0.52.0

Notably, this release addresses:

USN-5761-1 USN-5761-1: ca-certificates update:

• https://launchpad.net/bugs/1998785: Remove Trustcor certificates

-ii  ca-certificates  20211016                all  Common CA certificates
+ii  ca-certificates  20211016ubuntu0.22.04.1 all  Common CA certificates

0.51.0

Notably, this release addresses:

USN-5760-1 USN-5760-1: libxml2 vulnerabilities:

• CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
• CVE-2022-40303: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
• CVE-2022-40304: An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
• CVE-2022-40304: An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
• CVE-2022-40303: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
• CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

-ii  libbpf0:amd64     1:0.5.0-1              amd64  eBPF helper library (shared library)
+ii  libbpf0:amd64     1:0.5.0-1ubuntu22.04.1 amd64  eBPF helper library (shared library)
-ii  libxml2:amd64     2.9.13+dfsg-1ubuntu0.1 amd64  GNOME XML library
-ii  libxml2-dev:amd64 2.9.13+dfsg-1ubuntu0.1 amd64  GNOME XML library - development files
+ii  libxml2:amd64     2.9.13+dfsg-1ubuntu0.2 amd64  GNOME XML library
+ii  libxml2-dev:amd64 2.9.13+dfsg-1ubuntu0.2 amd64  GNOME XML library - development files

0.50.0

Notably, this release addresses:

USN-5743-2 USN-5743-2: LibTIFF vulnerability:

• CVE-2022-3970: A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

-ii  libglib2.0-0:amd64     2.72.1-1         amd64 GLib library of C routines
-ii  libglib2.0-bin         2.72.1-1         amd64 Programs for the GLib library
-ii  libglib2.0-data        2.72.1-1         all   Common files for GLib library
-ii  libglib2.0-dev:amd64   2.72.1-1         amd64 Development files for the GLib library
-ii  libglib2.0-dev-bin     2.72.1-1         amd64 Development utilities for the GLib library
+ii  libglib2.0-0:amd64     2.72.4-0ubuntu1  amd64 GLib library of C routines
+ii  libglib2.0-bin         2.72.4-0ubuntu1  amd64 Programs for the GLib library
+ii  libglib2.0-data        2.72.4-0ubuntu1  all   Common files for GLib library
+ii  libglib2.0-dev:amd64   2.72.4-0ubuntu1  amd64 Development files for the GLib library
+ii  libglib2.0-dev-bin     2.72.4-0ubuntu1  amd64 Development utilities for the GLib library
-ii  libruby3.0:amd64       3.0.2-7ubuntu2.1 amd64 Libraries necessary to run Ruby 3.0
+ii  libruby3.0:amd64       3.0.2-7ubuntu2.2 amd64 Libraries necessary to run Ruby 3.0
-ii  libtiff-dev:amd64      4.3.0-6ubuntu0.2 amd64 Tag Image File Format library (TIFF), development files
-ii  libtiff5:amd64         4.3.0-6ubuntu0.2 amd64 Tag Image File Format (TIFF) library
-ii  libtiffxx5:amd64       4.3.0-6ubuntu0.2 amd64 Tag Image File Format (TIFF) library -- C++ interface
+ii  libtiff-dev:amd64      4.3.0-6ubuntu0.3 amd64 Tag Image File Format library (TIFF), development files
+ii  libtiff5:amd64         4.3.0-6ubuntu0.3 amd64 Tag Image File Format (TIFF) library
+ii  libtiffxx5:amd64       4.3.0-6ubuntu0.3 amd64 Tag Image File Format (TIFF) library -- C++ interface
-ii  linux-libc-dev:amd64   5.15.0-53.59     amd64 Linux Kernel Headers for development
+ii  linux-libc-dev:amd64   5.15.0-56.62     amd64 Linux Kernel Headers for development
-ii  ruby3.0                3.0.2-7ubuntu2.1 amd64 Interpreter of object-oriented scripting language Ruby
+ii  ruby3.0                3.0.2-7ubuntu2.2 amd64 Interpreter of object-oriented scripting language Ruby
-ii  ubuntu-advantage-tools 27.11.3~22.04.1  amd64 management tools for Ubuntu Advantage
+ii  ubuntu-advantage-tools 27.12~22.04.1    amd64 management tools for Ubuntu Pro

0.49.0

Notably, this release addresses:

USN-5748-1 USN-5748-1: Sysstat vulnerability:

• CVE-2022-39377: sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

-ii  sysstat  12.5.2-2build2    amd64  system performance tools for Linux
+ii  sysstat  12.5.2-2ubuntu0.1 amd64  system performance tools for Linux

0.48.0

Notably, this release addresses:

USN-5745-1 USN-5745-1: shadow vulnerability:

• CVE-2013-4235: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

-ii  login  1:4.8.1-2ubuntu2   amd64  system login tools
+ii  login  1:4.8.1-2ubuntu2.1 amd64  system login tools
-ii  passwd 1:4.8.1-2ubuntu2   amd64  change and administer password and group data
+ii  passwd 1:4.8.1-2ubuntu2.1 amd64  change and administer password and group data

0.47.0

Notably, this release addresses:

USN-5742-1 USN-5742-1: JBIG-KIT vulnerability:

• CVE-2017-9937: In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

-ii  libjbig-dev:amd64 2.1-3.1build3          amd64  JBIGkit development files
-ii  libjbig0:amd64    2.1-3.1build3          amd64  JBIGkit libraries
+ii  libjbig-dev:amd64 2.1-3.1ubuntu0.22.04.1 amd64  JBIGkit development files
+ii  libjbig0:amd64    2.1-3.1ubuntu0.22.04.1 amd64  JBIGkit libraries

0.46.0

-ii  libmariadb-dev              1:10.6.7-2ubuntu1.1        amd64 MariaDB database development files
-ii  libmariadb-dev-compat:amd64 1:10.6.7-2ubuntu1.1        amd64 MariaDB Connector/C, compatibility symlinks
-ii  libmariadb3:amd64           1:10.6.7-2ubuntu1.1        amd64 MariaDB database client library
+ii  libmariadb-dev              1:10.6.11-0ubuntu0.22.04.1 amd64 MariaDB database development files
+ii  libmariadb-dev-compat:amd64 1:10.6.11-0ubuntu0.22.04.1 amd64 MariaDB Connector/C, compatibility symlinks
+ii  libmariadb3:amd64           1:10.6.11-0ubuntu0.22.04.1 amd64 MariaDB database client library
-ii  mariadb-common              1:10.6.7-2ubuntu1.1        all   MariaDB common configuration files
+ii  mariadb-common              1:10.6.11-0ubuntu0.22.04.1 all   MariaDB common configuration files

0.45.0

Notably, this release addresses:

USN-5638-3 USN-5638-3: Expat vulnerability:

• CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
• CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

-ii  libexpat1:amd64     2.4.7-1ubuntu0.1  amd64  XML parsing C library - runtime library
-ii  libexpat1-dev:amd64 2.4.7-1ubuntu0.1  amd64  XML parsing C library - development kit
+ii  libexpat1:amd64     2.4.7-1ubuntu0.2  amd64  XML parsing C library - runtime library
+ii  libexpat1-dev:amd64 2.4.7-1ubuntu0.2  amd64  XML parsing C library - development kit

0.44.0

Notably, this release addresses:

USN-5733-1 USN-5733-1: FLAC vulnerabilities:

• CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
• CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
• CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
• CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
• CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
• CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

-ii  libflac8:amd64 1.3.3-2build2    amd64  Free Lossless Audio Codec - runtime C library
+ii  libflac8:amd64 1.3.3-2ubuntu0.1 amd64  Free Lossless Audio Codec - runtime C library
-ii  rsync          3.2.3-8ubuntu3   amd64  fast, versatile, remote (and local) file-copying tool
+ii  rsync          3.2.3-8ubuntu3.1 amd64  fast, versatile, remote (and local) file-copying tool

0.43.0

Notably, this release addresses:

USN-5732-1 USN-5732-1: Unbound vulnerability:

• CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.

-ii  libunbound8:amd64  1.13.1-1ubuntu5.2  amd64  library implementing DNS resolution and validation
+ii  libunbound8:amd64  1.13.1-1ubuntu5.3  amd64  library implementing DNS resolution and validation