164-aws 4.4.0-1164.179
linux-image-aws 4.4.0.1164.168

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6577-1
CVE-2023-20588, CVE-2023-45863



[USN-6549-5] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6549-5
January 10, 2024

linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel did not properly initialize a policy data structure, leading
to an out-of-bounds vulnerability. A local privileged attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver
in the Linux kernel, leading to a use after free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux
kernel did not properly handle iov buffers in some situations. A local
attacker in a guest VM could use this to cause a denial of service (host
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.15.0-1046-intel-iotg 5.15.0-1046.52~20.04.1
linux-image-5.15.0-1048-gcp 5.15.0-1048.56~20.04.1
linux-image-gcp 5.15.0.1048.56~20.04.1
linux-image-intel 5.15.0.1046.52~20.04.36
linux-image-intel-iotg 5.15.0.1046.52~20.04.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6549-5
https://ubuntu.com/security/notices/USN-6549-1
CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,
CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1048.56~20.04.1

https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1046.52~20.04.1



[USN-6548-5] Linux kernel (IoT) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6548-5
January 10, 2024

linux-iot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-iot: Linux kernel for IoT platforms

Details:

It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1028-iot 5.4.0-1028.29

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6548-5
https://ubuntu.com/security/notices/USN-6548-1
CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,
CVE-2023-5717, CVE-2023-6176

Package Information:
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1028.29