Advisory for Ubuntu Security Update

  • NIC-CERT/2022-04/165
  • Date: 2022-04-01
  • CVE ID: Multiple
  • Severity: High

A. Description:

Multiple vulnerabilities have been reported in multiple Ubuntu packages which could allow an attackerto take control of the affected system.

B. Security Issues Fixed:

Ubuntu has released an advisory for multiple packages which contains vulnerabilities in

Linux kernel, tomcat and rsync.

C. Affected Package and Solution:

Affected Package

CVE IDs

Updated Version

linux- Linux kernel

linux-aws- Linux kernel for Amazon Web Services (AWS) systems

linux-azure-4.15- Linux kernel for Microsoft Azure Cloud systems

linux-dell300x- Linux kernel for Dell 300x platforms

linux-hwe- Linux hardware enablement (HWE) kernel

linux-kvm- Linux kernel for cloud environments

linux-snapdragon- Linux kernel for Qualcomm Snapdragon processors

CVE-2022-27666

Ubuntu 18.04
Ubuntu 16.04

linux- Linux kernel

linux-aws- Linux kernel for Amazon Web Services (AWS) systems

linux-azure- Linux kernel for Microsoft Azure Cloud systems

linux-gcp- Linux kernel for Google Cloud Platform (GCP) systems

linux-hwe-5.13- Linux hardware enablement (HWE) kernel

linux-hwe-5.4- Linux hardware enablement (HWE) kernel

linux-kvm- Linux kernel for cloud environments

linux-oracle- Linux kernel for Oracle Cloud systems

linux-oracle-5.4- Linux kernel for Oracle Cloud systems

CVE-2022-27666

CVE-2022-1055

Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04

rsync- fast, versatile, remote (and local) file-copying tool

CVE-2018-25032

Ubuntu 20.04
Ubuntu 18.04

tomcat9- Apache Tomcat 9 - Servlet and JSP engine

CVE-2021-33037

CVE-2020-17527

CVE-2020-9484

CVE-2021-25329

CVE-2020-9494

CVE-2021-25122

CVE-2021-30640

CVE-2021-41079

CVE-2020-13943

Ubuntu 20.04
Ubuntu 18.04

linux-aws-hwe- Linux kernel for Amazon Web Services (AWS-HWE) systems

linux-gcp-4.15- Linux kernel for Google Cloud Platform (GCP) systems

linux-oracle- Linux kernel for Oracle Cloud systems

CVE-2022-27666

Ubuntu 18.04
Ubuntu 16.04

linux-aws-5.4- Linux kernel for Amazon Web Services (AWS) systems

linux-azure- Linux kernel for Microsoft Azure Cloud systems

linux-gcp- Linux kernel for Google Cloud Platform (GCP) systems

linux-gcp-5.13- Linux kernel for Google Cloud Platform (GCP) systems

linux-gcp-5.4- Linux kernel for Google Cloud Platform (GCP) systems

linux-gke- Linux kernel for Google Container Engine (GKE) systems

linux-gke-5.4- Linux kernel for Google Container Engine (GKE) systems

linux-gkeop- Linux kernel for Google Container Engine (GKE) systems

linux-gkeop-5.4- Linux kernel for Google Container Engine (GKE) systems

CVE-2022-1055

CVE-2022-27666

Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04

openjdk-lts- Open Source Java implementation

CVE-2022-21248

CVE-2022-21277

CVE-2022-21282

CVE-2022-21283

CVE-2022-21291

CVE-2022-21293

CVE-2022-21294

CVE-2022-21296

CVE-2022-21299

CVE-2022-21305

CVE-2022-21340

CVE-2022-21341

CVE-2022-21360

CVE-2022-21366

CVE-2022-21365

Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04

The problem can be corrected by updating your system the updated package versions:

D. References:

https://ubuntu.com/security/notices