[USN-5250-1] strongSwan vulnerability

========================================================================== Ubuntu Security Notice USN-5250-1 January 24, 2022
strongswan vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
strongSwan could crash or allow unintended access to network services.
Software Description: – strongswan: IPsec VPN solution
Details:
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libstrongswan 5.9.1-1ubuntu3.2 strongswan 5.9.1-1ubuntu3.2
Ubuntu 20.04 LTS: libstrongswan 5.8.2-1ubuntu3.4 strongswan 5.8.2-1ubuntu3.4
Ubuntu 18.04 LTS: libstrongswan 5.6.2-1ubuntu2.8 strongswan 5.6.2-1ubuntu2.8
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5250-1 CVE-2021-45079
Package Information: launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.2 launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.4 launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.8

[USN-5248-1] Thunderbird vulnerabilities

========================================================================== Ubuntu Security Notice USN-5248-1 January 21, 2022
thunderbird vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description: – thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)
It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. (CVE-2021-38502)
It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528)
A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538)
It was discovered that Thunderbird’s OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: thunderbird 1:91.5.0+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: thunderbird 1:91.5.0+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Thunderbird to make all the necessary changes.
References: ubuntu.com/security/notices/USN-5248-1 CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2021-44538, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
Package Information:
launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.20.04.1
launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.18.04.1

WebKitGTK 2.34.4 released!

WebKitGTK 2.34.4 is available for download at:
webkitgtk.org/releases/webkitgtk-2.34.4.tar.xz (23.3MB) md5sum: 7eb441141b0185913b263dd964183e3f sha1sum: d7566cd7bbdd38ed3b4acce10043dca27e0a610e sha256sum: 975f5019199ba7699191835cf75e01a18b94e3bcd0107da7389d4ddcb1aba406
This is a bug fix release in the stable 2.34 series.
What’s new in the WebKitGTK 2.34.4 release? ===========================================
– Fix several crashes and rendering issues.
What is WebKitGTK? ==================
WebKitGTK is the GNOME platform port of the WebKit rendering engine. Offering WebKit’s full functionality through a set of GObject-based APIs, it is suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
More information ================
If you want to know more about the project or get in touch with us you may:
– Visit our website at www.webkitgtk.org or the upstream site at www.webkit.org – people interested in contributing should read: www.webkit.org/coding/contributing.html.
– Browse the bug list at bugs.webkit.org WebKitGTK bugs are typically prefixed by “[GTK].” A bug report with a minimal, reproducible test case is often just as valuable as a patch.
– Join the #webkitgtk IRC channel at irc.gnome.org or on Matrix at #webkitgtk:matrix.org.
– Subscribe to the WebKitGTK mailing list, lists.webkit.org/mailman/listinfo/webkit-gtk or the WebKit development mailing list, lists.webkit.org/mailman/listinfo/webkit-dev
Thanks ======
Thanks to all the contributors who made possible this release, they are far too many to list!
The WebKitGTK team, January 21, 2022
_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

Ubuntu 21.04 (Hirsute Hippo) End of Life reached on January 20 2022

This is a follow-up to the End of Life warning sent earlier this month to confirm that as of January 20, 2022, Ubuntu 21.04 is no longer supported. No more package updates will be accepted to 21.04, and it will be archived to old-releases.ubuntu.com in the coming weeks.
The original End of Life warning follows, with upgrade instructions:
Ubuntu announced its 21.04 (Hirsute Hippo) release almost 9 months ago, on April 22, 2021, and its support period is now nearing its end. Ubuntu 21.04 will reach end of life on January 20, 2022.
At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 21.04.
The supported upgrade path from Ubuntu 21.04 is via Ubuntu 21.10. Instructions and caveats for the upgrade may be found at:
help.ubuntu.com/community/ImpishUpgrades
Ubuntu 21.10 continues to be actively supported with security updates and select high-impact bug fixes. Announcements of security updates for Ubuntu releases are sent to the ubuntu-security-announce mailing list, information about which may be found at:
lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Since its launch in October 2004 Ubuntu has become one of the most highly regarded Linux distributions with millions of users in homes, schools, businesses and governments around the world. Ubuntu is Open Source software, costs nothing to download, and users are free to customise or alter their software in order to meet their needs.
On behalf of the Ubuntu Release Team,

[Security-announce] VMSA-2021-0028 Updates

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1
VMSA-2021-0028 – VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Please see the updated advisory here: www.vmware.com/security/advisories/VMSA-2021-0028.html
Changelog: 2022-01-19: VMSA-2021-0028.9
Revised advisory with updates to multiple products:
vRealize Automation vRealize Orchestrator NSX Intelligence vRealize Lifecycle Manager
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit lists.vmware.com/mailman/listinfo/security-announce. —–BEGIN PGP SIGNATURE—–
iF0EARECAB0WIQQATpKvqUhghXJhavw/xTN5GfcH8QUCYeho0gAKCRA/xTN5GfcH 8f57AJ4tekm0/xrRH6NOj5boBSqw+8VW9ACZARfltO/RZTQIxasgZgS+aKagGdI= =LBBs —–END PGP SIGNATURE—– _______________________________________________ Security-announce mailing list Security-announce@lists.vmware.com lists.vmware.com/mailman/listinfo/security-announce

[USN-5241-1] QtSvg vulnerabilities

========================================================================== Ubuntu Security Notice USN-5241-1 January 19, 2022
qtsvg-opensource-src vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in QtSvg.
Software Description: – qtsvg-opensource-src: Qt 5 SVG module
Details:
It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: libqt5svg5 5.9.5-0ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5241-1 CVE-2018-19869, CVE-2021-3481, CVE-2021-45930
Package Information: launchpad.net/ubuntu/+source/qtsvg-opensource-src/5.9.5-0ubuntu1.1

[USN-5240-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-5240-1 January 19, 2022
linux, linux-aws, linux-aws-5.11, linux-aws-5.4, linux-azure, linux-azure-5.11, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.11, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oem-5.10, linux-oem-5.13, linux-oem-5.14, linux-oracle, linux-oracle-5.11, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description: – linux: Linux kernel – linux-aws: Linux kernel for Amazon Web Services (AWS) systems – linux-azure: Linux kernel for Microsoft Azure Cloud systems – linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems – linux-kvm: Linux kernel for cloud environments – linux-oracle: Linux kernel for Oracle Cloud systems – linux-raspi: Linux kernel for Raspberry Pi systems – linux-aws-5.11: Linux kernel for Amazon Web Services (AWS) systems – linux-azure-5.11: Linux kernel for Microsoft Azure cloud systems – linux-bluefield: Linux kernel for NVIDIA BlueField platforms – linux-gcp-5.11: Linux kernel for Google Cloud Platform (GCP) systems – linux-gke: Linux kernel for Google Container Engine (GKE) systems – linux-gkeop: Linux kernel for Google Container Engine (GKE) systems – linux-ibm: Linux kernel for IBM cloud systems – linux-oem-5.10: Linux kernel for OEM systems – linux-oem-5.13: Linux kernel for OEM systems – linux-oem-5.14: Linux kernel for OEM systems – linux-oracle-5.11: Linux kernel for Oracle Cloud systems – linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems – linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems – linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems – linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems – linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems – linux-hwe-5.4: Linux hardware enablement (HWE) kernel – linux-oracle-5.4: Linux kernel for Oracle Cloud systems – linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: linux-image-5.13.0-1010-kvm 5.13.0-1010.11 linux-image-5.13.0-1011-aws 5.13.0-1011.12 linux-image-5.13.0-1012-azure 5.13.0-1012.14 linux-image-5.13.0-1012-gcp 5.13.0-1012.15 linux-image-5.13.0-1015-oracle 5.13.0-1015.19 linux-image-5.13.0-1015-raspi 5.13.0-1015.17 linux-image-5.13.0-1015-raspi-nolpae 5.13.0-1015.17 linux-image-5.13.0-27-generic 5.13.0-27.29 linux-image-5.13.0-27-generic-64k 5.13.0-27.29 linux-image-5.13.0-27-generic-lpae 5.13.0-27.29 linux-image-5.13.0-27-lowlatency 5.13.0-27.29 linux-image-aws 5.13.0.1011.12 linux-image-azure 5.13.0.1012.12 linux-image-gcp 5.13.0.1012.11 linux-image-generic 5.13.0.27.37 linux-image-generic-64k 5.13.0.27.37 linux-image-generic-lpae 5.13.0.27.37 linux-image-gke 5.13.0.1012.11 linux-image-kvm 5.13.0.1010.10 linux-image-lowlatency 5.13.0.27.37 linux-image-oem-20.04 5.13.0.27.37 linux-image-oracle 5.13.0.1015.15 linux-image-raspi 5.13.0.1015.20 linux-image-raspi-nolpae 5.13.0.1015.20 linux-image-virtual 5.13.0.27.37
Ubuntu 21.04: linux-image-5.11.0-1024-kvm 5.11.0-1024.27 linux-image-5.11.0-1027-aws 5.11.0-1027.30 linux-image-5.11.0-1027-azure 5.11.0-1027.30 linux-image-5.11.0-1027-oracle 5.11.0-1027.30 linux-image-5.11.0-1027-raspi 5.11.0-1027.30 linux-image-5.11.0-1027-raspi-nolpae 5.11.0-1027.30 linux-image-5.11.0-1028-gcp 5.11.0-1028.32 linux-image-5.11.0-49-generic 5.11.0-49.55 linux-image-5.11.0-49-generic-64k 5.11.0-49.55 linux-image-5.11.0-49-generic-lpae 5.11.0-49.55 linux-image-5.11.0-49-lowlatency 5.11.0-49.55 linux-image-aws 5.11.0.1027.26 linux-image-azure 5.11.0.1027.26 linux-image-gcp 5.11.0.1028.26 linux-image-generic 5.11.0.49.48 linux-image-generic-64k 5.11.0.49.48 linux-image-generic-lpae 5.11.0.49.48 linux-image-gke 5.11.0.1028.26 linux-image-kvm 5.11.0.1024.24 linux-image-lowlatency 5.11.0.49.48 linux-image-oem-20.04 5.11.0.49.48 linux-image-oracle 5.11.0.1027.26 linux-image-raspi 5.11.0.1027.24 linux-image-raspi-nolpae 5.11.0.1027.24 linux-image-virtual 5.11.0.49.48
Ubuntu 20.04 LTS: linux-image-5.10.0-1057-oem 5.10.0-1057.61 linux-image-5.11.0-1027-aws 5.11.0-1027.30~20.04.1 linux-image-5.11.0-1027-azure 5.11.0-1027.30~20.04.1 linux-image-5.11.0-1027-oracle 5.11.0-1027.30~20.04.1 linux-image-5.11.0-1028-gcp 5.11.0-1028.32~20.04.1 linux-image-5.13.0-1028-oem 5.13.0-1028.35 linux-image-5.14.0-1020-oem 5.14.0-1020.22 linux-image-5.4.0-1012-ibm 5.4.0-1012.13 linux-image-5.4.0-1025-bluefield 5.4.0-1025.28 linux-image-5.4.0-1031-gkeop 5.4.0-1031.32 linux-image-5.4.0-1050-raspi 5.4.0-1050.56 linux-image-5.4.0-1053-kvm 5.4.0-1053.55 linux-image-5.4.0-1059-gke 5.4.0-1059.62 linux-image-5.4.0-1061-oracle 5.4.0-1061.65 linux-image-5.4.0-1062-gcp 5.4.0-1062.66 linux-image-5.4.0-1067-azure 5.4.0-1067.70 linux-image-5.4.0-96-generic 5.4.0-96.109 linux-image-5.4.0-96-generic-lpae 5.4.0-96.109 linux-image-5.4.0-96-lowlatency 5.4.0-96.109 linux-image-aws 5.11.0.1027.30~20.04.25 linux-image-aws-lts-20.04 5.4.0.1063.65 linux-image-azure 5.11.0.1027.30~20.04.25 linux-image-azure-lts-20.04 5.4.0.1067.65 linux-image-bluefield 5.4.0.1025.26 linux-image-gcp 5.11.0.1028.32~20.04.26 linux-image-gcp-lts-20.04 5.4.0.1062.72 linux-image-generic 5.4.0.96.100 linux-image-generic-lpae 5.4.0.96.100 linux-image-gke 5.4.0.1059.69 linux-image-gke-5.4 5.4.0.1059.69 linux-image-gkeop 5.4.0.1031.34 linux-image-gkeop-5.4 5.4.0.1031.34 linux-image-ibm 5.4.0.1012.13 linux-image-ibm-lts-20.04 5.4.0.1012.13 linux-image-kvm 5.4.0.1053.52 linux-image-lowlatency 5.4.0.96.100 linux-image-oem 5.4.0.96.100 linux-image-oem-20.04 5.10.0.1057.57 linux-image-oem-20.04b 5.10.0.1057.57 linux-image-oem-20.04c 5.13.0.1028.30 linux-image-oem-20.04d 5.14.0.1020.17 linux-image-oem-osp1 5.4.0.96.100 linux-image-oracle 5.11.0.1027.30~20.04.19 linux-image-oracle-lts-20.04 5.4.0.1061.61 linux-image-raspi 5.4.0.1050.84 linux-image-raspi2 5.4.0.1050.84 linux-image-virtual 5.4.0.96.100
Ubuntu 18.04 LTS: linux-image-5.4.0-1031-gkeop 5.4.0-1031.32~18.04.1 linux-image-5.4.0-1050-raspi 5.4.0-1050.56~18.04.1 linux-image-5.4.0-1059-gke 5.4.0-1059.62~18.04.1 linux-image-5.4.0-1061-oracle 5.4.0-1061.65~18.04.1 linux-image-5.4.0-1062-gcp 5.4.0-1062.66~18.04.1 linux-image-5.4.0-1067-azure 5.4.0-1067.70~18.04.1 linux-image-5.4.0-96-generic 5.4.0-96.109~18.04.1 linux-image-5.4.0-96-generic-lpae 5.4.0-96.109~18.04.1 linux-image-5.4.0-96-lowlatency 5.4.0-96.109~18.04.1 linux-image-aws 5.4.0.1063.45 linux-image-azure 5.4.0.1067.46 linux-image-gcp 5.4.0.1062.47 linux-image-generic-hwe-18.04 5.4.0.96.109~18.04.84 linux-image-generic-lpae-hwe-18.04 5.4.0.96.109~18.04.84 linux-image-gke-5.4 5.4.0.1059.62~18.04.23 linux-image-gkeop-5.4 5.4.0.1031.32~18.04.31 linux-image-lowlatency-hwe-18.04 5.4.0.96.109~18.04.84 linux-image-oem 5.4.0.96.109~18.04.84 linux-image-oem-osp1 5.4.0.96.109~18.04.84 linux-image-oracle 5.4.0.1061.65~18.04.40 linux-image-raspi-hwe-18.04 5.4.0.1050.52 linux-image-snapdragon-hwe-18.04 5.4.0.96.109~18.04.84 linux-image-virtual-hwe-18.04 5.4.0.96.109~18.04.84
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5240-1 CVE-2022-0185
Package Information: launchpad.net/ubuntu/+source/linux/5.13.0-27.29 launchpad.net/ubuntu/+source/linux-aws/5.13.0-1011.12 launchpad.net/ubuntu/+source/linux-azure/5.13.0-1012.14 launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1012.15 launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1010.11 launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1015.19 launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1015.17 launchpad.net/ubuntu/+source/linux/5.11.0-49.55 launchpad.net/ubuntu/+source/linux-aws/5.11.0-1027.30 launchpad.net/ubuntu/+source/linux-azure/5.11.0-1027.30 launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1028.32 launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1024.27 launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1027.30 launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1027.30 launchpad.net/ubuntu/+source/linux/5.4.0-96.109 launchpad.net/ubuntu/+source/linux-aws/5.4.0-1063.66 launchpad.net/ubuntu/+source/linux-aws-5.11/5.11.0-1027.30~20.04.1 launchpad.net/ubuntu/+source/linux-azure/5.4.0-1067.70 launchpad.net/ubuntu/+source/linux-azure-5.11/5.11.0-1027.30~20.04.1 launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1025.28 launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1062.66 launchpad.net/ubuntu/+source/linux-gcp-5.11/5.11.0-1028.32~20.04.1 launchpad.net/ubuntu/+source/linux-gke/5.4.0-1059.62 launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1031.32 launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1012.13 launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1053.55 launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1057.61 launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1028.35 launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1020.22 launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1061.65 launchpad.net/ubuntu/+source/linux-oracle-5.11/5.11.0-1027.30~20.04.1 launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1050.56 launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1063.66~18.04.1 launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1067.70~18.04.1 launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1062.66~18.04.1 launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1059.62~18.04.1 launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1031.32~18.04.1 launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-96.109~18.04.1 launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1061.65~18.04.1 launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1050.56~18.04.1

[USN-5233-2] ClamAV vulnerability

========================================================================== Ubuntu Security Notice USN-5233-2 January 19, 2022
clamav vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
ClamAV could be made to crash if it opened a specially crafted file.
Software Description: – clamav: Anti-virus utility for Unix
Details:
USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.5+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.5+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5233-2 ubuntu.com/security/notices/USN-5233-1 CVE-2022-20698

[CentOS-announce] CESA-2022:0063 Moderate CentOS 7 kernel Security Update

CentOS Errata and Security Advisory 2022:0063 Moderate
Upstream details at : access.redhat.com/errata/RHSA-2022:0063
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 168cb87176ec6a7a6805dcccc50c34a22945c1ebfd027164ff0028a1a140a637 bpftool-3.10.0-1160.53.1.el7.x86_64.rpm 53452ad31f9655e8f71a0b4c49b118b9337855433c50f25a9f5a75b92ebb8a8a kernel-3.10.0-1160.53.1.el7.x86_64.rpm adf17c4b2070f73fe44e9fc11648947e83c86d37a4e3532c9d77d3d8e9ae50e5 kernel-abi-whitelists-3.10.0-1160.53.1.el7.noarch.rpm 6817bc65309730ab6a1f49ab977c2ea11a9cb5a2f623376008276eeda89f41da kernel-debug-3.10.0-1160.53.1.el7.x86_64.rpm 619978f4cd3319fc56335a010d227ac9446de3fe27758ad4f22319183b1a35bb kernel-debug-devel-3.10.0-1160.53.1.el7.x86_64.rpm d2642493abe4c602af8bd00a8d0954219b93cb84fabd9870230cad39d45b9ee7 kernel-devel-3.10.0-1160.53.1.el7.x86_64.rpm a80e94c28a71146376496e2e9902a431fca968386feb3bcfc1a8b876f55f48ce kernel-doc-3.10.0-1160.53.1.el7.noarch.rpm 4fdc56dc0f2c90e2f3e04a9191f8f4da825b37f6ac25fe246820e255ce02e8a1 kernel-headers-3.10.0-1160.53.1.el7.x86_64.rpm e107c061dd44f2966524c0a39c675a112e3f712a7f1b891c19bc27ddadc6d91b kernel-tools-3.10.0-1160.53.1.el7.x86_64.rpm 6f1bbacef1dc67ded3f5dae9926f3a9422cbb14531e25cbb1668f8ac69d00b8d kernel-tools-libs-3.10.0-1160.53.1.el7.x86_64.rpm 48050d32a9ddb2c79d03c638c04cd306724f7ac310231a77812108d47d170a94 kernel-tools-libs-devel-3.10.0-1160.53.1.el7.x86_64.rpm 70e9899b03ea3d4adef955f81b9ef893b9391bf9f209434d85b8d5254d3b97e0 perf-3.10.0-1160.53.1.el7.x86_64.rpm 3a576a2d4c9d495a81817e62770bc36d792d089f36be65e81f5449f4f304415e python-perf-3.10.0-1160.53.1.el7.x86_64.rpm
Source: 0ccd3b419ddb59738ad345ec66203a38f2d42df2f1fb1051807145f2459dbf91 kernel-3.10.0-1160.53.1.el7.src.rpm

[USN-5235-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-5235-1 January 18, 2022
ruby2.3, ruby2.5, ruby2.7 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Ruby.
Software Description: – ruby2.7: Object-oriented scripting language – ruby2.5: Object-oriented scripting language – ruby2.3: Object-oriented scripting language
Details:
It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-41816)
It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service. (CVE-2021-41817)
It was discovered that Ruby incorrectly handled certain cookie names. An attacker could possibly use this issue to access or expose sensitive information. (CVE-2021-41819)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: ruby2.7 2.7.4-1ubuntu3.1
Ubuntu 21.04: ruby2.7 2.7.2-4ubuntu1.3
Ubuntu 20.04 LTS: ruby2.7 2.7.0-5ubuntu1.6
Ubuntu 18.04 LTS: ruby2.5 2.5.1-1ubuntu1.11
Ubuntu 16.04 ESM: ruby2.3 2.3.1-2~ubuntu16.04.16+esm2
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5235-1 CVE-2021-41816, CVE-2021-41817, CVE-2021-41819
Package Information: launchpad.net/ubuntu/+source/ruby2.7/2.7.4-1ubuntu3.1 launchpad.net/ubuntu/+source/ruby2.7/2.7.2-4ubuntu1.3 launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.6 launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.11

[Security-announce] Moderate Severity – VMSA-2022-0002 – VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1
VMSA-2022-0002 – VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Please see the advisory here: www.vmware.com/security/advisories/VMSA-2022-0002.html
Impacted Products:
VMware Workstation Pro / Player (Workstation) VMware Horizon Client for Windows
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit lists.vmware.com/mailman/listinfo/security-announce. —–BEGIN PGP SIGNATURE—–
iF0EARECAB0WIQQATpKvqUhghXJhavw/xTN5GfcH8QUCYebWsAAKCRA/xTN5GfcH 8WRaAKD+IF4XgG2NSpuJ5KjHO0ok+JCNegCgvqg0rddTOO29U4DO8/R1qY66YRE= =rP2e —–END PGP SIGNATURE—– _______________________________________________ Security-announce mailing list Security-announce@lists.vmware.com lists.vmware.com/mailman/listinfo/security-announce

[CentOS-announce] CESA-2022:0162 Important CentOS 7 gegl Security Update

CentOS Errata and Security Advisory 2022:0162 Important
Upstream details at : access.redhat.com/errata/RHSA-2022:0162
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 0f6e2c2f22024dd4f9db5cb729bdd2f2744882ba37e965a50b954f861c99243b gegl-0.2.0-19.el7_9.1.i686.rpm 73e2cf9bb12255322e5252ec0b918e3e62d5c6df5b610dd7d2ecf351b34f1365 gegl-0.2.0-19.el7_9.1.x86_64.rpm 666bdeb5237f9bac4020a4b5da35bdc2b27ec3fe6d28b4e3823d1ad165c013b5 gegl-devel-0.2.0-19.el7_9.1.i686.rpm c0c2b524cce50372b06ea8c7a4618f02d379ce6a9cbf9b2a7bbd6e21c4a80dd7 gegl-devel-0.2.0-19.el7_9.1.x86_64.rpm
Source: 85bbcb73bc56e294a63a99b3d83dd384a40bd8ec65fbf6d7ffb590b66223a6f4 gegl-0.2.0-19.el7_9.1.src.rpm

[CentOS-announce] CEBA-2022:0156 CentOS 7 openssl BugFix Update

CentOS Errata and Bugfix Advisory 2022:0156
Upstream details at : access.redhat.com/errata/RHBA-2022:0156
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 23e60a3de6f5ccfa5704efa5c39a19b795f04e65312ef6af6e4264233e4fa953 openssl-1.0.2k-24.el7_9.x86_64.rpm 37388f00a7d1fc6d93e26f1ef6a2ace5b99ec8b0ff895e5d156253d00fa59db3 openssl-devel-1.0.2k-24.el7_9.i686.rpm 94cc4c729c9fc12e3385fb74c8004acc5ebf27eed73cae3facf775403d14109e openssl-devel-1.0.2k-24.el7_9.x86_64.rpm c403db828d16aa325941eddc93e7be599767dc0bb4ec3be436c20c8a9ad14744 openssl-libs-1.0.2k-24.el7_9.i686.rpm 9f4028fe73544b73e189e0028f1dae14bb0a141130988e21021ac4cef2074065 openssl-libs-1.0.2k-24.el7_9.x86_64.rpm fc6cceaef55bd37f4fcdef13e567e0f496246d1ef59bd1803f1d77af60ef774a openssl-perl-1.0.2k-24.el7_9.x86_64.rpm eff160acd2825b382858cba77f4f60a433755fd1621b6510f0a8a57dae54a512 openssl-static-1.0.2k-24.el7_9.i686.rpm 0460e382ab0b0ff062ef27fbd07fe4a599aeb4704c295ef0ba4f0c14632a257a openssl-static-1.0.2k-24.el7_9.x86_64.rpm
Source: 458bede29a46731dd90310f1fcfc01234f0acf021d9176f6d773cf5c6125ad1e openssl-1.0.2k-24.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0070 CentOS 7 pki-core BugFix Update

CentOS Errata and Bugfix Advisory 2022:0070
Upstream details at : access.redhat.com/errata/RHBA-2022:0070
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: b09cfd3f84ca7ac6c285e49ce46e9ee51537af067b1965560dd41d5f82f50dee pki-base-10.5.18-19.el7_9.noarch.rpm 74b69c0cad0206438485f298e20a6d074c6e227e6785bba46afaca709e38ef8b pki-base-java-10.5.18-19.el7_9.noarch.rpm f3d62a8cb0a97c76e6a8d6432f16d9b3f9040d5289f63d709f50a3776efaa8b4 pki-ca-10.5.18-19.el7_9.noarch.rpm 78bf4a4e4e5885b5d88e541e46d3237eddae49bc51b74c8c40c52741b0ce4534 pki-javadoc-10.5.18-19.el7_9.noarch.rpm 5fb4e74677604f4bdb11376b47ccc1642147df00b0cd8d54f349ffc0749a8bf7 pki-kra-10.5.18-19.el7_9.noarch.rpm 3442dd9e3cb39ce1bccd183f239742f4ae9a9499d4772d140b7b2a2c451d5507 pki-server-10.5.18-19.el7_9.noarch.rpm ab37b1d65a0c8a304dddc11c7c15156bfbf447331a7afdff3f2f1c4a7632a7ff pki-symkey-10.5.18-19.el7_9.x86_64.rpm 7fad090d109f3a2e81094996192b76c6a9c2f3dc5bdf9730d806f26705d9ec47 pki-tools-10.5.18-19.el7_9.x86_64.rpm
Source: 2e13ed3dbdc34ba95842a7e2d64b791252f866d36881b45b27e734291d6ada50 pki-core-10.5.18-19.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0066 CentOS 7 systemd BugFix Update

CentOS Errata and Bugfix Advisory 2022:0066
Upstream details at : access.redhat.com/errata/RHBA-2022:0066
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: de11efb648c50dca4022b29c14b4bc06fdcb8f36be5009d20018c917583af9bc libgudev1-219-78.el7_9.5.i686.rpm 1ee43730cfd6c1751ff45f321c91c0f0965e683e47cb52b91f87ac210ed93c1a libgudev1-219-78.el7_9.5.x86_64.rpm dcccb19275e44c98b220ff45b313949c6d1e421f5326c9e3d8f568c1ae986c15 libgudev1-devel-219-78.el7_9.5.i686.rpm c5512bfc8f5d17195d34252e20dd34ef75e390d9bb8a38b30ba8be4e5c0904ad libgudev1-devel-219-78.el7_9.5.x86_64.rpm 40f5419ef2f5f5628caafd1966853e3ed258c5f6cb1984c8471c853323bd793b systemd-219-78.el7_9.5.x86_64.rpm dd83fab8ff66edc9c2eb4cce6304324d64c9a9f43b6f394c7886c2bbb9f6c689 systemd-devel-219-78.el7_9.5.i686.rpm e18ea59775bba4c1bd311fdb9225cf287d5862c29e8b3199c4ad3bf57a00b83e systemd-devel-219-78.el7_9.5.x86_64.rpm bea5901fa1364aca49ab785c08b8debad25fab28cdc3793bf3925cb1cd91f136 systemd-journal-gateway-219-78.el7_9.5.x86_64.rpm 89ba59bcc18f02cf622a16a2b4485ddbebf2c0e577d2b9cc5b891f7f18b2b729 systemd-libs-219-78.el7_9.5.i686.rpm c39c2b1f50d0ee1b0b3edd4f05c23ffa2f7d0cf847b1f78fc6f36f9f4bb83c8f systemd-libs-219-78.el7_9.5.x86_64.rpm 7a957336373214b86e031556081bbbfea7f560af4a8ad2dbd60475b20bc824d2 systemd-networkd-219-78.el7_9.5.x86_64.rpm de628f3727cacb859cd8375cb35493f4ee9c74aeb3751c1ba0c049341d84eb2e systemd-python-219-78.el7_9.5.x86_64.rpm 53f19e6a64582f844301bdf853863da54891f234bc44dc77426164612697903d systemd-resolved-219-78.el7_9.5.i686.rpm 45631c9c56e97ad1c34577b8df4c774f108693f67b52f45cfe6915a3e3f40208 systemd-resolved-219-78.el7_9.5.x86_64.rpm 5597c86554e7f88c701acbd24766aa87c93c449673c10e38cbd74b8bbf5e84fa systemd-sysv-219-78.el7_9.5.x86_64.rpm
Source: 51423b95ac28065a08e2f4b1d74fd31fe1c3c92bc559a993dbf0680e769265cc systemd-219-78.el7_9.5.src.rpm

[CentOS-announce] CEBA-2022:0060 CentOS 7 perl-DBD-Pg BugFix Update

CentOS Errata and Bugfix Advisory 2022:0060
Upstream details at : access.redhat.com/errata/RHBA-2022:0060
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 4cd8e9cddd54af538fc6e1a395c1cb5338b2616fac4687ec3606a53441b3b88d perl-DBD-Pg-2.19.3-5.el7_9.x86_64.rpm a42f0d2d5c250a9f3a20b0d1766de040990c5ff04917d87601eb5ecaca50cc8b perl-DBD-Pg-tests-2.19.3-5.el7_9.x86_64.rpm
Source: 4a4e7ed53e63974b09ded0ff47a790a9c791266fa949cc2b88a303a20bf64016 perl-DBD-Pg-2.19.3-5.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0062 CentOS 7 x3270 BugFix Update

CentOS Errata and Bugfix Advisory 2022:0062
Upstream details at : access.redhat.com/errata/RHBA-2022:0062
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 01359f42e5c172df7cebf52260aa08b51811b3cc29728a03a93dc546ffcfd21e x3270-3.3.12ga12-5.el7_9.x86_64.rpm cef919b47e2ac46501512262000f8aa6f2804d306139f51f0a7eb8a4f8443bda x3270-text-3.3.12ga12-5.el7_9.x86_64.rpm 3bea27ba9e28b7b2fc421da397e966e4cec0ae9373ddb86b7cee9186fcc5ec16 x3270-x11-3.3.12ga12-5.el7_9.x86_64.rpm
Source: 2024f89e7f2bacd5934da77791c9773cfef30570a4b6dd2069ec7346ffc85155 x3270-3.3.12ga12-5.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0061 CentOS 7 unzip BugFix Update

CentOS Errata and Bugfix Advisory 2022:0061
Upstream details at : access.redhat.com/errata/RHBA-2022:0061
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 317a76559462ea9c4e676627bc07ad51cdeabb16ed71de9e1006e9136d921666 unzip-6.0-24.el7_9.x86_64.rpm
Source: 16f06f851e6a1668c9e28e990a9536ea82252cc958bf4e6c566022a47b3877c8 unzip-6.0-24.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0067 CentOS 7 cronie BugFix Update

CentOS Errata and Bugfix Advisory 2022:0067
Upstream details at : access.redhat.com/errata/RHBA-2022:0067
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 64c5a32d35ccc6312c43d89cfee42872bacebecc43ec10e09f90916daedb80da cronie-1.4.11-24.el7_9.x86_64.rpm 87818b04247bfad1a3a5ad6b7d4ba90f571e7df0d267da4a66fd5e1e17409c65 cronie-anacron-1.4.11-24.el7_9.x86_64.rpm d97cce4820b6ef5656963548218f0d4ff9ef7c504f16623dd12d6b73c7cf2e2f cronie-noanacron-1.4.11-24.el7_9.x86_64.rpm
Source: 333770ca04522c51d6570c2c4cbae9626937780535d63e6eb113d65680b35e27 cronie-1.4.11-24.el7_9.src.rpm