Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6466-1  
October 31, 2023

linux-nvidia-6.2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-nvidia-6.2: Linux kernel for NVIDIA systems

Details:

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel  
contained a race condition during device removal, leading to a use-after-  
free vulnerability. A physically proximate attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-45886, CVE-2022-45919)

Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the  
Linux kernel did not properly handle device removal events. A physically  
proximate attacker could use this to cause a denial of service (system  
crash). (CVE-2022-45887)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate MFT flags in certain situations. An  
attacker could use this to construct a malicious NTFS image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2022-48425)

It was discovered that the IPv6 implementation in the Linux kernel  
contained a high rate of hash collisions in connection lookup table. A  
remote attacker could use this to cause a denial of service (excessive CPU  
consumption). (CVE-2023-1206)

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD  
processors utilising speculative execution and branch prediction may allow  
unauthorised memory reads via a speculative side-channel attack. A local  
attacker could use this to expose sensitive information, including kernel  
memory. (CVE-2023-20569)

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii  
Oleksenko discovered that some AMD processors could leak stale data from  
division operations in certain situations. A local attacker could possibly  
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that the ARM64 KVM implementation in the Linux kernel did  
not properly restrict hypervisor memory access. An attacker in a guest VM  
could use this to execute arbitrary code in the host OS. (CVE-2023-21264)

It was discovered that the IPv6 RPL protocol implementation in the Linux  
kernel did not properly handle user-supplied data. A remote attacker could  
use this to cause a denial of service (system crash). (CVE-2023-2156)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in  
the Linux kernel contained a race condition, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2023-31083)

Yang Lan discovered that the GFS2 file system implementation in the Linux  
kernel could attempt to dereference a null pointer in some situations. An  
attacker could use this to construct a malicious GFS2 image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2023-3212)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux  
kernel did not properly handle certain unusual packets from a  
paravirtualized network frontend, leading to a buffer overflow. An attacker  
in a guest VM could use this to cause a denial of service (host system  
crash) or possibly execute arbitrary code. (CVE-2023-34319)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a null pointer dereference vulnerability in some  
situations. A local privileged attacker could use this to cause a denial of  
service (system crash). (CVE-2023-3772)

It was discovered that the KSMBD implementation in the Linux kernel did not  
properly validate buffer sizes in certain operations, leading to an integer  
underflow and out-of-bounds read vulnerability. A remote attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-38427)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel  
did not properly validate SMB request protocol IDs, leading to a out-of-  
bounds read vulnerability. A remote attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel  
did not properly validate packet header sizes in certain situations,  
leading to an out-of-bounds read vulnerability. A remote attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-38431)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel  
did not properly validate command payload size, leading to a out-of-bounds  
read vulnerability. A remote attacker could possibly use this to cause a  
denial of service (system crash). (CVE-2023-38432)

It was discovered that the NFC implementation in the Linux kernel contained  
a use-after-free vulnerability when performing peer-to-peer communication  
in certain conditions. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly expose sensitive information  
(kernel memory). (CVE-2023-3863)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel  
did not properly validate a buffer size in certain situations, leading to  
an out-of-bounds read vulnerability. A remote attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-3865)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel  
contained a null pointer dereference vulnerability when handling handling  
chained requests. A remote attacker could use this to cause a denial of  
service (system crash). (CVE-2023-3866)

It was discovered that the KSMBD implementation in the Linux kernel did not  
properly handle session setup requests, leading to an out-of-bounds read  
vulnerability. A remote attacker could use this to expose sensitive  
information. (CVE-2023-3867)

It was discovered that the bluetooth subsystem in the Linux kernel did not  
properly handle L2CAP socket release, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux  
kernel contained use-after-free vulnerabilities. A local attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-4128)

It was discovered that the Siano USB MDTV receiver device driver in the  
Linux kernel did not properly handle device initialization failures in  
certain situations, leading to a use-after-free vulnerability. A physically  
proximate attacker could use this cause a denial of service (system crash).  
(CVE-2023-4132)

It was discovered that a race condition existed in the Cypress touchscreen  
driver in the Linux kernel during device removal, leading to a use-after-  
free vulnerability. A physically proximate attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-4134)

Andy Nguyen discovered that the KVM implementation for AMD processors in  
the Linux kernel with Secure Encrypted Virtualization (SEV) contained a  
race condition when accessing the GHCB page. A local attacker in a SEV  
guest VM could possibly use this to cause a denial of service (host system  
crash). (CVE-2023-4155)

It was discovered that the TUN/TAP driver in the Linux kernel did not  
properly initialize socket data. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2023-4194)

Bien Pham discovered that the netfiler subsystem in the Linux kernel  
contained a race condition, leading to a use-after-free vulnerability. A  
local user could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-4244)

Maxim Suhanov discovered that the exFAT file system implementation in the  
Linux kernel did not properly check a file name length, leading to an out-  
of-bounds write vulnerability. An attacker could use this to construct a  
malicious exFAT image that, when mounted and operated on, could cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-4273)

Kyle Zeng discovered that the networking stack implementation in the Linux  
kernel did not properly validate skb object size in certain conditions. An  
attacker could use this cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did  
not properly calculate array offsets, leading to a out-of-bounds write  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)  
classifier implementation in the Linux kernel contained an out-of-bounds  
read vulnerability. A local attacker could use this to cause a denial of  
service (system crash). Please note that kernel packet classifier support  
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel  
contained a race condition in IP set operations in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-42756)

Thelford Williams discovered that the Ceph file system messenger protocol  
implementation in the Linux kernel did not properly validate frame segment  
length in certain situation, leading to a buffer overflow vulnerability. A  
remote attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2023-44466)

Lonial Con discovered that the netfilter subsystem in the Linux kernel  
contained a memory leak when handling certain element flush operations. A  
local attacker could use this to expose sensitive information (kernel  
memory). (CVE-2023-4569)

Bing-Jhong Billy Jheng discovered that the Unix domain socket  
implementation in the Linux kernel contained a race condition in certain  
situations, leading to a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux  
kernel did not properly validate inner classes, leading to a use-after-free  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel  
did not properly validate register length, leading to an out-of- bounds  
write vulnerability. A local attacker could possibly use this to cause a  
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in  
the Linux kernel did not properly handle network packets in certain  
conditions, leading to a use after free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4921)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did  
not properly handle removal of rules from chain bindings in certain  
circumstances, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system crash) or  
execute arbitrary code. (CVE-2023-5197)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-6.2.0-1011-nvidia   6.2.0-1011.11  
   linux-image-6.2.0-1011-nvidia-64k  6.2.0-1011.11  
   linux-image-nvidia-6.2          6.2.0.1011.13  
   linux-image-nvidia-64k-6.2      6.2.0.1011.13  
   linux-image-nvidia-64k-hwe-22.04  6.2.0.1011.13  
   linux-image-nvidia-hwe-22.04    6.2.0.1011.13

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6466-1  
   CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-48425,  
   CVE-2023-1206, CVE-2023-20569, CVE-2023-20588, CVE-2023-21264,  
   CVE-2023-2156, CVE-2023-31083, CVE-2023-3212, CVE-2023-34319,  
   CVE-2023-3772, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431,  
   CVE-2023-38432, CVE-2023-3863, CVE-2023-3865, CVE-2023-3866,  
   CVE-2023-3867, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132,  
   CVE-2023-4134, CVE-2023-4155, CVE-2023-4194, CVE-2023-4244,  
   CVE-2023-4273, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755,  
   CVE-2023-42756, CVE-2023-44466, CVE-2023-4569, CVE-2023-4622,  
   CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-nvidia-6.2/6.2.0-1011.11

Ubuntu Security Notice USN-6466-1

Ubuntu Security Notice 6465-1 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6465-1October 31, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,linux-oracle, linux-oracle-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver inthe Linux kernel contained a race condition, leading to a null pointerdereference vulnerability. A local attacker could use this to cause adenial of service (system crash). (CVE-2023-31083)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a null pointer dereference vulnerability in somesituations. A local privileged attacker could use this to cause a denial ofservice (system crash). (CVE-2023-3772)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38   linux-image-5.15.0-1040-nvidia  5.15.0-1040.40   linux-image-5.15.0-1040-nvidia-lowlatency  5.15.0-1040.40   linux-image-5.15.0-1042-ibm     5.15.0-1042.45   linux-image-5.15.0-1046-gcp     5.15.0-1046.54   linux-image-5.15.0-1046-kvm     5.15.0-1046.51   linux-image-5.15.0-1047-oracle  5.15.0-1047.53   linux-image-5.15.0-1049-aws     5.15.0-1049.54   linux-image-5.15.0-1051-azure   5.15.0-1051.59   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59.1   linux-image-5.15.0-88-generic   5.15.0-88.98   linux-image-5.15.0-88-generic-64k  5.15.0-88.98   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98   linux-image-5.15.0-88-lowlatency  5.15.0-88.98   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98   linux-image-aws-lts-22.04       5.15.0.1049.48   linux-image-azure-fde-lts-22.04  5.15.0.1051.59.29   linux-image-azure-lts-22.04     5.15.0.1051.47   linux-image-gcp-lts-22.04       5.15.0.1046.42   linux-image-generic             5.15.0.88.85   linux-image-generic-64k         5.15.0.88.85   linux-image-generic-lpae        5.15.0.88.85   linux-image-gkeop               5.15.0.1032.31   linux-image-gkeop-5.15          5.15.0.1032.31   linux-image-ibm                 5.15.0.1042.38   linux-image-kvm                 5.15.0.1046.42   linux-image-lowlatency          5.15.0.88.90   linux-image-lowlatency-64k      5.15.0.88.90   linux-image-nvidia              5.15.0.1040.40   linux-image-nvidia-lowlatency   5.15.0.1040.40   linux-image-oracle              5.15.0.1047.42   linux-image-oracle-lts-22.04    5.15.0.1047.42   linux-image-virtual             5.15.0.88.85Ubuntu 20.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38~20.04.1   linux-image-5.15.0-1042-ibm     5.15.0-1042.45~20.04.1   linux-image-5.15.0-1046-gcp     5.15.0-1046.54~20.04.1   linux-image-5.15.0-1047-oracle  5.15.0-1047.53~20.04.1   linux-image-5.15.0-1049-aws     5.15.0-1049.54~20.04.1   linux-image-5.15.0-1051-azure   5.15.0-1051.59~20.04.1   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59~20.04.1.1   linux-image-5.15.0-88-generic   5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-64k  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98~20.04.1   linux-image-aws                 5.15.0.1049.54~20.04.37   linux-image-azure               5.15.0.1051.59~20.04.40   linux-image-azure-cvm           5.15.0.1051.59~20.04.40   linux-image-azure-fde           5.15.0.1051.59~20.04.1.29   linux-image-gcp                 5.15.0.1046.54~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-generic-hwe-20.04   5.15.0.88.98~20.04.46   linux-image-generic-lpae-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-gkeop-5.15          5.15.0.1032.38~20.04.28   linux-image-ibm                 5.15.0.1042.45~20.04.14   linux-image-lowlatency-64k-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-lowlatency-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-oem-20.04           5.15.0.88.98~20.04.46   linux-image-oem-20.04b          5.15.0.88.98~20.04.46   linux-image-oem-20.04c          5.15.0.88.98~20.04.46   linux-image-oem-20.04d          5.15.0.88.98~20.04.46   linux-image-oracle              5.15.0.1047.53~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.88.98~20.04.46After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6465-1   CVE-2023-31083, CVE-2023-3772Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1049.54   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1051.59   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1051.59.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1046.54   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1032.38   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1042.45   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1046.51   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1040.40   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1047.53   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1049.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1051.59~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1051.59~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1046.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1032.38~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-88.98~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1042.45~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-88.98~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1047.53~20.04.1

Ubuntu Security Notice USN-6465-1

Debian Linux Security Advisory 5544-1 - Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in some configurations.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5544-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 31, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : zookeeperCVE ID         : CVE-2023-44981Damien Diederen discovered that SASL quorum peer authentication withinZookeeper, a service for maintaining configuration information, wasinsufficiently enforced in some configurations.For the oldstable distribution (bullseye), this problem has been fixedin version 3.4.13-6+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.8.0-11+deb12u1.We recommend that you upgrade your zookeeper packages.For the detailed security status of zookeeper please refer toits security tracker page at:https://security-tracker.debian.org/tracker/zookeeperFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBUggACgkQEMKTtsN8TjaJAQ//RJ2xwJfLXiLajonTRcY6uhLmMT65GCkzbaVs+WExii/Ip1RWLTh4LScQG/OkOQGEs4OhlxSEBzkQJTSuEvY42AU4aBBSjollcA7HmlXZIJCabuZ69CWWOBJW4Ad57iIi1orRhVjt7Yyd2puZlDeKisnwmPB4kJeYUPGxIWFe8FXnHfrUEUs3xexugjJoMNXQ1xLEjtg8pRCbgDtxZEeuV0Bycbcd/TZj5m8j9UcwXRcA+IX7usHQXYH8fCFTfl+GtWE2/5sOnsVpSK5/u6l2FabvkdswzcehShNAAdamj1i4SCF/p3yGSgw1FoW7Lsz7rPXRBzlo8x4iAa9X4ykqHByowt3H4GwJcOS66E2+7AUhrZFRzTDq0npC9/xQ0orwWwMd1jRBKTWob2H/FMyjcZnRB+eeT1fERTHPQWXAuFkqDzh5YOMevWgx/YP8nfEAAiVWtLiJ45VhUJcjyM9lqoGL9d3YoUVHVmsFu8UI3W0WsM7eQaz18Ql2FQ315O7eFhK2VY7NTwlKgsFdA3pMtR3oYPXgsUHJVhZJHT7wT/ZJsd5CEVSo/wwks14xoVC/vOmhOaUBoPI2wvqzF85tJ1DNhnN3qSq79cLO2e3I4/XJwApAUarELzcOe5J/T7PxF2YyCzmUvdGoOZimzaYMtt+xRIoplqXcrSOJW2X5BGA==f4nP-----END PGP SIGNATURE-----

Debian Security Advisory 5544-1

Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5543-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 31, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : open-vm-tools  
CVE ID         : CVE-2023-34058 CVE-2023-34059

Two security issues have been discovered in the Open VMware Tools, which  
could result in privilege escalation.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:11.2.5-2+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:12.2.0-1+deb12u2.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBVQYACgkQEMKTtsN8  
TjYsrg/9F9eIADdIEeqnR+hc0Dc9YE6yK49aTbADMw3CBAARSRKHtcDsWjqcnRON  
hvzZapmYQ64g7Cxp5/8eD+NnL/69zf+hYV171QJVJ62gfnY0jISZ2hsvqDFWkZK2  
D3CxX+8OVrwAJClFgE7BztjkWE8xl7KkpdD4EsbODZeFbGRvq5/fMrfltfZ+iik6  
5RcHLXWtWVPQ5B/HPkL02D6iMleB3USl9r92EhM94dGVpziW37a/mPlsm/MjWFVp  
XXXEXSGX23t33A8iihBLJxroPNLcTG5KKl725zocg4VSmxuzUOX1DbtSNWP+jKfb  
SrB+a3F6Y2VWN1R2F1sv0zEjpsJmkFysIMa7NN1ngPM+L8F/A7aD8HPgjmYObAmj  
UQdSTm/C4Zl7XqyHR13i3uJI9XPa4lys7B8RwY6MOJIDOy3UMiFhRlw/G9m0WNLF  
JLlsbQPr5so/WqKln7bDaMBJLdRyMv1o8yR+5hSBqwu1rnsIBv8EDWwiIAmBYmzw  
MOkNdi+N3gaK+5q5pwQM5rJmN4/pWNzb0kWOH8Is/ZuYIAie1mjYFUngG0Ef49b/  
Hsq5Se4cShDvl/WZDYWuyyy4azbjI00ukWXbj81/c7jw0lwzosthtV0piEJO2oQh  
3ymplyXXtPQedQ1nwgOHBx4eb3dSsYRAj71Blbf9BLD8UdndywA=  
=VMwp  
-----END PGP SIGNATURE-----

Debian Security Advisory 5543-1

Red Hat Security Advisory 2023-6886-01 - An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6886.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: plexus-archiver security updateAdvisory ID:        RHSA-2023:6886-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6886Issue date:         2023-11-13Revision:           01CVE Names:          CVE-2023-37460====================================================================Summary: An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.Security Fix(es):* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-37460References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2242288

Red Hat Security Advisory 2023-6886-01

Red Hat Security Advisory 2023-6885-01 - An update for python is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6885.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python security updateAdvisory ID:        RHSA-2023:6885-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6885Issue date:         2023-11-13Revision:           01CVE Names:          CVE-2023-40217====================================================================Summary: An update for python is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: TLS handshake bypass (CVE-2023-40217)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-40217References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2235789

Red Hat Security Advisory 2023-6885-01

Red Hat Security Advisory 2023-6256-01 - Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6256.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.21 security and extras update  
Advisory ID:        RHSA-2023:6256-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6256  
Issue date:         2023-11-08  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

There are no RPM packages for this update.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6256-01

Red Hat Security Advisory 2023-6251-01 - Red Hat OpenShift Virtualization release 4.11.7 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6251.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.11.7 Images security and bug fix update  
Advisory ID:        RHSA-2023:6251-01  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6251  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2022-41723  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.11.7 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.11.7 images.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* 4.11.7 containers (BZ#2246329)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-41723

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6251-01

Red Hat Security Advisory 2023-6249-01 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6249.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 6.0 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2023:6249-01Product:            .NET Core on Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6249Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2023-36799====================================================================Summary: An update for .NET  6.0 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The CVE-2023-36799 was previously fixed in .NET  6.0 packages in Red Hat Enterprise Linux 7 via erratum RHSA-2023:5142, which updated .NET to SDK 6.0.122 and Runtime 6.0.22. However, the fix was not included in the upstream SDK 6.0.123 and Runtime 6.0.23, which was added to Red Hat Enterprise Linux 7 via erratum RHSA-2023:5705, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 6.0 packages.For more details about the regression, refer to the upstream release notes linked to the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24.Security Fix(es):* dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36799References:https://access.redhat.com/security/updates/classification/#moderatehttps://support.microsoft.com/en-gb/topic/-net-6-0-update-october-24-2023-kb5032874-c7206ee0-8768-496c-a122-eac43b8b85c9https://access.redhat.com/errata/RHSA-2023:5142

Red Hat Security Advisory 2023-6249-01

Red Hat Security Advisory 2023-6248-01 - Red Hat OpenShift Virtualization release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6248.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: OpenShift Virtualization 4.12.8 Images security updateAdvisory ID:        RHSA-2023:6248-01Product:            OpenShift VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6248Issue date:         2023-11-01Revision:           01CVE Names:          CVE-2022-41723====================================================================Summary: Red Hat OpenShift Virtualization release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains OpenShift Virtualization 4.12.8 images.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-41723References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Source

Packet Storm