Episode 186

Overview

The Ubuntu Security Podcast is back for 2023! We ease into the year with coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at some recent vulns in git, sudo, OpenSSL and more.

This week in Ubuntu Security Updates

212 unique CVEs addressed

[USN-5778-1] X.Org X Server vulnerabilities

• 6 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-46344
  • CVE-2022-46343
  • CVE-2022-46342
  • CVE-2022-46341
  • CVE-2022-46340
  • CVE-2022-4283

[USN-5779-1] Linux kernel (Azure) vulnerabilities

• 9 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • CVE-2022-3621
  • CVE-2022-3594
  • CVE-2022-3567
  • CVE-2022-3566
  • CVE-2022-3565
  • CVE-2022-3564
  • CVE-2022-3524
  • CVE-2022-42703
  • CVE-2022-43945

[USN-5780-1] Linux kernel (OEM) vulnerabilities

• 5 CVEs addressed in Jammy (22.04 LTS)
  • CVE-2022-42896
  • CVE-2022-42895
  • CVE-2022-3628
  • CVE-2022-3619
  • CVE-2022-3524

[USN-5781-1] Emacs vulnerability

• 1 CVEs addressed in Xenial ESM (16.04 ESM)
  • CVE-2022-45939

[USN-5782-1] Firefox vulnerabilities

• 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-46879
  • CVE-2022-46878
  • CVE-2022-46877
  • CVE-2022-46874
  • CVE-2022-46873
  • CVE-2022-46872
  • CVE-2022-46871

[USN-5783-1] Linux kernel (OEM) vulnerability

• 1 CVEs addressed in Jammy (22.04 LTS)
  • CVE-2022-42896

[USN-5784-1] usbredir vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2021-3700

[USN-5785-1] FreeRADIUS vulnerabilities

• 3 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
  • CVE-2022-41861
  • CVE-2022-41860
  • CVE-2019-17185

[USN-5786-1] GNOME Files vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-37290

[USN-5787-1] Libksba vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-47629

[USN-5782-2] Firefox regressions

• 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-46879
  • CVE-2022-46878
  • CVE-2022-46877
  • CVE-2022-46874
  • CVE-2022-46873
  • CVE-2022-46872
  • CVE-2022-46871

[USN-5789-1] Linux kernel (OEM) vulnerabilities

• 10 CVEs addressed in Focal (20.04 LTS)
  • CVE-2022-3621
  • CVE-2022-3594
  • CVE-2022-3567
  • CVE-2022-3566
  • CVE-2022-3564
  • CVE-2022-3524
  • CVE-2022-33743
  • CVE-2022-26365
  • CVE-2022-42703
  • CVE-2022-43945

[USN-5788-1] curl vulnerabilities

• 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-43552
  • CVE-2022-43551

[USN-5790-1] Linux kernel vulnerabilities

• 7 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39188
  • CVE-2022-3586
  • CVE-2022-3061
  • CVE-2022-20421
  • CVE-2021-4159

[USN-5791-1] Linux kernel vulnerabilities

• 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-43750
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39842
  • CVE-2022-3646
  • CVE-2022-3586
  • CVE-2022-3303
  • CVE-2022-3061
  • CVE-2022-2663
  • CVE-2022-20421

[USN-5792-1] Linux kernel vulnerabilities

• 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • CVE-2022-43750
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39842
  • CVE-2022-39188
  • CVE-2022-3649
  • CVE-2022-3646
  • CVE-2022-3586
  • CVE-2022-3303
  • CVE-2022-3061
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-0171

[USN-5793-1] Linux kernel vulnerabilities

• 17 CVEs addressed in Kinetic (22.10)
  • CVE-2022-43750
  • CVE-2022-41850
  • CVE-2022-41849
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-3977
  • CVE-2022-3649
  • CVE-2022-3623
  • CVE-2022-3586
  • CVE-2022-3646
  • CVE-2022-3544
  • CVE-2022-3543
  • CVE-2022-3541
  • CVE-2022-3303
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-3910

[USN-5794-1] Linux kernel (AWS) vulnerabilities

• 4 CVEs addressed in Xenial ESM (16.04 ESM)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5787-2] Libksba vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
  • CVE-2022-47629

[USN-5795-1] Net-SNMP vulnerabilities

• 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-44793
  • CVE-2022-44792

[USN-5796-1] w3m vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-38223

[USN-5797-1] WebKitGTK vulnerabilities

• 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-46700
  • CVE-2022-46699
  • CVE-2022-46698
  • CVE-2022-46692
  • CVE-2022-42867
  • CVE-2022-42856
  • CVE-2022-42852

[USN-5792-2] Linux kernel vulnerabilities

• 13 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
  • CVE-2022-43750
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39842
  • CVE-2022-39188
  • CVE-2022-3649
  • CVE-2022-3646
  • CVE-2022-3586
  • CVE-2022-3303
  • CVE-2022-3061
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-0171

[USN-5793-2] Linux kernel (Azure) vulnerabilities

• 17 CVEs addressed in Kinetic (22.10)
  • CVE-2022-43750
  • CVE-2022-41850
  • CVE-2022-41849
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-3977
  • CVE-2022-3649
  • CVE-2022-3623
  • CVE-2022-3586
  • CVE-2022-3646
  • CVE-2022-3544
  • CVE-2022-3543
  • CVE-2022-3541
  • CVE-2022-3303
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-3910

[USN-5782-3] Firefox regressions

• 7 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-46879
  • CVE-2022-46878
  • CVE-2022-46877
  • CVE-2022-46874
  • CVE-2022-46873
  • CVE-2022-46872
  • CVE-2022-46871

[USN-5796-2] w3m vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM)
  • CVE-2022-38223

[USN-5798-1] .NET 6 vulnerability

• 1 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2023-21538

[USN-5791-3] Linux kernel (Azure) vulnerabilities

• 10 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-43750
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39842
  • CVE-2022-3646
  • CVE-2022-3586
  • CVE-2022-3303
  • CVE-2022-3061
  • CVE-2022-2663
  • CVE-2022-20421

[USN-5793-3] Linux kernel vulnerabilities

• 17 CVEs addressed in Kinetic (22.10)
  • CVE-2022-43750
  • CVE-2022-41850
  • CVE-2022-41849
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-3977
  • CVE-2022-3649
  • CVE-2022-3623
  • CVE-2022-3586
  • CVE-2022-3646
  • CVE-2022-3544
  • CVE-2022-3543
  • CVE-2022-3541
  • CVE-2022-3303
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-3910

[USN-5793-4] Linux kernel (IBM) vulnerabilities

• 17 CVEs addressed in Kinetic (22.10)
  • CVE-2022-43750
  • CVE-2022-41850
  • CVE-2022-41849
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-3977
  • CVE-2022-3649
  • CVE-2022-3623
  • CVE-2022-3586
  • CVE-2022-3646
  • CVE-2022-3544
  • CVE-2022-3543
  • CVE-2022-3541
  • CVE-2022-3303
  • CVE-2022-2663
  • CVE-2022-20421
  • CVE-2022-3910

[USN-5799-1] Linux kernel (OEM) vulnerability

• 1 CVEs addressed in Jammy (22.04 LTS)
  • CVE-2022-4378

[USN-5800-1] Heimdal vulnerabilities

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-44640
  • CVE-2022-42898
  • CVE-2022-3437
  • CVE-2021-44758

[USN-5802-1] Linux kernel vulnerabilities

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5803-1] Linux kernel vulnerabilities

• 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-4378

[USN-5804-1] Linux kernel vulnerabilities

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5801-1] Vim vulnerabilities

• 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
  • CVE-2022-0417
  • CVE-2022-0392

[USN-5804-2] Linux kernel vulnerabilities

• 4 CVEs addressed in Bionic (18.04 LTS)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5805-1] Apache Maven vulnerability

• 1 CVEs addressed in Kinetic (22.10)
  • CVE-2021-26291

[USN-5795-2] Net-SNMP vulnerabilities

• 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
  • CVE-2022-44793
  • CVE-2022-44792
  • CVE-2022-24810
  • CVE-2022-24809
  • CVE-2022-24808
  • CVE-2022-24807
  • CVE-2022-24806
  • CVE-2022-24805

[USN-5808-1] Linux kernel (IBM) vulnerabilities

• 4 CVEs addressed in Bionic (18.04 LTS)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5810-1, USN-5810-2, USN-5810-3] Git vulnerabilities [01:16]

• 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-41903
  • CVE-2022-23521
• Integer overflow when parsing really long paths specified in .gitattributes
  • But depends if file is in working tree, index or both since when parsed normally the parsing is done in chunks which mitigates the vuln
  • leads to heap reads/writes -> RCE
• Integer overflow when using a crafted format specifier for git log or git archive
  • Not too common to use random format specifiers, but how many people have wanted a prettier git log output, and copy-pasted something from stack overflow without understanding it?
  • We talk about the provenance and integrity of code for OSS / supply chain attacks - interesting to think about it from a configuration / data point of view
    • Can ChatGPT be poisoned to spit out dangerous configs?

[USN-5811-1, USN-5811-2, USN-5811-3] Sudo vulnerabilities [03:34]

• 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-33070
  • CVE-2023-22809
• Most interesting was a vuln in sudoedit - ie the command to edit a file with sudo - launches your specified editor to edit the file
• The editor is specified via various environment variables - SUDO_EDITOR, VISUAL or EDITOR - these would normally specify the binary of the editor to use
• But could also include extra arguments to pass to the editor - such as additional filenames by separating them with a double hyphen --
• As such a user could set their EDITOR=vim -- /etc/shadow - then when sudoedit launches the editor for the originally specified file, would also launch it with this file too
• Allows a user to bypass possible restrictions set via /etc/sudoers - ie since could be configured to only allow a user to edit say the apache config via sudoedit

[USN-5812-1] urllib3 vulnerability

• 1 CVEs addressed in Focal (20.04 LTS)
  • CVE-2021-33503

[USN-5810-2] Git regression

• 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-41903
  • CVE-2022-23521

[USN-5813-1] Linux kernel vulnerabilities

• 4 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-43945

[USN-5814-1] Linux kernel vulnerabilities

• 4 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-45934
  • CVE-2022-3643
  • CVE-2022-42896
  • CVE-2022-4378

[USN-5815-1] Linux kernel (BlueField) vulnerabilities

• 10 CVEs addressed in Focal (20.04 LTS)
  • CVE-2022-43750
  • CVE-2022-4095
  • CVE-2022-40307
  • CVE-2022-39842
  • CVE-2022-3646
  • CVE-2022-3586
  • CVE-2022-3303
  • CVE-2022-3061
  • CVE-2022-2663
  • CVE-2022-20421

[USN-5816-1] Firefox vulnerabilities

• 9 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2023-23606
  • CVE-2023-23605
  • CVE-2023-23604
  • CVE-2023-23603
  • CVE-2023-23602
  • CVE-2023-23601
  • CVE-2023-23599
  • CVE-2023-23598
  • CVE-2023-23597

[USN-5817-1] Setuptools vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-40897

[USN-5818-1] PHP vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-31631

[USN-5819-1] HAProxy vulnerability

• 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2023-0056

[USN-5806-2] Ruby vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2021-33621

[USN-5820-1] exuberant-ctags vulnerability

• 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-4515

[USN-5821-1] wheel vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-40898

[USN-5822-1] Samba vulnerabilities

• 7 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-45141
  • CVE-2022-42898
  • CVE-2022-38023
  • CVE-2022-37967
  • CVE-2022-37966
  • CVE-2022-3437
  • CVE-2021-20251

[USN-5823-1] MySQL vulnerabilities

• 20 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2023-21887
  • CVE-2023-21883
  • CVE-2023-21882
  • CVE-2023-21881
  • CVE-2023-21880
  • CVE-2023-21879
  • CVE-2023-21878
  • CVE-2023-21877
  • CVE-2023-21876
  • CVE-2023-21875
  • CVE-2023-21873
  • CVE-2023-21871
  • CVE-2023-21870
  • CVE-2023-21869
  • CVE-2023-21868
  • CVE-2023-21867
  • CVE-2023-21863
  • CVE-2023-21840
  • CVE-2023-21836
  • CVE-2022-32221

[USN-5823-2] MySQL vulnerability

• 1 CVEs addressed in Xenial ESM (16.04 ESM)
  • CVE-2023-21840

[USN-5825-1] PAM vulnerability

• 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
  • CVE-2022-28321

[USN-5826-1] Privoxy vulnerabilities

• 2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2021-44543
  • CVE-2021-44540