ClickCease Ubuntu Security Updates Patched High-Severity Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Ubuntu Security Updates Patched High-Severity Vulnerabilities

Rohan Timalsina

October 6, 2023 - TuxCare expert team

The recent Ubuntu security updates fixed multiple high-severity vulnerabilities in different Ubuntu operating systems, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 23.04. It also includes fixes for multiple low and medium-severity vulnerabilities, but we will focus on the high severity in this blog post.

 

New Ubuntu Security Updates

CVE-2023-20900

An attacker with Guest Operation Privileges in a target virtual machine could escalate their privileges if they were assigned a more privileged Guest Alias.

 

CVE-2023-3297

When sending a D-Bus message to the accounts-daemon process, an attacker can use a use-after-free vulnerability in accountsservice.

 

CVE-2020-22219

A buffer overflow vulnerability found in the “bitwriter_grow_” function within versions of FLAC prior to 1.4.0 permits remote attackers to execute arbitrary code by supplying malicious input to the encoder.

 

CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

 

CVE-2022-48541

In ImageMagick versions 7.0.10-45 and 6.9.11-22, a memory leak issue exists that can be exploited by remote attackers to execute a denial-of-service attack using the “identify -help” command.

 

CVE-2023-3341

In the code responsible for handling control channel messages directed to the named service, specific functions are recursively invoked during the parsing of packets. The maximum packet size solely constrains the depth of recursion that the system can accept. In certain circumstances, this unrestrained recursion can deplete the available stack memory, leading to the unexpected termination of the named process.

 

CVE-2023-4236

An issue within the networking code responsible for managing DNS-over-TLS queries may result in the abrupt termination of the named service due to an assertion failure. This occurs when internal data structures are erroneously recycled under substantial DNS-over-TLS query loads. This particular problem impacts BIND 9 versions ranging from 9.18.0 to 9.18.18, including 9.18.11-S1 to 9.18.18-S1.

 

TuxCare’s Extended Lifecycle Support for Ubuntu

The term “end of life” for an operating system signifies that the vendor has ended official support. Consequently, no further updates, including bug fixes and security patches, are provided in the event of the discovery of new issues or vulnerabilities.

It is crucial to apply the latest Ubuntu security updates as soon as possible to avoid potential damage to the system.

Ubuntu 16.04 and Ubuntu 18.04 have already reached the end of life, so organizations must migrate to the supported OS versions or use extended lifecycle support to mitigate the potential vulnerabilities.

TuxCare provides a comprehensive Extended Lifecycle Support plan for Ubuntu 16.04, Ubuntu 18.04, and other Linux distributions that have reached its end of life status. It includes vendor-grade security patches for the Linux kernel, common-shared libraries like glibc, and openssh, as well as user-space packages.

TuxCare has also released patches for the above vulnerabilities affecting Ubuntu 16.04, Ubuntu 18.04, and other CentOS and Oracle Linux operating systems. For more details, you can refer to the CVE Dashboard page.

 

The source for this article can be found on Ubuntu Security Notices.

Summary
Ubuntu Security Updates Patched High-Severity Vulnerabilities
Article Name
Ubuntu Security Updates Patched High-Severity Vulnerabilities
Description
The recent Ubuntu security updates fixed multiple high-severity vulnerabilities in different Ubuntu operating systems.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter