Release ubuntu jammy v1.682 · cloudfoundry/bosh-linux-stemcell-builder

Metadata:

BOSH Agent Version: 2.705.0
Kernel Version: 5.15.0.127.126

USNs:

Title: USN-7125-1 -- RapidJSON vulnerability
URL: https://ubuntu.com/security/notices/USN-7125-1
Priorities: medium
Description:
It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Update Instructions: Run sudo pro fix USN-7125-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rapidjson-dev - 1.1.0+dfsg2-7ubuntu0.1~~esm1 rapidjson-doc - 1.1.0+dfsg2-7ubuntu0.1~~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro
CVEs:

https://ubuntu.com/security/CVE-2024-38517

Title: USN-7129-1 -- TinyGLTF vulnerability
URL: https://ubuntu.com/security/notices/USN-7129-1
Priorities: medium
Description:
It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Update Instructions: Run sudo pro fix USN-7129-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtinygltf-dev - 2.5.0+dfsg-4ubuntu0.1 libtinygltf1d - 2.5.0+dfsg-4ubuntu0.1 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2022-3008

Title: USN-7132-1 -- PostgreSQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7132-1
Priorities: medium
Description:
It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. (CVE-2024-10976) Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results. (CVE-2024-10977) Tom Lane discovered that PostgreSQL incorrectly handled certain privilege assignments. A remote attacker could possibly use this issue to view or change different rows from those intended. (CVE-2024-10978) Coby Abrams discovered that PostgreSQL incorrectly handled environment variables. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-10979) Update Instructions: Run sudo pro fix USN-7132-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 14.15-0ubuntu0.22.04.1 libecpg-dev - 14.15-0ubuntu0.22.04.1 libecpg6 - 14.15-0ubuntu0.22.04.1 libpgtypes3 - 14.15-0ubuntu0.22.04.1 libpq-dev - 14.15-0ubuntu0.22.04.1 libpq5 - 14.15-0ubuntu0.22.04.1 postgresql-14 - 14.15-0ubuntu0.22.04.1 postgresql-client-14 - 14.15-0ubuntu0.22.04.1 postgresql-doc-14 - 14.15-0ubuntu0.22.04.1 postgresql-plperl-14 - 14.15-0ubuntu0.22.04.1 postgresql-plpython3-14 - 14.15-0ubuntu0.22.04.1 postgresql-pltcl-14 - 14.15-0ubuntu0.22.04.1 postgresql-server-dev-14 - 14.15-0ubuntu0.22.04.1 No subscription required
CVEs:

Title: USN-7137-1 -- recutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7137-1
Priorities: medium,low
Description:
It was discovered that recutils incorrectly handled memory when parsing comments with the recparser utility. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2021-46019, CVE-2021-46021, CVE-2021-46022) It was discovered that recutils incorrectly handled memory when parsing CSV files. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638, CVE-2019-11639, CVE-2019-11640) It was discovered that recutils incorrectly handled memory when parsing maliciously crafted recfiles. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457, CVE-2019-6458, CVE-2019-6459, CVE-2019-6460) Update Instructions: Run sudo pro fix USN-7137-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librec-dev - 1.8-1ubuntu0.22.04.1~~esm1 librec1 - 1.8-1ubuntu0.22.04.1~~esm1 recutils - 1.8-1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro
CVEs:

Title: USN-7142-1 -- WebKitGTK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7142-1
Priorities: high
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run sudo pro fix USN-7142-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.46.4-0ubuntu0.22.04.1 gir1.2-javascriptcoregtk-4.1 - 2.46.4-0ubuntu0.22.04.1 gir1.2-javascriptcoregtk-6.0 - 2.46.4-0ubuntu0.22.04.1 gir1.2-webkit-6.0 - 2.46.4-0ubuntu0.22.04.1 gir1.2-webkit2-4.0 - 2.46.4-0ubuntu0.22.04.1 gir1.2-webkit2-4.1 - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-4.0-18 - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-4.0-bin - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-4.0-dev - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-dev - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-6.0-1 - 2.46.4-0ubuntu0.22.04.1 libjavascriptcoregtk-6.0-dev - 2.46.4-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 - 2.46.4-0ubuntu0.22.04.1 libwebkit2gtk-4.0-dev - 2.46.4-0ubuntu0.22.04.1 libwebkit2gtk-4.0-doc - 2.46.4-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 - 2.46.4-0ubuntu0.22.04.1 libwebkit2gtk-4.1-dev - 2.46.4-0ubuntu0.22.04.1 libwebkitgtk-6.0-4 - 2.46.4-0ubuntu0.22.04.1 libwebkitgtk-6.0-dev - 2.46.4-0ubuntu0.22.04.1 webkit2gtk-driver - 2.46.4-0ubuntu0.22.04.1 No subscription required
CVEs:

Title: USN-7144-1 -- Linux kernel (Intel IoTG) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7144-1
Priorities: high,low,medium
Description:
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - Null block device driver; - Character device driver; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I3C subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Miscellaneous) drivers; - IOMMU subsystem; - IRQ chip drivers; - ISDN/mISDN subsystem; - LED subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - Near Field Communication (NFC) drivers; - NVME drivers; - Device tree and open firmware driver; - Parport drivers; - PCI subsystem; - Pin controllers subsystem; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - QCOM SoC drivers; - Direct Digital Synthesis drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - Userspace I/O drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - USB Type-C Connector System Software Interface driver; - USB over IP driver; - Virtio Host (VHOST) subsystem; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - F2FS file system; - JFS file system; - NILFS2 file system; - File system notification infrastructure; - NTFS3 file system; - Proc file system; - SMB network file system; - Bitmap API; - Objagg library; - Perf events; - Virtio network driver; - KCM (Kernel Connection Multiplexor) sockets driver; - Network traffic control; - Control group (cgroup); - DMA mapping infrastructure; - Locking primitives; - Padata parallel execution mechanism; - RCU subsystem; - Scheduler infrastructure; - Tracing infrastructure; - Radix Tree data structure library; - Kernel userspace event delivery library; - Memory management; - Amateur Radio drivers; - Bluetooth subsystem; - Ethernet bridge; - CAN network layer; - Networking core; - Ethtool driver; - IPv4 networking; - IPv6 networking; - IUCV driver; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - SCTP protocol; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Wireless networking; - AppArmor security module; - Landlock security; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - SoC audio core drivers; - USB sound devices; (CVE-2024-42280, CVE-2024-46759, CVE-2024-42286, CVE-2024-41042, CVE-2024-42276, CVE-2024-46732, CVE-2024-43902, CVE-2024-47665, CVE-2024-46675, CVE-2024-43873, CVE-2024-46761, CVE-2024-42281, CVE-2024-46795, CVE-2024-43869, CVE-2024-39472, CVE-2024-46800, CVE-2024-44998, CVE-2024-46746, CVE-2024-46747, CVE-2024-41011, CVE-2024-43871, CVE-2024-46737, CVE-2024-42318, CVE-2024-46731, CVE-2024-41022, CVE-2024-42285, CVE-2024-46752, CVE-2024-46818, CVE-2024-44935, CVE-2024-44946, CVE-2024-44944, CVE-2024-41015, CVE-2024-42312, CVE-2024-46676, CVE-2024-43834, CVE-2024-44966, CVE-2024-46743, CVE-2024-45026, CVE-2024-46805, CVE-2024-26607, CVE-2024-46771, CVE-2024-43905, CVE-2024-43884, CVE-2024-41070, CVE-2024-43829, CVE-2024-46725, CVE-2024-45028, CVE-2024-42287, CVE-2024-42313, CVE-2024-42277, CVE-2024-42290, CVE-2024-44934, CVE-2024-46829, CVE-2024-46707, CVE-2024-46677, CVE-2024-42311, CVE-2024-46814, CVE-2024-46815, CVE-2024-46755, CVE-2024-41065, CVE-2024-43889, CVE-2024-46780, CVE-2024-43860, CVE-2024-46777, CVE-2024-46719, CVE-2024-45009, CVE-2024-42302, CVE-2024-42304, CVE-2024-41063, CVE-2024-47659, CVE-2024-46822, CVE-2024-46756, CVE-2024-42283, CVE-2024-46757, CVE-2024-43909, CVE-2024-45011, CVE-2024-46739, CVE-2024-46750, CVE-2024-46782, CVE-2024-44986, CVE-2024-44983, CVE-2024-45021, CVE-2024-44987, CVE-2024-41090, CVE-2024-42288, CVE-2024-44969, CVE-2024-42272, CVE-2024-43893, CVE-2024-42259, CVE-2024-46781, CVE-2024-43907, CVE-2024-42265, CVE-2024-43839, CVE-2024-47663, CVE-2024-46798, CVE-2024-43817, CVE-2024-42295, CVE-2024-46840, CVE-2024-45008, CVE-2024-43849, CVE-2024-46744, CVE-2024-43879, CVE-2024-43841, CVE-2024-42299, CVE-2024-46783, CVE-2024-36484, CVE-2024-47660, CVE-2024-42310, CVE-2024-44990, CVE-2024-42270, CVE-2024-43894, CVE-2024-41071, CVE-2024-40915, CVE-2024-46810, CVE-2024-44954, CVE-2024-42246, CVE-2023-52889, CVE-2024-43892, CVE-2024-43890, CVE-2024-42284, CVE-2023-52918, CVE-2024-47669, CVE-2024-41078, CVE-2024-41073, CVE-2024-26800, CVE-2024-41091, CVE-2024-46828, CVE-2022-48666, CVE-2024-41060, CVE-2024-42114, CVE-2024-46807, CVE-2024-26669, CVE-2024-44965, CVE-2024-46758, CVE-2024-44947, CVE-2024-43875, CVE-2024-42126, CVE-2024-46685, CVE-2024-43883, CVE-2024-46722, CVE-2024-41064, CVE-2024-43882, CVE-2024-46679, CVE-2024-46740, CVE-2024-45025, CVE-2024-46721, CVE-2024-38611, CVE-2024-46844, CVE-2024-45007, CVE-2024-44960, CVE-2024-42306, CVE-2024-44971, CVE-2024-43835, CVE-2024-42305, CVE-2024-43846, CVE-2024-42289, CVE-2024-46689, CVE-2024-46724, CVE-2024-43853, CVE-2024-44974, CVE-2024-43828, CVE-2024-43914, CVE-2024-44958, CVE-2024-46673, CVE-2024-46723, CVE-2024-41081, CVE-2024-46738, CVE-2024-42296, CVE-2024-45006, CVE-2024-46714, CVE-2024-43880, CVE-2024-42271, CVE-2024-44985, CVE-2024-41072, CVE-2024-43867, CVE-2024-43858, CVE-2024-26893, CVE-2024-41059, CVE-2024-38577, CVE-2024-46817, CVE-2024-46702, CVE-2024-41019, CVE-2024-44999, CVE-2024-43908, CVE-2024-42292, CVE-2024-43856, CVE-2024-45018, CVE-2024-41068, CVE-2024-43870, CVE-2024-45003, CVE-2024-42297, CVE-2024-47668, CVE-2024-43830, CVE-2024-26661, CVE-2024-41017, CVE-2024-42309, CVE-2024-43861, CVE-2024-46791, CVE-2024-44989, CVE-2024-46745, CVE-2024-42269, CVE-2024-43863, CVE-2024-43854, CVE-2024-44995, CVE-2024-46804, CVE-2024-44948, CVE-2024-46819, CVE-2024-41098, CVE-2024-44982, CVE-2024-46763, CVE-2024-46832, CVE-2024-41077, CVE-2024-42274, CVE-2024-47667, CVE-2024-41012, CVE-2024-41020, CVE-2024-42301, CVE-2024-42267, CVE-2024-46713, CVE-2024-38602, CVE-2024-44988) Update Instructions: Run sudo pro fix USN-7144-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-cloud-tools-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-headers-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-image-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-image-unsigned-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-intel-iotg-cloud-tools-5.15.0-1067 - 5.15.0-1067.73 linux-intel-iotg-cloud-tools-common - 5.15.0-1067.73 linux-intel-iotg-headers-5.15.0-1067 - 5.15.0-1067.73 linux-intel-iotg-tools-5.15.0-1067 - 5.15.0-1067.73 linux-intel-iotg-tools-common - 5.15.0-1067.73 linux-intel-iotg-tools-host - 5.15.0-1067.73 linux-modules-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-modules-extra-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-modules-iwlwifi-5.15.0-1067-intel-iotg - 5.15.0-1067.73 linux-tools-5.15.0-1067-intel-iotg - 5.15.0-1067.73 No subscription required linux-headers-intel-iotg - 5.15.0.1067.67 linux-image-intel-iotg - 5.15.0.1067.67 linux-intel-iotg - 5.15.0.1067.67 linux-tools-intel-iotg - 5.15.0.1067.67 No subscription required
CVEs:

Title: USN-7146-1 -- Dogtag PKI vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7146-1
Priorities: medium
Description:
Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-7537) It was discovered that Dogtag PKI did not properly sanitize user input. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-25715) It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-2414) Update Instructions: Run sudo pro fix USN-7146-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dogtag-pki - 11.0.0-1ubuntu0.1~~esm1 dogtag-pki-console-theme - 11.0.0-1ubuntu0.1~~esm1 dogtag-pki-server-theme - 11.0.0-1ubuntu0.1~~esm1 libsymkey-java - 11.0.0-1ubuntu0.1~~esm1 libsymkey-jni - 11.0.0-1ubuntu0.1~~esm1 pki-base - 11.0.0-1ubuntu0.1~~esm1 pki-base-java - 11.0.0-1ubuntu0.1~~esm1 pki-ca - 11.0.0-1ubuntu0.1~~esm1 pki-console - 11.0.0-1ubuntu0.1~~esm1 pki-javadoc - 11.0.0-1ubuntu0.1~~esm1 pki-kra - 11.0.0-1ubuntu0.1~~esm1 pki-ocsp - 11.0.0-1ubuntu0.1~~esm1 pki-server - 11.0.0-1ubuntu0.1~~esm1 pki-tks - 11.0.0-1ubuntu0.1~~esm1 pki-tools - 11.0.0-1ubuntu0.1~~esm1 pki-tps - 11.0.0-1ubuntu0.1~~esm1 pki-tps-client - 11.0.0-1ubuntu0.1~~esm1 python3-pki-base - 11.0.0-1ubuntu0.1~~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro
CVEs:

Title: USN-7149-1 -- Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7149-1
Priorities: medium
Description:
Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel(R) Xeon(R) processors did not properly restrict access to the memory controller when using Intel(R) SGX. This may allow a local privileged attacker to further escalate their privileges. (CVE-2024-21820, CVE-2024-23918) It was discovered that some 4th and 5th Generation Intel(R) Xeon(R) Processors did not properly implement finite state machines (FSMs) in hardware logic. THis may allow a local privileged attacker to cause a denial of service (system crash). (CVE-2024-21853) It was discovered that some Intel(R) Processors did not properly restrict access to the Running Average Power Limit (RAPL) interface. This may allow a local privileged attacker to obtain sensitive information. (CVE-2024-23984) It was discovered that some Intel(R) Processors did not properly implement finite state machines (FSMs) in hardware logic. This may allow a local privileged attacker to cause a denial of service (system crash). (CVE-2024-24968) Update Instructions: Run sudo pro fix USN-7149-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20241112.0ubuntu0.22.04.1 No subscription required
CVEs:

Title: USN-7162-1 -- curl vulnerability
URL: https://ubuntu.com/security/notices/USN-7162-1
Priorities: low
Description:
Harry Sintonen discovered that curl incorrectly handled credentials from .netrc files when following HTTP redirects. In certain configurations, the password for the first host could be leaked to the followed-to host, contrary to expectations. Update Instructions: Run sudo pro fix USN-7162-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.81.0-1ubuntu1.20 libcurl3-gnutls - 7.81.0-1ubuntu1.20 libcurl3-nss - 7.81.0-1ubuntu1.20 libcurl4 - 7.81.0-1ubuntu1.20 libcurl4-doc - 7.81.0-1ubuntu1.20 libcurl4-gnutls-dev - 7.81.0-1ubuntu1.20 libcurl4-nss-dev - 7.81.0-1ubuntu1.20 libcurl4-openssl-dev - 7.81.0-1ubuntu1.20 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2024-11053

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ubuntu jammy v1.682

Metadata:

USNs: