Release ubuntu jammy v1.71 · cloudfoundry/bosh-linux-stemcell-builder

Metadata:

BOSH Agent Version: 2.488.0

USNs:

Title: USN-5763-1: NumPy vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5763-1
Priorities: medium
Description:
It was discovered that NumPy did not properly manage memory when specifying
arrays of large dimensions. If a user were tricked into running malicious
Python file, an attacker could cause a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-33430)

It was discovered that NumPy did not properly perform string comparison
operations under certain circumstances. An attacker could possibly use
this issue to cause NumPy to crash, resulting in a denial of service.
(CVE-2021-34141)

It was discovered that NumPy did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause NumPy to
crash, resulting in a denial of service. (CVE-2021-41495, CVE-2021-41496)
CVEs:

Title: USN-5772-1: QEMU vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5772-1
Priorities: medium,low
Description:
It was discovered that QEMU incorrectly handled bulk transfers from SPICE
clients. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682)

It was discovered that QEMU did not properly manage memory when it
transfers the USB packets. A malicious guest attacker could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750)

It was discovered that the QEMU SCSI device emulation incorrectly handled
certain MODE SELECT commands. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2021-3930)

It was discovered that QEMU did not properly manage memory when it
processing repeated messages to cancel the current SCSI request. A
malicious privileged guest attacker could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2022-0216)

It was discovered that QEMU did not properly manage memory when it
using Tulip device emulation. A malicious guest attacker could use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 22.10. (CVE-2022-2962)

It was discovered that QEMU did not properly manage memory when processing
ClientCutText messages. A attacker could use this issue to cause QEMU to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-3165)
CVEs:

Title: USN-5759-1: LibBPF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5759-1
Priorities: medium
Description:
It was discovered that LibBPF incorrectly handled certain memory operations
under certain circumstances. An attacker could possibly use this issue to
cause LibBPF to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 22.10.
(CVE-2021-45940, CVE-2021-45941, CVE-2022-3533)

It was discovered that LibBPF incorrectly handled certain memory operations
under certain circumstances. An attacker could possibly use this issue to
cause LibBPF to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-3534, CVE-2022-3606)
CVEs:

Title: USN-5760-1: libxml2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5760-1
Priorities: low,medium
Description:
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2022-2309)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information
or cause a crash. (CVE-2022-40303)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-40304)
CVEs:

Title: USN-5764-1: U-Boot vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5764-1
Priorities: medium
Description:
It was discovered that U-Boot incorrectly handled certain USB DFU download
setup packets. A local attacker could use this issue to cause U-Boot to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-2347)

Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled
certain fragmented IP packets. A local attacker could use this issue to
cause U-Boot to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30552, CVE-2022-30790)

It was discovered that U-Boot incorrectly handled certain NFS lookup
replies. A remote attacker could use this issue to cause U-Boot to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-30767)

Jincheng Wang discovered that U-Boot incorrectly handled certain SquashFS
structures. A local attacker could use this issue to cause U-Boot to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-33103)

Tatsuhiko Yasumatsu discovered that U-Boot incorrectly handled certain
SquashFS structures. A local attacker could use this issue to cause U-Boot
to crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-33967)

It was discovered that U-Boot incorrectly handled the i2c command. A local
attacker could use this issue to cause U-Boot to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-34835)
CVEs:

Title: USN-5776-1: containerd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5776-1
Priorities: medium
Description:
It was discovered that containerd incorrectly handled memory
when receiving certain faulty Exec or ExecSync commands. A remote
attacker could possibly use this issue to cause a denial of service
or crash containerd. (CVE-2022-23471, CVE-2022-31030)

It was discovered that containerd incorrectly set up inheritable file
capabilities. An attacker could possibly use this issue to escalate
privileges inside a container. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24769)

It was discovered that containerd incorrectly handled access to encrypted
container images when using imgcrypt library. A remote attacker could
possibly use this issue to access encrypted images from other users.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-24778)
CVEs:

Title: USN-5767-1: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5767-1
Priorities: medium
Description:
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)

It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)
CVEs:

Title: USN-5762-1: GNU binutils vulnerability
URL: https://ubuntu.com/security/notices/USN-5762-1
Priorities: medium
Description:
It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
CVEs:

https://ubuntu.com/security/CVE-2022-38533

Title: USN-5773-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5773-1
Priorities: high,medium,low
Description:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Jan Beulich discovered that the Xen network device frontend driver in the
Linux kernel incorrectly handled socket buffers (skb) references when
communicating with certain backends. A local attacker could use this to
cause a denial of service (guest crash). (CVE-2022-33743)

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)

It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)

It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)

It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)

It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)
CVEs:

Title: USN-5755-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5755-2
Priorities: high,medium,low
Description:
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that the ISDN implementation of the Linux kernel
contained a use-after-free vulnerability. A privileged user could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3565)

It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)

It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ubuntu jammy v1.71

Metadata:

USNs: