khugepaged on Linux races with rmap-based zap, races with GUP-fast, and fails to call MMU notifiers.

Linux khugepaged Race Conditions

Debian Linux Security Advisory 5312-1 - Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5312-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
January 11, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libjettison-java  
CVE ID         : CVE-2022-40149 CVE-2022-40150 CVE-2022-45685 CVE-2022-45693  
Debian Bug     : 1022553 1022554

Several flaws have been discovered in libjettison-java, a collection of StAX  
parsers and writers for JSON. Specially crafted user input may cause a denial  
of service via out-of-memory or stack overflow errors.

For the stable distribution (bullseye), these problems have been fixed in  
version 1.5.3-1~deb11u1.

We recommend that you upgrade your libjettison-java packages.

For the detailed security status of libjettison-java please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/libjettison-java

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO97oVfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeR0UQ//VW/sWOrB6mUP+QjFOmcughGa1iPASra6x35ko0bXug2cs+wagC0zWsYE  
nSNJ8V1KPR6QAtftwdeefZLPZBNdMz/rd6EOg8MEfuyErKLYW7UUEIO10CsyezXP  
wXU0HY/U2J9GeL6lXO8ryqdvA1dOaqvPq1qPA9dDYEuJm4hMTemOtILdthfynBz6  
cFN8jDjoFg2zmU3p8c5Xr2KosHKPKK14TRtSwnAae/kqo4XRrEzzS6dJArg2HI+j  
rzKtjfhTWRA0rlnVKSTTMXwtp6GagSxLUYBV24Et/PI4SxB4tEmSfAfI1esWtURa  
/BHZg91rnU4pzQH3eGSr0CYJzXEqPdUoaPJNueQrSdJgSrI15T6LXsUfx3kOBl7H  
B3ln9wmQONrjqQu3OP6w74XM0xr6G/X4/+mIClv/kiVO/ymTaM7uEBf4su/KmTz3  
SBLIea+4yVjzTcp8ScdeLDENJHTp+u0alWXJ7NLmJOG4M84jBalafpqHeGGnnC2X  
FouqljeteUp74jykoOU8M7d8/Hoj+kp/KuMoa+avIngx7klhozZ2T/UthgkQ4uH8  
SH8VIhT6/upBPMMLHqVqvZBFB2Fj+ZrN79FYBrdHiLqeDDpXRDNmhXJN2I4KCTBi  
ZQZM2kGRw4wivIuz+yOHpXShTCzcksuivZg8leSdQ9DXi/9xfEo=  
=1lWy  
-----END PGP SIGNATURE-----

Debian Security Advisory 5312-1

Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202301-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: liblouis: Multiple Vulnerabilities  
     Date: January 11, 2023  
     Bugs: #835093  
       ID: 202301-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in liblouis, the worst of  
which could result in denial of service.

Background  
==========

liblouis is an open-source braille translator and back-translator.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/liblouis          < 3.22.0                    >= 3.22.0

Description  
===========

Multiple vulnerabilities have been discovered in liblouis. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All liblouis users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/liblouis-3.22.0"

References  
==========

[ 1 ] CVE-2022-26981  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26981  
[ 2 ] CVE-2022-31783  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31783

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202301-06

Red Hat Security Advisory 2023-0058-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:0058-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0058  
Issue date:        2023-01-10  
CVE Names:         CVE-2022-2639   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.78.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.78.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.78.1.el8_1.aarch64.rpm  
perf-4.18.0-147.78.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.78.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.78.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.78.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.78.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.78.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.78.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.78.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.78.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.78.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.78.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.78.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.78.1.el8_1.s390x.rpm  
perf-4.18.0-147.78.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.78.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.78.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.78.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.78.1.el8_1.x86_64.rpm  
perf-4.18.0-147.78.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.78.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.78.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY73n8tzjgjWX9erEAQiZug//cICKYCsZqTkEfUyxjip8h1JXgG0Kg4/X  
M4LVTKHpJ9fa3dFr2ZpM1C0sGDyj/pHXtB2EvUHXMiHvU2LnhmXhxtfYW1JIlqzl  
I6mA5t/IoM0BEjOb50FH5cML6+PL5krQFt/0iFJnkC606toYwe8XsT07uFKslhj7  
k3CvOVWqYvpRrRR9nES8VU+KEuGQHIE1iCvLfq87jASyoD3Tqqwy+SLv4aqfYANX  
zbaqihP6VFTZwsEZ6QFliux/hPRoMIatswra8nE7p2vwmrC4z/ithEaSjbQhBkMi  
iJPoGxkE0Cg5MgHq2z/KM9OwVcr4p6RlChZaiM6P/oxOBf5gN0M10e1N+aQsSWjE  
igv1rWnM0GMEkJshrVCq0ub9ndv8LUsy165hgXe82Bf2Y2lfAP6eA9M5nUgZSQOY  
Wl4NqMyS+cVPiV3q7QCm9m9PdhJ2ZFoQzr1YbVPRKk2q6OMy1fh1P6Z6/BVuXl38  
0d6FfC58yHcGzofeY7TxuTbs1r548cgQTPh1vXzIS3M6+UNJaBb4fxK+jwKu7pXZ  
VZ576e1sBAEx0IOuWZJ3Aj0xQeSlgN9LBL01p/PsnV+8tsfOsiMJwPB7V7lCm1eV  
2FTcgB0JIPsgaxu32btAmXfOBixECPEwodgqmIbDXzBFpa4U77EgE+mMr+Ml58cv  
yOz1/rG28ok=  
=DQEM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0058-01

Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202301-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Apache Commons Text: Arbitrary Code Execution  
     Date: January 11, 2023  
     Bugs: #877577  
       ID: 202301-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Apache Commons Text which could  
result in arbitrary code execution.

Background  
==========

Apache Commons Text is a library focused on algorithms working on  
strings.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-java/commons-text      < 1.10.0                    >= 1.10.0

Description  
===========

Apache Commons Text performs variable interpolation, allowing properties  
to be dynamically evaluated and expanded. The standard format for  
interpolation is "${prefix:name}", where "prefix" is used to locate an  
instance of org.apache.commons.text.lookup.StringLookup that performs  
the interpolation. The set of default Lookup instances included  
interpolators that could result in arbitrary code execution or contact  
with remote servers. These lookups are: - "script" - execute expressions  
using the JVM script execution engine (javax.script) - "dns" - resolve  
dns records - "url" - load values from urls, including from remote  
servers Applications using the interpolation defaults in the affected  
versions may be vulnerable to remote code execution or unintentional  
contact with remote servers if untrusted configuration values are used.

Impact  
======

Crafted input to Apache Commons Text could trigger remote code  
execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache Commons Text users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/commons-text-1.10.0"

References  
==========

[ 1 ] CVE-2022-42889  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202301-05

Ubuntu Security Notice 5791-3 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.

==========================================================================  
Ubuntu Security Notice USN-5791-3  
January 10, 2023

linux-azure-5.4, linux-azure-fde vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems  
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems

Details:

It was discovered that a race condition existed in the Android Binder IPC  
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-20421)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

It was discovered that the Intel 740 frame buffer driver in the Linux  
kernel contained a divide by zero vulnerability. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2022-3061)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

Gwnaun Jung discovered that the SFB packet scheduling implementation in the  
Linux kernel contained a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2022-3586)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

Hyunwoo Kim discovered that an integer overflow vulnerability existed in  
the PXA3xx graphics driver in the Linux kernel. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2022-39842)

It was discovered that a race condition existed in the EFI capsule loader  
driver in the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-40307)

Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless  
driver in the Linux kernel contained a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-4095)

It was discovered that the USB monitoring (usbmon) component in the Linux  
kernel did not properly set permissions on memory mapped in to user space  
processes. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1100-azure-fde  5.4.0-1100.106+cvm1.1  
   linux-image-azure-fde           5.4.0.1100.106+cvm1.35

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1100-azure    5.4.0-1100.106~18.04.1  
   linux-image-azure               5.4.0.1100.73

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5791-3  
   https://ubuntu.com/security/notices/USN-5791-1  
   CVE-2022-20421, CVE-2022-2663, CVE-2022-3061, CVE-2022-3303,  
   CVE-2022-3586, CVE-2022-3646, CVE-2022-39842, CVE-2022-40307,  
   CVE-2022-4095, CVE-2022-43750

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1100.106+cvm1.1  
   https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1100.106~18.04.1

Ubuntu Security Notice USN-5791-3

Gentoo Linux Security Advisory 202301-4 - A vulnerability has been discovered in jupyter_core which could allow for the execution of code as another user. Versions less than 4.11.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202301-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: jupyter_core: Arbitrary Code Execution  
     Date: January 11, 2023  
     Bugs: #878497  
       ID: 202301-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in jupyter_core which could allow  
for the execution of code as another user.

Background  
==========

jupyter_core contains core Jupyter functionality.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-python/jupyter_core    < 4.11.2                    >= 4.11.2

Description  
===========

jupyter_core trusts files for execution in the current working directory  
without validating ownership of those files.

Impact  
======

By writing to a directory that is used a the current working directory  
for jupyter_core by another user, users can elevate privileges to those  
of another user.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All jupyter_core users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/jupyter_core-4.11.2"

References  
==========

[ 1 ] CVE-2022-39286  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39286

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202301-04

Gentoo Linux Security Advisory 202301-3 - A vulnerability was found in scikit-learn which could result in denial of service. Versions less than 1.1.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202301-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: scikit-learn: Denial of Service  
     Date: January 11, 2023  
     Bugs: #758323  
       ID: 202301-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability was found in scikit-learn which could result in denial  
of service.

Background  
==========

scikit-learn is a machine learning library for Python.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  sci-libs/scikit-learn      < 1.1.1                      >= 1.1.1

Description  
===========

When supplied with a crafted model SVM, predict() can result in a null  
pointer dereference.

Impact  
======

An attcker capable of providing a crafted model to scikit-learn can  
result in denial of service.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All scikit-learn users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sci-libs/scikit-learn-1.1.1"

References  
==========

[ 1 ] CVE-2020-28975  
      https://nvd.nist.gov/vuln/detail/CVE-2020-28975

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202301-03

Red Hat Security Advisory 2023-0059-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0059-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0059  
Issue date:        2023-01-10  
CVE Names:         CVE-2022-2639   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kpatch-patch-4_18_0-147_70_1-1-2.el8_1.src.rpm  
kpatch-patch-4_18_0-147_74_1-1-2.el8_1.src.rpm  
kpatch-patch-4_18_0-147_76_1-1-1.el8_1.src.rpm  
kpatch-patch-4_18_0-147_77_1-1-1.el8_1.src.rpm

ppc64le:  
kpatch-patch-4_18_0-147_70_1-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_70_1-debuginfo-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_70_1-debugsource-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-debuginfo-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-debugsource-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-debuginfo-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-debugsource-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-debuginfo-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-debugsource-1-1.el8_1.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-147_70_1-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_70_1-debuginfo-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_70_1-debugsource-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-debuginfo-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-debugsource-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-debuginfo-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-debugsource-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-debuginfo-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-debugsource-1-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY73n79zjgjWX9erEAQgKiQ/+LjewZ+MyCvWJ+qhyPc14GCy51ttayGca  
fO4urBYkA+HH8jal6201GurCnpquoQsD7CtLW4A3LUeNezKHRVW0v4B7LqqBjTuK  
aOXFHApMMF4Hrw1baJnRZq9hF2HLsFA1435v34de6GvNpfvvEBzkrKhrNu45MRf1  
Al1I6094u9AIwM/Q67bubgCz51kIXNZX7F4fFygHBMFkW2czAdCTccftW5/+Fw60  
13iu/LNsY8UnBKxKYrHkcSBenPEklUFyh1l5FR8oZ3+ao/0oNlC4hoM4zmpY8foi  
pBUEtmjGbTLhuMha+1iF3vhTrXK7x6gXWV7JOaZzSM1SvQOjTtAVIcOw94co0pTM  
47tfm5uID2bqG9/a0m3sGUkzFd/zh+4sbyKi4un6D5qxVIZ3ZCa0wNGA0PkAiuGb  
DusgVo1ws5e7mEjpa/Ec2IE4WswT5+HJwACrizbrSsk/q0DhKLQibdgjkS4Xtoe7  
tLdxTYT67dTSnbPjH8WihyNnwuBJTjVOATFeWrjoD7dERXHGxE7wI+mwdzadgz3i  
BibnUT03fXgc0nPoyNmJ20neGKjKkWyx7P0fK1DHbfreOe9sIizqwVzthVIphZcJ  
dgkr/6ML9/NI7GvPXbgwBa9mMEzge7CnwQoXOCmztOLqcFpxuwKHfX5nsJLTMCE1  
VQfi2bo2zrA=  
=qZYv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0059-01

Gentoo Linux Security Advisory 202301-2 - Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service. Versions less than 22.10.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202301-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Twisted: Multiple Vulnerabilities  
     Date: January 11, 2023  
     Bugs: #878499, #834542, #832875  
       ID: 202301-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Twisted, the worst of  
which could result in denial of service.

Background  
==========

Twisted is an asynchronous networking framework written in Python.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-python/twisted         < 22.10.0                  >= 22.10.0

Description  
===========

Multiple vulnerabilities have been discovered in Twisted. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Twisted users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/twisted-22.10.0"

References  
==========

[ 1 ] CVE-2022-21712  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21712  
[ 2 ] CVE-2022-21716  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21716  
[ 3 ] CVE-2022-39348  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39348

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux