Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

==========================================================================  
Ubuntu Security Notice USN-6119-1  
May 30, 2023

openssl, openssl1.0 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools  
- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1  
object identifiers. A remote attacker could possibly use this issue to  
cause OpenSSL to consume resources, resulting in a denial of service.  
(CVE-2023-2650)

Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher  
decryption on 64-bit ARM platforms. An attacker could possibly use this  
issue to cause OpenSSL to crash, resulting in a denial of service. This  
issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.  
(CVE-2023-1255)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libssl3                         3.0.8-1ubuntu1.2

Ubuntu 22.10:  
   libssl3                         3.0.5-2ubuntu2.3

Ubuntu 22.04 LTS:  
   libssl3                         3.0.2-0ubuntu1.10

Ubuntu 20.04 LTS:  
   libssl1.1                       1.1.1f-1ubuntu2.19

Ubuntu 18.04 LTS:  
   libssl1.0.0                     1.0.2n-1ubuntu5.13  
   libssl1.1                       1.1.1-1ubuntu2.1~18.04.23

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6119-1  
   CVE-2023-1255, CVE-2023-2650

Package Information:  
   https://launchpad.net/ubuntu/+source/openssl/3.0.8-1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2.3  
   https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.10  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.19  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.23  
   https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.13

Ubuntu Security Notice USN-6119-1

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6111-1  
May 29, 2023

flask vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Flask could be made to expose sensitive information in certain scenarios.

Software Description:  
- flask: Micro web framework based on Werkzeug and Jinja2

Details:

It was discovered that Flask incorrectly handled certain data responses.  
An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  python3-flask                   2.2.2-2ubuntu1.1

Ubuntu 22.10:  
  python3-flask                   2.0.3-1ubuntu1.1

Ubuntu 22.04 LTS:  
  python3-flask                   2.0.1-2ubuntu1.1

Ubuntu 20.04 LTS:  
  python3-flask                   1.1.1-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6111-1  
  CVE-2023-30861

Package Information:  
  https://launchpad.net/ubuntu/+source/flask/2.2.2-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/2.0.3-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/2.0.1-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/1.1.1-2ubuntu0.1

Ubuntu Security Notice USN-6111-1

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48336[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagProvisionDataHandler() command.For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48335[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------To the best of our knowledge, the vulnerability described in this post has been incorrectly associated with CVE-2015-6639. After consulting with MITRE, it has been confirmed that this vulnerability had no assigned identifier. Consequently, CVE-2022-48335 has been assigned to this vulnerability. On the other hand, it has been confirmed that CVE-2015-6639 does exist and corresponds with a different vulnerability reported by Google. We have notified all the concerned parties about this misunderstanding so that the confusion can be amended.Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagVerifyProvisioning() command. This command closely resembles PRDiagClearProvisioning(), which has been featured in other blog entries (refer to CVE-2015-6647).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48334[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48333[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48332[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48331[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M) 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service. The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.

==========================================================================  
Ubuntu Security Notice USN-6118-1  
May 30, 2023

linux-oracle, linux-oracle-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

Zheng Wang discovered that the Intel i915 graphics driver in the Linux  
kernel did not properly handle certain error conditions, leading to a  
double-free. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2022-3707)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did  
not properly implement speculative execution barriers in usercopy functions  
in certain situations. A local attacker could use this to expose sensitive  
information (kernel memory). (CVE-2023-0459)

It was discovered that the TLS subsystem in the Linux kernel contained a  
type confusion vulnerability in some situations. A local attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol  
implementation in the Linux kernel contained a type confusion vulnerability  
in some situations. An attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel  
did not properly initialize some data structures. A local attacker could  
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that a use-after-free vulnerability existed in the iSCSI  
TCP implementation in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux  
kernel contained a race condition in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110  
   linux-image-oracle-lts-20.04    5.4.0.1101.94

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110~18.04.1  
   linux-image-oracle              5.4.0.1101.110~18.04.73

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6118-1  
   CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078,  
   CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1101.110  
   https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1101.110~18.04.1

Ubuntu Security Notice USN-6118-1

Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.

==========================================================================  
Ubuntu Security Notice USN-6115-1  
May 30, 2023

texlive-bin vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

LuaTeX (TeX Live) could be made to run programs as your login if it  
compiled a specially crafted TeX file.

Software Description:  
- texlive-bin: Binaries for TeX Live

Details:

Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable  
shell escape. An attacker could possibly use this issue to execute  
arbitrary shell commands.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  texlive-binaries                2022.20220321.62855-5ubuntu0.1

Ubuntu 22.10:  
  texlive-binaries                2022.20220321.62855-4ubuntu0.1

Ubuntu 22.04 LTS:  
  texlive-binaries                2021.20210626.59705-1ubuntu0.1

Ubuntu 20.04 LTS:  
  texlive-binaries                2019.20190605.51237-3ubuntu0.1

Ubuntu 18.04 LTS:  
  texlive-binaries                2017.20170613.44572-8ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6115-1  
  CVE-2023-32700

Package Information:  
  https://launchpad.net/ubuntu/+source/texlive-bin/2022.20220321.62855-5ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2022.20220321.62855-4ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2021.20210626.59705-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2019.20190605.51237-3ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2017.20170613.44572-8ubuntu0.2

Source

Packet Storm