From quentin.casasnovas at oracle.com Thu Jun 1 23:37:36 2023 From: quentin.casasnovas at oracle.com (Oracle Ksplice) Date: Thu, 01 Jun 2023 23:37:36 +0000 Subject: [Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-6081-1) Message-ID: <5aab13c119198bc4613a4ac62977e92b.apache@ksplice.com> Synopsis: USN-6081-1 can now be patched using Ksplice CVEs: CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-6081-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 18.04 Bionic install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2023-32269: Use-after-free in Netrom Sockets. A race condition in netrom when calling accept on an already connected socket can lead to a use-after-free. A local user could use this flaw to cause a denial of service or elevate privileges on the system. * CVE-2023-1118: Use-after-free in ENE eHome Receiver/Tranceiver driver. A logic error in the ENE integrated infrared receiver/transceiver leads to a use-after-free. A local user can use this flaw to cause denial-of-service or escalate privileges. * CVE-2023-2162: Use-after-free during iSCSI login. A logic error in the iSCSI login path can result in a use-after-free error. This flaw could be exploited by a local attacker to cause a denial-of-service or to aid in another type of attack. * CVE-2023-0459: Information leak during userspace access. Improper handling of user-provided pointers can result in a kernel information leak. This flaw could be exploited by an attacker to leak sensitive information and to aid in other types of attacks. * CVE-2023-1513: Information leak in KVM ioctl. Incomplete initialization of structure returned to user during KVM's KVM_GET_DEBUGREGS ioctl can lead to information leak. This can allow a local user to access privileged data. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.