Ubuntu security

USN-5910-1: Rack vulnerabilities It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571) It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572) Source: USN-5910-1: Rack vulnerabilities

USN-5909-1: Linux kernel (Azure CVM) vulnerabilities It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was [ more… ]

USN-5821-4: pip regression USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-5821-4: pip regression

USN-5908-1: Sudo vulnerability It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges. Source: USN-5908-1: Sudo vulnerability

USN-5871-2: Git regression USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Ubuntu 18.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. (CVE-2023-22490) Source: USN-5871-2: Git regression