Vulnerabilities |
19 via 33 paths |
|---|---|
Dependencies |
95 |
Source |
Docker |
Target OS |
ubuntu:22.10 |
medium severity
- Vulnerable module: perl/perl-base
- Introduced through: perl/perl-base@5.34.0-5ubuntu1
- Fixed in: 5.34.0-5ubuntu1.2
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › perl/perl-base@5.34.0-5ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Remediation
Upgrade Ubuntu:22.10 perl to version 5.34.0-5ubuntu1.2 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-31484
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
- http://www.openwall.com/lists/oss-security/2023/04/29/1
- http://www.openwall.com/lists/oss-security/2023/05/03/3
- http://www.openwall.com/lists/oss-security/2023/05/03/5
- http://www.openwall.com/lists/oss-security/2023/05/07/2
- https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
- https://github.com/andk/cpanpm/pull/175
- https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
- https://metacpan.org/dist/CPAN/changes
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://www.openwall.com/lists/oss-security/2023/04/18/14
medium severity
- Vulnerable module: libcap2
- Introduced through: libcap2@1:2.44-1build3
- Fixed in: 1:2.44-1ubuntu0.22.10.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › libcap2@1:2.44-1build3
NVD Description
Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
Remediation
Upgrade Ubuntu:22.10 libcap2 to version 1:2.44-1ubuntu0.22.10.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2603
- https://bugzilla.redhat.com/show_bug.cgi?id=2209113
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
- https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
medium severity
- Vulnerable module: ncurses/libncurses6
- Introduced through: ncurses/libncurses6@6.3+20220423-2, ncurses/libncursesw6@6.3+20220423-2 and others
- Fixed in: 6.3+20220423-2ubuntu0.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › ncurses/libncurses6@6.3+20220423-2
-
Introduced through: ubuntu@kinetic-20221024 › ncurses/libncursesw6@6.3+20220423-2
-
Introduced through: ubuntu@kinetic-20221024 › ncurses/libtinfo6@6.3+20220423-2
-
Introduced through: ubuntu@kinetic-20221024 › ncurses/ncurses-base@6.3+20220423-2
-
Introduced through: ubuntu@kinetic-20221024 › ncurses/ncurses-bin@6.3+20220423-2
NVD Description
Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Remediation
Upgrade Ubuntu:22.10 ncurses to version 6.3+20220423-2ubuntu0.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29491
- http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
- http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
- http://www.openwall.com/lists/oss-security/2023/04/19/10
- http://www.openwall.com/lists/oss-security/2023/04/19/11
- https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
- https://security.netapp.com/advisory/ntap-20230517-0009/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://www.openwall.com/lists/oss-security/2023/04/12/5
- https://www.openwall.com/lists/oss-security/2023/04/13/4
medium severity
- Vulnerable module: perl/perl-base
- Introduced through: perl/perl-base@5.34.0-5ubuntu1
- Fixed in: 5.34.0-5ubuntu1.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › perl/perl-base@5.34.0-5ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream perl package and not the perl package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
CPAN 2.28 allows Signature Verification Bypass.
Remediation
Upgrade Ubuntu:22.10 perl to version 5.34.0-5ubuntu1.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
- http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
- https://metacpan.org/pod/distribution/CPAN/scripts/cpan
medium severity
- Vulnerable module: gnutls28/libgnutls30
- Introduced through: gnutls28/libgnutls30@3.7.7-2ubuntu2
- Fixed in: 3.7.7-2ubuntu2.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › gnutls28/libgnutls30@3.7.7-2ubuntu2
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Remediation
Upgrade Ubuntu:22.10 gnutls28 to version 3.7.7-2ubuntu2.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-0361
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
- https://access.redhat.com/security/cve/CVE-2023-0361
- https://github.com/tlsfuzzer/tlsfuzzer/pull/679
- https://gitlab.com/gnutls/gnutls/-/issues/1050
- https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z634YBXAJ5VLDI62IOPBVP5K6YFHAWCY/
- https://security.netapp.com/advisory/ntap-20230324-0005/
- https://security.netapp.com/advisory/ntap-20230725-0005/
medium severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@251.4-1ubuntu7 and systemd/libudev1@251.4-1ubuntu7
- Fixed in: 251.4-1ubuntu7.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libsystemd0@251.4-1ubuntu7
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libudev1@251.4-1ubuntu7
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Remediation
Upgrade Ubuntu:22.10 systemd to version 251.4-1ubuntu7.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4415
- https://security.netapp.com/advisory/ntap-20230216-0010/
- http://seclists.org/fulldisclosure/2025/Jun/9
- https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
- https://www.openwall.com/lists/oss-security/2022/12/21/3
medium severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@251.4-1ubuntu7 and systemd/libudev1@251.4-1ubuntu7
- Fixed in: 251.4-1ubuntu7.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libsystemd0@251.4-1ubuntu7
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libudev1@251.4-1ubuntu7
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
Remediation
Upgrade Ubuntu:22.10 systemd to version 251.4-1ubuntu7.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-45873
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/
- https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
- https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497
- https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/
medium severity
- Vulnerable module: tar
- Introduced through: tar@1.34+dfsg-1build3
- Fixed in: 1.34+dfsg-1ubuntu0.1.22.10.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › tar@1.34+dfsg-1build3
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Remediation
Upgrade Ubuntu:22.10 tar to version 1.34+dfsg-1ubuntu0.1.22.10.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48303
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/
- https://savannah.gnu.org/bugs/?62387
- https://savannah.gnu.org/patch/?10307
medium severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@251.4-1ubuntu7 and systemd/libudev1@251.4-1ubuntu7
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libsystemd0@251.4-1ubuntu7
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libudev1@251.4-1ubuntu7
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Remediation
There is no fixed version for Ubuntu:22.10 systemd.
References
medium severity
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@251.4-1ubuntu7 and systemd/libudev1@251.4-1ubuntu7
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libsystemd0@251.4-1ubuntu7
-
Introduced through: ubuntu@kinetic-20221024 › systemd/libudev1@251.4-1ubuntu7
NVD Description
Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Remediation
There is no fixed version for Ubuntu:22.10 systemd.
References
low severity
- Vulnerable module: pam/libpam-modules
- Introduced through: pam/libpam-modules@1.5.2-2ubuntu1, pam/libpam-modules-bin@1.5.2-2ubuntu1 and others
- Fixed in: 1.5.2-2ubuntu1.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › pam/libpam-modules@1.5.2-2ubuntu1
-
Introduced through: ubuntu@kinetic-20221024 › pam/libpam-modules-bin@1.5.2-2ubuntu1
-
Introduced through: ubuntu@kinetic-20221024 › pam/libpam-runtime@1.5.2-2ubuntu1
-
Introduced through: ubuntu@kinetic-20221024 › pam/libpam0g@1.5.2-2ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
Remediation
Upgrade Ubuntu:22.10 pam to version 1.5.2-2ubuntu1.1 or higher.
References
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.36-0ubuntu4 and glibc/libc6@2.36-0ubuntu4
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › glibc/libc-bin@2.36-0ubuntu4
-
Introduced through: ubuntu@kinetic-20221024 › glibc/libc6@2.36-0ubuntu4
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
Remediation
There is no fixed version for Ubuntu:22.10 glibc.
References
low severity
- Vulnerable module: pcre3/libpcre3
- Introduced through: pcre3/libpcre3@2:8.39-14
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › pcre3/libpcre3@2:8.39-14
NVD Description
Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Remediation
There is no fixed version for Ubuntu:22.10 pcre3.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-20838
- https://security-tracker.debian.org/tracker/CVE-2019-20838
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT212147
- http://seclists.org/fulldisclosure/2020/Dec/32
- http://seclists.org/fulldisclosure/2021/Feb/14
- https://bugs.gentoo.org/717920
- https://www.pcre.org/original/changelog.txt
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: pcre3/libpcre3
- Introduced through: pcre3/libpcre3@2:8.39-14
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › pcre3/libpcre3@2:8.39-14
NVD Description
Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Remediation
There is no fixed version for Ubuntu:22.10 pcre3.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
- https://security-tracker.debian.org/tracker/CVE-2017-11164
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://openwall.com/lists/oss-security/2017/07/11/3
- http://www.securityfocus.com/bid/99575
- http://www.openwall.com/lists/oss-security/2023/04/11/1
- http://www.openwall.com/lists/oss-security/2023/04/12/1
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: coreutils
- Introduced through: coreutils@8.32-4.1ubuntu1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › coreutils@8.32-4.1ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Remediation
There is no fixed version for Ubuntu:22.10 coreutils.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781
- https://security-tracker.debian.org/tracker/CVE-2016-2781
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://www.openwall.com/lists/oss-security/2016/02/28/2
- http://www.openwall.com/lists/oss-security/2016/02/28/3
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: shadow/login
- Introduced through: shadow/login@1:4.11.1+dfsg1-2ubuntu1 and shadow/passwd@1:4.11.1+dfsg1-2ubuntu1
- Fixed in: 1:4.11.1+dfsg1-2ubuntu1.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › shadow/login@1:4.11.1+dfsg1-2ubuntu1
-
Introduced through: ubuntu@kinetic-20221024 › shadow/passwd@1:4.11.1+dfsg1-2ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Remediation
Upgrade Ubuntu:22.10 shadow to version 1:4.11.1+dfsg1-2ubuntu1.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235
- https://security-tracker.debian.org/tracker/CVE-2013-4235
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
- https://access.redhat.com/security/cve/cve-2013-4235
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://security.gentoo.org/glsa/202210-26
low severity
- Vulnerable module: gnupg2/gpgv
- Introduced through: gnupg2/gpgv@2.2.35-3ubuntu1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › gnupg2/gpgv@2.2.35-3ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
Remediation
There is no fixed version for Ubuntu:22.10 gnupg2.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219
- https://access.redhat.com/security/cve/CVE-2022-3219
- https://bugzilla.redhat.com/show_bug.cgi?id=2127010
- https://dev.gnupg.org/D556
- https://dev.gnupg.org/T5993
- https://marc.info/?l=oss-security&m=165696590211434&w=4
- https://security.netapp.com/advisory/ntap-20230324-0001/
low severity
- Vulnerable module: libcap2
- Introduced through: libcap2@1:2.44-1build3
- Fixed in: 1:2.44-1ubuntu0.22.10.1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › libcap2@1:2.44-1build3
NVD Description
Note: Versions mentioned in the description apply only to the upstream libcap2 package and not the libcap2 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
Remediation
Upgrade Ubuntu:22.10 libcap2 to version 1:2.44-1ubuntu0.22.10.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-2602
- https://bugzilla.redhat.com/show_bug.cgi?id=2209114
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/
- https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
low severity
- Vulnerable module: shadow/login
- Introduced through: shadow/login@1:4.11.1+dfsg1-2ubuntu1 and shadow/passwd@1:4.11.1+dfsg1-2ubuntu1
Detailed paths
-
Introduced through: ubuntu@kinetic-20221024 › shadow/login@1:4.11.1+dfsg1-2ubuntu1
-
Introduced through: ubuntu@kinetic-20221024 › shadow/passwd@1:4.11.1+dfsg1-2ubuntu1
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.10 relevant fixed versions and status.
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
Remediation
There is no fixed version for Ubuntu:22.10 shadow.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29383
- https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
- https://github.com/shadow-maint/shadow/pull/687
- https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797