High Severity Vulnerabilities Addressed in Ubuntu 18.04
The Ubuntu security team has released new updates for Ubuntu 16.04 and Ubuntu 18.04, patching several high severity vulnerabilities discovered in the Linux kernel. Since both operating systems have reached the end of life, the patches are only available for users having Ubuntu Pro subscriptions.
While the price of Ubuntu Pro is relatively expensive, you can opt for an affordable option, TuxCare’s Extended Lifecycle Support, which offers vendor-grade security patches for up to five years after the EOL period.
We will discuss more later, but first, let’s go through some of the critical security flaws that have been addressed in Ubuntu 16.04 and Ubuntu 18.04. We will also learn the potential risks of these issues and why it is essential to patch them to maintain the security and stability of the system.
High Severity Vulnerabilities Fixed
CVE-2023-42753 (Cvss 3 Severity Score: 7.8)
An out-of-bounds write vulnerability was discovered in the netfilter subsystem within the Linux kernel due to miscalculation of the h->nets
array offset. A local user may use this flaw to crash the system or even execute arbitrary code.
CVE-2023-4921 (Cvss 3 Severity Score: 7.8)
A use-after-free vulnerability was identified in the Quick Fair Queueing scheduler implementation within the Linux kernel due to its incorrect handling of network packets under certain conditions. A local user may use this flaw to crash the system or even execute arbitrary code.
CVE-2023-4881 (Cvss 3 Severity Score: 7.1)
An out-of-bounds write vulnerability was identified in the netfilter subsystem of the Linux kernel due to its improper register length validation. A local attacker may exploit this flaw to crash the system.
Note: It was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
CVE-2023-4622 (Cvss 3 Severity Score: 7.0)
A race condition was found in the Unix domain socket implementation of the Linux kernel, resulting in a use-after-free vulnerability. A local user may use this flaw to crash the system or even execute arbitrary code.
CVE-2023-34319 (Cvss 3 Severity Score: 7.8)
A buffer overflow vulnerability was found in the Xen netback backend driver within the Linux kernel due to improper handling of specific unusual packets from a paravirtualized network frontend. An attacker in a guest VM may use this flaw to crash the system or even execute arbitrary code.
CVE-2023-4623 (Cvss 3 Severity Score: 7.8)
A use-after-free vulnerability was identified in the qdisc implementation within the Linux kernel, where it failed to validate inner classes properly. A local user may use this flaw to crash the system or even execute arbitrary code.
Medium Severity Vulnerabilities with High Priority
CVE-2023-42752 (Cvss 3 Severity Score: 5.5)
An integer overflow vulnerability was found in the networking stack implementation of the Linux kernel, where the validation of skb (socket buffer) object size was incorrect under certain conditions. An attacker may use this flaw to crash the system or even execute arbitrary code.
CVE-2023-42755 (Cvss 3 Severity Score: 5.5)
An out-of-bounds write vulnerability was found in the IPv4 Resource Reservation Protocol (RSVP) classifier implementation within the Linux kernel. A local attacker may use this flaw to cause a denial of service (system crash). The kernel packet classifier support for RSVP has been removed to address this vulnerability.
Extended Lifecycle Support for Ubuntu
The official support for Ubuntu 16.04 ended two years ago, in April 2021. And Ubuntu 18.04 recently got its end of life status in June 2023. With no security updates, the EOL systems are at high risk due to potential vulnerabilities. Therefore, it is essential to upgrade to the long-term supported version or opt for extended lifecycle support.
TuxCare’s Extended Lifecycle Support provides the latest security updates for the Linux kernel, common-shared libraries like glibc, openssh, and openssl, and userspace packages. TuxCare continuously monitors critical kernel vulnerabilities and other security issues related to the end-of-life OS. Patches for high severity vulnerabilities are released as soon as they are completed and tested.
The sources for this article can be found on USN-6440-1.