Ubuntu 6286 Published by

The following security updates are available for Ubuntu Linux:

[USN-6038-2] Go vulnerabilities
[USN-6571-1] Monit vulnerability
[USN-6570-1] PostgreSQL vulnerabilities
[USN-6548-4] Linux kernel (GKE) vulnerabilities
[USN-6572-1] Linux kernel (Azure) vulnerabilities
[USN-6573-1] Linux kernel (Azure) vulnerabilities




[USN-6038-2] Go vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6038-2
January 09, 2024

golang-1.13, golang-1.16 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Go.

Software Description:
- golang-1.13: Go programming language compiler
- golang-1.16: Go programming language compiler

Details:

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides
the corresponding updates for Go 1.13 and Go 1.16.

CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16.

Original advisory details:

 It was discovered that the Go net/http module incorrectly handled
 Transfer-Encoding headers in the HTTP/1 client. A remote attacker could
 possibly use this issue to perform an HTTP Request Smuggling attack.
 (CVE-2022-1705)

 It was discovered that Go did not properly manage memory under certain
 circumstances. An attacker could possibly use this issue to cause a panic
 resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,
 CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,
 CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715,
 CVE-2022-41717, CVE-2023-24534, CVE-2023-24537)

 It was discovered that Go did not properly implemented the maximum size of
 file headers in Reader.Read. An attacker could possibly use this issue to
 cause a panic resulting into a denial of service. (CVE-2022-2879)

 It was discovered that the Go net/http module incorrectly handled query
 parameters in requests forwarded by ReverseProxy. A remote attacker could
 possibly use this issue to perform an HTTP Query Parameter Smuggling
attack.
 (CVE-2022-2880)

 It was discovered that Go did not properly manage the permissions for
 Faccessat function. A attacker could possibly use this issue to expose
 sensitive information. (CVE-2022-29526)

 It was discovered that Go did not properly generate the values for
 ticket_age_add in session tickets. An attacker could possibly use this
 issue to observe TLS handshakes to correlate successive connections by
 comparing ticket ages during session resumption. (CVE-2022-30629)

 It was discovered that Go did not properly manage client IP addresses in
 net/http. An attacker could possibly use this issue to cause ReverseProxy
 to set the client IP as the value of the X-Forwarded-For header.
 (CVE-2022-32148)

 It was discovered that Go did not properly validate backticks (`) as
 Javascript string delimiters, and do not escape them as expected. An
 attacker could possibly use this issue to inject arbitrary Javascript code
 into the Go template. (CVE-2023-24538)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  golang-1.13                     1.13.8-1ubuntu2.22.04.2
  golang-1.13-go                  1.13.8-1ubuntu2.22.04.2
  golang-1.13-src                 1.13.8-1ubuntu2.22.04.2

Ubuntu 20.04 LTS:
  golang-1.13                     1.13.8-1ubuntu1.2
  golang-1.13-go                  1.13.8-1ubuntu1.2
  golang-1.13-src                 1.13.8-1ubuntu1.2
  golang-1.16                     1.16.2-0ubuntu1~20.04.1
  golang-1.16-go                  1.16.2-0ubuntu1~20.04.1
  golang-1.16-src                 1.16.2-0ubuntu1~20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  golang-1.13                     1.13.8-1ubuntu1~18.04.4+esm1
  golang-1.13-go                  1.13.8-1ubuntu1~18.04.4+esm1
  golang-1.13-src                 1.13.8-1ubuntu1~18.04.4+esm1
  golang-1.16                     1.16.2-0ubuntu1~18.04.2+esm1
  golang-1.16-go                  1.16.2-0ubuntu1~18.04.2+esm1
  golang-1.16-src                 1.16.2-0ubuntu1~18.04.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  golang-1.13                     1.13.8-1ubuntu1~16.04.3+esm3
  golang-1.13-go                  1.13.8-1ubuntu1~16.04.3+esm3
  golang-1.13-src                 1.13.8-1ubuntu1~16.04.3+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6038-2
  https://ubuntu.com/security/notices/USN-6038-1
  CVE-2022-1705, CVE-2022-27664, CVE-2022-28131, CVE-2022-2879,
  CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630,
  CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635,
  CVE-2022-32148, CVE-2022-32189, CVE-2022-41717, CVE-2023-24534,
  CVE-2023-24537, CVE-2023-24538

Package Information:
https://launchpad.net/ubuntu/+source/golang-1.13/1.13.8-1ubuntu2.22.04.2
https://launchpad.net/ubuntu/+source/golang-1.13/1.13.8-1ubuntu1.2
https://launchpad.net/ubuntu/+source/golang-1.16/1.16.2-0ubuntu1~20.04.1



[USN-6571-1] Monit vulnerability


==========================================================================
Ubuntu Security Notice USN-6571-1
January 09, 2024

monit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Monit could be made to bypass authentication checks for disabled accounts.

Software Description:
- monit: utility for monitoring and managing daemons or similar programs

Details:

Youssef Rebahi-Gilbert discovered that Monit did not properly process
credentials for disabled accounts. An attacker could possibly use this
issue to login to the platform with an expired account and a valid
password.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
monit 1:5.31.0-1ubuntu0.1~esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
monit 1:5.26.0-4ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
monit 1:5.25.1-1ubuntu0.1~esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
monit 1:5.16-2ubuntu0.2+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
monit 1:5.6-2ubuntu0.1+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6571-1
CVE-2022-26563



[USN-6570-1] PostgreSQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6570-1
January 09, 2024

postgresql-9.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
- postgresql-9.5: Object-relational SQL database

Details:

Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)

Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-2023-5870)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  postgresql-9.5                  9.5.25-0ubuntu0.16.04.1+esm6
  postgresql-client-9.5         9.5.25-0ubuntu0.16.04.1+esm6

After a standard system update you need to restart PostgreSQL to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6570-1
  CVE-2023-5869, CVE-2023-5870



[USN-6548-4] Linux kernel (GKE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6548-4
January 09, 2024

linux-gkeop vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems

Details:

It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1083-gkeop 5.4.0-1083.87
linux-image-gkeop 5.4.0.1083.81
linux-image-gkeop-5.4 5.4.0.1083.81

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6548-4
https://ubuntu.com/security/notices/USN-6548-1
CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,
CVE-2023-5717, CVE-2023-6176

Package Information:
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1083.87



[USN-6572-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6572-1
January 09, 2024

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)

Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)

Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a
denial of service (host kernel crash). (CVE-2023-5090)

It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)

Murray McAllister discovered that the VMware Virtual GPU DRM driver in the
Linux kernel did not properly handle memory objects when storing surfaces,
leading to a use-after-free vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5633)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1009-azure 6.5.0-1009.9
linux-image-6.5.0-1009-azure-fde 6.5.0-1009.9
linux-image-azure 6.5.0.1009.11
linux-image-azure-fde 6.5.0.1009.11

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6572-1
CVE-2023-31085, CVE-2023-4244, CVE-2023-5090, CVE-2023-5345,
CVE-2023-5633

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1009.9



[USN-6573-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6573-1
January 09, 2024

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Yikebaer Aizezi discovered that the ext4 file system implementation in the
Linux kernel contained a use-after-free vulnerability when handling inode
extent metadata. An attacker could use this to construct a malicious ext4
file system image that, when mounted, could cause a denial of service
(system crash). (CVE-2023-45898)

Jason Wang discovered that the virtio ring implementation in the Linux
kernel did not properly handle iov buffers in some situations. A local
attacker in a guest VM could use this to cause a denial of service (host
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
linux-image-6.5.0-1010-azure 6.5.0-1010.10
linux-image-6.5.0-1010-azure-fde 6.5.0-1010.10
linux-image-azure 6.5.0.1010.12
linux-image-azure-fde 6.5.0.1010.12

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6573-1
CVE-2023-39189, CVE-2023-42754, CVE-2023-45898, CVE-2023-5158,
CVE-2023-5178, CVE-2023-5717

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1010.10