ubuntu jammy v1.298
Metadata:
BOSH Agent Version: 2.600.0
Notice:
azure blobstore cli did not calculate the correct blobsize fixed in pr 13
USNs:
Title: USN-6465-2: Linux kernel (Raspberry Pi) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6465-2
Priorities: low,medium
Description:
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)
CVEs:
- https://ubuntu.com/security/CVE-2023-31083
- https://ubuntu.com/security/CVE-2023-3772
- https://ubuntu.com/security/CVE-2023-31083
- https://ubuntu.com/security/CVE-2023-3772
Title: USN-6467-2: Kerberos vulnerability
URL: https://ubuntu.com/security/notices/USN-6467-2
Priorities: medium
Description:
USN-6467-1 fixed a vulnerability in Kerberos. This update provides the
corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu
23.04.
Original advisory details:
Robert Morris discovered that Kerberos did not properly handle memory
access when processing RPC data through kadmind, which could lead to the
freeing of uninitialized memory. An authenticated remote attacker could
possibly use this issue to cause kadmind to crash, resulting in a denial
of service.
CVEs:
Title: USN-6479-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6479-1
Priorities: high,medium
Description:
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
CVEs:
- https://ubuntu.com/security/CVE-2023-42756
- https://ubuntu.com/security/CVE-2023-4881
- https://ubuntu.com/security/CVE-2023-4921
- https://ubuntu.com/security/CVE-2023-5197
- https://ubuntu.com/security/CVE-2023-4921
- https://ubuntu.com/security/CVE-2023-42756
- https://ubuntu.com/security/CVE-2023-4881
- https://ubuntu.com/security/CVE-2023-5197