php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. 

**Summary**

When handling <use> tag that references an <image> tag, it merges the attributes from the <use> tag to the <image> tag. The problem pops up especially when the href attribute from the <use> tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP < 8.

**Details**

When parsing an <use> tag, it will try to find the referenced object refered by the href attribute. If it is found, it will save it on the $referenced property.

When UseTag::handle is called, the attributes of the <use> tag will be merged with the attributes of the referenced tag:

    $mergedAttributes = $this->reference->attributes;
    $attributesToNotMerge = ['x', 'y', 'width', 'height'];
    foreach ($attributes as $attrKey => $attrVal) {
        if (!in_array($attrKey, $attributesToNotMerge) && !isset($mergedAttributes[$attrKey])) {
            $mergedAttributes[$attrKey] = $attrVal;
        }
    }
    

As shown by the above code, the href attribute is included in the merging process, overiding the href attributes of the referenced tag.

The problem comes if the referenced object is an <image> tag, because the href of the original <image> tag will be overiden, thus bypasing any validation that has occured before for the <image> tag (this is the case in dompdf, as dompdf will sanitize the href attribute in svg file).

Now, after the merging process has finished, the referenced object's handle method is called:

    $this->reference->handle($mergedAttributes);
    

When the <image> tag handle method is called, it will try to draw the image but with the href coming from the <use> tag:

    // ImageTag::start
    $this->document->getSurface()->drawImage($this->href, $this->x, $this->y, $this->width, $this->height);
    

Before drawing the image, it will use file_get_contents to load the image based on the href attribute

If this href is pointing to a phar file, it can lead to dangerous deserialization problem ini php <8.

**PoC**

This is the svg used in this research:

    <svg width="200" height="200"
      xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
      <image id="phar:///poc.phar" xlink:href="file:///existing/safe/image.png" />
      <use href="phar:///poc.phar" width="500" height="500"/>
    </svg>
    

When the above code is parsed, the library will load the file via file_get_contents:

    $data = file_get_contents("phar:///poc.phar");
    

**Impact**

In PHP < 8, the above vulnerability could lead to dangerous deserialization from the phar file. This could lead to file deletion (thus causing denial of service), and even RCE, depending on the classes available in the system.

**Mitigation**

Systems utilizing php-svg-lib can implement input validation using logic similar to the following:

    $parser = xml_parser_create("utf-8");
    xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, false);
    xml_set_element_handler(
        $parser,
        function ($parser, $name, $attributes) {
            if (strtolower($name) === "image" || strtolower($name) === "use") {
                $attributes = array_change_key_case($attributes, CASE_LOWER);
                $urls = [];
                $urls[] = $attributes["xlink:href"] ?? "";
                $urls[] = $attributes["href"] ?? "";
                foreach ($urls as $url) {
                    if (!empty($url)) {
                        // perform validation here
                    }
                }
            }
    
            // include other tag/attribute validation
        },
        false
    );
    
    if (($fp = fopen($url, "r")) !== false) {
        while ($line = fread($fp, 8192)) {
            xml_parse($parser, $line, false);
        }
        fclose($fp);
        xml_parse($parser, "", true);
    }
    xml_parser_free($parser);

CVE-2023-50252: Unsafe attributes merge when parsing `use` tag

DHCP Server Service Denial of Service Vulnerability

CVE-2023-35638

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

CVE-2023-35621

Windows Kernel Denial of Service Vulnerability

CVE-2023-35635

Microsoft Defender Denial of Service Vulnerability

CVE-2023-36010

Internet Connection Sharing (ICS) Denial of Service Vulnerability

CVE-2023-35642

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6550-1December 12, 2023postfixadmin vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS (Available with Ubuntu Pro)- Ubuntu 20.04 LTS (Available with Ubuntu Pro)- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in PostfixAdmin.Software Description:- postfixadmin: Virtual mail hosting interface for PostfixDetails:It was discovered that Smarty, that is integrated in the PostfixAdmincode, was not properly sanitizing user input when generating templates. Anattacker could, through PHP injection, possibly use this issue to executearbitrary code. (CVE-2022-29221)It was discovered that Moment.js, that is integrated in the PostfixAdmincode, was using an inefficient parsing algorithm when processing datestrings in the RFC 2822 standard. An attacker could possibly use thisissue to cause a denial of service. (CVE-2022-31129)It was discovered that Smarty, that is integrated in the PostfixAdmincode, was not properly escaping JavaScript code. An attacker couldpossibly use this issue to conduct cross-site scripting attacks (XSS).(CVE-2023-28447)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS (Available with Ubuntu Pro):postfixadmin 3.3.10-2ubuntu0.1~esm1Ubuntu 20.04 LTS (Available with Ubuntu Pro):postfixadmin 3.2.1-3ubuntu0.1~esm1Ubuntu 18.04 LTS (Available with Ubuntu Pro):postfixadmin 3.0.2-2ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6550-1CVE-2022-29221, CVE-2022-31129, CVE-2023-28447

Ubuntu Security Notice USN-6550-1

Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6549-1December 11, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke,linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia,linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the USB subsystem in the Linux kernel contained arace condition while handling device descriptors in certain situations,leading to a out-of-bounds read vulnerability. A local attacker couldpossibly use this to cause a denial of service (system crash).(CVE-2023-37453)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel did not properly initialize a policy data structure, leadingto an out-of-bounds vulnerability. A local privileged attacker could usethis to cause a denial of service (system crash) or possibly exposesensitive information (kernel memory). (CVE-2023-3773)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Sunjoo Park discovered that the netfilter subsystem in the Linux kernel didnot properly validate u32 packets content, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39192)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate SCTP data, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39193)Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem inthe Linux kernel did not properly handle state filters, leading to an out-of-bounds read vulnerability. A privileged local attacker could use this tocause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-39194)It was discovered that a race condition existed in QXL virtual GPU driverin the Linux kernel, leading to a use after free vulnerability. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-39198)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Jason Wang discovered that the virtio ring implementation in the Linuxkernel did not properly handle iov buffers in some situations. A localattacker in a guest VM could use this to cause a denial of service (hostsystem crash). (CVE-2023-5158)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1042-nvidia  5.15.0-1042.42   linux-image-5.15.0-1042-nvidia-lowlatency  5.15.0-1042.42   linux-image-5.15.0-1044-ibm     5.15.0-1044.47   linux-image-5.15.0-1044-raspi   5.15.0-1044.47   linux-image-5.15.0-1048-gcp     5.15.0-1048.56   linux-image-5.15.0-1048-gke     5.15.0-1048.53   linux-image-5.15.0-1048-kvm     5.15.0-1048.53   linux-image-5.15.0-1049-oracle  5.15.0-1049.55   linux-image-5.15.0-1051-aws     5.15.0-1051.56   linux-image-5.15.0-1053-azure   5.15.0-1053.61   linux-image-5.15.0-1053-azure-fde  5.15.0-1053.61.1   linux-image-5.15.0-91-generic   5.15.0-91.101   linux-image-5.15.0-91-generic-64k  5.15.0-91.101   linux-image-5.15.0-91-generic-lpae  5.15.0-91.101   linux-image-aws-lts-22.04       5.15.0.1051.50   linux-image-azure-fde-lts-22.04  5.15.0.1053.61.31   linux-image-azure-lts-22.04     5.15.0.1053.49   linux-image-gcp-lts-22.04       5.15.0.1048.44   linux-image-generic             5.15.0.91.88   linux-image-generic-64k         5.15.0.91.88   linux-image-generic-lpae        5.15.0.91.88   linux-image-gke                 5.15.0.1048.47   linux-image-gke-5.15            5.15.0.1048.47   linux-image-ibm                 5.15.0.1044.40   linux-image-kvm                 5.15.0.1048.44   linux-image-nvidia              5.15.0.1042.42   linux-image-nvidia-lowlatency   5.15.0.1042.42   linux-image-oracle              5.15.0.1049.44   linux-image-oracle-lts-22.04    5.15.0.1049.44   linux-image-raspi               5.15.0.1044.42   linux-image-raspi-nolpae        5.15.0.1044.42   linux-image-virtual             5.15.0.91.88Ubuntu 20.04 LTS:   linux-image-5.15.0-1044-ibm     5.15.0-1044.47~20.04.1   linux-image-5.15.0-1049-oracle  5.15.0-1049.55~20.04.1   linux-image-5.15.0-1051-aws     5.15.0-1051.56~20.04.1   linux-image-5.15.0-1053-azure   5.15.0-1053.61~20.04.1   linux-image-5.15.0-1053-azure-fde  5.15.0-1053.61~20.04.1.1   linux-image-5.15.0-91-generic   5.15.0-91.101~20.04.1   linux-image-5.15.0-91-generic-64k  5.15.0-91.101~20.04.1   linux-image-5.15.0-91-generic-lpae  5.15.0-91.101~20.04.1   linux-image-aws                 5.15.0.1051.56~20.04.39   linux-image-azure               5.15.0.1053.61~20.04.42   linux-image-azure-cvm           5.15.0.1053.61~20.04.42   linux-image-azure-fde           5.15.0.1053.61~20.04.1.31   linux-image-generic-64k-hwe-20.04  5.15.0.91.101~20.04.48   linux-image-generic-hwe-20.04   5.15.0.91.101~20.04.48   linux-image-generic-lpae-hwe-20.04  5.15.0.91.101~20.04.48   linux-image-ibm                 5.15.0.1044.47~20.04.16   linux-image-oem-20.04           5.15.0.91.101~20.04.48   linux-image-oem-20.04b          5.15.0.91.101~20.04.48   linux-image-oem-20.04c          5.15.0.91.101~20.04.48   linux-image-oem-20.04d          5.15.0.91.101~20.04.48   linux-image-oracle              5.15.0.1049.55~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.91.101~20.04.48After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6549-1   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-91.101   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1051.56   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1053.61   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1053.61.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1048.56   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1048.53   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1044.47   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1048.53   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1042.42   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1049.55   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1044.47   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1051.56~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1053.61~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1053.61~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-91.101~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1044.47~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1049.55~20.04.1

Ubuntu Security Notice USN-6549-1

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6548-1December 11, 2023linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm,linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:It was discovered that Spectre-BHB mitigations were missing for Ampereprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2023-3006)It was discovered that the USB subsystem in the Linux kernel contained arace condition while handling device descriptors in certain situations,leading to a out-of-bounds read vulnerability. A local attacker couldpossibly use this to cause a denial of service (system crash).(CVE-2023-37453)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Sunjoo Park discovered that the netfilter subsystem in the Linux kernel didnot properly validate u32 packets content, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39192)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate SCTP data, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39193)Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem inthe Linux kernel did not properly handle state filters, leading to an out-of-bounds read vulnerability. A privileged local attacker could use this tocause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-39194)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1035-xilinx-zynqmp  5.4.0-1035.39   linux-image-5.4.0-1063-ibm      5.4.0-1063.68   linux-image-5.4.0-1076-bluefield  5.4.0-1076.82   linux-image-5.4.0-1104-kvm      5.4.0-1104.111   linux-image-5.4.0-1116-aws      5.4.0-1116.126   linux-image-5.4.0-1120-gcp      5.4.0-1120.129   linux-image-5.4.0-1121-azure    5.4.0-1121.128   linux-image-5.4.0-169-generic   5.4.0-169.187   linux-image-5.4.0-169-generic-lpae  5.4.0-169.187   linux-image-5.4.0-169-lowlatency  5.4.0-169.187   linux-image-aws-lts-20.04       5.4.0.1116.113   linux-image-azure-lts-20.04     5.4.0.1121.114   linux-image-bluefield           5.4.0.1076.71   linux-image-gcp-lts-20.04       5.4.0.1120.122   linux-image-generic             5.4.0.169.167   linux-image-generic-lpae        5.4.0.169.167   linux-image-ibm-lts-20.04       5.4.0.1063.92   linux-image-kvm                 5.4.0.1104.100   linux-image-lowlatency          5.4.0.169.167   linux-image-oem                 5.4.0.169.167   linux-image-oem-osp1            5.4.0.169.167   linux-image-virtual             5.4.0.169.167   linux-image-xilinx-zynqmp       5.4.0.1035.35Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1063-ibm      5.4.0-1063.68~18.04.1   linux-image-5.4.0-1116-aws      5.4.0-1116.126~18.04.1   linux-image-5.4.0-1120-gcp      5.4.0-1120.129~18.04.1   linux-image-5.4.0-1121-azure    5.4.0-1121.128~18.04.1   linux-image-5.4.0-169-generic   5.4.0-169.187~18.04.1   linux-image-5.4.0-169-lowlatency  5.4.0-169.187~18.04.1   linux-image-aws                 5.4.0.1116.94   linux-image-azure               5.4.0.1121.94   linux-image-gcp                 5.4.0.1120.96   linux-image-generic-hwe-18.04   5.4.0.169.187~18.04.137   linux-image-ibm                 5.4.0.1063.73   linux-image-lowlatency-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-oem                 5.4.0.169.187~18.04.137   linux-image-oem-osp1            5.4.0.169.187~18.04.137   linux-image-snapdragon-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-virtual-hwe-18.04   5.4.0.169.187~18.04.137After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6548-1   CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,   CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,   CVE-2023-5717, CVE-2023-6176Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-169.187   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1116.126   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1121.128   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1076.82   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1120.129   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1063.68   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1104.111   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1035.39

Ubuntu Security Notice USN-6548-1

Ubuntu Security Notice 6545-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

==========================================================================  
Ubuntu Security Notice USN-6545-1  
December 11, 2023

webkit2gtk vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:  
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript  
engines. If a user were tricked into viewing a malicious website, a remote  
attacker could exploit a variety of issues related to web browser security,  
including cross-site scripting attacks, denial of service attacks, and  
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libjavascriptcoregtk-4.0-18     2.42.3-0ubuntu0.23.10.1  
   libjavascriptcoregtk-4.1-0      2.42.3-0ubuntu0.23.10.1  
   libjavascriptcoregtk-6.0-1      2.42.3-0ubuntu0.23.10.1  
   libwebkit2gtk-4.0-37            2.42.3-0ubuntu0.23.10.1  
   libwebkit2gtk-4.1-0             2.42.3-0ubuntu0.23.10.1

Ubuntu 23.04:  
   libjavascriptcoregtk-4.0-18     2.42.3-0ubuntu0.23.04.1  
   libjavascriptcoregtk-4.1-0      2.42.3-0ubuntu0.23.04.1  
   libjavascriptcoregtk-6.0-1      2.42.3-0ubuntu0.23.04.1  
   libwebkit2gtk-4.0-37            2.42.3-0ubuntu0.23.04.1  
   libwebkit2gtk-4.1-0             2.42.3-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   libjavascriptcoregtk-4.0-18     2.42.3-0ubuntu0.22.04.1  
   libjavascriptcoregtk-4.1-0      2.42.3-0ubuntu0.22.04.1  
   libjavascriptcoregtk-6.0-1      2.42.3-0ubuntu0.22.04.1  
   libwebkit2gtk-4.0-37            2.42.3-0ubuntu0.22.04.1  
   libwebkit2gtk-4.1-0             2.42.3-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart any applications  
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6545-1  
   CVE-2023-42916, CVE-2023-42917

Package Information:  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.3-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.3-0ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.3-0ubuntu0.22.04.1

Tag

#dos