Ubuntu Security Notices

Recent content on Ubuntu security notices

USN-5089-2: ca-certificates update

23 September 2021, 1:01 pm

USN-5089-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

The ca-certificates package contained a CA certificate that will expire on
2021-09-30 and will cause connectivity issues. This update removes the
“DST Root CA X3” CA.

USN-5089-1: ca-certificates update

23 September 2021, 11:46 am

The ca-certificates package contained a CA certificate that will expire on
2021-09-30 and will cause connectivity issues. This update removes the
“DST Root CA X3” CA.

USN-5088-1: EDK II vulnerabilities

23 September 2021, 11:39 am

It was discovered that EDK II incorrectly handled input validation in
MdeModulePkg. A local user could possibly use this issue to cause EDK II to
crash, resulting in a denial of service, obtain sensitive information or
execute arbitrary code. (CVE-2019-11098)

Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled
certain input lengths in EVP functions. An attacker could possibly use this
issue to cause EDK II to crash, resulting in a denial of service.
(CVE-2021-23840)

Ingo Schwarze discovered that OpenSSL used in EDK II incorrectly handled
certain ASN.1 strings. An attacker could use this issue to cause EDK II to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2021-3712)

It was discovered that EDK II incorrectly decoded certain strings. A remote
attacker could use this issue to cause EDK II to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2021-38575)

USN-5087-1: WebKitGTK vulnerabilities

22 September 2021, 4:32 pm

A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Johan Almbladh discovered that the eBPF JIT implementation for IBM
s390x systems in the Linux kernel miscompiled operations in some
situations, allowing circumvention of the BPF verifier. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.

USN-5085-1: SQL parse vulnerability

22 September 2021, 1:29 pm

It was discovered that SQL parse incorrectly handled certain regular expression.
An attacker could possibly use this issue to cause a denial of service.
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly perform reference counting in some situations,
leading to a use-after-free vulnerability. An attacker who could start and
control a VM could possibly use this to expose sensitive information or
execute arbitrary code. (CVE-2021-22543)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)

Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)

It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)

USN-5079-4: curl regression

21 September 2021, 1:07 pm

USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a
regression. This update fixes the problem.

Original advisory details:

Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS.
When receiving certain responses from servers, curl would continue without
TLS even when the option to require a successful upgrade to TLS was
specified. (CVE-2021-22946)

Patrick Monnerat discovered that curl incorrectly handled responses
received before STARTTLS. A remote attacker could possibly use this issue
to inject responses and intercept communications. (CVE-2021-22947)

USN-5084-1: LibTIFF vulnerability

21 September 2021, 11:41 am

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.