Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202405-29- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low    Title: Node.js: Multiple Vulnerabilities     Date: May 08, 2024     Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614       ID: 202405-29- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been discovered in Node.js.Background=========Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.Affected packages================Package          Vulnerable    Unaffected---------------  ------------  ------------net-libs/nodejs  < 16.20.2     >= 16.20.2Description==========Multiple vulnerabilities have been discovered in Node.js. Please reviewthe CVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Node.js 20 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"All Node.js 18 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"All Node.js 16 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"References=========[ 1 ] CVE-2020-7774      https://nvd.nist.gov/vuln/detail/CVE-2020-7774[ 2 ] CVE-2021-3672      https://nvd.nist.gov/vuln/detail/CVE-2021-3672[ 3 ] CVE-2021-22883      https://nvd.nist.gov/vuln/detail/CVE-2021-22883[ 4 ] CVE-2021-22884      https://nvd.nist.gov/vuln/detail/CVE-2021-22884[ 5 ] CVE-2021-22918      https://nvd.nist.gov/vuln/detail/CVE-2021-22918[ 6 ] CVE-2021-22930      https://nvd.nist.gov/vuln/detail/CVE-2021-22930[ 7 ] CVE-2021-22931      https://nvd.nist.gov/vuln/detail/CVE-2021-22931[ 8 ] CVE-2021-22939      https://nvd.nist.gov/vuln/detail/CVE-2021-22939[ 9 ] CVE-2021-22940      https://nvd.nist.gov/vuln/detail/CVE-2021-22940[ 10 ] CVE-2021-22959      https://nvd.nist.gov/vuln/detail/CVE-2021-22959[ 11 ] CVE-2021-22960      https://nvd.nist.gov/vuln/detail/CVE-2021-22960[ 12 ] CVE-2021-37701      https://nvd.nist.gov/vuln/detail/CVE-2021-37701[ 13 ] CVE-2021-37712      https://nvd.nist.gov/vuln/detail/CVE-2021-37712[ 14 ] CVE-2021-39134      https://nvd.nist.gov/vuln/detail/CVE-2021-39134[ 15 ] CVE-2021-39135      https://nvd.nist.gov/vuln/detail/CVE-2021-39135[ 16 ] CVE-2021-44531      https://nvd.nist.gov/vuln/detail/CVE-2021-44531[ 17 ] CVE-2021-44532      https://nvd.nist.gov/vuln/detail/CVE-2021-44532[ 18 ] CVE-2021-44533      https://nvd.nist.gov/vuln/detail/CVE-2021-44533[ 19 ] CVE-2022-0778      https://nvd.nist.gov/vuln/detail/CVE-2022-0778[ 20 ] CVE-2022-3602      https://nvd.nist.gov/vuln/detail/CVE-2022-3602[ 21 ] CVE-2022-3786      https://nvd.nist.gov/vuln/detail/CVE-2022-3786[ 22 ] CVE-2022-21824      https://nvd.nist.gov/vuln/detail/CVE-2022-21824[ 23 ] CVE-2022-32212      https://nvd.nist.gov/vuln/detail/CVE-2022-32212[ 24 ] CVE-2022-32213      https://nvd.nist.gov/vuln/detail/CVE-2022-32213[ 25 ] CVE-2022-32214      https://nvd.nist.gov/vuln/detail/CVE-2022-32214[ 26 ] CVE-2022-32215      https://nvd.nist.gov/vuln/detail/CVE-2022-32215[ 27 ] CVE-2022-32222      https://nvd.nist.gov/vuln/detail/CVE-2022-32222[ 28 ] CVE-2022-35255      https://nvd.nist.gov/vuln/detail/CVE-2022-35255[ 29 ] CVE-2022-35256      https://nvd.nist.gov/vuln/detail/CVE-2022-35256[ 30 ] CVE-2022-35948      https://nvd.nist.gov/vuln/detail/CVE-2022-35948[ 31 ] CVE-2022-35949      https://nvd.nist.gov/vuln/detail/CVE-2022-35949[ 32 ] CVE-2022-43548      https://nvd.nist.gov/vuln/detail/CVE-2022-43548[ 33 ] CVE-2023-30581      https://nvd.nist.gov/vuln/detail/CVE-2023-30581[ 34 ] CVE-2023-30582      https://nvd.nist.gov/vuln/detail/CVE-2023-30582[ 35 ] CVE-2023-30583      https://nvd.nist.gov/vuln/detail/CVE-2023-30583[ 36 ] CVE-2023-30584      https://nvd.nist.gov/vuln/detail/CVE-2023-30584[ 37 ] CVE-2023-30586      https://nvd.nist.gov/vuln/detail/CVE-2023-30586[ 38 ] CVE-2023-30587      https://nvd.nist.gov/vuln/detail/CVE-2023-30587[ 39 ] CVE-2023-30588      https://nvd.nist.gov/vuln/detail/CVE-2023-30588[ 40 ] CVE-2023-30589      https://nvd.nist.gov/vuln/detail/CVE-2023-30589[ 41 ] CVE-2023-30590      https://nvd.nist.gov/vuln/detail/CVE-2023-30590[ 42 ] CVE-2023-32002      https://nvd.nist.gov/vuln/detail/CVE-2023-32002[ 43 ] CVE-2023-32003      https://nvd.nist.gov/vuln/detail/CVE-2023-32003[ 44 ] CVE-2023-32004      https://nvd.nist.gov/vuln/detail/CVE-2023-32004[ 45 ] CVE-2023-32005      https://nvd.nist.gov/vuln/detail/CVE-2023-32005[ 46 ] CVE-2023-32006      https://nvd.nist.gov/vuln/detail/CVE-2023-32006[ 47 ] CVE-2023-32558      https://nvd.nist.gov/vuln/detail/CVE-2023-32558[ 48 ] CVE-2023-32559      https://nvd.nist.gov/vuln/detail/CVE-2023-32559Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202405-29Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: NVIDIA Drivers: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #909226, #916583  
       ID: 202405-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in NVIDIA Drivers, the  
worst of which could result in root privilege escalation.

Background  
=========  
NVIDIA Drivers are NVIDIA's accelerated graphics driver.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  -------------  
x11-drivers/nvidia-drivers  < 470.223.02  >= 470.223.02

Description  
==========  
Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All NVIDIA Drivers 470 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470"

All NVIDIA Drivers 525 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525"

All NVIDIA Drivers 535 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535"

References  
=========  
[ 1 ] CVE-2023-25515  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25515  
[ 2 ] CVE-2023-25516  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25516  
[ 3 ] CVE-2023-31022  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31022

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-28

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-28

Gentoo Linux Security Advisory 202405-27 - A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. Versions greater than or equal to 42.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Epiphany: Buffer Overflow  
     Date: May 08, 2024  
     Bugs: #839786  
       ID: 202405-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Epiphany, which can lead to a  
buffer overflow.

Background  
=========  
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine  
Gecko.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
www-client/epiphany  < 42.4        >= 42.4

Description  
==========  
A vulnerability has been discovered in Epiphany. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
In GNOME Epiphany an HTML document can trigger a client buffer overflow  
(in ephy_string_shorten) via a long page title. The issue occurs because  
the number of bytes for a UTF-8 ellipsis character is not properly  
considered.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Epiphany users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"

References  
=========  
[ 1 ] CVE-2022-29536  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29536

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-27

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-27

Gentoo Linux Security Advisory 202405-26 - Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service. Versions greater than or equal to 5.15.9-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: qtsvg: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #830381, #906465  
       ID: 202405-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in qtsvg, the worst of  
which could lead to a denial of service.

Background  
=========  
qtsvg is a SVG rendering library for the Qt framework.

Affected packages  
================  
Package       Vulnerable    Unaffected  
------------  ------------  ------------  
dev-qt/qtsvg  < 5.15.9-r1   >= 5.15.9-r1

Description  
==========  
Multiple vulnerabilities have been discovered in qtsvg. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All qtsvg users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-qt/qtsvg-5.15.9-r1:5"

References  
=========  
[ 1 ] CVE-2021-45930  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45930  
[ 2 ] CVE-2023-32573  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32573

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-26

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: MariaDB: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #699874, #822759, #832490, #838244, #847526, #856484, #891781  
       ID: 202405-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in MariaDB, the worst fo  
which can lead to arbitrary execution of code.

Background  
=========  
MariaDB is an enhanced, drop-in replacement for MySQL.

Affected packages  
================  
Package         Vulnerable       Unaffected  
--------------  ---------------  ----------------  
dev-db/mariadb  < 10.11.3:10.11  >= 10.11.3:10.11  
                < 10.11.3:10.6   >= 10.6.13:10.6  
                < 10.11.3        >= 10.6.13

Description  
==========  
Multiple vulnerabilities have been discovered in MariaDB. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MariaDB 10.6 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/mariadb-10.11.3:10.6"

All MariaDB 10.11 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/mariadb-10.11.3:10.11"

References  
=========  
[ 1 ] CVE-2019-2938  
      https://nvd.nist.gov/vuln/detail/CVE-2019-2938  
[ 2 ] CVE-2019-2974  
      https://nvd.nist.gov/vuln/detail/CVE-2019-2974  
[ 3 ] CVE-2021-46661  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46661  
[ 4 ] CVE-2021-46662  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46662  
[ 5 ] CVE-2021-46663  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46663  
[ 6 ] CVE-2021-46664  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46664  
[ 7 ] CVE-2021-46665  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46665  
[ 8 ] CVE-2021-46666  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46666  
[ 9 ] CVE-2021-46667  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46667  
[ 10 ] CVE-2021-46668  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46668  
[ 11 ] CVE-2021-46669  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46669  
[ 12 ] CVE-2022-24048  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24048  
[ 13 ] CVE-2022-24050  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24050  
[ 14 ] CVE-2022-24051  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24051  
[ 15 ] CVE-2022-24052  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24052  
[ 16 ] CVE-2022-27376  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27376  
[ 17 ] CVE-2022-27377  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27377  
[ 18 ] CVE-2022-27378  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27378  
[ 19 ] CVE-2022-27379  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27379  
[ 20 ] CVE-2022-27380  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27380  
[ 21 ] CVE-2022-27381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27381  
[ 22 ] CVE-2022-27382  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27382  
[ 23 ] CVE-2022-27383  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27383  
[ 24 ] CVE-2022-27384  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27384  
[ 25 ] CVE-2022-27385  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27385  
[ 26 ] CVE-2022-27386  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27386  
[ 27 ] CVE-2022-27444  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27444  
[ 28 ] CVE-2022-27445  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27445  
[ 29 ] CVE-2022-27446  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27446  
[ 30 ] CVE-2022-27447  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27447  
[ 31 ] CVE-2022-27448  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27448  
[ 32 ] CVE-2022-27449  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27449  
[ 33 ] CVE-2022-27451  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27451  
[ 34 ] CVE-2022-27452  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27452  
[ 35 ] CVE-2022-27455  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27455  
[ 36 ] CVE-2022-27456  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27456  
[ 37 ] CVE-2022-27457  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27457  
[ 38 ] CVE-2022-27458  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27458  
[ 39 ] CVE-2022-31621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31621  
[ 40 ] CVE-2022-31622  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31622  
[ 41 ] CVE-2022-31623  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31623  
[ 42 ] CVE-2022-31624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31624  
[ 43 ] CVE-2022-32081  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32081  
[ 44 ] CVE-2022-32082  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32082  
[ 45 ] CVE-2022-32083  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32083  
[ 46 ] CVE-2022-32084  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32084  
[ 47 ] CVE-2022-32085  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32085  
[ 48 ] CVE-2022-32086  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32086  
[ 49 ] CVE-2022-32088  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32088  
[ 50 ] CVE-2022-32089  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32089  
[ 51 ] CVE-2022-32091  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32091  
[ 52 ] CVE-2022-38791  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38791  
[ 53 ] CVE-2022-47015  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47015  
[ 54 ] CVE-2023-5157  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5157

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-25

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-23 - A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitrary code.  Versions greater than or equal to 2020.04 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: U-Boot tools: double free vulnerability  
     Date: May 08, 2024  
     Bugs: #717000  
       ID: 202405-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in U-Boot tools which can lead to  
execution of arbitary code.

Background  
=========  
U-Boot tools provides utiiities for working with Das U-Boot.

Affected packages  
================  
Package                    Vulnerable    Unaffected  
-------------------------  ------------  ------------  
dev-embedded/u-boot-tools  < 2020.04     >= 2020.04

Description  
==========  
A vulnerability has been discovered in U-Boot tools. Please review the  
CVE identifier referenced below for details.

Impact  
=====  
In Das U-Boot a double free has been found in the cmd/gpt.c  
do_rename_gpt_parts() function. Double freeing may result in a write-  
what-where condition, allowing an attacker to execute arbitrary code.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All U-Boot tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-embedded/u-boot-tools-2020.04"

References  
=========  
[ 1 ] CVE-2020-8432  
      https://nvd.nist.gov/vuln/detail/CVE-2020-8432

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-23

Gentoo Linux Security Advisory 202405-22 - Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure. Versions greater than or equal to 3.2.5_pre1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: rsync: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #792576, #838724, #862876  
       ID: 202405-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in rsync, the worst of  
which can lead to denial of service or information disclosure.

Background  
=========  
rsync is a server and client utility that provides fast incremental file  
transfers. It is used to efficiently synchronize files between hosts and  
is used by emerge to fetch Gentoo's Portage tree.

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  -------------  
net-misc/rsync  < 3.2.5_pre1  >= 3.2.5_pre1

Description  
==========  
Multiple vulnerabilities have been discovered in rsync. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All rsync users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.2.5_pre1"

References  
=========  
[ 1 ] CVE-2018-25032  
      https://nvd.nist.gov/vuln/detail/CVE-2018-25032  
[ 2 ] CVE-2020-14387  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14387  
[ 3 ] CVE-2022-29154  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29154

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-22

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-22

Gentoo Linux Security Advisory 202405-21 - A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code. Versions greater than or equal to 1.9.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Commons-BeanUtils: Improper Access Restriction  
     Date: May 08, 2024  
     Bugs: #739346  
       ID: 202405-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Commons-BeanUtils, which could  
lead to execution of arbitrary code.

Background  
=========  
Commons-beanutils provides easy-to-use wrappers around Reflection and  
Introspection APIs

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  ------------  
dev-java/commons-beanutils  < 1.9.4       >= 1.9.4

Description  
==========  
A vulnerability has been discovered in Commons-BeanUtils. Please review  
the CVE identifier referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Commons-BeanUtils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-java/commons-beanutils-1.9.4"

References  
=========  
[ 1 ] CVE-2019-10086  
      https://nvd.nist.gov/vuln/detail/CVE-2019-10086

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-21

Ubuntu Security Notice 6766-1 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6766-1May 07, 2024linux, linux-azure, linux-azure-5.15, linux-azure-fde,linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency,linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the Open vSwitch implementation in the Linux kernelcould overflow its stack during recursive action operations under certainconditions. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-1151)Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffridadiscovered that the Linux kernel mitigations for the initial Branch HistoryInjection vulnerability (CVE-2022-0001) were insufficient for Intelprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2024-2201)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - PowerPC architecture;   - S390 architecture;   - Core kernel;   - Block layer subsystem;   - Android drivers;   - Power management core;   - Bus devices;   - Hardware random number generator core;   - Cryptographic API;   - Device frequency;   - DMA engine subsystem;   - ARM SCMI message protocol;   - GPU drivers;   - HID subsystem;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO ADC drivers;   - IIO subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Media drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - SCSI drivers;   - DesignWare USB3 driver;   - BTRFS file system;   - Ceph distributed file system;   - Ext4 file system;   - F2FS file system;   - JFS file system;   - NILFS2 file system;   - NTFS3 file system;   - Pstore file system;   - SMB network file system;   - Memory management;   - CAN network layer;   - Networking core;   - HSR network protocol;   - IPv4 networking;   - IPv6 networking;   - Logical Link layer;   - Multipath TCP;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Unix domain sockets;   - Realtek audio codecs;(CVE-2023-52594, CVE-2023-52601, CVE-2024-26826, CVE-2023-52622,CVE-2024-26665, CVE-2023-52493, CVE-2023-52633, CVE-2024-26684,CVE-2024-26663, CVE-2023-52618, CVE-2023-52588, CVE-2023-52637,CVE-2024-26825, CVE-2023-52606, CVE-2024-26594, CVE-2024-26625,CVE-2024-26720, CVE-2024-26614, CVE-2023-52627, CVE-2023-52602,CVE-2024-26673, CVE-2024-26685, CVE-2023-52638, CVE-2023-52498,CVE-2023-52619, CVE-2024-26910, CVE-2024-26689, CVE-2023-52583,CVE-2024-26676, CVE-2024-26671, CVE-2024-26704, CVE-2024-26608,CVE-2024-26610, CVE-2024-26592, CVE-2023-52599, CVE-2023-52595,CVE-2024-26660, CVE-2023-52617, CVE-2024-26645, CVE-2023-52486,CVE-2023-52631, CVE-2023-52607, CVE-2023-52608, CVE-2024-26722,CVE-2024-26615, CVE-2023-52615, CVE-2024-26636, CVE-2023-52642,CVE-2023-52587, CVE-2024-26712, CVE-2024-26675, CVE-2023-52614,CVE-2024-26606, CVE-2024-26916, CVE-2024-26600, CVE-2024-26679,CVE-2024-26829, CVE-2024-26641, CVE-2023-52623, CVE-2024-26627,CVE-2024-26696, CVE-2024-26640, CVE-2024-26635, CVE-2023-52491,CVE-2024-26664, CVE-2024-26602, CVE-2023-52604, CVE-2024-26717,CVE-2023-52643, CVE-2024-26593, CVE-2023-52598, CVE-2024-26668,CVE-2023-52435, CVE-2023-52597, CVE-2024-26715, CVE-2024-26707,CVE-2023-52635, CVE-2024-26695, CVE-2024-26698, CVE-2023-52494,CVE-2024-26920, CVE-2024-26808, CVE-2023-52616, CVE-2023-52492,CVE-2024-26702, CVE-2024-26644, CVE-2023-52489, CVE-2024-26697)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1044-gkeop   5.15.0-1044.51   linux-image-5.15.0-1054-ibm     5.15.0-1054.57   linux-image-5.15.0-1054-nvidia  5.15.0-1054.55   linux-image-5.15.0-1054-nvidia-lowlatency  5.15.0-1054.55   linux-image-5.15.0-1058-gke     5.15.0-1058.63   linux-image-5.15.0-1058-kvm     5.15.0-1058.63   linux-image-5.15.0-1059-gcp     5.15.0-1059.67   linux-image-5.15.0-1059-oracle  5.15.0-1059.65   linux-image-5.15.0-106-generic  5.15.0-106.116   linux-image-5.15.0-106-generic-64k  5.15.0-106.116   linux-image-5.15.0-106-generic-lpae  5.15.0-106.116   linux-image-5.15.0-106-lowlatency  5.15.0-106.116   linux-image-5.15.0-106-lowlatency-64k  5.15.0-106.116   linux-image-5.15.0-1063-azure   5.15.0-1063.72   linux-image-5.15.0-1063-azure-fde  5.15.0-1063.72.1   linux-image-azure-fde-lts-22.04  5.15.0.1063.72.41   linux-image-azure-lts-22.04     5.15.0.1063.61   linux-image-gcp-lts-22.04       5.15.0.1059.55   linux-image-generic             5.15.0.106.106   linux-image-generic-64k         5.15.0.106.106   linux-image-generic-lpae        5.15.0.106.106   linux-image-gke                 5.15.0.1058.57   linux-image-gke-5.15            5.15.0.1058.57   linux-image-gkeop               5.15.0.1044.43   linux-image-gkeop-5.15          5.15.0.1044.43   linux-image-ibm                 5.15.0.1054.50   linux-image-kvm                 5.15.0.1058.54   linux-image-lowlatency          5.15.0.106.101   linux-image-lowlatency-64k      5.15.0.106.101   linux-image-nvidia              5.15.0.1054.54   linux-image-nvidia-lowlatency   5.15.0.1054.54   linux-image-oracle-lts-22.04    5.15.0.1059.55   linux-image-virtual             5.15.0.106.106Ubuntu 20.04 LTS   linux-image-5.15.0-1044-gkeop   5.15.0-1044.51~20.04.1   linux-image-5.15.0-1054-ibm     5.15.0-1054.57~20.04.1   linux-image-5.15.0-1059-gcp     5.15.0-1059.67~20.04.1   linux-image-5.15.0-1059-oracle  5.15.0-1059.65~20.04.1   linux-image-5.15.0-106-lowlatency  5.15.0-106.116~20.04.1   linux-image-5.15.0-106-lowlatency-64k  5.15.0-106.116~20.04.1   linux-image-5.15.0-1063-azure   5.15.0-1063.72~20.04.1   linux-image-5.15.0-1063-azure-fde  5.15.0-1063.72~20.04.1.1   linux-image-azure               5.15.0.1063.72~20.04.1   linux-image-azure-cvm           5.15.0.1063.72~20.04.1   linux-image-azure-fde           5.15.0.1063.72~20.04.1.41   linux-image-gcp                 5.15.0.1059.67~20.04.1   linux-image-gkeop-5.15          5.15.0.1044.51~20.04.1   linux-image-ibm                 5.15.0.1054.57~20.04.1   linux-image-lowlatency-64k-hwe-20.04  5.15.0.106.116~20.04.1   linux-image-lowlatency-hwe-20.04  5.15.0.106.116~20.04.1   linux-image-oracle              5.15.0.1059.65~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6766-1   CVE-2023-52435, CVE-2023-52486, CVE-2023-52489, CVE-2023-52491,   CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52498,   CVE-2023-52583, CVE-2023-52587, CVE-2023-52588, CVE-2023-52594,   CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599,   CVE-2023-52601, CVE-2023-52602, CVE-2023-52604, CVE-2023-52606,   CVE-2023-52607, CVE-2023-52608, CVE-2023-52614, CVE-2023-52615,   CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619,   CVE-2023-52622, CVE-2023-52623, CVE-2023-52627, CVE-2023-52631,   CVE-2023-52633, CVE-2023-52635, CVE-2023-52637, CVE-2023-52638,   CVE-2023-52642, CVE-2023-52643, CVE-2024-1151, CVE-2024-2201,   CVE-2024-23849, CVE-2024-26592, CVE-2024-26593, CVE-2024-26594,   CVE-2024-26600, CVE-2024-26602, CVE-2024-26606, CVE-2024-26608,   CVE-2024-26610, CVE-2024-26614, CVE-2024-26615, CVE-2024-26625,   CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640,   CVE-2024-26641, CVE-2024-26644, CVE-2024-26645, CVE-2024-26660,   CVE-2024-26663, CVE-2024-26664, CVE-2024-26665, CVE-2024-26668,   CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26676,   CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26689,   CVE-2024-26695, CVE-2024-26696, CVE-2024-26697, CVE-2024-26698,   CVE-2024-26702, CVE-2024-26704, CVE-2024-26707, CVE-2024-26712,   CVE-2024-26715, CVE-2024-26717, CVE-2024-26720, CVE-2024-26722,   CVE-2024-26808, CVE-2024-26825, CVE-2024-26826, CVE-2024-26829,   CVE-2024-26910, CVE-2024-26916, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-106.116   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1063.72   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1063.72.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1059.67   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1058.63   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1044.51   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1054.57   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1058.63   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-106.116   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1054.55   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1059.65   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1063.72~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1063.72~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1059.67~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1044.51~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1054.57~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-106.116~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1059.65~20.04.1

Ubuntu Security Notice USN-6766-1

Ubuntu Security Notice 6767-1 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6767-1May 07, 2024linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - S390 architecture;   - Block layer subsystem;   - Android drivers;   - Hardware random number generator core;   - GPU drivers;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - Ceph distributed file system;   - Ext4 file system;   - JFS file system;   - NILFS2 file system;   - Pstore file system;   - Core kernel;   - Memory management;   - CAN network layer;   - Networking core;   - IPv4 networking;   - Logical Link layer;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Realtek audio codecs;(CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615,CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704,CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435,CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619,CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486,CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604,CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671,CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722,CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623,CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606,CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615,CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1036-iot      5.4.0-1036.37   linux-image-5.4.0-1043-xilinx-zynqmp  5.4.0-1043.47   linux-image-5.4.0-1071-ibm      5.4.0-1071.76   linux-image-5.4.0-1091-gkeop    5.4.0-1091.95   linux-image-5.4.0-1108-raspi    5.4.0-1108.120   linux-image-5.4.0-1112-kvm      5.4.0-1112.119   linux-image-5.4.0-1123-oracle   5.4.0-1123.132   linux-image-5.4.0-1124-aws      5.4.0-1124.134   linux-image-5.4.0-1128-gcp      5.4.0-1128.137   linux-image-5.4.0-1129-azure    5.4.0-1129.136   linux-image-5.4.0-181-generic   5.4.0-181.201   linux-image-5.4.0-181-generic-lpae  5.4.0-181.201   linux-image-5.4.0-181-lowlatency  5.4.0-181.201   linux-image-aws-lts-20.04       5.4.0.1124.121   linux-image-azure-lts-20.04     5.4.0.1129.123   linux-image-gcp-lts-20.04       5.4.0.1128.130   linux-image-generic             5.4.0.181.179   linux-image-generic-lpae        5.4.0.181.179   linux-image-gkeop               5.4.0.1091.89   linux-image-gkeop-5.4           5.4.0.1091.89   linux-image-ibm-lts-20.04       5.4.0.1071.100   linux-image-kvm                 5.4.0.1112.108   linux-image-lowlatency          5.4.0.181.179   linux-image-oem                 5.4.0.181.179   linux-image-oem-osp1            5.4.0.181.179   linux-image-oracle-lts-20.04    5.4.0.1123.116   linux-image-raspi               5.4.0.1108.138   linux-image-raspi2              5.4.0.1108.138   linux-image-virtual             5.4.0.181.179   linux-image-xilinx-zynqmp       5.4.0.1043.43Ubuntu 18.04 LTS   linux-image-5.4.0-1071-ibm      5.4.0-1071.76~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1108-raspi    5.4.0-1108.120~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1123-oracle   5.4.0-1123.132~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1124-aws      5.4.0-1124.134~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1128-gcp      5.4.0-1128.137~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1129-azure    5.4.0-1129.136~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-181-generic   5.4.0-181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-181-lowlatency  5.4.0-181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-aws                 5.4.0.1124.134~18.04.1                                   Available with Ubuntu Pro   linux-image-azure               5.4.0.1129.136~18.04.1                                   Available with Ubuntu Pro   linux-image-gcp                 5.4.0.1128.137~18.04.1                                   Available with Ubuntu Pro   linux-image-generic-hwe-18.04   5.4.0.181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-ibm                 5.4.0.1071.76~18.04.1                                   Available with Ubuntu Pro   linux-image-lowlatency-hwe-18.04  5.4.0.181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-oem                 5.4.0.181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-oem-osp1            5.4.0.181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-oracle              5.4.0.1123.132~18.04.1                                   Available with Ubuntu Pro   linux-image-raspi-hwe-18.04     5.4.0.1108.120~18.04.1                                   Available with Ubuntu Pro   linux-image-snapdragon-hwe-18.04  5.4.0.181.201~18.04.1                                   Available with Ubuntu Pro   linux-image-virtual-hwe-18.04   5.4.0.181.201~18.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6767-1   CVE-2023-52435, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587,   CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598,   CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604,   CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52617,   CVE-2023-52619, CVE-2023-52622, CVE-2023-52623, CVE-2023-52637,   CVE-2024-23849, CVE-2024-26593, CVE-2024-26598, CVE-2024-26600,   CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625,   CVE-2024-26635, CVE-2024-26636, CVE-2024-26645, CVE-2024-26663,   CVE-2024-26664, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675,   CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26696,   CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26720,   CVE-2024-26722, CVE-2024-26825, CVE-2024-26910, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-181.201   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1124.134   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1129.136   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1128.137   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1091.95   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1071.76   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1036.37   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1112.119   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1123.132   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1108.120   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1043.47

Tag

#linux