Advisory for Ubuntu Packages Security Update
- NIC-CERT/2023-03/050
- Date: 2023-03-03
- CVE ID: Multiple
- Severity: High
Advisory for Ubuntu Packages Security Update
- Description:
Multiple vulnerabilities have been reported in multiple Ubuntu packages which could allow an attackerto take control of the affected system.
- Security Issues Fixed:
Ubuntu has released an advisory for multiple packages which contains vulnerabilities in
Linux kernel, pip, rack,sudo etc.
- Affected Package and Solution:
|
Affected Package |
CVE IDs |
Updated Version |
|
linux- Linux kernel linux-aws- Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15- Linux kernel for Amazon Web Services (AWS) systems linux-azure- Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15- Linux kernel for Microsoft Azure cloud systems linux-azure-fde- Linux kernel for Microsoft Azure CVM cloud systems linux-gcp- Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-5.15- Linux kernel for Google Cloud Platform (GCP) systems linux-gke- Linux kernel for Google Container Engine (GKE) systems linux-gke-5.15- Linux kernel for Google Container Engine (GKE) systems linux-hwe-5.15- Linux hardware enablement (HWE) kernel linux-lowlatency- Linux low latency kernel linux-lowlatency-hwe-5.15- Linux low latency kernel linux-oracle- Linux kernel for Oracle Cloud systems linux-oracle-5.15- Linux kernel for Oracle Cloud systems |
CVE-2022-42329 CVE-2022-47518 CVE-2022-3545 CVE-2022-4139 CVE-2022-47519 CVE-2023-0461 CVE-2022-3344 CVE-2022-4379 CVE-2022-45869 CVE-2022-47520 CVE-2022-42328 CVE-2023-0179 CVE-2022-47521 CVE-2023-0468 CVE-2022-3521 CVE-2022-3435 CVE-2022-3169 |
Ubuntu 22.04 LTS Ubuntu 20.04 LTS |
|
linux- Linux kernel linux-aws- Linux kernel for Amazon Web Services (AWS) systems linux-azure- Linux kernel for Microsoft Azure Cloud systems linux-gcp- Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-5.19- Linux hardware enablement (HWE) kernel linux-ibm- Linux kernel for IBM cloud systems linux-lowlatency- Linux low latency kernel linux-oracle- Linux kernel for Oracle Cloud systems |
CVE-2022-3169 CVE-2022-3521 CVE-2022-3344 CVE-2022-3545 CVE-2022-3435 CVE-2022-45869 CVE-2022-47518 CVE-2023-0461 CVE-2022-47519 CVE-2022-4139 CVE-2022-4379 CVE-2022-47521 CVE-2022-47520 CVE-2023-0179 |
Ubuntu 22.10 Ubuntu 22.04 LTS |
|
ruby-rack- modular Ruby webserver interface |
CVE-2022-44571 CVE-2022-44572 CVE-2022-44570 |
Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
linux-azure-fde- Linux kernel for Microsoft Azure CVM cloud systems |
CVE-2022-41849 CVE-2022-41850 CVE-2022-42895 CVE-2022-3628 CVE-2023-20928 CVE-2022-3649 CVE-2022-3640 |
Ubuntu 20.04 LTS |
|
python-pip- Python package installer |
None |
Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
sudo- Provide limited super user privileges to specific users |
CVE-2023-27320 |
Ubuntu 22.10 Ubuntu 22.04 LTS |
|
git- fast, scalable, distributed revision control system |
CVE-2023-22490 |
Ubuntu 18.04 LTS |
|
c-ares- library for asynchronous name resolution |
CVE-2022-4904 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
postgresql-12- Object-relational SQL database postgresql-14- Object-relational SQL database |
CVE-2022-41862 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS |
|
php7.0- HTML-embedded scripting language interpreter |
CVE-2023-0568 CVE-2023-0662 CVE-2022-31629 CVE-2022-31628 CVE-2022-31631 |
Ubuntu 16.04 ESM |
|
sox- Swiss army knife of sound processing |
CVE-2021-3643 CVE-2021-23172 CVE-2021-23159 CVE-2022-31650 CVE-2019-13590 CVE-2021-40426 CVE-2021-33844 CVE-2021-23210 CVE-2022-31651 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
git- fast, scalable, distributed revision control system |
CVE-2022-23521 CVE-2022-41903 |
Ubuntu 14.04 ESM |
|
firefox- Mozilla Open Source web browser |
CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25739 CVE-2023-25731 CVE-2023-25736 CVE-2023-25737 CVE-2023-25741 CVE-2023-25744 CVE-2023-25745 |
Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
tar- GNU version of the tar archiving utility |
CVE-2022-48303 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
lighttpd- fast webserver with minimal memory footprint |
CVE-2022-41556 CVE-2022-22707 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS |
|
expat- XML parsing C library |
CVE-2022-40674 CVE-2022-43680 |
Ubuntu 14.04 ESM |
|
php7.2- HTML-embedded scripting language interpreter php7.4- HTML-embedded scripting language interpreter php8.1- HTML-embedded scripting language interpreter |
CVE-2023-0568 CVE-2023-0567 CVE-2023-0662 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
python-pip- Python package installer |
CVE-2022-40898 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
gnutls28- GNU TLS library |
CVE-2023-0361 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS |
|
awstats- powerful and featureful web server log analyzer |
CVE-2022-46391 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM |
|
openjdk-8- Open Source Java implementation |
CVE-2023-21830 CVE-2023-21843 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM |
|
openjdk-17- Open Source Java implementation openjdk-19- Open Source Java implementation openjdk-lts- Open Source Java implementation |
CVE-2023-21843 CVE-2023-21835 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
ruby-rack- modular Ruby webserver interface |
CVE-2022-30123 CVE-2022-30122 |
Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
mplayer- movie player for Unix-like systems |
CVE-2022-38851 CVE-2022-38860 CVE-2022-38855 CVE-2022-38861 CVE-2022-38865 CVE-2022-38863 CVE-2022-38864 CVE-2022-38858 CVE-2022-38866 CVE-2022-38850 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM |
|
curl- HTTP, HTTPS, and FTP client and client libraries |
CVE-2021-22925 CVE-2021-22898 CVE-2022-43552 |
Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
|
webkit2gtk- Web content engine library for GTK+ |
CVE-2023-23529 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS |
|
nss- Network Security Service library |
CVE-2022-3479 CVE-2023-0767 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
curl- HTTP, HTTPS, and FTP client and client libraries |
CVE-2023-23915 CVE-2023-23914 CVE-2023-23916 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS |
|
zoneminder- video camera security and surveillance solution |
CVE-2019-7332 CVE-2019-7326 CVE-2019-7328 CVE-2019-7330 CVE-2019-7329 CVE-2019-6777 CVE-2019-7325 CVE-2019-6991 CVE-2019-6992 CVE-2019-7327 CVE-2019-6990 CVE-2019-7331 CVE-2022-29806 |
Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 16.04 ESM |
|
clamav- Anti-virus utility for Unix |
CVE-2023-20032 CVE-2023-20052 |
Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 ESM Ubuntu 14.04 ESM |
The problem can be corrected by updating your system the updated package versions:
- References:
https://ubuntu.com/security/notices
