Skip to content

ubuntu jammy v1.207
Compare
Choose a tag to compare
@cf-bosh-ci-bot cf-bosh-ci-bot released this 29 Aug 09:01
ubuntu-jammy/v1.207
8d222c6

Metadata:

BOSH Agent Version: 2.572.0

Notice

  • update the azure blobstore

USNs:

Title: USN-6295-1: Podman vulnerability
URL: https://ubuntu.com/security/notices/USN-6295-1
Priorities: medium
Description:
It was discovered that Podman incorrectly handled certain supplementary groups.
An attacker could possibly use this issue to expose sensitive information
or execute binary code.
CVEs:

Title: USN-6286-1: Intel Microcode vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6286-1
Priorities: medium
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear
microarchitectural state after speculative execution of various instructions. A
local unprivileged user could use this to obtain to sensitive
information. (CVE-2022-40982)

It was discovered that some Intel(R) Xeon(R) Processors did not properly
restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged
user could use this to further escalate their privileges. (CVE-2022-41804)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors
did not properly restrict access in some situations. A local privileged attacker
could use this to obtain sensitive information. (CVE-2023-23908)
CVEs:

Title: USN-6290-1: LibTIFF vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6290-1
Priorities: medium,low
Description:
It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-48281)

It was discovered that LibTIFF incorrectly handled certain image files. If
a user were tricked into opening a specially crafted image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 23.04. (CVE-2023-2731)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-2908)

It was discovered that LibTIFF incorrectly handled certain file paths. If
a user were tricked into specifying certain output paths, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. (CVE-2023-3618)

It was discovered that LibTIFF could be made to write out of bounds when
processing certain malformed image files. If a user were tricked into
opening a specially crafted image file, an attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966)

It was discovered that LibTIFF did not properly managed memory when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-26965)

It was discovered that LibTIFF contained an arithmetic overflow. If a user
were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-38288, CVE-2023-38289)
CVEs:

Title: USN-6293-1: OpenStack Heat vulnerability
URL: https://ubuntu.com/security/notices/USN-6293-1
Priorities: medium
Description:
It was discovered that OpenStack Heat incorrectly handled certain hidden
parameter values. A remote authenticated user could possibly use this issue
to obtain sensitive data.
CVEs:

Title: USN-6288-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6288-1
Priorities: medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.34 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 23.04.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-34.html
https://www.oracle.com/security-alerts/cpujul2023.html
CVEs:

Title: USN-6289-1: WebKitGTK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6289-1
Priorities: medium
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
CVEs:

Title: USN-6294-1: HAProxy vulnerability
URL: https://ubuntu.com/security/notices/USN-6294-1
Priorities: medium
Description:
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
CVEs:

Assets 2
Loading