Ubuntu 6376 Published by

The following security updates have been released for Ubuntu Linux:

[USN-6550-1] PostfixAdmin vulnerabilities
[USN-6551-1] Ghostscript vulnerability
[USN-6552-1] Netatalk vulnerability
[USN-6554-1] GNOME Settings vulnerability
[USN-6548-2] Linux kernel vulnerabilities
[USN-6534-2] Linux kernel vulnerabilities
[USN-6549-2] Linux kernel (GKE) vulnerabilities




[USN-6550-1] PostfixAdmin vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6550-1
December 12, 2023

postfixadmin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in PostfixAdmin.

Software Description:
- postfixadmin: Virtual mail hosting interface for Postfix

Details:

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)

It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-31129)

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
possibly use this issue to conduct cross-site scripting attacks (XSS).
(CVE-2023-28447)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
postfixadmin 3.3.10-2ubuntu0.1~esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
postfixadmin 3.2.1-3ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
postfixadmin 3.0.2-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6550-1
CVE-2022-29221, CVE-2022-31129, CVE-2023-28447



[USN-6551-1] Ghostscript vulnerability


==========================================================================
Ubuntu Security Notice USN-6551-1
December 12, 2023

ghostscript vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

Ghostscript could be made to crash if it wrote a TIFF file.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled writing TIFF files.
A remote attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
ghostscript 10.01.2~dfsg1-0ubuntu2.2

Ubuntu 23.04:
ghostscript 10.0.0~dfsg1-0ubuntu1.5

Ubuntu 22.04 LTS:
ghostscript 9.55.0~dfsg1-0ubuntu5.6

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6551-1
CVE-2023-46751

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.01.2~dfsg1-0ubuntu2.2
https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu1.5
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.6



[USN-6552-1] Netatalk vulnerability


==========================================================================
Ubuntu Security Notice USN-6552-1
December 12, 2023

netatalk vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Netatalk could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- netatalk: Apple Filing Protocol service

Details:

Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly
handled certain specially crafted Spotlight requests. A remote attacker could
possibly use this issue to cause heap corruption and execute arbitrary code.
(CVE-2023-42464)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
netatalk 3.1.14~ds-1ubuntu0.1

Ubuntu 22.04 LTS:
netatalk 3.1.12~ds-9ubuntu0.22.04.3

Ubuntu 20.04 LTS:
netatalk 3.1.12~ds-4ubuntu0.20.04.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6552-1
CVE-2023-42464

Package Information:
https://launchpad.net/ubuntu/+source/netatalk/3.1.14~ds-1ubuntu0.1
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.3



[USN-6554-1] GNOME Settings vulnerability


==========================================================================
Ubuntu Security Notice USN-6554-1
December 13, 2023

gnome-control-center vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

GNOME Settings could allow unintended access to network services.

Software Description:
- gnome-control-center: utilities to configure the GNOME desktop

Details:

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect
the SSH remote login status when the system was configured to use systemd
socket activation for OpenSSH. Remote SSH access may be unknowingly
enabled, contrary to expectation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
gnome-control-center 1:45.0-1ubuntu3.1

Ubuntu 23.04:
gnome-control-center 1:44.0-1ubuntu6.1

Ubuntu 22.04 LTS:
gnome-control-center 1:41.7-0ubuntu0.22.04.8

Ubuntu 20.04 LTS:
gnome-control-center 1:3.36.5-0ubuntu4.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6554-1
CVE-2023-5616

Package Information:
https://launchpad.net/ubuntu/+source/gnome-control-center/1:45.0-1ubuntu3.1
https://launchpad.net/ubuntu/+source/gnome-control-center/1:44.0-1ubuntu6.1
https://launchpad.net/ubuntu/+source/gnome-control-center/1:41.7-0ubuntu0.22.04.8
https://launchpad.net/ubuntu/+source/gnome-control-center/1:3.36.5-0ubuntu4.1



[USN-6548-2] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6548-2
December 12, 2023

linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1100-raspi 5.4.0-1100.112
linux-image-raspi 5.4.0.1100.130
linux-image-raspi2 5.4.0.1100.130

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
linux-image-5.4.0-1100-raspi 5.4.0-1100.112~18.04.1
linux-image-5.4.0-1115-oracle 5.4.0-1115.124~18.04.1
linux-image-oracle 5.4.0.1115.124~18.04.87
linux-image-raspi-hwe-18.04 5.4.0.1100.97

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6548-2
https://ubuntu.com/security/notices/USN-6548-1
CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,
CVE-2023-5717, CVE-2023-6176

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1100.112



[USN-6534-2] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6534-2
December 12, 2023

linux-gcp, linux-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments

Details:

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel did not properly initialize a policy data structure, leading
to an out-of-bounds vulnerability. A local privileged attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver
in the Linux kernel, leading to a use after free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux
kernel did not properly handle iov buffers in some situations. A local
attacker in a guest VM could use this to cause a denial of service (host
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the Microchip USB Ethernet driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash). (CVE-2023-6039)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
linux-image-6.2.0-1018-kvm 6.2.0-1018.18
linux-image-6.2.0-1020-gcp 6.2.0-1020.22
linux-image-gcp 6.2.0.1020.20
linux-image-kvm 6.2.0.1018.18

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6534-2
https://ubuntu.com/security/notices/USN-6534-1
CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,
CVE-2023-5158, CVE-2023-5178, CVE-2023-5717, CVE-2023-6039

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.2.0-1020.22
https://launchpad.net/ubuntu/+source/linux-kvm/6.2.0-1018.18



[USN-6549-2] Linux kernel (GKE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6549-2
December 12, 2023

linux-gkeop, linux-gkeop-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems

Details:

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel did not properly initialize a policy data structure, leading
to an out-of-bounds vulnerability. A local privileged attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did
not properly validate u32 packets content, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate SCTP data, leading to an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in
the Linux kernel did not properly handle state filters, leading to an out-
of-bounds read vulnerability. A privileged local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver
in the Linux kernel, leading to a use after free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux
kernel did not properly handle iov buffers in some situations. A local
attacker in a guest VM could use this to cause a denial of service (host
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly handle queue initialization failures in certain
situations, leading to a use-after-free vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did
not properly handle event groups, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
linux-image-5.15.0-1034-gkeop 5.15.0-1034.40
linux-image-gkeop 5.15.0.1034.33
linux-image-gkeop-5.15 5.15.0.1034.33

Ubuntu 20.04 LTS:
linux-image-5.15.0-1034-gkeop 5.15.0-1034.40~20.04.1
linux-image-gkeop-5.15 5.15.0.1034.40~20.04.30

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6549-2
https://ubuntu.com/security/notices/USN-6549-1
CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,
CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

Package Information:
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1034.40
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1034.40~20.04.1