Overview

This week we cover the recent reports of a new local privilege escalation
exploit against the Linux kernel, follow-up on the xz-utils backdoor from last
week and it’s the beta release of Ubuntu 24.04 LTS - plus we talk security
vulnerabilities in the X Server, Django, util-linux and more.

This week in Ubuntu Security Updates

76 unique CVEs addressed

[LSN-0102-1] Linux kernel vulnerability (00:53 )

• 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS)
  
  
  
  • CVE-2024-1086
  
  
  • CVE-2024-0646
  
  
  • CVE-2023-51781
  
  
  • CVE-2023-6176
  
  
  • CVE-2023-4569
  
  
  • CVE-2023-1872
  
  
  
  


• All covered in previous episodes
  
  
  
  • netfilter UAF ([USN-6700-1] Linux kernel vulnerabilities from Episode 223)
  
  
  • OOB write in KTLS ([USN-6648-1] Linux kernel vulnerabilities from Episode 220)
  
  
  • UAF in AppleTalk network driver ([USN-6648-1] Linux kernel vulnerabilities from Episode 220)
  
  
  • NULL ptr deref in TLS impl ([LSN-0100-1] Linux kernel vulnerability from Episode 219)
  
  
  • Memory leak in netfilter ([USN-6383-1] Linux kernel vulnerabilities from Episode 210)
  
  
  
  

canonical-livepatch status

[USN-6710-2] Firefox regressions (01:54 )

• 2 CVEs addressed in Focal (20.04 LTS)
  
  
  
  • CVE-2024-29944
  
  
  • CVE-2024-29943
  
  
  
  


• 124.0.2
  
  
  
  • In particular fixes to allow firefox when installed directly from Mozilla to
    work under 24.04 LTS with the new AppArmor userns restrictions
  
  
  • As discussed in previous episodes, default profile allows to use userns but
    then to be blocked on getting additional capabilities - Firefox would
    previously try and do both a new userns and a new PID NS in one call - which
    would be blocked - now split this into two separate calls so the userns can
    succeed but pidns will be denied (since requires CAP_SYS_ADMIN) - but then
    firefox correctly detects this and falls back to the correct behaviour
  
  
  
  

[USN-6721-1] X.Org X Server vulnerabilities (04:11 )

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Mantic (23.10)
  
  
  
  • CVE-2024-31083
  
  
  • CVE-2024-31082
  
  
  • CVE-2024-31081
  
  
  • CVE-2024-31080
  
  
  
  


• Various OOB reads -> crash / info leaks when handling byte-swapped length
  values - able to be easily triggered by a client who is using a different
  endianness than the X server


• UAF in glyph handling -> crash / RCE

[USN-6721-2] X.Org X Server regression

• 4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM