NVD Description

Note: Versions mentioned in the description apply only to the upstream apr package and not the apr package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

Remediation

Upgrade Ubuntu:22.04 apr to version 1.7.0-8ubuntu0.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-24963
• https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9
• https://security.netapp.com/advisory/ntap-20230908-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32221
• https://hackerone.com/reports/1704017
• https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
• https://security.gentoo.org/glsa/202212-01
• https://security.netapp.com/advisory/ntap-20230110-0006/
• https://security.netapp.com/advisory/ntap-20230208-0002/
• https://support.apple.com/kb/HT213604
• https://support.apple.com/kb/HT213605
• https://www.debian.org/security/2023/dsa-5330
• http://seclists.org/fulldisclosure/2023/Jan/19
• http://seclists.org/fulldisclosure/2023/Jan/20
• http://www.openwall.com/lists/oss-security/2023/05/17/4

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491
• https://github.com/libexpat/libexpat/issues/888
• https://github.com/libexpat/libexpat/pull/891

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492
• https://github.com/libexpat/libexpat/issues/889
• https://github.com/libexpat/libexpat/pull/892

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490
• https://github.com/libexpat/libexpat/issues/887
• https://github.com/libexpat/libexpat/pull/890

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Remediation

Upgrade Ubuntu:22.04 freetype to version 2.11.1+dfsg-1ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27404
• https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
• https://security.gentoo.org/glsa/202402-06

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2068
• https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
• https://security.netapp.com/advisory/ntap-20220707-0008/
• https://www.debian.org/security/2022/dsa-5169
• https://www.openssl.org/news/secadv/20220621.txt
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Remediation

Upgrade Ubuntu:22.04 zlib to version 1:1.2.11.dfsg-2ubuntu9.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-37434
• http://seclists.org/fulldisclosure/2022/Oct/41
• http://www.openwall.com/lists/oss-security/2022/08/05/2
• http://www.openwall.com/lists/oss-security/2022/08/09/1
• https://github.com/curl/curl/issues/9271
• https://github.com/ivd38/zlib_overflow
• https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
• https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
• https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
• https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
• https://security.netapp.com/advisory/ntap-20220901-0005/
• https://support.apple.com/kb/HT213488
• https://support.apple.com/kb/HT213489
• https://support.apple.com/kb/HT213490
• https://support.apple.com/kb/HT213491
• https://support.apple.com/kb/HT213493
• https://support.apple.com/kb/HT213494
• https://www.debian.org/security/2022/dsa-5218
• http://seclists.org/fulldisclosure/2022/Oct/37
• http://seclists.org/fulldisclosure/2022/Oct/38
• http://seclists.org/fulldisclosure/2022/Oct/42
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
• https://security.netapp.com/advisory/ntap-20230427-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Remediation

Upgrade Ubuntu:22.04 krb5 to version 1.19.2-2ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-37371
• https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
• https://web.mit.edu/kerberos/www/advisories/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Remediation

Upgrade Ubuntu:22.04 krb5 to version 1.19.2-2ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-42898
• https://bugzilla.samba.org/show_bug.cgi?id=15203
• https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
• https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583
• https://security.netapp.com/advisory/ntap-20230216-0008/
• https://security.netapp.com/advisory/ntap-20230223-0001/
• https://web.mit.edu/kerberos/advisories/
• https://web.mit.edu/kerberos/krb5-1.19/
• https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt
• https://www.samba.org/samba/security/CVE-2022-42898.html
• https://security.gentoo.org/glsa/202309-06
• https://security.gentoo.org/glsa/202310-06

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-42915
• https://curl.se/docs/CVE-2022-42915.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/
• https://security.gentoo.org/glsa/202212-01
• https://security.netapp.com/advisory/ntap-20221209-0010/
• https://support.apple.com/kb/HT213604
• https://support.apple.com/kb/HT213605
• http://seclists.org/fulldisclosure/2023/Jan/19
• http://seclists.org/fulldisclosure/2023/Jan/20
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-40674
• https://github.com/libexpat/libexpat/pull/629
• https://github.com/libexpat/libexpat/pull/640
• https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
• https://security.gentoo.org/glsa/202209-24
• https://security.gentoo.org/glsa/202211-06
• https://security.netapp.com/advisory/ntap-20221028-0008/
• https://www.debian.org/security/2022/dsa-5236
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Remediation

Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-31484
• http://www.openwall.com/lists/oss-security/2023/04/29/1
• http://www.openwall.com/lists/oss-security/2023/05/03/3
• http://www.openwall.com/lists/oss-security/2023/05/03/5
• http://www.openwall.com/lists/oss-security/2023/05/07/2
• https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
• https://github.com/andk/cpanpm/pull/175
• https://metacpan.org/dist/CPAN/changes
• https://www.openwall.com/lists/oss-security/2023/04/18/14
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
• https://security.netapp.com/advisory/ntap-20240621-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

Remediation

Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3715
• https://bugzilla.redhat.com/show_bug.cgi?id=2126720

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47695
• https://sourceware.org/bugzilla/show_bug.cgi?id=29846

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47696
• https://sourceware.org/bugzilla/show_bug.cgi?id=29677

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47673
• https://sourceware.org/bugzilla/show_bug.cgi?id=29876

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-45703
• https://sourceware.org/bugzilla/show_bug.cgi?id=29799
• https://security.netapp.com/advisory/ntap-20231006-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-44840
• https://sourceware.org/bugzilla/show_bug.cgi?id=29732

NVD Description

Note: Versions mentioned in the description apply only to the upstream e2fsprogs package and not the e2fsprogs package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Remediation

Upgrade Ubuntu:22.04 e2fsprogs to version 1.46.5-2ubuntu1.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1304
• https://access.redhat.com/errata/RHSA-2022:7720
• https://access.redhat.com/errata/RHSA-2022:8361
• https://access.redhat.com/security/cve/CVE-2022-1304
• https://bugzilla.redhat.com/show_bug.cgi?id=2069726

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

Remediation

Upgrade Ubuntu:22.04 freetype to version 2.11.1+dfsg-1ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-31782
• https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8

NVD Description

Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

Remediation

Upgrade Ubuntu:22.04 libcap2 to version 1:2.44-1ubuntu0.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2603
• https://bugzilla.redhat.com/show_bug.cgi?id=2209113
• https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Remediation

Upgrade Ubuntu:22.04 ncurses to version 6.3-2ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29491
• http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
• http://www.openwall.com/lists/oss-security/2023/04/19/10
• http://www.openwall.com/lists/oss-security/2023/04/19/11
• https://www.openwall.com/lists/oss-security/2023/04/12/5
• https://www.openwall.com/lists/oss-security/2023/04/13/4
• https://security.netapp.com/advisory/ntap-20230517-0009/
• https://support.apple.com/kb/HT213843
• https://support.apple.com/kb/HT213844
• https://support.apple.com/kb/HT213845
• http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
• https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

CPAN 2.28 allows Signature Verification Bypass.

Remediation

Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156
• http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
• https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
• https://metacpan.org/pod/distribution/CPAN/scripts/cpan
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/

NVD Description

Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Remediation

Upgrade Ubuntu:22.04 perl to version 5.34.0-3ubuntu1.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-47038
• https://access.redhat.com/security/cve/CVE-2023-47038
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
• https://bugzilla.redhat.com/show_bug.cgi?id=2249523
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/
• https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property
• https://access.redhat.com/errata/RHSA-2024:2228
• https://access.redhat.com/errata/RHSA-2024:3128

NVD Description

Note: Versions mentioned in the description apply only to the upstream ca-certificates package and not the ca-certificates package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Remediation

Upgrade Ubuntu:22.04 ca-certificates to version 20211016ubuntu0.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-23491
• https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-42916
• http://seclists.org/fulldisclosure/2023/Jan/19
• http://seclists.org/fulldisclosure/2023/Jan/20
• http://www.openwall.com/lists/oss-security/2022/12/21/1
• https://curl.se/docs/CVE-2022-42916.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/
• https://security.gentoo.org/glsa/202212-01
• https://security.netapp.com/advisory/ntap-20221209-0010/
• https://support.apple.com/kb/HT213604
• https://support.apple.com/kb/HT213605
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-43551
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
• https://hackerone.com/reports/1755083
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
• https://security.gentoo.org/glsa/202310-12
• https://security.netapp.com/advisory/ntap-20230427-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-52425
• https://github.com/libexpat/libexpat/pull/789
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
• https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://security.netapp.com/advisory/ntap-20240614-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-43680
• https://github.com/libexpat/libexpat/issues/649
• https://github.com/libexpat/libexpat/pull/616
• https://github.com/libexpat/libexpat/pull/650
• https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
• https://security.gentoo.org/glsa/202210-38
• https://security.netapp.com/advisory/ntap-20221118-0007/
• https://www.debian.org/security/2022/dsa-5266
• http://www.openwall.com/lists/oss-security/2023/12/28/5
• http://www.openwall.com/lists/oss-security/2024/01/03/5
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Remediation

Upgrade Ubuntu:22.04 freetype to version 2.11.1+dfsg-1ubuntu0.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2004
• https://access.redhat.com/security/cve/CVE-2023-2004
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
• https://bugzilla.redhat.com/show_bug.cgi?id=2186428
• https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5156
• https://access.redhat.com/security/cve/CVE-2023-5156
• https://bugzilla.redhat.com/show_bug.cgi?id=2240541
• https://sourceware.org/bugzilla/show_bug.cgi?id=30884
• https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
• http://www.openwall.com/lists/oss-security/2023/10/03/4
• http://www.openwall.com/lists/oss-security/2023/10/03/5
• http://www.openwall.com/lists/oss-security/2023/10/03/6
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://security.gentoo.org/glsa/202402-01

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2509
• https://access.redhat.com/security/cve/CVE-2022-2509
• https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
• https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
• https://www.debian.org/security/2022/dsa-5203
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-0567
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://access.redhat.com/security/cve/CVE-2024-0567
• https://bugzilla.redhat.com/show_bug.cgi?id=2258544
• https://gitlab.com/gnutls/gnutls/-/issues/1521
• https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:1082
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://security.netapp.com/advisory/ntap-20240202-0011/
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-0553
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://access.redhat.com/security/cve/CVE-2024-0553
• https://bugzilla.redhat.com/show_bug.cgi?id=2258412
• https://gitlab.com/gnutls/gnutls/-/issues/1522
• https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:0627
• https://security.netapp.com/advisory/ntap-20240202-0011/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://access.redhat.com/errata/RHSA-2024:0796
• https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
• https://access.redhat.com/errata/RHSA-2024:1082
• https://access.redhat.com/errata/RHSA-2024:1108
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Remediation

Upgrade Ubuntu:22.04 krb5 to version 1.19.2-2ubuntu0.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-37370
• https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
• https://web.mit.edu/kerberos/www/advisories/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtirpc package and not the libtirpc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Remediation

Upgrade Ubuntu:22.04 libtirpc to version 1.3.2-2ubuntu0.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-46828
• http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
• https://lists.debian.org/debian-lts-announce/2022/08/msg00004.html
• https://security.gentoo.org/glsa/202210-33
• https://security.netapp.com/advisory/ntap-20221007-0004/
• https://www.debian.org/security/2022/dsa-5200
• http://git.linux-nfs.org/?p=steved/libtirpc.git%3Ba=commit%3Bh=86529758570cef4c73fb9b9c4104fdc510f701ed

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical.

Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.12 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5363
• http://www.openwall.com/lists/oss-security/2023/10/24/1
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
• https://security.netapp.com/advisory/ntap-20231027-0010/
• https://www.debian.org/security/2023/dsa-5532
• https://www.openssl.org/news/secadv/20231024.txt
• https://security.netapp.com/advisory/ntap-20240201-0003/
• https://security.netapp.com/advisory/ntap-20240201-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4450
• https://www.openssl.org/news/secadv/20230207.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0216
• https://www.openssl.org/news/secadv/20230207.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider.

PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0401
• https://www.openssl.org/news/secadv/20230207.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0217
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
• https://www.openssl.org/news/secadv/20230207.txt
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-40735
• https://gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b
• https://github.com/mozilla/ssl-config-generator/issues/162
• https://link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf
• https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
• https://raw.githubusercontent.com/CVEProject/cvelist/9d7fbbcabd3f44cfedc9e8807757d31ece85a2c6/2022/40xxx/CVE-2022-40735.json
• https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf
• https://www.rfc-editor.org/rfc/rfc3526
• https://www.rfc-editor.org/rfc/rfc4419
• https://www.rfc-editor.org/rfc/rfc5114#section-4
• https://www.rfc-editor.org/rfc/rfc7919#section-5.2
• https://dheatattack.gitlab.io/
• https://ieeexplore.ieee.org/document/10374117

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0215
• https://www.openssl.org/news/secadv/20230207.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
• https://security.netapp.com/advisory/ntap-20230427-0007/
• https://security.netapp.com/advisory/ntap-20230427-0009/
• https://security.gentoo.org/glsa/202402-08
• https://security.netapp.com/advisory/ntap-20240621-0006/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0361
• https://access.redhat.com/security/cve/CVE-2023-0361
• https://github.com/tlsfuzzer/tlsfuzzer/pull/679
• https://gitlab.com/gnutls/gnutls/-/issues/1050
• https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
• https://security.netapp.com/advisory/ntap-20230324-0005/
• https://security.netapp.com/advisory/ntap-20230725-0005/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-25584
• https://access.redhat.com/security/cve/CVE-2023-25584
• https://bugzilla.redhat.com/show_bug.cgi?id=2167467
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
• https://security.netapp.com/advisory/ntap-20231103-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-23916
• https://hackerone.com/reports/1826048
• https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/
• https://security.netapp.com/advisory/ntap-20230309-0006/
• https://www.debian.org/security/2023/dsa-5365
• https://security.gentoo.org/glsa/202310-12
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.

It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with domain=co.UK when the URL used a lower case hostname curl.co.uk, even though co.uk is listed as a PSL domain.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.15 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-46218
• https://curl.se/docs/CVE-2023-46218.html
• https://hackerone.com/reports/2212193
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
• https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
• https://www.debian.org/security/2023/dsa-5587
• https://security.netapp.com/advisory/ntap-20240125-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.17 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-7264
• http://www.openwall.com/lists/oss-security/2024/07/31/1
• https://curl.se/docs/CVE-2024-7264.html
• https://curl.se/docs/CVE-2024-7264.json
• https://hackerone.com/reports/2629968

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Remediation

Upgrade Ubuntu:22.04 krb5 to version 1.19.2-2ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-36054
• https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
• https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
• https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
• https://web.mit.edu/kerberos/www/advisories/
• https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html
• https://security.netapp.com/advisory/ntap-20230908-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepki_verify_data_signature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value rc, which is initialized to SSH_ERROR and later rewritten to save the return value of the function call pki_key_check_hash_compatible. The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls goto error returning SSH_OK.

Remediation

Upgrade Ubuntu:22.04 libssh to version 0.9.6-2ubuntu0.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2283
• https://access.redhat.com/security/cve/CVE-2023-2283
• https://bugzilla.redhat.com/show_bug.cgi?id=2189736
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
• https://www.libssh.org/security/advisories/CVE-2023-2283.txt
• http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
• https://security.gentoo.org/glsa/202312-05
• https://security.netapp.com/advisory/ntap-20240201-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Remediation

Upgrade Ubuntu:22.04 libssh to version 0.9.6-2ubuntu0.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-1667
• http://www.libssh.org/security/advisories/CVE-2023-1667.txt
• https://access.redhat.com/security/cve/CVE-2023-1667
• https://bugzilla.redhat.com/show_bug.cgi?id=2182199
• https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/
• https://security.gentoo.org/glsa/202312-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.

Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service.

An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods.

When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*).

With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms.

Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data.

Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low.

In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature.

The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication.

In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2650
• http://www.openwall.com/lists/oss-security/2023/05/30/1
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
• https://www.debian.org/security/2023/dsa-5417
• https://www.openssl.org/news/secadv/20230530.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
• https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
• https://security.netapp.com/advisory/ntap-20230703-0001/
• https://security.netapp.com/advisory/ntap-20231027-0009/
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.10 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-27535
• https://hackerone.com/reports/1892780
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
• https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html
• https://security.netapp.com/advisory/ntap-20230420-0010/
• https://security.gentoo.org/glsa/202310-12
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-43552
• https://hackerone.com/reports/1764858
• https://security.netapp.com/advisory/ntap-20230214-0002/
• http://seclists.org/fulldisclosure/2023/Mar/17
• https://security.gentoo.org/glsa/202310-12
• https://support.apple.com/kb/HT213670

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5981
• https://access.redhat.com/security/cve/CVE-2023-5981
• https://bugzilla.redhat.com/show_bug.cgi?id=2248445
• https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
• https://access.redhat.com/errata/RHSA-2024:0155
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://access.redhat.com/errata/RHSA-2024:0319
• https://access.redhat.com/errata/RHSA-2024:0399
• https://access.redhat.com/errata/RHSA-2024:0451
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
• https://access.redhat.com/errata/RHSA-2024:0533
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Remediation

Upgrade Ubuntu:22.04 libssh to version 0.9.6-2ubuntu0.22.04.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-48795
• http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
• http://www.openwall.com/lists/oss-security/2023/12/18/3
• http://www.openwall.com/lists/oss-security/2023/12/19/5
• http://www.openwall.com/lists/oss-security/2023/12/20/3
• https://access.redhat.com/security/cve/cve-2023-48795
• https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
• https://bugs.gentoo.org/920280
• https://bugzilla.redhat.com/show_bug.cgi?id=2254210
• https://bugzilla.suse.com/show_bug.cgi?id=1217950
• https://crates.io/crates/thrussh/versions
• https://filezilla-project.org/versions.php
• https://forum.netgate.com/topic/184941/terrapin-ssh-attack
• https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
• https://github.com/NixOS/nixpkgs/pull/275249
• https://github.com/PowerShell/Win32-OpenSSH/issues/2189
• https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
• https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
• https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
• https://github.com/advisories/GHSA-45x7-px36-x8w8
• https://github.com/apache/mina-sshd/issues/445
• https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
• https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
• https://github.com/cyd01/KiTTY/issues/520
• https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
• https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
• https://github.com/erlang/otp/releases/tag/OTP-26.2.1
• https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
• https://github.com/hierynomus/sshj/issues/916
• https://github.com/janmojzis/tinyssh/issues/81
• https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
• https://github.com/libssh2/libssh2/pull/1291
• https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
• https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
• https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
• https://github.com/mwiede/jsch/issues/457
• https://github.com/mwiede/jsch/pull/461
• https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
• https://github.com/openssh/openssh-portable/commits/master
• https://github.com/paramiko/paramiko/issues/2337
• https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
• https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
• https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
• https://github.com/proftpd/proftpd/issues/456
• https://github.com/rapier1/hpn-ssh/releases
• https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
• https://github.com/ronf/asyncssh/tags
• https://github.com/ssh-mitm/ssh-mitm/issues/165
• https://github.com/warp-tech/russh/releases/tag/v0.40.2
• https://gitlab.com/libssh/libssh-mirror/-/tags
• https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
• https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
• https://help.panic.com/releasenotes/transmit5/
• https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
• https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
• https://matt.ucc.asn.au/dropbear/CHANGES
• https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
• https://news.ycombinator.com/item?id=38684904
• https://news.ycombinator.com/item?id=38685286
• https://news.ycombinator.com/item?id=38732005
• https://nova.app/releases/#v11.8
• https://oryx-embedded.com/download/#changelog
• https://roumenpetrov.info/secsh/#news20231220
• https://security-tracker.debian.org/tracker/CVE-2023-48795
• https://security-tracker.debian.org/tracker/source-package/libssh2
• https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
• https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
• https://security.gentoo.org/glsa/202312-16
• https://security.gentoo.org/glsa/202312-17
• https://thorntech.com/cve-2023-48795-and-sftp-gateway/
• https://twitter.com/TrueSkrillor/status/1736774389725565005
• https://ubuntu.com/security/CVE-2023-48795
• https://winscp.net/eng/docs/history#6.2.2
• https://www.bitvise.com/ssh-client-version-history#933
• https://www.bitvise.com/ssh-server-version-history
• https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
• https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
• https://www.debian.org/security/2023/dsa-5586
• https://www.debian.org/security/2023/dsa-5588
• https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
• https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
• https://www.netsarang.com/en/xshell-update-history/
• https://www.openssh.com/openbsd.html
• https://www.openssh.com/txt/release-9.6
• https://www.openwall.com/lists/oss-security/2023/12/18/2
• https://www.openwall.com/lists/oss-security/2023/12/20/3
• https://www.paramiko.org/changelog.html
• https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
• https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
• https://www.terrapin-attack.com
• https://www.theregister.com/2023/12/20/terrapin_attack_ssh
• https://www.vandyke.com/products/securecrt/history.txt
• http://seclists.org/fulldisclosure/2024/Mar/21
• https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
• https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
• https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
• https://security.netapp.com/advisory/ntap-20240105-0004/
• https://support.apple.com/kb/HT214084
• http://www.openwall.com/lists/oss-security/2024/04/17/8
• http://www.openwall.com/lists/oss-security/2024/03/06/3
• https://github.com/projectdiscovery/nuclei-templates/blob/master/javascript/cves/2023/CVE-2023-48795.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4304
• https://www.openssl.org/news/secadv/20230207.txt
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47008
• https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47007
• https://sourceware.org/bugzilla/show_bug.cgi?id=29254

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47011
• https://sourceware.org/bugzilla/show_bug.cgi?id=29261

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47010
• https://sourceware.org/bugzilla/show_bug.cgi?id=29262

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48065
• https://sourceware.org/bugzilla/show_bug.cgi?id=29925
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
• https://security.netapp.com/advisory/ntap-20231006-0008/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d28fbc7197ba0e021a43f873eff90b05dcdcff6a

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-38533
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
• https://security.netapp.com/advisory/ntap-20221104-0007/
• https://sourceware.org/bugzilla/show_bug.cgi?id=29482
• https://sourceware.org/bugzilla/show_bug.cgi?id=29482#c2
• https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d
• https://sourceware.org/bugzilla/show_bug.cgi?id=29495
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45d92439aebd0386ef8af76e1796d08cfe457e1d
• https://security.gentoo.org/glsa/202309-15
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45d92439aebd0386ef8af76e1796d08cfe457e1d

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-35205
• https://sourceware.org/bugzilla/show_bug.cgi?id=29289
• https://security.netapp.com/advisory/ntap-20231006-0010/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48063
• https://sourceware.org/bugzilla/show_bug.cgi?id=29924
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
• https://security.netapp.com/advisory/ntap-20231006-0008/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-25585
• https://access.redhat.com/security/cve/CVE-2023-25585
• https://bugzilla.redhat.com/show_bug.cgi?id=2167498
• https://sourceware.org/bugzilla/show_bug.cgi?id=29892
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
• https://security.netapp.com/advisory/ntap-20231103-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in Binutils. The field the_bfd of asymbolstruct is uninitialized in the bfd_mach_o_get_synthetic_symtab function, which may lead to an application crash and local denial of service.

Remediation

Upgrade Ubuntu:22.04 binutils to version 2.38-4ubuntu2.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-25588
• https://access.redhat.com/security/cve/CVE-2023-25588
• https://bugzilla.redhat.com/show_bug.cgi?id=2167505
• https://sourceware.org/bugzilla/show_bug.cgi?id=29677
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
• https://security.netapp.com/advisory/ntap-20231103-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Remediation

Upgrade Ubuntu:22.04 pam to version 1.4.0-11ubuntu2.4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-22365
• http://www.openwall.com/lists/oss-security/2024/01/18/3
• https://github.com/linux-pam/linux-pam
• https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
• https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Remediation

Upgrade Ubuntu:22.04 systemd to version 249.11-0ubuntu3.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415
• https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
• https://www.openwall.com/lists/oss-security/2022/12/21/3

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

Upgrade Ubuntu:22.04 systemd to version 249.11-0ubuntu3.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821
• https://bugzilla.redhat.com/show_bug.cgi?id=2139327
• https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
• https://github.com/systemd/systemd/issues/23928
• https://github.com/systemd/systemd/pull/23933
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
• https://security.gentoo.org/glsa/202305-15
• https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Remediation

Upgrade Ubuntu:22.04 tar to version 1.34+dfsg-1ubuntu0.1.22.04.1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48303
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
• https://savannah.gnu.org/bugs/?62387
• https://savannah.gnu.org/patch/?10307
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

Remediation

Upgrade Ubuntu:22.04 libssh to version 0.9.6-2ubuntu0.22.04.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-6918
• https://access.redhat.com/security/cve/CVE-2023-6918
• https://bugzilla.redhat.com/show_bug.cgi?id=2254997
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
• https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
• https://www.libssh.org/security/advisories/CVE-2023-6918.txt
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
• https://access.redhat.com/errata/RHSA-2024:2504
• https://access.redhat.com/errata/RHSA-2024:3233

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.6 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2097
• https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
• https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
• https://security.gentoo.org/glsa/202210-02
• https://security.netapp.com/advisory/ntap-20220715-0011/
• https://security.netapp.com/advisory/ntap-20230420-0008/
• https://www.debian.org/security/2023/dsa-5343
• https://www.openssl.org/news/secadv/20220705.txt
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
• https://security.netapp.com/advisory/ntap-20240621-0006/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory.

In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4203
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc
• https://www.openssl.org/news/secadv/20230207.txt
• https://security.gentoo.org/glsa/202402-08

NVD Description

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables.

The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Remediation

There is no fixed version for Ubuntu:22.04 gcc-12.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039
• https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
• https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh package and not the libssh package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Remediation

Upgrade Ubuntu:22.04 libssh to version 0.9.6-2ubuntu0.22.04.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-6004
• https://access.redhat.com/security/cve/CVE-2023-6004
• https://bugzilla.redhat.com/show_bug.cgi?id=2251110
• https://www.libssh.org/security/advisories/CVE-2023-6004.txt
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
• https://security.netapp.com/advisory/ntap-20240223-0004/
• https://access.redhat.com/errata/RHSA-2024:2504
• https://access.redhat.com/errata/RHSA-2024:3233

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.16 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2398
• https://curl.se/docs/CVE-2024-2398.html
• https://curl.se/docs/CVE-2024-2398.json
• https://hackerone.com/reports/2402845
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/
• http://www.openwall.com/lists/oss-security/2024/03/27/3
• https://security.netapp.com/advisory/ntap-20240503-0009/
• https://support.apple.com/kb/HT214118
• https://support.apple.com/kb/HT214119
• https://support.apple.com/kb/HT214120
• http://seclists.org/fulldisclosure/2024/Jul/20
• http://seclists.org/fulldisclosure/2024/Jul/18
• http://seclists.org/fulldisclosure/2024/Jul/19

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Remediation

Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.18 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8096
• https://curl.se/docs/CVE-2024-8096.html
• https://curl.se/docs/CVE-2024-8096.json
• https://hackerone.com/reports/2669852

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Remediation

Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28757
• https://github.com/libexpat/libexpat/issues/839
• https://github.com/libexpat/libexpat/pull/842
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
• https://security.netapp.com/advisory/ntap-20240322-0001/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
• http://www.openwall.com/lists/oss-security/2024/03/15/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2961
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• https://security.netapp.com/advisory/ntap-20240531-0002/
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://github.com/ambionics/cnext-exploits

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33599
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• http://www.openwall.com/lists/oss-security/2024/07/22/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33600
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• http://www.openwall.com/lists/oss-security/2024/07/22/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

nscd: netgroup cache may terminate daemon on memory allocation failure

The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33601
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
• https://security.netapp.com/advisory/ntap-20240524-0014/
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• http://www.openwall.com/lists/oss-security/2024/07/22/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

nscd: netgroup cache assumes NSS callback uses in-buffer strings

The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.8 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-33602
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
• https://security.netapp.com/advisory/ntap-20240524-0012/
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• http://www.openwall.com/lists/oss-security/2024/07/22/5

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28834
• https://access.redhat.com/security/cve/CVE-2024-28834
• https://bugzilla.redhat.com/show_bug.cgi?id=2269228
• https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
• https://people.redhat.com/~hkario/marvin/
• https://access.redhat.com/errata/RHSA-2024:1784
• https://minerva.crocs.fi.muni.cz/
• https://access.redhat.com/errata/RHSA-2024:1879
• https://access.redhat.com/errata/RHSA-2024:1997
• https://access.redhat.com/errata/RHSA-2024:2044
• https://access.redhat.com/errata/RHSA-2024:2570
• http://www.openwall.com/lists/oss-security/2024/03/22/1
• http://www.openwall.com/lists/oss-security/2024/03/22/2
• https://access.redhat.com/errata/RHSA-2024:2889
• https://security.netapp.com/advisory/ntap-20240524-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

Remediation

Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28835
• https://access.redhat.com/security/cve/CVE-2024-28835
• https://bugzilla.redhat.com/show_bug.cgi?id=2269084
• https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
• https://access.redhat.com/errata/RHSA-2024:1879
• https://access.redhat.com/errata/RHSA-2024:2570
• http://www.openwall.com/lists/oss-security/2024/03/22/1
• http://www.openwall.com/lists/oss-security/2024/03/22/2
• https://access.redhat.com/errata/RHSA-2024:2889

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

Remediation

There is no fixed version for Ubuntu:22.04 krb5.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-26462
• https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
• https://security.netapp.com/advisory/ntap-20240415-0012/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Remediation

There is no fixed version for Ubuntu:22.04 libgcrypt20.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
• https://access.redhat.com/security/cve/CVE-2024-2236
• https://bugzilla.redhat.com/show_bug.cgi?id=2268268
• https://bugzilla.redhat.com/show_bug.cgi?id=2245218

NVD Description

Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

Remediation

Upgrade Ubuntu:22.04 nghttp2 to version 1.43.0-1ubuntu0.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-28182
• https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0
• https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9
• https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/
• https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html
• http://www.openwall.com/lists/oss-security/2024/04/03/16

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

Remediation

There is no fixed version for Ubuntu:22.04 openssl.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996
• https://dheatattack.gitlab.io/details/
• https://dheatattack.gitlab.io/faq/
• https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of service.

Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an otherName subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program.

Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Remediation

Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.18 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-6119
• https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f
• https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6
• https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
• https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
• https://openssl-library.org/news/secadv/20240903.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.

Remediation

Upgrade Ubuntu:22.04 tar to version 1.34+dfsg-1ubuntu0.1.22.04.2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-39804
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079
• https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
• https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723