Ubuntu Security Updates Patched High-Severity Vulnerabilities
The recent Ubuntu security updates fixed multiple high-severity vulnerabilities in different Ubuntu operating systems, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 23.04. It also includes fixes for multiple low and medium-severity vulnerabilities, but we will focus on the high severity in this blog post.
New Ubuntu Security Updates
An attacker with Guest Operation Privileges in a target virtual machine could escalate their privileges if they were assigned a more privileged Guest Alias.
When sending a D-Bus message to the accounts-daemon process, an attacker can use a use-after-free vulnerability in accountsservice.
A buffer overflow vulnerability found in the “bitwriter_grow_” function within versions of FLAC prior to 1.4.0 permits remote attackers to execute arbitrary code by supplying malicious input to the encoder.
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
In ImageMagick versions 7.0.10-45 and 6.9.11-22, a memory leak issue exists that can be exploited by remote attackers to execute a denial-of-service attack using the “identify -help” command.
In the code responsible for handling control channel messages directed to the named service, specific functions are recursively invoked during the parsing of packets. The maximum packet size solely constrains the depth of recursion that the system can accept. In certain circumstances, this unrestrained recursion can deplete the available stack memory, leading to the unexpected termination of the named process.
An issue within the networking code responsible for managing DNS-over-TLS queries may result in the abrupt termination of the named service due to an assertion failure. This occurs when internal data structures are erroneously recycled under substantial DNS-over-TLS query loads. This particular problem impacts BIND 9 versions ranging from 9.18.0 to 9.18.18, including 9.18.11-S1 to 9.18.18-S1.
TuxCare’s Extended Lifecycle Support for Ubuntu
The term “end of life” for an operating system signifies that the vendor has ended official support. Consequently, no further updates, including bug fixes and security patches, are provided in the event of the discovery of new issues or vulnerabilities.
It is crucial to apply the latest Ubuntu security updates as soon as possible to avoid potential damage to the system.
Ubuntu 16.04 and Ubuntu 18.04 have already reached the end of life, so organizations must migrate to the supported OS versions or use extended lifecycle support to mitigate the potential vulnerabilities.
TuxCare provides a comprehensive Extended Lifecycle Support plan for Ubuntu 16.04, Ubuntu 18.04, and other Linux distributions that have reached its end of life status. It includes vendor-grade security patches for the Linux kernel, common-shared libraries like glibc, and openssh, as well as user-space packages.
TuxCare has also released patches for the above vulnerabilities affecting Ubuntu 16.04, Ubuntu 18.04, and other CentOS and Oracle Linux operating systems. For more details, you can refer to the CVE Dashboard page.
The source for this article can be found on Ubuntu Security Notices.