Canonical USN OVAL Generator 1 5.11.1 2024-05-04T05:24:42 Copyright (C) 2024 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/. Ubuntu 18.04 LTS USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715) It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283) Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301) Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303) Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312) Update Instructions: Run `sudo pro fix USN-3627-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.1 apache2-utils - 2.4.29-1ubuntu4.1 apache2-dev - 2.4.29-1ubuntu4.1 apache2-suexec-pristine - 2.4.29-1ubuntu4.1 apache2-suexec-custom - 2.4.29-1ubuntu4.1 apache2 - 2.4.29-1ubuntu4.1 apache2-doc - 2.4.29-1ubuntu4.1 apache2-ssl-dev - 2.4.29-1ubuntu4.1 apache2-bin - 2.4.29-1ubuntu4.1 No subscription required Medium CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 Ubuntu 18.04 LTS USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Update Instructions: Run `sudo pro fix USN-3629-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.22-0ubuntu18.04.1 mysql-source-5.7 - 5.7.22-0ubuntu18.04.1 libmysqlclient-dev - 5.7.22-0ubuntu18.04.1 mysql-client-core-5.7 - 5.7.22-0ubuntu18.04.1 mysql-client-5.7 - 5.7.22-0ubuntu18.04.1 libmysqlclient20 - 5.7.22-0ubuntu18.04.1 mysql-server-5.7 - 5.7.22-0ubuntu18.04.1 mysql-server - 5.7.22-0ubuntu18.04.1 mysql-server-core-5.7 - 5.7.22-0ubuntu18.04.1 mysql-testsuite - 5.7.22-0ubuntu18.04.1 libmysqld-dev - 5.7.22-0ubuntu18.04.1 mysql-testsuite-5.7 - 5.7.22-0ubuntu18.04.1 No subscription required Medium CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2839 CVE-2018-2846 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. (CVE-2016-10317) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10194) Update Instructions: Run `sudo pro fix USN-3636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.22~dfsg+1-0ubuntu1.1 ghostscript-x - 9.22~dfsg+1-0ubuntu1.1 libgs-dev - 9.22~dfsg+1-0ubuntu1.1 ghostscript-doc - 9.22~dfsg+1-0ubuntu1.1 libgs9 - 9.22~dfsg+1-0ubuntu1.1 libgs9-common - 9.22~dfsg+1-0ubuntu1.1 No subscription required Medium CVE-2016-10317 CVE-2018-10194 Ubuntu 18.04 LTS Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. (CVE-2018-10536, CVE-2018-10537) Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10538, CVE-2018-10539, CVE-2018-10540) Update Instructions: Run `sudo pro fix USN-3637-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 5.1.0-2ubuntu1.1 libwavpack-dev - 5.1.0-2ubuntu1.1 wavpack - 5.1.0-2ubuntu1.1 No subscription required Medium CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 Ubuntu 18.04 LTS It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-10528) It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information. (CVE-2018-10529) Update Instructions: Run `sudo pro fix USN-3639-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.18.8-1ubuntu0.1 libraw-bin - 0.18.8-1ubuntu0.1 libraw16 - 0.18.8-1ubuntu0.1 libraw-dev - 0.18.8-1ubuntu0.1 No subscription required Medium CVE-2018-10528 CVE-2018-10529 Ubuntu 18.04 LTS Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.20.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.20.2-0ubuntu0.18.04.1 webkit2gtk-driver - 2.20.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.20.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.20.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.20.2-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.20.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.20.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-4200 Ubuntu 18.04 LTS Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Update Instructions: Run `sudo pro fix USN-3642-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librte-pmd-thunderx-nicvf17.11 - 17.11.2-1ubuntu0.1 dpdk-igb-uio-dkms - 17.11.2-1ubuntu0.1 librte-pmd-softnic17.11 - 17.11.2-1ubuntu0.1 librte-timer17.11 - 17.11.2-1ubuntu0.1 librte-pmd-af-packet17.11 - 17.11.2-1ubuntu0.1 librte-pmd-sw-event17.11 - 17.11.2-1ubuntu0.1 librte-pmd-fm10k17.11 - 17.11.2-1ubuntu0.1 librte-pmd-bond17.11 - 17.11.2-1ubuntu0.1 librte-pmd-vmxnet3-uio17.11 - 17.11.2-1ubuntu0.1 librte-flow-classify17.11 - 17.11.2-1ubuntu0.1 librte-ring17.11 - 17.11.2-1ubuntu0.1 librte-pmd-sfc-efx17.11 - 17.11.2-1ubuntu0.1 librte-bus-pci17.11 - 17.11.2-1ubuntu0.1 dpdk-doc - 17.11.2-1ubuntu0.1 librte-distributor17.11 - 17.11.2-1ubuntu0.1 librte-pmd-vhost17.11 - 17.11.2-1ubuntu0.1 librte-pmd-null-crypto17.11 - 17.11.2-1ubuntu0.1 librte-net17.11 - 17.11.2-1ubuntu0.1 librte-ip-frag17.11 - 17.11.2-1ubuntu0.1 librte-lpm17.11 - 17.11.2-1ubuntu0.1 librte-vhost17.11 - 17.11.2-1ubuntu0.1 dpdk-dev - 17.11.2-1ubuntu0.1 librte-mbuf17.11 - 17.11.2-1ubuntu0.1 librte-pmd-e1000-17.11 - 17.11.2-1ubuntu0.1 librte-pmd-nfp17.11 - 17.11.2-1ubuntu0.1 librte-mempool-octeontx17.11 - 17.11.2-1ubuntu0.1 librte-latencystats17.11 - 17.11.2-1ubuntu0.1 librte-pmd-avp17.11 - 17.11.2-1ubuntu0.1 dpdk-rte-kni-dkms - 17.11.2-1ubuntu0.1 librte-gro17.11 - 17.11.2-1ubuntu0.1 librte-pmd-crypto-scheduler17.11 - 17.11.2-1ubuntu0.1 librte-pmd-ixgbe17.11 - 17.11.2-1ubuntu0.1 librte-cryptodev17.11 - 17.11.2-1ubuntu0.1 librte-cmdline17.11 - 17.11.2-1ubuntu0.1 librte-kni17.11 - 17.11.2-1ubuntu0.1 librte-bus-vdev17.11 - 17.11.2-1ubuntu0.1 librte-pdump17.11 - 17.11.2-1ubuntu0.1 librte-pmd-skeleton-event17.11 - 17.11.2-1ubuntu0.1 librte-table17.11 - 17.11.2-1ubuntu0.1 librte-gso17.11 - 17.11.2-1ubuntu0.1 librte-pmd-i40e17.11 - 17.11.2-1ubuntu0.1 librte-eventdev17.11 - 17.11.2-1ubuntu0.1 librte-kvargs17.11 - 17.11.2-1ubuntu0.1 librte-mempool-stack17.11 - 17.11.2-1ubuntu0.1 librte-metrics17.11 - 17.11.2-1ubuntu0.1 librte-jobstats17.11 - 17.11.2-1ubuntu0.1 librte-eal17.11 - 17.11.2-1ubuntu0.1 librte-pmd-octeontx17.11 - 17.11.2-1ubuntu0.1 librte-sched17.11 - 17.11.2-1ubuntu0.1 librte-pmd-enic17.11 - 17.11.2-1ubuntu0.1 librte-pmd-pcap17.11 - 17.11.2-1ubuntu0.1 librte-pci17.11 - 17.11.2-1ubuntu0.1 librte-pmd-octeontx-ssovf17.11 - 17.11.2-1ubuntu0.1 librte-bitratestats17.11 - 17.11.2-1ubuntu0.1 librte-security17.11 - 17.11.2-1ubuntu0.1 librte-pmd-null17.11 - 17.11.2-1ubuntu0.1 librte-hash17.11 - 17.11.2-1ubuntu0.1 librte-member17.11 - 17.11.2-1ubuntu0.1 librte-pmd-tap17.11 - 17.11.2-1ubuntu0.1 librte-pmd-ark17.11 - 17.11.2-1ubuntu0.1 librte-pmd-bnxt17.11 - 17.11.2-1ubuntu0.1 librte-meter17.11 - 17.11.2-1ubuntu0.1 librte-pmd-virtio17.11 - 17.11.2-1ubuntu0.1 librte-power17.11 - 17.11.2-1ubuntu0.1 librte-port17.11 - 17.11.2-1ubuntu0.1 librte-mempool17.11 - 17.11.2-1ubuntu0.1 librte-cfgfile17.11 - 17.11.2-1ubuntu0.1 librte-efd17.11 - 17.11.2-1ubuntu0.1 librte-pmd-cxgbe17.11 - 17.11.2-1ubuntu0.1 dpdk - 17.11.2-1ubuntu0.1 librte-pipeline17.11 - 17.11.2-1ubuntu0.1 librte-pmd-qede17.11 - 17.11.2-1ubuntu0.1 librte-pmd-lio17.11 - 17.11.2-1ubuntu0.1 librte-pmd-failsafe17.11 - 17.11.2-1ubuntu0.1 librte-reorder17.11 - 17.11.2-1ubuntu0.1 librte-pmd-kni17.11 - 17.11.2-1ubuntu0.1 librte-pmd-ena17.11 - 17.11.2-1ubuntu0.1 librte-mempool-ring17.11 - 17.11.2-1ubuntu0.1 librte-ethdev17.11 - 17.11.2-1ubuntu0.1 librte-pmd-ring17.11 - 17.11.2-1ubuntu0.1 librte-acl17.11 - 17.11.2-1ubuntu0.1 libdpdk-dev - 17.11.2-1ubuntu0.1 No subscription required Low CVE-2018-1059 Ubuntu 18.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values. Update Instructions: Run `sudo pro fix USN-3643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.19.4-1ubuntu2.1 wget-udeb - 1.19.4-1ubuntu2.1 No subscription required Medium CVE-2018-0494 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0+build2-0ubuntu1 firefox-locale-nn - 60.0+build2-0ubuntu1 firefox-locale-ne - 60.0+build2-0ubuntu1 firefox-locale-nb - 60.0+build2-0ubuntu1 firefox-locale-fa - 60.0+build2-0ubuntu1 firefox-locale-fi - 60.0+build2-0ubuntu1 firefox-locale-fr - 60.0+build2-0ubuntu1 firefox-locale-fy - 60.0+build2-0ubuntu1 firefox-locale-or - 60.0+build2-0ubuntu1 firefox-locale-kab - 60.0+build2-0ubuntu1 firefox-testsuite - 60.0+build2-0ubuntu1 firefox-locale-oc - 60.0+build2-0ubuntu1 firefox-locale-cs - 60.0+build2-0ubuntu1 firefox-locale-ga - 60.0+build2-0ubuntu1 firefox-locale-gd - 60.0+build2-0ubuntu1 firefox-locale-gn - 60.0+build2-0ubuntu1 firefox-locale-gl - 60.0+build2-0ubuntu1 firefox-locale-gu - 60.0+build2-0ubuntu1 firefox-locale-pa - 60.0+build2-0ubuntu1 firefox-locale-pl - 60.0+build2-0ubuntu1 firefox-locale-cy - 60.0+build2-0ubuntu1 firefox-locale-pt - 60.0+build2-0ubuntu1 firefox-locale-hi - 60.0+build2-0ubuntu1 firefox-locale-uk - 60.0+build2-0ubuntu1 firefox-locale-he - 60.0+build2-0ubuntu1 firefox-locale-hy - 60.0+build2-0ubuntu1 firefox-locale-hr - 60.0+build2-0ubuntu1 firefox-locale-hu - 60.0+build2-0ubuntu1 firefox-locale-as - 60.0+build2-0ubuntu1 firefox-locale-ar - 60.0+build2-0ubuntu1 firefox-locale-ia - 60.0+build2-0ubuntu1 firefox-locale-az - 60.0+build2-0ubuntu1 firefox-locale-id - 60.0+build2-0ubuntu1 firefox-locale-mai - 60.0+build2-0ubuntu1 firefox-locale-af - 60.0+build2-0ubuntu1 firefox-locale-is - 60.0+build2-0ubuntu1 firefox-locale-it - 60.0+build2-0ubuntu1 firefox-locale-an - 60.0+build2-0ubuntu1 firefox-locale-bs - 60.0+build2-0ubuntu1 firefox - 60.0+build2-0ubuntu1 firefox-locale-ro - 60.0+build2-0ubuntu1 firefox-locale-ja - 60.0+build2-0ubuntu1 firefox-locale-ru - 60.0+build2-0ubuntu1 firefox-locale-br - 60.0+build2-0ubuntu1 firefox-locale-zh-hant - 60.0+build2-0ubuntu1 firefox-locale-zh-hans - 60.0+build2-0ubuntu1 firefox-locale-bn - 60.0+build2-0ubuntu1 firefox-locale-be - 60.0+build2-0ubuntu1 firefox-locale-bg - 60.0+build2-0ubuntu1 firefox-locale-sl - 60.0+build2-0ubuntu1 firefox-locale-sk - 60.0+build2-0ubuntu1 firefox-locale-si - 60.0+build2-0ubuntu1 firefox-locale-sw - 60.0+build2-0ubuntu1 firefox-locale-sv - 60.0+build2-0ubuntu1 firefox-locale-sr - 60.0+build2-0ubuntu1 firefox-locale-sq - 60.0+build2-0ubuntu1 firefox-locale-ko - 60.0+build2-0ubuntu1 firefox-locale-kn - 60.0+build2-0ubuntu1 firefox-locale-km - 60.0+build2-0ubuntu1 firefox-locale-kk - 60.0+build2-0ubuntu1 firefox-locale-ka - 60.0+build2-0ubuntu1 firefox-locale-xh - 60.0+build2-0ubuntu1 firefox-locale-ca - 60.0+build2-0ubuntu1 firefox-locale-ku - 60.0+build2-0ubuntu1 firefox-mozsymbols - 60.0+build2-0ubuntu1 firefox-locale-lv - 60.0+build2-0ubuntu1 firefox-locale-lt - 60.0+build2-0ubuntu1 firefox-locale-th - 60.0+build2-0ubuntu1 firefox-locale-hsb - 60.0+build2-0ubuntu1 firefox-dev - 60.0+build2-0ubuntu1 firefox-locale-te - 60.0+build2-0ubuntu1 firefox-locale-cak - 60.0+build2-0ubuntu1 firefox-locale-ta - 60.0+build2-0ubuntu1 firefox-locale-lg - 60.0+build2-0ubuntu1 firefox-locale-tr - 60.0+build2-0ubuntu1 firefox-locale-nso - 60.0+build2-0ubuntu1 firefox-locale-de - 60.0+build2-0ubuntu1 firefox-locale-da - 60.0+build2-0ubuntu1 firefox-locale-ms - 60.0+build2-0ubuntu1 firefox-locale-mr - 60.0+build2-0ubuntu1 firefox-locale-my - 60.0+build2-0ubuntu1 firefox-globalmenu - 60.0+build2-0ubuntu1 firefox-locale-uz - 60.0+build2-0ubuntu1 firefox-locale-ml - 60.0+build2-0ubuntu1 firefox-locale-mn - 60.0+build2-0ubuntu1 firefox-locale-mk - 60.0+build2-0ubuntu1 firefox-locale-ur - 60.0+build2-0ubuntu1 firefox-locale-vi - 60.0+build2-0ubuntu1 firefox-locale-eu - 60.0+build2-0ubuntu1 firefox-locale-et - 60.0+build2-0ubuntu1 firefox-locale-es - 60.0+build2-0ubuntu1 firefox-locale-csb - 60.0+build2-0ubuntu1 firefox-locale-el - 60.0+build2-0ubuntu1 firefox-locale-eo - 60.0+build2-0ubuntu1 firefox-locale-en - 60.0+build2-0ubuntu1 firefox-locale-zu - 60.0+build2-0ubuntu1 firefox-locale-ast - 60.0+build2-0ubuntu1 No subscription required Medium CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 Ubuntu 18.04 LTS USN-3645-1 fixed vulnerabilities in Firefox. The update caused an issue where users experienced long UI pauses in some circumsances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, install lightweight themes without user interaction, spoof the filename in the downloads panel, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168, CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information, or bypass security restrictions. (CVE-2018-5152, CVE-2018-5166) It was discovered that the web console and JavaScript debugger incorrectly linkified chrome: and javascript URLs. If a user were tricked in to clicking a specially crafted link, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5167) It was discovered that dragging and dropping link text on to the home button could set the home page to include chrome pages. If a user were tricked in to dragging and dropping a specially crafted link on to the home button, an attacker could potentially exploit this bypass security restrictions. (CVE-2018-5169) It was discovered that the Live Bookmarks page and PDF viewer would run script pasted from the clipboard. If a user were tricked in to copying and pasting specially crafted text, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5172) It was discovered that the JSON viewer incorrectly linkified javascript: URLs. If a user were tricked in to clicking on a specially crafted link, an attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5176) It was discovered that dragging a file: URL on to a tab that is running in a different process would cause the file to open in that process. If a user were tricked in to dragging a file: URL, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5181) It was discovered that dragging text that is a file: URL on to the addressbar would open the specified file. If a user were tricked in to dragging specially crafted text on to the addressbar, an attacker could potentially exploit this to bypass intended security policies. (CVE-2018-5182) Update Instructions: Run `sudo pro fix USN-3645-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 60.0.1+build2-0ubuntu0.18.04.1 firefox-testsuite - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 60.0.1+build2-0ubuntu0.18.04.1 firefox - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 60.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 60.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 60.0.1+build2-0ubuntu0.18.04.1 firefox-globalmenu - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 60.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 60.0.1+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1772115 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. (CVE-2018-10545) It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2018-10546) It was discovered that the PHP PHAR error pages incorrectly filtered certain data. A remote attacker could possibly use this issue to perform a reflected XSS attack. (CVE-2018-10547) It was discovered that PHP incorrectly handled LDAP. A malicious remote LDAP server could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-10548) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549) Update Instructions: Run `sudo pro fix USN-3646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.5-0ubuntu0.18.04.1 php7.2-enchant - 7.2.5-0ubuntu0.18.04.1 php7.2-ldap - 7.2.5-0ubuntu0.18.04.1 php7.2-fpm - 7.2.5-0ubuntu0.18.04.1 php7.2-recode - 7.2.5-0ubuntu0.18.04.1 php7.2-cli - 7.2.5-0ubuntu0.18.04.1 php7.2-json - 7.2.5-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.5-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.5-0ubuntu0.18.04.1 php7.2 - 7.2.5-0ubuntu0.18.04.1 php7.2-pspell - 7.2.5-0ubuntu0.18.04.1 php7.2-dev - 7.2.5-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.5-0ubuntu0.18.04.1 php7.2-gmp - 7.2.5-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.5-0ubuntu0.18.04.1 php7.2-opcache - 7.2.5-0ubuntu0.18.04.1 php7.2-gd - 7.2.5-0ubuntu0.18.04.1 php7.2-soap - 7.2.5-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.5-0ubuntu0.18.04.1 php7.2-intl - 7.2.5-0ubuntu0.18.04.1 php7.2-odbc - 7.2.5-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.5-0ubuntu0.18.04.1 php7.2-tidy - 7.2.5-0ubuntu0.18.04.1 php7.2-imap - 7.2.5-0ubuntu0.18.04.1 php7.2-readline - 7.2.5-0ubuntu0.18.04.1 php7.2-mysql - 7.2.5-0ubuntu0.18.04.1 php7.2-dba - 7.2.5-0ubuntu0.18.04.1 php7.2-xml - 7.2.5-0ubuntu0.18.04.1 php7.2-interbase - 7.2.5-0ubuntu0.18.04.1 php7.2-xsl - 7.2.5-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.5-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.5-0ubuntu0.18.04.1 php7.2-sybase - 7.2.5-0ubuntu0.18.04.1 php7.2-curl - 7.2.5-0ubuntu0.18.04.1 php7.2-common - 7.2.5-0ubuntu0.18.04.1 php7.2-cgi - 7.2.5-0ubuntu0.18.04.1 php7.2-snmp - 7.2.5-0ubuntu0.18.04.1 php7.2-zip - 7.2.5-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2017-18267) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768) Update Instructions: Run `sudo pro fix USN-3647-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.1 libpoppler-cpp-dev - 0.62.0-2ubuntu2.1 libpoppler-glib-doc - 0.62.0-2ubuntu2.1 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.1 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.1 libpoppler-glib8 - 0.62.0-2ubuntu2.1 libpoppler-private-dev - 0.62.0-2ubuntu2.1 libpoppler-glib-dev - 0.62.0-2ubuntu2.1 libpoppler-dev - 0.62.0-2ubuntu2.1 libpoppler-qt5-dev - 0.62.0-2ubuntu2.1 libpoppler-qt5-1 - 0.62.0-2ubuntu2.1 poppler-utils - 0.62.0-2ubuntu2.1 No subscription required Medium CVE-2017-18267 CVE-2018-10768 Ubuntu 18.04 LTS Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300) Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301) Update Instructions: Run `sudo pro fix USN-3648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.1 libcurl4-openssl-dev - 7.58.0-2ubuntu3.1 libcurl3-gnutls - 7.58.0-2ubuntu3.1 libcurl4-doc - 7.58.0-2ubuntu3.1 libcurl3-nss - 7.58.0-2ubuntu3.1 libcurl4-nss-dev - 7.58.0-2ubuntu3.1 libcurl4 - 7.58.0-2ubuntu3.1 curl - 7.58.0-2ubuntu3.1 No subscription required Medium CVE-2018-1000300 CVE-2018-1000301 Ubuntu 18.04 LTS Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845) Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2018-7550) Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858) Update Instructions: Run `sudo pro fix USN-3649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.1 qemu-user-static - 1:2.11+dfsg-1ubuntu7.1 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.1 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.1 qemu-kvm - 1:2.11+dfsg-1ubuntu7.1 qemu-user - 1:2.11+dfsg-1ubuntu7.1 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.1 qemu-system - 1:2.11+dfsg-1ubuntu7.1 qemu-utils - 1:2.11+dfsg-1ubuntu7.1 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.1 qemu - 1:2.11+dfsg-1ubuntu7.1 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.1 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.1 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.1 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.1 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.1 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.1 No subscription required Medium CVE-2017-16845 CVE-2018-7550 CVE-2018-7858 Ubuntu 18.04 LTS It was discovered that xdg-utils incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.2-1ubuntu2.2 No subscription required Medium CVE-2017-18266 Ubuntu 18.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3651-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.2 qemu-user-static - 1:2.11+dfsg-1ubuntu7.2 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.2 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.2 qemu-kvm - 1:2.11+dfsg-1ubuntu7.2 qemu-user - 1:2.11+dfsg-1ubuntu7.2 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.2 qemu-system - 1:2.11+dfsg-1ubuntu7.2 qemu-utils - 1:2.11+dfsg-1ubuntu7.2 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.2 qemu - 1:2.11+dfsg-1ubuntu7.2 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.2 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.2 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.2 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.2 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.2 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.2 No subscription required Medium CVE-2018-3639 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 18.04 LTS Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-3652-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1006-oem - 4.15.0-1006.9 No subscription required linux-image-4.15.0-1008-gcp - 4.15.0-1008.8 No subscription required linux-image-4.15.0-1009-aws - 4.15.0-1009.9 No subscription required linux-image-4.15.0-1010-kvm - 4.15.0-1010.10 No subscription required linux-image-unsigned-4.15.0-1012-azure - 4.15.0-1012.12 No subscription required linux-image-4.15.0-22-snapdragon - 4.15.0-22.24 linux-image-unsigned-4.15.0-22-lowlatency - 4.15.0-22.24 linux-image-4.15.0-22-generic - 4.15.0-22.24 linux-image-4.15.0-22-generic-lpae - 4.15.0-22.24 linux-image-unsigned-4.15.0-22-generic - 4.15.0-22.24 linux-image-4.15.0-22-lowlatency - 4.15.0-22.24 No subscription required Medium CVE-2018-3639 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 18.04 LTS It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126) Update Instructions: Run `sudo pro fix USN-3658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprocps-dev - 2:3.3.12-3ubuntu1.1 procps - 2:3.3.12-3ubuntu1.1 libprocps6 - 2:3.3.12-3ubuntu1.1 No subscription required Medium CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Ubuntu 18.04 LTS Frediano Ziglio discovered that Spice incorrectly handled certain client messages. An attacker could possibly use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.14.0-1ubuntu2.1 libspice-server-dev - 0.14.0-1ubuntu2.1 No subscription required Medium CVE-2017-12194 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or execute arbitrary code. (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178) An issue was discovered when processing message headers in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application hang. (CVE-2018-5161) It was discovered encrypted messages could leak plaintext via the src attribute of remote images or links. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5162) It was discovered that the filename of an attachment could be spoofed. An attacker could potentially exploit this by tricking the user in to opening an attachment of a different type to the one expected. (CVE-2018-5170) Multiple security issues were discovered in Skia. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2018-5183) It was discovered that S/MIME encrypted messages with remote content could leak plaintext via a chosen-ciphertext attack. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5184) It was discovered that plaintext of decrypted emails could leak by submitting an embedded form. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-5185) Update Instructions: Run `sudo pro fix USN-3660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:52.8.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:52.8.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-testsuite - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:52.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:52.8.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 Ubuntu 18.04 LTS It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3663-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.1 haproxy-doc - 1.8.8-1ubuntu0.1 vim-haproxy - 1.8.8-1ubuntu0.1 No subscription required Medium CVE-2018-11469 Ubuntu 18.04 LTS Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers. Update Instructions: Run `sudo pro fix USN-3664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.1 python3-problem-report - 2.20.9-0ubuntu7.1 apport-kde - 2.20.9-0ubuntu7.1 apport-retrace - 2.20.9-0ubuntu7.1 apport-valgrind - 2.20.9-0ubuntu7.1 python3-apport - 2.20.9-0ubuntu7.1 dh-apport - 2.20.9-0ubuntu7.1 apport-gtk - 2.20.9-0ubuntu7.1 apport - 2.20.9-0ubuntu7.1 python-problem-report - 2.20.9-0ubuntu7.1 apport-noui - 2.20.9-0ubuntu7.1 No subscription required High CVE-2018-6552 Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. (CVE-2017-15706) It was discovered that Tomcat incorrectly handled en empty string URL pattern in security constraint definitions. A remote attacker could possibly use this issue to gain access to web application resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304) It was discovered that Tomcat incorrectly handled applying certain security constraints. A remote attacker could possibly access certain resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305) It was discovered that the Tomcat CORS filter default settings were insecure and would enable 'supportsCredentials' for all origins, contrary to expectations. (CVE-2018-8014) Update Instructions: Run `sudo pro fix USN-3665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.5.30-1ubuntu1.2 tomcat8-user - 8.5.30-1ubuntu1.2 libservlet3.1-java - 8.5.30-1ubuntu1.2 libservlet3.1-java-doc - 8.5.30-1ubuntu1.2 tomcat8-examples - 8.5.30-1ubuntu1.2 libtomcat8-embed-java - 8.5.30-1ubuntu1.2 tomcat8-admin - 8.5.30-1ubuntu1.2 libtomcat8-java - 8.5.30-1ubuntu1.2 tomcat8-common - 8.5.30-1ubuntu1.2 tomcat8 - 8.5.30-1ubuntu1.2 No subscription required Medium CVE-2017-12616 CVE-2017-12617 CVE-2017-15706 CVE-2018-1304 CVE-2018-1305 CVE-2018-8014 Ubuntu 18.04 LTS It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11410) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11440) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-11577) Update Instructions: Run `sudo pro fix USN-3669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 3.5.0-1ubuntu0.1 liblouis14 - 3.5.0-1ubuntu0.1 python-louis - 3.5.0-1ubuntu0.1 liblouis-dev - 3.5.0-1ubuntu0.1 python3-louis - 3.5.0-1ubuntu0.1 liblouis-data - 3.5.0-1ubuntu0.1 No subscription required Medium CVE-2018-11410 CVE-2018-11440 CVE-2018-11577 Ubuntu 18.04 LTS Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git's pathname consistency checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233) Update Instructions: Run `sudo pro fix USN-3671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.1 gitweb - 1:2.17.1-1ubuntu0.1 git-gui - 1:2.17.1-1ubuntu0.1 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.1 git-el - 1:2.17.1-1ubuntu0.1 gitk - 1:2.17.1-1ubuntu0.1 git-all - 1:2.17.1-1ubuntu0.1 git-mediawiki - 1:2.17.1-1ubuntu0.1 git-daemon-run - 1:2.17.1-1ubuntu0.1 git-man - 1:2.17.1-1ubuntu0.1 git-doc - 1:2.17.1-1ubuntu0.1 git-svn - 1:2.17.1-1ubuntu0.1 git-cvs - 1:2.17.1-1ubuntu0.1 git-email - 1:2.17.1-1ubuntu0.1 No subscription required High CVE-2018-11233 CVE-2018-11235 Ubuntu 18.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11683, CVE-2018-11684, CVE-2018-11685) Update Instructions: Run `sudo pro fix USN-3672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 3.5.0-1ubuntu0.2 liblouis14 - 3.5.0-1ubuntu0.2 python-louis - 3.5.0-1ubuntu0.2 liblouis-dev - 3.5.0-1ubuntu0.2 python3-louis - 3.5.0-1ubuntu0.2 liblouis-data - 3.5.0-1ubuntu0.2 No subscription required Medium CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 Ubuntu 18.04 LTS Ralph Dolmans and Karst Koymans discovered that Unbound did not properly handle certain NSEC records. An attacker could use this to to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick Unbound into accepting a NODATA proof. Update Instructions: Run `sudo pro fix USN-3673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.6.7-1ubuntu2.1 unbound - 1.6.7-1ubuntu2.1 python3-unbound - 1.6.7-1ubuntu2.1 python-unbound - 1.6.7-1ubuntu2.1 unbound-anchor - 1.6.7-1ubuntu2.1 unbound-host - 1.6.7-1ubuntu2.1 libunbound-dev - 1.6.7-1ubuntu2.1 No subscription required Low CVE-2017-15105 Ubuntu 18.04 LTS Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline primary Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234) Update Instructions: Run `sudo pro fix USN-3675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.4-1ubuntu1.1 gpgv-static - 2.2.4-1ubuntu1.1 gpgv-win32 - 2.2.4-1ubuntu1.1 scdaemon - 2.2.4-1ubuntu1.1 gpgsm - 2.2.4-1ubuntu1.1 gpgv - 2.2.4-1ubuntu1.1 gpg - 2.2.4-1ubuntu1.1 gnupg-agent - 2.2.4-1ubuntu1.1 gnupg2 - 2.2.4-1ubuntu1.1 gpgconf - 2.2.4-1ubuntu1.1 gpgv-udeb - 2.2.4-1ubuntu1.1 gpg-wks-client - 2.2.4-1ubuntu1.1 gpg-wks-server - 2.2.4-1ubuntu1.1 gpg-agent - 2.2.4-1ubuntu1.1 gnupg - 2.2.4-1ubuntu1.1 gnupg-utils - 2.2.4-1ubuntu1.1 gnupg-l10n - 2.2.4-1ubuntu1.1 gpgv2 - 2.2.4-1ubuntu1.1 No subscription required Medium CVE-2018-12020 CVE-2018-9234 Ubuntu 18.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3678-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1009-gcp - 4.15.0-1009.9 No subscription required linux-image-4.15.0-1010-aws - 4.15.0-1010.10 No subscription required linux-image-4.15.0-1011-kvm - 4.15.0-1011.11 No subscription required linux-image-4.15.0-23-generic-lpae - 4.15.0-23.25 linux-image-4.15.0-23-lowlatency - 4.15.0-23.25 linux-image-4.15.0-23-generic - 4.15.0-23.25 linux-image-unsigned-4.15.0-23-generic - 4.15.0-23.25 linux-image-4.15.0-23-snapdragon - 4.15.0-23.25 linux-image-unsigned-4.15.0-23-lowlatency - 4.15.0-23.25 No subscription required Medium CVE-2018-10021 CVE-2018-1092 CVE-2018-8087 Ubuntu 18.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3678-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1013-azure - 4.15.0-1013.13 No subscription required Medium CVE-2018-10021 CVE-2018-1092 CVE-2018-8087 Ubuntu 18.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update Instructions: Run `sudo pro fix USN-3678-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1012-raspi2 - 4.15.0-1012.13 No subscription required Medium CVE-2018-10021 CVE-2018-1092 CVE-2018-8087 Ubuntu 18.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by AMD microcode updates to guests on amd64 and i386. Update Instructions: Run `sudo pro fix USN-3679-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.3 qemu-user-static - 1:2.11+dfsg-1ubuntu7.3 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.3 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.3 qemu-kvm - 1:2.11+dfsg-1ubuntu7.3 qemu-user - 1:2.11+dfsg-1ubuntu7.3 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.3 qemu-system - 1:2.11+dfsg-1ubuntu7.3 qemu-utils - 1:2.11+dfsg-1ubuntu7.3 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.3 qemu - 1:2.11+dfsg-1ubuntu7.3 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.3 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.3 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.3 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.3 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.3 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.3 No subscription required Medium CVE-2018-3639 Ubuntu 18.04 LTS Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. (CVE-2018-3639) Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-1064) Update Instructions: Run `sudo pro fix USN-3680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.2 libvirt-dev - 4.0.0-1ubuntu8.2 libnss-libvirt - 4.0.0-1ubuntu8.2 libvirt-sanlock - 4.0.0-1ubuntu8.2 libvirt-daemon - 4.0.0-1ubuntu8.2 libvirt-wireshark - 4.0.0-1ubuntu8.2 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.2 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.2 libvirt-doc - 4.0.0-1ubuntu8.2 libvirt-daemon-system - 4.0.0-1ubuntu8.2 libvirt-clients - 4.0.0-1ubuntu8.2 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.2 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.2 libvirt-bin - 4.0.0-1ubuntu8.2 No subscription required Medium CVE-2018-1064 CVE-2018-3639 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.2 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.2 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.2 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.2 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.2 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.2 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.2 No subscription required Medium CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10995 CVE-2017-11352 CVE-2017-11533 CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12140 CVE-2017-12418 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 CVE-2017-12587 CVE-2017-12640 CVE-2017-12643 CVE-2017-12644 CVE-2017-12670 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 CVE-2017-12877 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13134 CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 CVE-2017-13145 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14400 CVE-2017-14505 CVE-2017-14531 CVE-2017-14532 CVE-2017-14533 CVE-2017-14607 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626 CVE-2017-14682 CVE-2017-14684 CVE-2017-14739 CVE-2017-14741 CVE-2017-14989 CVE-2017-15015 CVE-2017-15016 CVE-2017-15017 CVE-2017-15032 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-16546 CVE-2017-17499 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17886 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11625 CVE-2018-11655 CVE-2018-11656 CVE-2018-5246 CVE-2018-5247 CVE-2018-5248 CVE-2018-5357 CVE-2018-5358 CVE-2018-6405 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 Ubuntu 18.04 LTS A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 60.0.2+build1-0ubuntu0.18.04.1 firefox-testsuite - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 60.0.2+build1-0ubuntu0.18.04.1 firefox - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 60.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 60.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 60.0.2+build1-0ubuntu0.18.04.1 firefox-globalmenu - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 60.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 60.0.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-6126 Ubuntu 18.04 LTS Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3683-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.1 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.1 libisc169 - 1:9.11.3+dfsg-1ubuntu1.1 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.1 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.1 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.1 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.1 bind9 - 1:9.11.3+dfsg-1ubuntu1.1 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.1 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.1 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.1 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.1 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.1 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.1 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.1 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.1 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.1 bind9-host - 1:9.11.3+dfsg-1ubuntu1.1 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.1 dnsutils - 1:9.11.3+dfsg-1ubuntu1.1 bind9utils - 1:9.11.3+dfsg-1ubuntu1.1 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.1 libirs160 - 1:9.11.3+dfsg-1ubuntu1.1 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.1 No subscription required Medium CVE-2018-5738 Ubuntu 18.04 LTS It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-3684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.26.1-6ubuntu0.1 perl-modules-5.26 - 5.26.1-6ubuntu0.1 perl-doc - 5.26.1-6ubuntu0.1 perl - 5.26.1-6ubuntu0.1 perl-base - 5.26.1-6ubuntu0.1 libperl5.26 - 5.26.1-6ubuntu0.1 perl-debug - 5.26.1-6ubuntu0.1 No subscription required Medium CVE-2018-12015 Ubuntu 18.04 LTS Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360) Update Instructions: Run `sudo pro fix USN-3686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.32-2ubuntu0.1 libmagic-mgc - 1:5.32-2ubuntu0.1 libmagic1 - 1:5.32-2ubuntu0.1 file - 1:5.32-2ubuntu0.1 No subscription required Medium CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 CVE-2015-8865 CVE-2018-10360 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3687-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.20.3-0ubuntu0.18.04.1 webkit2gtk-driver - 2.20.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.20.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.20.3-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.20.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12293 CVE-2018-4190 CVE-2018-4199 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 Ubuntu 18.04 LTS Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmozjs-52-dev - 52.8.1-0ubuntu0.18.04.1 libmozjs-52-0 - 52.8.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2017-7810 CVE-2017-7826 CVE-2018-5089 CVE-2018-5125 CVE-2018-5150 Ubuntu 18.04 LTS Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Update Instructions: Run `sudo pro fix USN-3689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.8.1-4ubuntu1.1 No subscription required libgcrypt-mingw-w64-dev - 1.8.1-4ubuntu1.1 libgcrypt20-udeb - 1.8.1-4ubuntu1.1 libgcrypt20 - 1.8.1-4ubuntu1.1 libgcrypt20-doc - 1.8.1-4ubuntu1.1 libgcrypt20-dev - 1.8.1-4ubuntu1.1 No subscription required Low CVE-2018-0495 Ubuntu 18.04 LTS Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates. Update Instructions: Run `sudo pro fix USN-3690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20180524.1~ubuntu0.18.04.1 No subscription required High CVE-2017-5715 Ubuntu 18.04 LTS Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737) Update Instructions: Run `sudo pro fix USN-3692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.1 libssl1.0-dev - 1.0.2n-1ubuntu5.1 openssl1.0 - 1.0.2n-1ubuntu5.1 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.1 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.1 No subscription required libcrypto1.1-udeb - 1.1.0g-2ubuntu4.1 libssl-dev - 1.1.0g-2ubuntu4.1 openssl - 1.1.0g-2ubuntu4.1 libssl-doc - 1.1.0g-2ubuntu4.1 libssl1.1-udeb - 1.1.0g-2ubuntu4.1 libssl1.1 - 1.1.0g-2ubuntu4.1 No subscription required Low CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 Ubuntu 18.04 LTS Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Update Instructions: Run `sudo pro fix USN-3695-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1009-oem - 4.15.0-1009.12 No subscription required linux-image-4.15.0-1010-gcp - 4.15.0-1010.10 No subscription required linux-image-4.15.0-1011-aws - 4.15.0-1011.11 No subscription required linux-image-4.15.0-1012-kvm - 4.15.0-1012.12 No subscription required linux-image-4.15.0-1013-raspi2 - 4.15.0-1013.14 No subscription required linux-image-unsigned-4.15.0-1014-azure - 4.15.0-1014.14 No subscription required linux-image-4.15.0-24-snapdragon - 4.15.0-24.26 linux-image-unsigned-4.15.0-24-generic - 4.15.0-24.26 linux-image-unsigned-4.15.0-24-lowlatency - 4.15.0-24.26 linux-image-4.15.0-24-generic-lpae - 4.15.0-24.26 linux-image-4.15.0-24-lowlatency - 4.15.0-24.26 linux-image-4.15.0-24-generic - 4.15.0-24.26 No subscription required Medium CVE-2018-1094 CVE-2018-10940 CVE-2018-1095 CVE-2018-11508 CVE-2018-7755 Ubuntu 18.04 LTS It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zziplib-bin - 0.13.62-3.1ubuntu0.18.04.1 libzzip-dev - 0.13.62-3.1ubuntu0.18.04.1 libzzip-0-13 - 0.13.62-3.1ubuntu0.18.04.1 No subscription required Medium CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10958, CVE-2018-10998) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. (CVE-2018-10999) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-11531) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to access sensitive information. (CVE-2018-12264, CVE-2018-12265) Update Instructions: Run `sudo pro fix USN-3700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.1 libexiv2-14 - 0.25-3.1ubuntu0.18.04.1 libexiv2-doc - 0.25-3.1ubuntu0.18.04.1 libexiv2-dev - 0.25-3.1ubuntu0.18.04.1 No subscription required Medium CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265 Ubuntu 18.04 LTS It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.62.1-1ubuntu0.1 libsoup-gnome2.4-dev - 2.62.1-1ubuntu0.1 gir1.2-soup-2.4 - 2.62.1-1ubuntu0.1 libsoup2.4-1 - 2.62.1-1ubuntu0.1 libsoup2.4-dev - 2.62.1-1ubuntu0.1 libsoup2.4-doc - 2.62.1-1ubuntu0.1 No subscription required Medium CVE-2018-12910 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3702-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.7-0ubuntu0.18.04.1 php7.2-enchant - 7.2.7-0ubuntu0.18.04.1 php7.2-ldap - 7.2.7-0ubuntu0.18.04.1 php7.2-fpm - 7.2.7-0ubuntu0.18.04.1 php7.2-recode - 7.2.7-0ubuntu0.18.04.1 php7.2-cli - 7.2.7-0ubuntu0.18.04.1 php7.2-json - 7.2.7-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.7-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.7-0ubuntu0.18.04.1 php7.2 - 7.2.7-0ubuntu0.18.04.1 php7.2-pspell - 7.2.7-0ubuntu0.18.04.1 php7.2-dev - 7.2.7-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.7-0ubuntu0.18.04.1 php7.2-gmp - 7.2.7-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.7-0ubuntu0.18.04.1 php7.2-opcache - 7.2.7-0ubuntu0.18.04.1 php7.2-gd - 7.2.7-0ubuntu0.18.04.1 php7.2-soap - 7.2.7-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.7-0ubuntu0.18.04.1 php7.2-intl - 7.2.7-0ubuntu0.18.04.1 php7.2-odbc - 7.2.7-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.7-0ubuntu0.18.04.1 php7.2-tidy - 7.2.7-0ubuntu0.18.04.1 php7.2-imap - 7.2.7-0ubuntu0.18.04.1 php7.2-readline - 7.2.7-0ubuntu0.18.04.1 php7.2-mysql - 7.2.7-0ubuntu0.18.04.1 php7.2-dba - 7.2.7-0ubuntu0.18.04.1 php7.2-xml - 7.2.7-0ubuntu0.18.04.1 php7.2-interbase - 7.2.7-0ubuntu0.18.04.1 php7.2-xsl - 7.2.7-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.7-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.7-0ubuntu0.18.04.1 php7.2-sybase - 7.2.7-0ubuntu0.18.04.1 php7.2-curl - 7.2.7-0ubuntu0.18.04.1 php7.2-common - 7.2.7-0ubuntu0.18.04.1 php7.2-cgi - 7.2.7-0ubuntu0.18.04.1 php7.2-snmp - 7.2.7-0ubuntu0.18.04.1 php7.2-zip - 7.2.7-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12882 Ubuntu 18.04 LTS USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3702-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.7-0ubuntu0.18.04.2 php7.2-enchant - 7.2.7-0ubuntu0.18.04.2 php7.2-ldap - 7.2.7-0ubuntu0.18.04.2 php7.2-fpm - 7.2.7-0ubuntu0.18.04.2 php7.2-recode - 7.2.7-0ubuntu0.18.04.2 php7.2-cli - 7.2.7-0ubuntu0.18.04.2 php7.2-json - 7.2.7-0ubuntu0.18.04.2 php7.2-bcmath - 7.2.7-0ubuntu0.18.04.2 php7.2-phpdbg - 7.2.7-0ubuntu0.18.04.2 php7.2 - 7.2.7-0ubuntu0.18.04.2 php7.2-pspell - 7.2.7-0ubuntu0.18.04.2 php7.2-dev - 7.2.7-0ubuntu0.18.04.2 php7.2-sqlite3 - 7.2.7-0ubuntu0.18.04.2 php7.2-gmp - 7.2.7-0ubuntu0.18.04.2 php7.2-mbstring - 7.2.7-0ubuntu0.18.04.2 php7.2-opcache - 7.2.7-0ubuntu0.18.04.2 php7.2-gd - 7.2.7-0ubuntu0.18.04.2 php7.2-soap - 7.2.7-0ubuntu0.18.04.2 libphp7.2-embed - 7.2.7-0ubuntu0.18.04.2 php7.2-intl - 7.2.7-0ubuntu0.18.04.2 php7.2-odbc - 7.2.7-0ubuntu0.18.04.2 libapache2-mod-php7.2 - 7.2.7-0ubuntu0.18.04.2 php7.2-tidy - 7.2.7-0ubuntu0.18.04.2 php7.2-imap - 7.2.7-0ubuntu0.18.04.2 php7.2-readline - 7.2.7-0ubuntu0.18.04.2 php7.2-mysql - 7.2.7-0ubuntu0.18.04.2 php7.2-dba - 7.2.7-0ubuntu0.18.04.2 php7.2-xml - 7.2.7-0ubuntu0.18.04.2 php7.2-interbase - 7.2.7-0ubuntu0.18.04.2 php7.2-xsl - 7.2.7-0ubuntu0.18.04.2 php7.2-xmlrpc - 7.2.7-0ubuntu0.18.04.2 php7.2-pgsql - 7.2.7-0ubuntu0.18.04.2 php7.2-sybase - 7.2.7-0ubuntu0.18.04.2 php7.2-curl - 7.2.7-0ubuntu0.18.04.2 php7.2-common - 7.2.7-0ubuntu0.18.04.2 php7.2-cgi - 7.2.7-0ubuntu0.18.04.2 php7.2-snmp - 7.2.7-0ubuntu0.18.04.2 php7.2-zip - 7.2.7-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-12882 Ubuntu 18.04 LTS It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3703-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-zip-perl - 1.60-1ubuntu0.1 No subscription required Medium CVE-2018-10860 Ubuntu 18.04 LTS It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: devscripts - 2.17.12ubuntu1.1 No subscription required Medium CVE-2018-13043 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 61.0+build3-0ubuntu0.18.04.1 firefox-testsuite - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 61.0+build3-0ubuntu0.18.04.1 firefox - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 61.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 61.0+build3-0ubuntu0.18.04.1 firefox-dev - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 61.0+build3-0ubuntu0.18.04.1 firefox-globalmenu - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 61.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 61.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-5156 CVE-2018-5186 CVE-2018-5187 CVE-2018-5188 CVE-2018-12358 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12369 CVE-2018-12370 CVE-2018-12371 Ubuntu 18.04 LTS USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. (CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12370, CVE-2018-12371) A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. (CVE-2018-12369) Update Instructions: Run `sudo pro fix USN-3705-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 61.0.1+build1-0ubuntu0.18.04.1 firefox-testsuite - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 61.0.1+build1-0ubuntu0.18.04.1 firefox - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 61.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 61.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 61.0.1+build1-0ubuntu0.18.04.1 firefox-globalmenu - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 61.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 61.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1781009 Ubuntu 18.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3706-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libturbojpeg0-dev - 1.5.2-0ubuntu5.18.04.1 libjpeg-turbo8-dev - 1.5.2-0ubuntu5.18.04.1 libjpeg-turbo-progs - 1.5.2-0ubuntu5.18.04.1 libturbojpeg - 1.5.2-0ubuntu5.18.04.1 libjpeg-turbo8 - 1.5.2-0ubuntu5.18.04.1 libjpeg-turbo-test - 1.5.2-0ubuntu5.18.04.1 No subscription required Medium CVE-2014-9092 CVE-2016-3616 CVE-2017-15232 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-1152 Ubuntu 18.04 LTS Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184) Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7185) Update Instructions: Run `sudo pro fix USN-3707-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p10+dfsg-5ubuntu7.1 sntp - 1:4.2.8p10+dfsg-5ubuntu7.1 ntp-doc - 1:4.2.8p10+dfsg-5ubuntu7.1 ntpdate - 1:4.2.8p10+dfsg-5ubuntu7.1 No subscription required Medium CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 Ubuntu 18.04 LTS It was discovered that Xapian-core incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xapian-doc - 1.4.5-1ubuntu0.1 libxapian-dev - 1.4.5-1ubuntu0.1 xapian-examples - 1.4.5-1ubuntu0.1 libxapian30 - 1.4.5-1ubuntu0.1 xapian-tools - 1.4.5-1ubuntu0.1 No subscription required Medium CVE-2018-0499 Ubuntu 18.04 LTS Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3710-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.2 libcurl4-openssl-dev - 7.58.0-2ubuntu3.2 libcurl3-gnutls - 7.58.0-2ubuntu3.2 libcurl4-doc - 7.58.0-2ubuntu3.2 libcurl3-nss - 7.58.0-2ubuntu3.2 libcurl4-nss-dev - 7.58.0-2ubuntu3.2 libcurl4 - 7.58.0-2ubuntu3.2 curl - 7.58.0-2ubuntu3.2 No subscription required Medium CVE-2018-0500 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-3711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.3 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.3 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.3 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.3 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.3 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.3 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.3 No subscription required Medium CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 Ubuntu 18.04 LTS Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087) Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-13785) Update Instructions: Run `sudo pro fix USN-3712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-tools - 1.6.34-1ubuntu0.18.04.1 libpng16-16-udeb - 1.6.34-1ubuntu0.18.04.1 libpng16-16 - 1.6.34-1ubuntu0.18.04.1 libpng-dev - 1.6.34-1ubuntu0.18.04.1 No subscription required Medium CVE-2016-10087 CVE-2018-13785 Ubuntu 18.04 LTS It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update Instructions: Run `sudo pro fix USN-3713-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.1 libcups2-dev - 2.2.7-1ubuntu2.1 cups-bsd - 2.2.7-1ubuntu2.1 cups-common - 2.2.7-1ubuntu2.1 cups-core-drivers - 2.2.7-1ubuntu2.1 cups-server-common - 2.2.7-1ubuntu2.1 libcupsimage2 - 2.2.7-1ubuntu2.1 cups-client - 2.2.7-1ubuntu2.1 libcupsmime1 - 2.2.7-1ubuntu2.1 cups-ipp-utils - 2.2.7-1ubuntu2.1 libcups2 - 2.2.7-1ubuntu2.1 cups-ppdc - 2.2.7-1ubuntu2.1 libcupsppdc1 - 2.2.7-1ubuntu2.1 cups - 2.2.7-1ubuntu2.1 libcupsimage2-dev - 2.2.7-1ubuntu2.1 cups-daemon - 2.2.7-1ubuntu2.1 No subscription required Medium CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366) It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12372) It was discovered that S/MIME plaintext can be leaked through HTML reply/forward. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12373) It was discovered that forms can be used to exfiltrate encrypted mail parts by pressing enter in a form field. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12374) Update Instructions: Run `sudo pro fix USN-3714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-br - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-be - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-si - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:52.9.1+build3-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-de - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-en - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-da - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:52.9.1+build3-0ubuntu0.18.04.1 xul-ext-lightning - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-he - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-testsuite - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-af - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-dev - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-el - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-it - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-id - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-et - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-is - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-es - 1:52.9.1+build3-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:52.9.1+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188 Ubuntu 18.04 LTS Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116) Update Instructions: Run `sudo pro fix USN-3717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-20ubuntu0.18.04.1 policykit-1-doc - 0.105-20ubuntu0.18.04.1 libpolkit-gobject-1-dev - 0.105-20ubuntu0.18.04.1 libpolkit-agent-1-0 - 0.105-20ubuntu0.18.04.1 libpolkit-gobject-1-0 - 0.105-20ubuntu0.18.04.1 policykit-1 - 0.105-20ubuntu0.18.04.1 gir1.2-polkit-1.0 - 0.105-20ubuntu0.18.04.1 libpolkit-backend-1-dev - 0.105-20ubuntu0.18.04.1 libpolkit-agent-1-dev - 0.105-20ubuntu0.18.04.1 No subscription required Medium CVE-2015-3218 CVE-2015-3255 CVE-2015-4625 CVE-2018-1116 Ubuntu 18.04 LTS USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1094) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly validate xattr sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1095) Jann Horn discovered that the 32 bit adjtimex() syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-11508) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Update Instructions: Run `sudo pro fix USN-3718-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1012-oem - 4.15.0-1012.15 No subscription required linux-image-4.15.0-1014-gcp - 4.15.0-1014.14 No subscription required linux-image-4.15.0-1016-aws - 4.15.0-1016.16 linux-image-4.15.0-1016-kvm - 4.15.0-1016.16 No subscription required linux-image-unsigned-4.15.0-1018-azure - 4.15.0-1018.18 No subscription required linux-image-4.15.0-29-snapdragon - 4.15.0-29.31 linux-image-unsigned-4.15.0-29-generic - 4.15.0-29.31 linux-image-4.15.0-29-generic - 4.15.0-29.31 linux-image-4.15.0-29-lowlatency - 4.15.0-29.31 linux-image-unsigned-4.15.0-29-lowlatency - 4.15.0-29.31 linux-image-4.15.0-29-generic-lpae - 4.15.0-29.31 No subscription required None https://launchpad.net/bugs/1779827 https://usn.ubuntu.com/usn/usn-3695-1 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. (CVE-2018-14350, CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358, CVE-2018-14353 ,CVE-2018-14357) It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. (CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362, CVE-2018-14349) Update Instructions: Run `sudo pro fix USN-3719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.1 No subscription required Medium CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14362 Ubuntu 18.04 LTS It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information. Update Instructions: Run `sudo pro fix USN-3720-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-cryptography - 2.1.4-1ubuntu1.2 python-cryptography - 2.1.4-1ubuntu1.2 python-cryptography-doc - 2.1.4-1ubuntu1.2 No subscription required Medium CVE-2018-10903 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-base - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav - 0.100.1+dfsg-1ubuntu0.18.04.1 libclamav7 - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-daemon - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-milter - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-docs - 0.100.1+dfsg-1ubuntu0.18.04.1 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.18.04.1 clamdscan - 0.100.1+dfsg-1ubuntu0.18.04.1 No subscription required Medium CVE-2018-0360 CVE-2018-0361 Ubuntu 18.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-base - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav - 0.100.1+dfsg-1ubuntu0.18.04.2 libclamav7 - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-daemon - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-milter - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-docs - 0.100.1+dfsg-1ubuntu0.18.04.2 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.18.04.2 clamdscan - 0.100.1+dfsg-1ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1783632 Ubuntu 18.04 LTS USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360) It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361) Update Instructions: Run `sudo pro fix USN-3722-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-testfiles - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-base - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav - 0.100.1+dfsg-1ubuntu0.18.04.3 libclamav7 - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-daemon - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-milter - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-docs - 0.100.1+dfsg-1ubuntu0.18.04.3 clamav-freshclam - 0.100.1+dfsg-1ubuntu0.18.04.3 clamdscan - 0.100.1+dfsg-1ubuntu0.18.04.3 No subscription required None https://launchpad.net/bugs/1792051 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Update Instructions: Run `sudo pro fix USN-3725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.23-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.23-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.23-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.23-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.23-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.23-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.23-0ubuntu0.18.04.1 mysql-server - 5.7.23-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.23-0ubuntu0.18.04.1 mysql-testsuite - 5.7.23-0ubuntu0.18.04.1 libmysqld-dev - 5.7.23-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.23-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-2767 CVE-2018-3054 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3063 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Ubuntu 18.04 LTS Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks. Update Instructions: Run `sudo pro fix USN-3726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.1 python-django-doc - 1:1.11.11-1ubuntu1.1 python-django-common - 1:1.11.11-1ubuntu1.1 python-django - 1:1.11.11-1ubuntu1.1 No subscription required Medium CVE-2018-14574 Ubuntu 18.04 LTS Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682) Update Instructions: Run `sudo pro fix USN-3728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.6-3ubuntu0.1 libmspack-dev - 0.6-3ubuntu0.1 libmspack-doc - 0.6-3ubuntu0.1 No subscription required Medium CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 Ubuntu 18.04 LTS Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic utility. A local attacker could possibly use this issue to open arbitrary files. Update Instructions: Run `sudo pro fix USN-3730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxc-dev - 3.0.1-0ubuntu1~18.04.2 liblxc1 - 3.0.1-0ubuntu1~18.04.2 liblxc-dev - 3.0.1-0ubuntu1~18.04.2 lxc-utils - 3.0.1-0ubuntu1~18.04.2 lxc1 - 3.0.1-0ubuntu1~18.04.2 lxc - 3.0.1-0ubuntu1~18.04.2 libpam-cgfs - 3.0.1-0ubuntu1~18.04.2 liblxc-common - 3.0.1-0ubuntu1~18.04.2 No subscription required Medium CVE-2018-6556 Ubuntu 18.04 LTS It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lftp - 4.8.1-1ubuntu0.1 No subscription required Medium CVE-2018-10916 Ubuntu 18.04 LTS Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3732-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1013-oem - 4.15.0-1013.16 No subscription required linux-image-4.15.0-1015-gcp - 4.15.0-1015.15 No subscription required linux-image-4.15.0-1017-kvm - 4.15.0-1017.17 linux-image-4.15.0-1017-aws - 4.15.0-1017.17 No subscription required linux-image-4.15.0-1018-raspi2 - 4.15.0-1018.19 No subscription required linux-image-unsigned-4.15.0-1019-azure - 4.15.0-1019.19 No subscription required linux-image-4.15.0-30-generic-lpae - 4.15.0-30.32 linux-image-4.15.0-30-lowlatency - 4.15.0-30.32 linux-image-4.15.0-30-generic - 4.15.0-30.32 linux-image-unsigned-4.15.0-30-generic - 4.15.0-30.32 linux-image-4.15.0-30-snapdragon - 4.15.0-30.32 linux-image-unsigned-4.15.0-30-lowlatency - 4.15.0-30.32 No subscription required High CVE-2018-5390 Ubuntu 18.04 LTS It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10209, CVE-2016-10349, CVE-2016-10350) Agostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14166) It was discovered that libarchive incorrectly handled certain files. A remote attacker could possibly use this issue to get access to sensitive information. (CVE-2017-14501, CVE-2017-14503) Update Instructions: Run `sudo pro fix USN-3736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.2.2-3.1ubuntu0.1 libarchive-tools - 3.2.2-3.1ubuntu0.1 libarchive13 - 3.2.2-3.1ubuntu0.1 bsdtar - 3.2.2-3.1ubuntu0.1 libarchive-dev - 3.2.2-3.1ubuntu0.1 No subscription required Medium CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14503 Ubuntu 18.04 LTS A use-after-free was discovered in GDM. A local user could exploit this to cause a denial of service, or potentially execute arbitrary code as the administrator. Update Instructions: Run `sudo pro fix USN-3737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-gdm-1.0 - 3.28.2-0ubuntu1.4 libgdm-dev - 3.28.2-0ubuntu1.4 gdm3 - 3.28.2-0ubuntu1.4 libgdm1 - 3.28.2-0ubuntu1.4 No subscription required Medium CVE-2018-14424 Ubuntu 18.04 LTS Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139) Update Instructions: Run `sudo pro fix USN-3738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 No subscription required Medium CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 Ubuntu 18.04 LTS Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2016-9318) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932) It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-18258, CVE-2018-14404, CVE-2018-14567) Update Instructions: Run `sudo pro fix USN-3739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.2 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.2 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.2 libxml2-udeb - 2.9.4+dfsg1-6.1ubuntu1.2 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.2 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.2 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.2 No subscription required Medium CVE-2016-9318 CVE-2017-16932 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 Ubuntu 18.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update Instructions: Run `sudo pro fix USN-3740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1015-oem - 4.15.0-1015.18 No subscription required linux-image-4.15.0-1017-gcp - 4.15.0-1017.18 No subscription required linux-image-4.15.0-1019-aws - 4.15.0-1019.19 linux-image-4.15.0-1019-kvm - 4.15.0-1019.19 No subscription required linux-image-4.15.0-1020-raspi2 - 4.15.0-1020.22 No subscription required linux-image-unsigned-4.15.0-1021-azure - 4.15.0-1021.21 No subscription required linux-image-4.15.0-32-generic-lpae - 4.15.0-32.35 linux-image-4.15.0-32-lowlatency - 4.15.0-32.35 linux-image-unsigned-4.15.0-32-lowlatency - 4.15.0-32.35 linux-image-4.15.0-32-generic - 4.15.0-32.35 linux-image-unsigned-4.15.0-32-generic - 4.15.0-32.35 linux-image-4.15.0-32-snapdragon - 4.15.0-32.35 No subscription required High CVE-2018-3620 CVE-2018-3646 CVE-2018-5391 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3743-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.20.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.20.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.20.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.20.5-0ubuntu0.18.04.1 webkit2gtk-driver - 2.20.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.20.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.20.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.20.5-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.20.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.20.5-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12911 CVE-2018-4246 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 Ubuntu 18.04 LTS Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915) It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925) Update Instructions: Run `sudo pro fix USN-3744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.5-0ubuntu0.18.04 postgresql-pltcl-10 - 10.5-0ubuntu0.18.04 libecpg6 - 10.5-0ubuntu0.18.04 libpq-dev - 10.5-0ubuntu0.18.04 libpgtypes3 - 10.5-0ubuntu0.18.04 postgresql-10 - 10.5-0ubuntu0.18.04 postgresql-plperl-10 - 10.5-0ubuntu0.18.04 libecpg-dev - 10.5-0ubuntu0.18.04 postgresql-plpython3-10 - 10.5-0ubuntu0.18.04 libpq5 - 10.5-0ubuntu0.18.04 postgresql-plpython-10 - 10.5-0ubuntu0.18.04 postgresql-doc-10 - 10.5-0ubuntu0.18.04 postgresql-client-10 - 10.5-0ubuntu0.18.04 libecpg-compat3 - 10.5-0ubuntu0.18.04 No subscription required Medium CVE-2018-10915 CVE-2018-10925 Ubuntu 18.04 LTS It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access sensitive information. Update Instructions: Run `sudo pro fix USN-3745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.1 wpagui - 2:2.6-15ubuntu2.1 wpasupplicant-udeb - 2:2.6-15ubuntu2.1 wpasupplicant - 2:2.6-15ubuntu2.1 No subscription required Medium CVE-2018-14526 Ubuntu 18.04 LTS It was discovered that APT incorrectly handled the mirror method (mirror://). If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries. Update Instructions: Run `sudo pro fix USN-3746-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.6.3ubuntu0.1 apt-transport-https - 1.6.3ubuntu0.1 libapt-pkg5.0 - 1.6.3ubuntu0.1 libapt-pkg-doc - 1.6.3ubuntu0.1 apt - 1.6.3ubuntu0.1 apt-utils - 1.6.3ubuntu0.1 libapt-inst2.0 - 1.6.3ubuntu0.1 libapt-pkg-dev - 1.6.3ubuntu0.1 No subscription required High CVE-2018-0501 Ubuntu 18.04 LTS It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972) Update Instructions: Run `sudo pro fix USN-3747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-jre-zero - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-doc - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-jdk-headless - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.1 openjdk-11-demo - 10.0.2+13-1ubuntu0.18.04.1 No subscription required Medium CVE-2018-2825 CVE-2018-2826 CVE-2018-2952 CVE-2018-2972 Ubuntu 18.04 LTS USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826) It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952) Daniel Bleichenbacher discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2018-2972) Update Instructions: Run `sudo pro fix USN-3747-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-jre-zero - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-doc - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-jdk-headless - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.2 openjdk-11-demo - 10.0.2+13-1ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1788250 Ubuntu 18.04 LTS Sander Bos discovered that the MOTD update script incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. Update Instructions: Run `sudo pro fix USN-3748-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lsb-release-udeb - 10.1ubuntu2.2 base-files - 10.1ubuntu2.2 No subscription required Low CVE-2018-6557 Ubuntu 18.04 LTS Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3749-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmozjs-52-dev - 52.9.1-0ubuntu0.18.04.1 libmozjs-52-0 - 52.9.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-5188 Ubuntu 18.04 LTS Jeffrey M. discovered that Pango incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3750-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpango-1.0-0 - 1.40.14-1ubuntu0.1 libpango1.0-dev - 1.40.14-1ubuntu0.1 libpango1.0-doc - 1.40.14-1ubuntu0.1 libpangoxft-1.0-0 - 1.40.14-1ubuntu0.1 gir1.2-pango-1.0 - 1.40.14-1ubuntu0.1 libpangocairo-1.0-0 - 1.40.14-1ubuntu0.1 libpango1.0-udeb - 1.40.14-1ubuntu0.1 libpangoft2-1.0-0 - 1.40.14-1ubuntu0.1 pango1.0-tests - 1.40.14-1ubuntu0.1 libpango1.0-0 - 1.40.14-1ubuntu0.1 No subscription required Medium CVE-2018-15120 Ubuntu 18.04 LTS It was discovered that Spice incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.14.0-1ubuntu2.2 libspice-server-dev - 0.14.0-1ubuntu2.2 No subscription required Medium CVE-2018-10873 Ubuntu 18.04 LTS It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11412) Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11506) Shankara Pailoor discovered that a race condition existed in the socket handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-12232) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly perform permission checks in some situations when nested virtualization is used. An attacker in a guest VM could possibly use this to escape into an outer VM or the host OS. (CVE-2018-12904) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that a race condition existed in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver in the Linux kernel that could result in a double free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9415) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) Update Instructions: Run `sudo pro fix USN-3752-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1018-gcp - 4.15.0-1018.19 No subscription required linux-image-4.15.0-1020-kvm - 4.15.0-1020.20 linux-image-4.15.0-1020-aws - 4.15.0-1020.20 No subscription required linux-image-4.15.0-1021-raspi2 - 4.15.0-1021.23 No subscription required linux-image-4.15.0-33-generic - 4.15.0-33.36 linux-image-unsigned-4.15.0-33-lowlatency - 4.15.0-33.36 linux-image-4.15.0-33-lowlatency - 4.15.0-33.36 linux-image-4.15.0-33-generic-lpae - 4.15.0-33.36 linux-image-4.15.0-33-snapdragon - 4.15.0-33.36 linux-image-unsigned-4.15.0-33-generic - 4.15.0-33.36 No subscription required Medium CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10323 CVE-2018-10840 CVE-2018-10881 CVE-2018-1093 CVE-2018-1108 CVE-2018-1120 CVE-2018-11412 CVE-2018-11506 CVE-2018-12232 CVE-2018-12233 CVE-2018-12904 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 CVE-2018-5814 CVE-2018-9415 Ubuntu 18.04 LTS It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel's implementation of random seed data reported that it was in a ready state before it had gathered sufficient entropy. An attacker could use this to expose sensitive information. (CVE-2018-1108) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11412) Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-11506) Shankara Pailoor discovered that a race condition existed in the socket handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-12232) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Felix Wilhelm discovered that the KVM implementation in the Linux kernel did not properly perform permission checks in some situations when nested virtualization is used. An attacker in a guest VM could possibly use this to escape into an outer VM or the host OS. (CVE-2018-12904) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Jakub Jirasek discovered that multiple use-after-free errors existed in the USB/IP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that a race condition existed in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver in the Linux kernel that could result in a double free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9415) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) Update Instructions: Run `sudo pro fix USN-3752-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1017-oem - 4.15.0-1017.20 No subscription required linux-image-unsigned-4.15.0-1022-azure - 4.15.0-1022.23 No subscription required Medium CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10323 CVE-2018-10840 CVE-2018-10881 CVE-2018-1093 CVE-2018-1108 CVE-2018-1120 CVE-2018-11412 CVE-2018-11506 CVE-2018-12232 CVE-2018-12233 CVE-2018-12904 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 CVE-2018-5814 CVE-2018-9415 Ubuntu 18.04 LTS It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711) Update Instructions: Run `sudo pro fix USN-3755-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.2.5-4ubuntu0.2 libgd-tools - 2.2.5-4ubuntu0.2 libgd-dev - 2.2.5-4ubuntu0.2 No subscription required Medium CVE-2018-1000222 CVE-2018-5711 Ubuntu 18.04 LTS It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Zdenek Sojka, Rudolf Marek, Alex Zuepke, and Innokentiy Sennovskiy discovered that microprocessors that perform speculative reads of system registers may allow unauthorized disclosure of system parameters via a sidechannel attack. This vulnerability is also known as Rogue System Register Read (RSRE). An attacker could use this to expose sensitive information. (CVE-2018-3640) Update Instructions: Run `sudo pro fix USN-3756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20180807a.0ubuntu0.18.04.1 No subscription required High CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 Ubuntu 18.04 LTS Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.2 libpoppler-cpp-dev - 0.62.0-2ubuntu2.2 libpoppler-glib-doc - 0.62.0-2ubuntu2.2 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.2 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.2 libpoppler-glib8 - 0.62.0-2ubuntu2.2 libpoppler-private-dev - 0.62.0-2ubuntu2.2 libpoppler-glib-dev - 0.62.0-2ubuntu2.2 libpoppler-dev - 0.62.0-2ubuntu2.2 libpoppler-qt5-dev - 0.62.0-2ubuntu2.2 libpoppler-qt5-1 - 0.62.0-2ubuntu2.2 poppler-utils - 0.62.0-2ubuntu2.2 No subscription required Medium CVE-2018-13988 Ubuntu 18.04 LTS Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942) Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943) It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600) Update Instructions: Run `sudo pro fix USN-3758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.4-3ubuntu0.1 libx11-data - 2:1.6.4-3ubuntu0.1 libx11-xcb-dev - 2:1.6.4-3ubuntu0.1 libx11-xcb1 - 2:1.6.4-3ubuntu0.1 libx11-doc - 2:1.6.4-3ubuntu0.1 libx11-6-udeb - 2:1.6.4-3ubuntu0.1 libx11-dev - 2:1.6.4-3ubuntu0.1 No subscription required Medium CVE-2016-7942 CVE-2016-7943 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 Ubuntu 18.04 LTS Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14622) It was discovered that libtirpc incorrectly handled certain strings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-8779) Update Instructions: Run `sudo pro fix USN-3759-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtirpc1 - 0.2.5-1.2ubuntu0.1 libtirpc-dev - 0.2.5-1.2ubuntu0.1 No subscription required Medium CVE-2016-4429 CVE-2017-8779 CVE-2018-14622 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-nn - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ne - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-nb - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-fa - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-fi - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-fr - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-fy - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-or - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-kab - 62.0+build2-0ubuntu0.18.04.3 firefox-testsuite - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-oc - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-cs - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ga - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-gd - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-gn - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-gl - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-gu - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-pa - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-pl - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-cy - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-pt - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-hi - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-uk - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-he - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-hy - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-hr - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-hu - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-as - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ar - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ia - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-az - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-id - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-mai - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-af - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-is - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-it - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-an - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-bs - 62.0+build2-0ubuntu0.18.04.3 firefox - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ro - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ja - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ru - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-br - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-bn - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-be - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-bg - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sl - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sk - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-si - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sw - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sv - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sr - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-sq - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ko - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-kn - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-km - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-kk - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ka - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-xh - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ca - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ku - 62.0+build2-0ubuntu0.18.04.3 firefox-mozsymbols - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-lv - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-lt - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-th - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-hsb - 62.0+build2-0ubuntu0.18.04.3 firefox-dev - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-te - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-cak - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ta - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-lg - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-tr - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-nso - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-de - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-da - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ms - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-mr - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-my - 62.0+build2-0ubuntu0.18.04.3 firefox-globalmenu - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-uz - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ml - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-mn - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-mk - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ur - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-vi - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-eu - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-et - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-es - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-csb - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-el - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-eo - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-en - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-zu - 62.0+build2-0ubuntu0.18.04.3 firefox-locale-ast - 62.0+build2-0ubuntu0.18.04.3 No subscription required Medium CVE-2018-12375 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 Ubuntu 18.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-nn - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ne - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-nb - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-fa - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-fi - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-fr - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-fy - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-or - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-kab - 62.0+build2-0ubuntu0.18.04.4 firefox-testsuite - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-oc - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-cs - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ga - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-gd - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-gn - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-gl - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-gu - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-pa - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-pl - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-cy - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-pt - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-hi - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-uk - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-he - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-hy - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-hr - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-hu - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-as - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ar - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ia - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-az - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-id - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-mai - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-af - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-is - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-it - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-an - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-bs - 62.0+build2-0ubuntu0.18.04.4 firefox - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ro - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ja - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ru - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-br - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-bn - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-be - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-bg - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sl - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sk - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-si - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sw - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sv - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sr - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-sq - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ko - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-kn - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-km - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-kk - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ka - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-xh - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ca - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ku - 62.0+build2-0ubuntu0.18.04.4 firefox-mozsymbols - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-lv - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-lt - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-th - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-hsb - 62.0+build2-0ubuntu0.18.04.4 firefox-dev - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-te - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-cak - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ta - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-lg - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-tr - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-nso - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-de - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-da - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ms - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-mr - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-my - 62.0+build2-0ubuntu0.18.04.4 firefox-globalmenu - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-uz - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ml - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-mn - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-mk - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ur - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-vi - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-eu - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-et - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-es - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-csb - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-el - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-eo - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-en - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-zu - 62.0+build2-0ubuntu0.18.04.4 firefox-locale-ast - 62.0+build2-0ubuntu0.18.04.4 No subscription required None https://launchpad.net/bugs/1791789 Ubuntu 18.04 LTS USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox 58 and then later set a primary password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) Update Instructions: Run `sudo pro fix USN-3761-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-nn - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ne - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-nb - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-fa - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-fi - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-fr - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-fy - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-or - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-kab - 62.0+build2-0ubuntu0.18.04.5 firefox-testsuite - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-oc - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-cs - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ga - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-gd - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-gn - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-gl - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-gu - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-pa - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-pl - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-cy - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-pt - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-hi - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-uk - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-he - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-hy - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-hr - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-hu - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-as - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ar - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ia - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-az - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-id - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-mai - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-af - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-is - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-it - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-an - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-bs - 62.0+build2-0ubuntu0.18.04.5 firefox - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ro - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ja - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ru - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-br - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-zh-hant - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-zh-hans - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-bn - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-be - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-bg - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sl - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sk - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-si - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sw - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sv - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sr - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-sq - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ko - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-kn - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-km - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-kk - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ka - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-xh - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ca - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ku - 62.0+build2-0ubuntu0.18.04.5 firefox-mozsymbols - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-lv - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-lt - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-th - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-hsb - 62.0+build2-0ubuntu0.18.04.5 firefox-dev - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-te - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-cak - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ta - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-lg - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-tr - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-nso - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-de - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-da - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ms - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-mr - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-my - 62.0+build2-0ubuntu0.18.04.5 firefox-globalmenu - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-uz - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ml - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-mn - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-mk - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ur - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-vi - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-eu - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-et - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-es - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-csb - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-el - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-eo - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-en - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-zu - 62.0+build2-0ubuntu0.18.04.5 firefox-locale-ast - 62.0+build2-0ubuntu0.18.04.5 No subscription required None https://launchpad.net/bugs/1791789 https://usn.ubuntu.com/usn/usn-3761-2 Ubuntu 18.04 LTS It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2018-1118) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) Update Instructions: Run `sudo pro fix USN-3762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1019-gcp - 4.15.0-1019.20 No subscription required linux-image-4.15.0-1021-aws - 4.15.0-1021.21 linux-image-4.15.0-1021-kvm - 4.15.0-1021.21 No subscription required linux-image-4.15.0-1022-raspi2 - 4.15.0-1022.24 No subscription required linux-image-unsigned-4.15.0-1023-azure - 4.15.0-1023.24 No subscription required linux-image-4.15.0-34-generic-lpae - 4.15.0-34.37 linux-image-unsigned-4.15.0-34-lowlatency - 4.15.0-34.37 linux-image-4.15.0-34-snapdragon - 4.15.0-34.37 linux-image-4.15.0-34-generic - 4.15.0-34.37 linux-image-unsigned-4.15.0-34-generic - 4.15.0-34.37 linux-image-4.15.0-34-lowlatency - 4.15.0-34.37 No subscription required Low CVE-2017-13695 CVE-2018-1118 Ubuntu 18.04 LTS It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-0502, CVE-2018-13259) Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1100) Update Instructions: Run `sudo pro fix USN-3764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.4.2-3ubuntu3.1 zsh-common - 5.4.2-3ubuntu3.1 zsh-dev - 5.4.2-3ubuntu3.1 zsh - 5.4.2-3ubuntu3.1 zsh-doc - 5.4.2-3ubuntu3.1 No subscription required Medium CVE-2018-0502 CVE-2018-1100 CVE-2018-13259 Ubuntu 18.04 LTS It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3765-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.3 libcurl4-openssl-dev - 7.58.0-2ubuntu3.3 libcurl3-gnutls - 7.58.0-2ubuntu3.3 libcurl4-doc - 7.58.0-2ubuntu3.3 libcurl3-nss - 7.58.0-2ubuntu3.3 libcurl4-nss-dev - 7.58.0-2ubuntu3.3 libcurl4 - 7.58.0-2ubuntu3.3 curl - 7.58.0-2ubuntu3.3 No subscription required Medium CVE-2018-14618 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883) Update Instructions: Run `sudo pro fix USN-3766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.10-0ubuntu0.18.04.1 php7.2-enchant - 7.2.10-0ubuntu0.18.04.1 php7.2-ldap - 7.2.10-0ubuntu0.18.04.1 php7.2-fpm - 7.2.10-0ubuntu0.18.04.1 php7.2-recode - 7.2.10-0ubuntu0.18.04.1 php7.2-cli - 7.2.10-0ubuntu0.18.04.1 php7.2-json - 7.2.10-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.10-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.10-0ubuntu0.18.04.1 php7.2 - 7.2.10-0ubuntu0.18.04.1 php7.2-pspell - 7.2.10-0ubuntu0.18.04.1 php7.2-dev - 7.2.10-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.10-0ubuntu0.18.04.1 php7.2-gmp - 7.2.10-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.10-0ubuntu0.18.04.1 php7.2-opcache - 7.2.10-0ubuntu0.18.04.1 php7.2-gd - 7.2.10-0ubuntu0.18.04.1 php7.2-soap - 7.2.10-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.10-0ubuntu0.18.04.1 php7.2-intl - 7.2.10-0ubuntu0.18.04.1 php7.2-odbc - 7.2.10-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.10-0ubuntu0.18.04.1 php7.2-tidy - 7.2.10-0ubuntu0.18.04.1 php7.2-imap - 7.2.10-0ubuntu0.18.04.1 php7.2-readline - 7.2.10-0ubuntu0.18.04.1 php7.2-mysql - 7.2.10-0ubuntu0.18.04.1 php7.2-dba - 7.2.10-0ubuntu0.18.04.1 php7.2-xml - 7.2.10-0ubuntu0.18.04.1 php7.2-interbase - 7.2.10-0ubuntu0.18.04.1 php7.2-xsl - 7.2.10-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.10-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.10-0ubuntu0.18.04.1 php7.2-sybase - 7.2.10-0ubuntu0.18.04.1 php7.2-curl - 7.2.10-0ubuntu0.18.04.1 php7.2-common - 7.2.10-0ubuntu0.18.04.1 php7.2-cgi - 7.2.10-0ubuntu0.18.04.1 php7.2-snmp - 7.2.10-0ubuntu0.18.04.1 php7.2-zip - 7.2.10-0ubuntu0.18.04.1 No subscription required Medium CVE-2015-9253 CVE-2018-14851 CVE-2018-14883 Ubuntu 18.04 LTS It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428) It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429) Update Instructions: Run `sudo pro fix USN-3767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.2-0ubuntu0.18.04.2 libglib2.0-data - 2.56.2-0ubuntu0.18.04.2 libglib2.0-udeb - 2.56.2-0ubuntu0.18.04.2 libglib2.0-tests - 2.56.2-0ubuntu0.18.04.2 libglib2.0-doc - 2.56.2-0ubuntu0.18.04.2 libglib2.0-bin - 2.56.2-0ubuntu0.18.04.2 libglib2.0-dev - 2.56.2-0ubuntu0.18.04.2 libglib2.0-dev-bin - 2.56.2-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-16428 CVE-2018-16429 Ubuntu 18.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3768-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.22~dfsg+1-0ubuntu1.2 ghostscript-x - 9.22~dfsg+1-0ubuntu1.2 libgs-dev - 9.22~dfsg+1-0ubuntu1.2 ghostscript-doc - 9.22~dfsg+1-0ubuntu1.2 libgs9 - 9.22~dfsg+1-0ubuntu1.2 libgs9-common - 9.22~dfsg+1-0ubuntu1.2 No subscription required Medium CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3769-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.2 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.2 libisc169 - 1:9.11.3+dfsg-1ubuntu1.2 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.2 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.2 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.2 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.2 bind9 - 1:9.11.3+dfsg-1ubuntu1.2 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.2 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.2 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.2 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.2 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.2 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.2 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.2 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.2 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.2 bind9-host - 1:9.11.3+dfsg-1ubuntu1.2 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.2 dnsutils - 1:9.11.3+dfsg-1ubuntu1.2 bind9utils - 1:9.11.3+dfsg-1ubuntu1.2 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.2 libirs160 - 1:9.11.3+dfsg-1ubuntu1.2 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.2 No subscription required Medium CVE-2018-5740 Ubuntu 18.04 LTS Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165) Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435) Update Instructions: Run `sudo pro fix USN-3770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-dev - 2.9-1ubuntu0.1 liblcms2-2 - 2.9-1ubuntu0.1 liblcms2-utils - 2.9-1ubuntu0.1 No subscription required Medium CVE-2016-10165 CVE-2018-16435 Ubuntu 18.04 LTS It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2018-10811) Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16151) Sze Yiu Chau discovered that strongSwan incorrectly handled certain parameters fields in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16152) It was discovered that strongSwan incorrectly handled the stroke plugin. A local administrator could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-5388) Update Instructions: Run `sudo pro fix USN-3771-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-nm - 5.6.2-1ubuntu2.2 strongswan-scepclient - 5.6.2-1ubuntu2.2 libcharon-extra-plugins - 5.6.2-1ubuntu2.2 libcharon-standard-plugins - 5.6.2-1ubuntu2.2 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.2 strongswan-tnc-pdp - 5.6.2-1ubuntu2.2 strongswan-charon - 5.6.2-1ubuntu2.2 libstrongswan - 5.6.2-1ubuntu2.2 strongswan-swanctl - 5.6.2-1ubuntu2.2 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.2 charon-systemd - 5.6.2-1ubuntu2.2 strongswan - 5.6.2-1ubuntu2.2 strongswan-tnc-server - 5.6.2-1ubuntu2.2 strongswan-tnc-client - 5.6.2-1ubuntu2.2 strongswan-tnc-base - 5.6.2-1ubuntu2.2 charon-cmd - 5.6.2-1ubuntu2.2 strongswan-pki - 5.6.2-1ubuntu2.2 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.2 strongswan-starter - 5.6.2-1ubuntu2.2 strongswan-libcharon - 5.6.2-1ubuntu2.2 No subscription required Medium CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-5388 Ubuntu 18.04 LTS It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-3772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: udisks2-lvm2 - 2.7.6-3ubuntu0.2 udisks2 - 2.7.6-3ubuntu0.2 libudisks2-0 - 2.7.6-3ubuntu0.2 udisks2-btrfs - 2.7.6-3ubuntu0.2 gir1.2-udisks-2.0 - 2.7.6-3ubuntu0.2 libudisks2-dev - 2.7.6-3ubuntu0.2 udisks2-doc - 2.7.6-3ubuntu0.2 No subscription required Medium CVE-2018-17336 Ubuntu 18.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3773-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.18.04.1 ghostscript-x - 9.25~dfsg+1-0ubuntu0.18.04.1 libgs-dev - 9.25~dfsg+1-0ubuntu0.18.04.1 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.18.04.1 libgs9 - 9.25~dfsg+1-0ubuntu0.18.04.1 libgs9-common - 9.25~dfsg+1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-16510 CVE-2018-17183 Ubuntu 18.04 LTS It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-nm - 5.6.2-1ubuntu2.3 strongswan-scepclient - 5.6.2-1ubuntu2.3 libcharon-extra-plugins - 5.6.2-1ubuntu2.3 libcharon-standard-plugins - 5.6.2-1ubuntu2.3 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.3 strongswan-tnc-pdp - 5.6.2-1ubuntu2.3 strongswan-charon - 5.6.2-1ubuntu2.3 libstrongswan - 5.6.2-1ubuntu2.3 strongswan-swanctl - 5.6.2-1ubuntu2.3 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.3 charon-systemd - 5.6.2-1ubuntu2.3 strongswan - 5.6.2-1ubuntu2.3 strongswan-tnc-server - 5.6.2-1ubuntu2.3 strongswan-tnc-client - 5.6.2-1ubuntu2.3 strongswan-tnc-base - 5.6.2-1ubuntu2.3 charon-cmd - 5.6.2-1ubuntu2.3 strongswan-pki - 5.6.2-1ubuntu2.3 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.3 strongswan-starter - 5.6.2-1ubuntu2.3 strongswan-libcharon - 5.6.2-1ubuntu2.3 No subscription required Medium CVE-2018-17540 Ubuntu 18.04 LTS Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) Andy Lutomirski and Mika Penttilä discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) USN 3652-1 added a mitigation for Speculative Store Bypass a.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the corresponding mitigation for ARM64 processors. Please note that for this mitigation to be effective, an updated firmware for the processor may be required. Update Instructions: Run `sudo pro fix USN-3777-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1021-gcp - 4.15.0-1021.22 No subscription required linux-image-unsigned-4.15.0-1021-oem - 4.15.0-1021.24 No subscription required linux-image-4.15.0-1023-aws - 4.15.0-1023.23 linux-image-4.15.0-1023-kvm - 4.15.0-1023.23 No subscription required linux-image-4.15.0-1024-raspi2 - 4.15.0-1024.26 No subscription required linux-image-unsigned-4.15.0-36-generic - 4.15.0-36.39 linux-image-4.15.0-36-generic - 4.15.0-36.39 linux-image-unsigned-4.15.0-36-lowlatency - 4.15.0-36.39 linux-image-4.15.0-36-lowlatency - 4.15.0-36.39 linux-image-4.15.0-36-snapdragon - 4.15.0-36.39 linux-image-4.15.0-36-generic-lpae - 4.15.0-36.39 No subscription required High CVE-2018-10853 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Ubuntu 18.04 LTS USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555) Update Instructions: Run `sudo pro fix USN-3777-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1025-azure - 4.15.0-1025.26 No subscription required High CVE-2017-5715 CVE-2018-14633 CVE-2018-15572 CVE-2018-15594 CVE-2018-17182 CVE-2018-3639 CVE-2018-6554 CVE-2018-6555 Ubuntu 18.04 LTS A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-12386) It was discovered that the Array.prototype.push could leak memory addresses to the calling function in some circumstances. An attacker could exploit this in combination with another vulnerability to help execute arbitrary code. (CVE-2018-12387) Update Instructions: Run `sudo pro fix USN-3778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nn - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ne - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nb - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fa - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fi - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fr - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fy - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-or - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kab - 62.0.3+build1-0ubuntu0.18.04.1 firefox-testsuite - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-oc - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cs - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ga - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gd - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gn - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gl - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gu - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pa - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pl - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cy - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pt - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hi - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uk - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-he - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hy - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hr - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hu - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-as - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ar - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ia - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-az - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-id - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mai - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-af - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-is - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-it - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-an - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bs - 62.0.3+build1-0ubuntu0.18.04.1 firefox - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ro - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ja - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ru - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-br - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bn - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-be - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bg - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sl - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sk - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-si - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sw - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sv - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sr - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sq - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ko - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kn - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-km - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kk - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ka - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-xh - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ca - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ku - 62.0.3+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lv - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lt - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-th - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 62.0.3+build1-0ubuntu0.18.04.1 firefox-dev - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-te - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cak - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ta - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lg - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-tr - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nso - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-de - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-da - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ms - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mr - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-my - 62.0.3+build1-0ubuntu0.18.04.1 firefox-globalmenu - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uz - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ml - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mn - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mk - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ur - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-vi - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eu - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-et - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-es - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-csb - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-el - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eo - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-en - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zu - 62.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ast - 62.0.3+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 Ubuntu 18.04 LTS It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3780-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.2 haproxy-doc - 1.8.8-1ubuntu0.2 vim-haproxy - 1.8.8-1ubuntu0.2 No subscription required Medium CVE-2018-14645 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.22.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.22.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.22.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.22.2-0ubuntu0.18.04.1 webkit2gtk-driver - 2.22.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.22.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.22.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.22.2-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.22.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.22.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4311 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 Ubuntu 18.04 LTS USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3781-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.22.2-0ubuntu0.18.04.2 libwebkit2gtk-4.0-37-gtk2 - 2.22.2-0ubuntu0.18.04.2 libjavascriptcoregtk-4.0-dev - 2.22.2-0ubuntu0.18.04.2 libwebkit2gtk-4.0-37 - 2.22.2-0ubuntu0.18.04.2 webkit2gtk-driver - 2.22.2-0ubuntu0.18.04.2 libjavascriptcoregtk-4.0-18 - 2.22.2-0ubuntu0.18.04.2 libwebkit2gtk-4.0-doc - 2.22.2-0ubuntu0.18.04.2 libjavascriptcoregtk-4.0-bin - 2.22.2-0ubuntu0.18.04.2 gir1.2-webkit2-4.0 - 2.22.2-0ubuntu0.18.04.2 libwebkit2gtk-4.0-dev - 2.22.2-0ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1795901 Ubuntu 18.04 LTS Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-12085) It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17294) Update Instructions: Run `sudo pro fix USN-3782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 3.5.0-1ubuntu0.3 liblouis14 - 3.5.0-1ubuntu0.3 python-louis - 3.5.0-1ubuntu0.3 liblouis-dev - 3.5.0-1ubuntu0.3 python3-louis - 3.5.0-1ubuntu0.3 liblouis-data - 3.5.0-1ubuntu0.3 No subscription required Medium CVE-2018-12085 CVE-2018-17294 Ubuntu 18.04 LTS Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1302) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-1333) Gal Goldshtein discovered that the Apache HTTP Server HTTP/2 module incorrectly handled large SETTINGS frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-11763) Update Instructions: Run `sudo pro fix USN-3783-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.4 apache2-utils - 2.4.29-1ubuntu4.4 apache2-dev - 2.4.29-1ubuntu4.4 apache2-suexec-pristine - 2.4.29-1ubuntu4.4 apache2-suexec-custom - 2.4.29-1ubuntu4.4 apache2 - 2.4.29-1ubuntu4.4 apache2-doc - 2.4.29-1ubuntu4.4 apache2-ssl-dev - 2.4.29-1ubuntu4.4 apache2-bin - 2.4.29-1ubuntu4.4 No subscription required Medium CVE-2018-11763 CVE-2018-1302 CVE-2018-1333 Ubuntu 18.04 LTS As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files. Update Instructions: Run `sudo pro fix USN-3784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apparmor - 2.12-4ubuntu5.1 libapparmor-dev - 2.12-4ubuntu5.1 libapparmor-perl - 2.12-4ubuntu5.1 apparmor-profiles - 2.12-4ubuntu5.1 apparmor-notify - 2.12-4ubuntu5.1 libapparmor1 - 2.12-4ubuntu5.1 python3-libapparmor - 2.12-4ubuntu5.1 python-libapparmor - 2.12-4ubuntu5.1 libpam-apparmor - 2.12-4ubuntu5.1 apparmor-easyprof - 2.12-4ubuntu5.1 apparmor - 2.12-4ubuntu5.1 python3-apparmor - 2.12-4ubuntu5.1 apparmor-utils - 2.12-4ubuntu5.1 libapache2-mod-apparmor - 2.12-4ubuntu5.1 dh-apparmor - 2.12-4ubuntu5.1 No subscription required None https://launchpad.net/bugs/1788929 https://launchpad.net/bugs/1794848 Ubuntu 18.04 LTS Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-16640, CVE-2018-16750) It was discovered that ImageMagick did not properly initialize a variable before using it when processing MAT images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551) It was discovered that an information disclosure vulnerability existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (CVE-2018-16323) It was discovered that an out-of-bounds write vulnerability existed in ImageMagick when handling certain images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-16642) It was discovered that ImageMagick did not properly check for errors in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16643) It was discovered that ImageMagick did not properly validate image meta data in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16644) It was discovered that ImageMagick did not prevent excessive memory allocation when handling certain image types. An attacker could use this to cause a denial of service. (CVE-2018-16645) Sergej Schumilo and Cornelius Aschermann discovered that ImageMagick did not properly check for NULL in some situations when processing PNG images. An attacker could use this to cause a denial of service. (CVE-2018-16749) USN-3681-1 fixed vulnerabilities in Imagemagick. Unfortunately, the fix for CVE-2017-13144 introduced a regression in ImageMagick in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This update reverts the fix for CVE-2017-13144 for those releases. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-3785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.4 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.4 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.4 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.4 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.4 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.4 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.4 No subscription required Medium CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-14551 CVE-2018-16323 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 https://launchpad.net/bugs/1793485 Ubuntu 18.04 LTS USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864) Update Instructions: Run `sudo pro fix USN-3786-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxkbcommon-x11-dev - 0.8.0-1ubuntu0.1 libxkbcommon-dev - 0.8.0-1ubuntu0.1 libxkbcommon0 - 0.8.0-1ubuntu0.1 libxkbcommon-x11-0 - 0.8.0-1ubuntu0.1 No subscription required Medium CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 Ubuntu 18.04 LTS Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-5700) It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17407) Update Instructions: Run `sudo pro fix USN-3788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libptexenc-dev - 2017.20170613.44572-8ubuntu0.1 libkpathsea-dev - 2017.20170613.44572-8ubuntu0.1 libptexenc1 - 2017.20170613.44572-8ubuntu0.1 libtexluajit2 - 2017.20170613.44572-8ubuntu0.1 libtexluajit-dev - 2017.20170613.44572-8ubuntu0.1 texlive-binaries - 2017.20170613.44572-8ubuntu0.1 libtexlua52-dev - 2017.20170613.44572-8ubuntu0.1 libtexlua52 - 2017.20170613.44572-8ubuntu0.1 libsynctex-dev - 2017.20170613.44572-8ubuntu0.1 libkpathsea6 - 2017.20170613.44572-8ubuntu0.1 libsynctex1 - 2017.20170613.44572-8ubuntu0.1 No subscription required Medium CVE-2015-5700 CVE-2018-17407 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3789-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-testfiles - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-base - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav - 0.100.2+dfsg-1ubuntu0.18.04.1 libclamav7 - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-daemon - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-milter - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-docs - 0.100.2+dfsg-1ubuntu0.18.04.1 clamav-freshclam - 0.100.2+dfsg-1ubuntu0.18.04.1 clamdscan - 0.100.2+dfsg-1ubuntu0.18.04.1 No subscription required Medium CVE-2018-15378 Ubuntu 18.04 LTS It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.18.4-2ubuntu0.1 python-requests - 2.18.4-2ubuntu0.1 No subscription required Medium CVE-2018-18074 Ubuntu 18.04 LTS It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used. Update Instructions: Run `sudo pro fix USN-3791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.3 gitweb - 1:2.17.1-1ubuntu0.3 git-gui - 1:2.17.1-1ubuntu0.3 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.3 git-el - 1:2.17.1-1ubuntu0.3 gitk - 1:2.17.1-1ubuntu0.3 git-all - 1:2.17.1-1ubuntu0.3 git-mediawiki - 1:2.17.1-1ubuntu0.3 git-daemon-run - 1:2.17.1-1ubuntu0.3 git-man - 1:2.17.1-1ubuntu0.3 git-doc - 1:2.17.1-1ubuntu0.3 git-svn - 1:2.17.1-1ubuntu0.3 git-cvs - 1:2.17.1-1ubuntu0.3 git-email - 1:2.17.1-1ubuntu0.3 No subscription required Medium CVE-2018-17456 Ubuntu 18.04 LTS It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3792-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1.8ubuntu3.1 libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.1 libsnmp-dev - 5.7.3+dfsg-1.8ubuntu3.1 libsnmp-base - 5.7.3+dfsg-1.8ubuntu3.1 snmp - 5.7.3+dfsg-1.8ubuntu3.1 libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.1 tkmib - 5.7.3+dfsg-1.8ubuntu3.1 snmpd - 5.7.3+dfsg-1.8ubuntu3.1 python-netsnmp - 5.7.3+dfsg-1.8ubuntu3.1 No subscription required Medium CVE-2018-18065 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) Update Instructions: Run `sudo pro fix USN-3793-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-br - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-bn - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-be - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-bg - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ja - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sl - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sk - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-si - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-gnome-support - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sv - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sr - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sq - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-hsb - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-cy - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-cs - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ca - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-br - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pa - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ka - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ko - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-kk - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-kab - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pl - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-tw - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pt - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-nn-no - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-nb-no - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-bn-bd - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-lt - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-en-gb - 1:60.2.1+build1-0ubuntu0.18.04.2 xul-ext-calendar-timezones - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-de - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-da - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-uk - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-globalmenu - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-testsuite - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-dev - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-el - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-en-us - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-rm - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ms - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ro - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-eu - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-et - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hant - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hans - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ru - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-mk - 1:60.2.1+build1-0ubuntu0.18.04.2 xul-ext-gdata-provider - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-fr - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-es-es - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ta-lk - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-fy - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-fi - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ast - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-nl - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-nn - 1:60.2.1+build1-0ubuntu0.18.04.2 xul-ext-lightning - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ga-ie - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-fy-nl - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-nb - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-en - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-cn - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-gl - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ga - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-tr - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-gd - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ta - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-dsb - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-it - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-hy - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-sv-se - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-hr - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-hu - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pa-in - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-he - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-ar - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-af - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-pt - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-is - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-vi - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-mozsymbols - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-es - 1:60.2.1+build1-0ubuntu0.18.04.2 thunderbird-locale-id - 1:60.2.1+build1-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 Ubuntu 18.04 LTS It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3794-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.9-1ubuntu1.1 No subscription required Medium CVE-2017-5934 Ubuntu 18.04 LTS Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.1 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.1 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.1 libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.1 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.1 No subscription required Medium CVE-2018-10933 Ubuntu 18.04 LTS USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3795-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.2 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.2 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.2 libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.2 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.2 No subscription required None https://launchpad.net/bugs/1805348 Ubuntu 18.04 LTS Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Update Instructions: Run `sudo pro fix USN-3796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-paramiko - 2.0.0-1ubuntu1.1 paramiko-doc - 2.0.0-1ubuntu1.1 python-paramiko - 2.0.0-1ubuntu1.1 No subscription required Medium CVE-2018-1000805 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-24.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Update Instructions: Run `sudo pro fix USN-3799-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.24-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.24-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.24-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.24-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.24-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.24-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.24-0ubuntu0.18.04.1 mysql-server - 5.7.24-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.24-0ubuntu0.18.04.1 mysql-testsuite - 5.7.24-0ubuntu0.18.04.1 libmysqld-dev - 5.7.24-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.24-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-3133 CVE-2018-3143 CVE-2018-3144 CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 CVE-2018-3162 CVE-2018-3171 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3187 CVE-2018-3200 CVE-2018-3247 CVE-2018-3251 CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 CVE-2018-3282 CVE-2018-3283 CVE-2018-3284 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-nn - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ne - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-nb - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-fa - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-fi - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-fr - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-fy - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-or - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-kab - 63.0+build2-0ubuntu0.18.04.2 firefox-testsuite - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-oc - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-cs - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ga - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-gd - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-gn - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-gl - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-gu - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-pa - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-pl - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-cy - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-pt - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-hi - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-uk - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-he - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-hy - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-hr - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-hu - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-as - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ar - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ia - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-az - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-id - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-mai - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-af - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-is - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-it - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-an - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-bs - 63.0+build2-0ubuntu0.18.04.2 firefox - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ro - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ja - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ru - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-br - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hant - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hans - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-bn - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-be - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-bg - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sl - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sk - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-si - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sw - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sv - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sr - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-sq - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ko - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-kn - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-km - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-kk - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ka - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-xh - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ca - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ku - 63.0+build2-0ubuntu0.18.04.2 firefox-mozsymbols - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-lv - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-lt - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-th - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-hsb - 63.0+build2-0ubuntu0.18.04.2 firefox-dev - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-te - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-cak - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ta - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-lg - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-tr - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-nso - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-de - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-da - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ms - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-mr - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-my - 63.0+build2-0ubuntu0.18.04.2 firefox-globalmenu - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-uz - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ml - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-mn - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-mk - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ur - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-vi - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-eu - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-et - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-es - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-csb - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-el - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-eo - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-en - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-zu - 63.0+build2-0ubuntu0.18.04.2 firefox-locale-ast - 63.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-12388 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-12398 CVE-2018-12399 CVE-2018-12401 CVE-2018-12402 CVE-2018-12403 Ubuntu 18.04 LTS USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. (CVE-2018-12388, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401, CVE-2018-12402, CVE-2018-12403) Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. (CVE-2018-12395, CVE-2018-12396, CVE-2018-12397) Update Instructions: Run `sudo pro fix USN-3801-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nn - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ne - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nb - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fa - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fi - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fr - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fy - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-or - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kab - 63.0.3+build1-0ubuntu0.18.04.1 firefox-testsuite - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-oc - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cs - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ga - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gd - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gn - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gl - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gu - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pa - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pl - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cy - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pt - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hi - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uk - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-he - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hy - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hr - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hu - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-as - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ar - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ia - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-az - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-id - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mai - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-af - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-is - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-it - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-an - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bs - 63.0.3+build1-0ubuntu0.18.04.1 firefox - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ro - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ja - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ru - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-br - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bn - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-be - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bg - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sl - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sk - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-si - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sw - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sv - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sr - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sq - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ko - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kn - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-km - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kk - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ka - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-xh - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ca - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ku - 63.0.3+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lv - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lt - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-th - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 63.0.3+build1-0ubuntu0.18.04.1 firefox-dev - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-te - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cak - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ta - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lg - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-tr - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nso - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-de - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-da - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ms - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mr - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-my - 63.0.3+build1-0ubuntu0.18.04.1 firefox-globalmenu - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uz - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ml - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mn - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mk - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ur - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-vi - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eu - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-et - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-es - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-csb - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-el - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eo - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-en - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zu - 63.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ast - 63.0.3+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1804881 Ubuntu 18.04 LTS Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges. Update Instructions: Run `sudo pro fix USN-3802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.2 xmir - 2:1.19.6-1ubuntu4.2 xwayland - 2:1.19.6-1ubuntu4.2 xorg-server-source - 2:1.19.6-1ubuntu4.2 xdmx - 2:1.19.6-1ubuntu4.2 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.2 xserver-xorg-dev - 2:1.19.6-1ubuntu4.2 xvfb - 2:1.19.6-1ubuntu4.2 xnest - 2:1.19.6-1ubuntu4.2 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.2 xserver-common - 2:1.19.6-1ubuntu4.2 xserver-xephyr - 2:1.19.6-1ubuntu4.2 xserver-xorg-core-udeb - 2:1.19.6-1ubuntu4.2 xdmx-tools - 2:1.19.6-1ubuntu4.2 No subscription required Medium CVE-2018-14665 Ubuntu 18.04 LTS Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3803-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.25~dfsg+1-0ubuntu0.18.04.2 ghostscript-x - 9.25~dfsg+1-0ubuntu0.18.04.2 libgs-dev - 9.25~dfsg+1-0ubuntu0.18.04.2 ghostscript-doc - 9.25~dfsg+1-0ubuntu0.18.04.2 libgs9 - 9.25~dfsg+1-0ubuntu0.18.04.2 libgs9-common - 9.25~dfsg+1-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Ubuntu 18.04 LTS It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. (CVE-2018-3139) It was discovered that the Java Naming and Directory Interface (JNDI) implementation in OpenJDK did not properly enforce restrictions specified by system properties in some situations. An attacker could potentially use this to execute arbitrary code. (CVE-2018-3149) It was discovered that the Utility component of OpenJDK did not properly ensure all attributes in a JAR were signed before use. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-3150) It was discovered that the Hotspot component of OpenJDK did not properly perform access checks in certain cases when performing field link resolution. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3169) Felix Dörre discovered that the Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information. (CVE-2018-3180) Krzysztof Szafrański discovered that the Scripting component did not properly restrict access to the scripting engine in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3183) Tobias Ospelt discovered that the Resource Interchange File Format (RIFF) reader implementation in OpenJDK contained an infinite loop. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-3214) Update Instructions: Run `sudo pro fix USN-3804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-jre-zero - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-doc - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-jdk-headless - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.3 openjdk-11-demo - 10.0.2+13-1ubuntu0.18.04.3 No subscription required Medium CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Ubuntu 18.04 LTS Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840) Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842) Update Instructions: Run `sudo pro fix USN-3805-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.5 libcurl4-openssl-dev - 7.58.0-2ubuntu3.5 libcurl3-gnutls - 7.58.0-2ubuntu3.5 libcurl4-doc - 7.58.0-2ubuntu3.5 libcurl3-nss - 7.58.0-2ubuntu3.5 libcurl4-nss-dev - 7.58.0-2ubuntu3.5 libcurl4 - 7.58.0-2ubuntu3.5 curl - 7.58.0-2ubuntu3.5 No subscription required Medium CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 Ubuntu 18.04 LTS Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3806-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.4 systemd-coredump - 237-3ubuntu10.4 systemd - 237-3ubuntu10.4 udev-udeb - 237-3ubuntu10.4 libsystemd0 - 237-3ubuntu10.4 systemd-container - 237-3ubuntu10.4 libnss-myhostname - 237-3ubuntu10.4 libudev1-udeb - 237-3ubuntu10.4 libudev1 - 237-3ubuntu10.4 libsystemd-dev - 237-3ubuntu10.4 libnss-systemd - 237-3ubuntu10.4 systemd-journal-remote - 237-3ubuntu10.4 libpam-systemd - 237-3ubuntu10.4 libnss-mymachines - 237-3ubuntu10.4 libnss-resolve - 237-3ubuntu10.4 systemd-sysv - 237-3ubuntu10.4 udev - 237-3ubuntu10.4 libudev-dev - 237-3ubuntu10.4 No subscription required Medium CVE-2018-15688 Ubuntu 18.04 LTS Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3807-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnm-glib-vpn-dev - 1.10.6-2ubuntu1.1 libnm-util2 - 1.10.6-2ubuntu1.1 network-manager-dev - 1.10.6-2ubuntu1.1 network-manager-config-connectivity-ubuntu - 1.10.6-2ubuntu1.1 libnm-glib-dev - 1.10.6-2ubuntu1.1 gir1.2-networkmanager-1.0 - 1.10.6-2ubuntu1.1 network-manager - 1.10.6-2ubuntu1.1 libnm-dev - 1.10.6-2ubuntu1.1 libnm-glib4 - 1.10.6-2ubuntu1.1 network-manager-config-connectivity-debian - 1.10.6-2ubuntu1.1 libnm0 - 1.10.6-2ubuntu1.1 gir1.2-nm-1.0 - 1.10.6-2ubuntu1.1 libnm-glib-vpn1 - 1.10.6-2ubuntu1.1 libnm-util-dev - 1.10.6-2ubuntu1.1 No subscription required Medium CVE-2018-15688 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. (CVE-2018-16395) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16396) Update Instructions: Run `sudo pro fix USN-3808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.1 ruby2.5 - 2.5.1-1ubuntu1.1 ruby2.5-doc - 2.5.1-1ubuntu1.1 libruby2.5 - 2.5.1-1ubuntu1.1 No subscription required Medium CVE-2018-16395 CVE-2018-16396 Ubuntu 18.04 LTS Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update Instructions: Run `sudo pro fix USN-3809-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.6p1-4ubuntu0.1 openssh-client - 1:7.6p1-4ubuntu0.1 openssh-server - 1:7.6p1-4ubuntu0.1 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.1 ssh - 1:7.6p1-4ubuntu0.1 openssh-client-udeb - 1:7.6p1-4ubuntu0.1 openssh-sftp-server - 1:7.6p1-4ubuntu0.1 No subscription required Low CVE-2016-10708 CVE-2018-15473 Ubuntu 18.04 LTS USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473) Update Instructions: Run `sudo pro fix USN-3809-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.6p1-4ubuntu0.5 openssh-client - 1:7.6p1-4ubuntu0.5 openssh-server - 1:7.6p1-4ubuntu0.5 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.5 ssh - 1:7.6p1-4ubuntu0.5 openssh-client-udeb - 1:7.6p1-4ubuntu0.5 openssh-sftp-server - 1:7.6p1-4ubuntu0.5 No subscription required None https://launchpad.net/bugs/1934501 Ubuntu 18.04 LTS Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication. Update Instructions: Run `sudo pro fix USN-3810-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-2+2ubuntu1.1 ppp - 2.4.7-2+2ubuntu1.1 ppp-dev - 2.4.7-2+2ubuntu1.1 No subscription required Medium CVE-2018-11574 Ubuntu 18.04 LTS It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705) It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11780) It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2018-11781) Update Instructions: Run `sudo pro fix USN-3811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.18.04.1 sa-compile - 3.4.2-0ubuntu0.18.04.1 spamc - 3.4.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Ubuntu 18.04 LTS It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844) It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845) Update Instructions: Run `sudo pro fix USN-3812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.2 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.2 nginx-doc - 1.14.0-0ubuntu1.2 libnginx-mod-mail - 1.14.0-0ubuntu1.2 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.2 libnginx-mod-http-echo - 1.14.0-0ubuntu1.2 libnginx-mod-nchan - 1.14.0-0ubuntu1.2 nginx-common - 1.14.0-0ubuntu1.2 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.2 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.2 nginx-light - 1.14.0-0ubuntu1.2 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.2 nginx-extras - 1.14.0-0ubuntu1.2 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.2 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.2 libnginx-mod-http-lua - 1.14.0-0ubuntu1.2 libnginx-mod-http-perl - 1.14.0-0ubuntu1.2 nginx-core - 1.14.0-0ubuntu1.2 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.2 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.2 nginx - 1.14.0-0ubuntu1.2 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.2 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.2 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.2 nginx-full - 1.14.0-0ubuntu1.2 libnginx-mod-rtmp - 1.14.0-0ubuntu1.2 No subscription required Medium CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 Ubuntu 18.04 LTS It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585) Update Instructions: Run `sudo pro fix USN-3814-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.6-3ubuntu0.2 libmspack-dev - 0.6-3ubuntu0.2 libmspack-doc - 0.6-3ubuntu0.2 No subscription required Medium CVE-2018-18584 CVE-2018-18585 Ubuntu 18.04 LTS It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3815-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasprintf-dev - 0.19.8.1-6ubuntu0.1 gettext - 0.19.8.1-6ubuntu0.1 gettext-el - 0.19.8.1-6ubuntu0.1 libgettextpo0 - 0.19.8.1-6ubuntu0.1 gettext-base - 0.19.8.1-6ubuntu0.1 libasprintf0v5 - 0.19.8.1-6ubuntu0.1 libgettextpo-dev - 0.19.8.1-6ubuntu0.1 autopoint - 0.19.8.1-6ubuntu0.1 gettext-doc - 0.19.8.1-6ubuntu0.1 No subscription required Medium CVE-2018-18751 Ubuntu 18.04 LTS Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Update Instructions: Run `sudo pro fix USN-3816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.6 systemd-coredump - 237-3ubuntu10.6 systemd - 237-3ubuntu10.6 udev-udeb - 237-3ubuntu10.6 libsystemd0 - 237-3ubuntu10.6 systemd-container - 237-3ubuntu10.6 libnss-myhostname - 237-3ubuntu10.6 libudev1-udeb - 237-3ubuntu10.6 libudev1 - 237-3ubuntu10.6 libsystemd-dev - 237-3ubuntu10.6 libnss-systemd - 237-3ubuntu10.6 systemd-journal-remote - 237-3ubuntu10.6 libpam-systemd - 237-3ubuntu10.6 libnss-mymachines - 237-3ubuntu10.6 libnss-resolve - 237-3ubuntu10.6 systemd-sysv - 237-3ubuntu10.6 udev - 237-3ubuntu10.6 libudev-dev - 237-3ubuntu10.6 No subscription required Medium CVE-2018-15686 CVE-2018-15687 CVE-2018-6954 Ubuntu 18.04 LTS USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-15687) It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954) Update Instructions: Run `sudo pro fix USN-3816-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.9 systemd-coredump - 237-3ubuntu10.9 systemd - 237-3ubuntu10.9 udev-udeb - 237-3ubuntu10.9 libsystemd0 - 237-3ubuntu10.9 systemd-container - 237-3ubuntu10.9 libnss-myhostname - 237-3ubuntu10.9 libudev1-udeb - 237-3ubuntu10.9 libudev1 - 237-3ubuntu10.9 libsystemd-dev - 237-3ubuntu10.9 libnss-systemd - 237-3ubuntu10.9 systemd-journal-remote - 237-3ubuntu10.9 libpam-systemd - 237-3ubuntu10.9 libnss-mymachines - 237-3ubuntu10.9 libnss-resolve - 237-3ubuntu10.9 systemd-sysv - 237-3ubuntu10.9 udev - 237-3ubuntu10.9 libudev-dev - 237-3ubuntu10.9 No subscription required Medium CVE-2018-6954 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat's hash salt. A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647) Update Instructions: Run `sudo pro fix USN-3817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.15~rc1-1ubuntu0.1 libpython2.7 - 2.7.15~rc1-1ubuntu0.1 python2.7 - 2.7.15~rc1-1ubuntu0.1 python2.7-minimal - 2.7.15~rc1-1ubuntu0.1 libpython2.7-testsuite - 2.7.15~rc1-1ubuntu0.1 libpython2.7-dev - 2.7.15~rc1-1ubuntu0.1 idle-python2.7 - 2.7.15~rc1-1ubuntu0.1 python2.7-doc - 2.7.15~rc1-1ubuntu0.1 python2.7-dev - 2.7.15~rc1-1ubuntu0.1 python2.7-examples - 2.7.15~rc1-1ubuntu0.1 libpython2.7-stdlib - 2.7.15~rc1-1ubuntu0.1 No subscription required Medium CVE-2018-1000030 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 Ubuntu 18.04 LTS It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pg_upgrade or pg_dump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges. Update Instructions: Run `sudo pro fix USN-3818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.6-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.6-0ubuntu0.18.04.1 libecpg6 - 10.6-0ubuntu0.18.04.1 libpq-dev - 10.6-0ubuntu0.18.04.1 libpgtypes3 - 10.6-0ubuntu0.18.04.1 postgresql-10 - 10.6-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.6-0ubuntu0.18.04.1 libecpg-dev - 10.6-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.6-0ubuntu0.18.04.1 libpq5 - 10.6-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.6-0ubuntu0.18.04.1 postgresql-doc-10 - 10.6-0ubuntu0.18.04.1 postgresql-client-10 - 10.6-0ubuntu0.18.04.1 libecpg-compat3 - 10.6-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-16850 Ubuntu 18.04 LTS Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363) Update Instructions: Run `sudo pro fix USN-3820-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1024-gcp - 4.15.0-1024.25 No subscription required linux-image-4.15.0-1026-kvm - 4.15.0-1026.26 No subscription required linux-image-unsigned-4.15.0-1026-oem - 4.15.0-1026.31 No subscription required linux-image-4.15.0-1027-aws - 4.15.0-1027.27 No subscription required linux-image-4.15.0-1028-raspi2 - 4.15.0-1028.30 No subscription required linux-image-unsigned-4.15.0-1031-azure - 4.15.0-1031.32 No subscription required linux-image-4.15.0-39-lowlatency - 4.15.0-39.42 linux-image-4.15.0-39-snapdragon - 4.15.0-39.42 linux-image-4.15.0-39-generic - 4.15.0-39.42 linux-image-4.15.0-39-generic-lpae - 4.15.0-39.42 linux-image-unsigned-4.15.0-39-generic - 4.15.0-39.42 linux-image-unsigned-4.15.0-39-lowlatency - 4.15.0-39.42 No subscription required High CVE-2017-13168 CVE-2018-15471 CVE-2018-16658 CVE-2018-9363 Ubuntu 18.04 LTS Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code. Update Instructions: Run `sudo pro fix USN-3825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-perl2 - 2.0.10-2ubuntu3.18.04.1 libapache2-mod-perl2-doc - 2.0.10-2ubuntu3.18.04.1 libapache2-mod-perl2-dev - 2.0.10-2ubuntu3.18.04.1 No subscription required Medium CVE-2011-2767 Ubuntu 18.04 LTS Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-11806) Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled certain QMP commands. An attacker could possibly use this issue to crash the QEMU guest agent, resulting in a denial of service. (CVE-2018-12617) Li Qiang discovered that QEMU incorrectly handled NVM Express Controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled RTL8139 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled PCNET device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962) Daniel Shapira discovered that QEMU incorrectly handled large packet sizes. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17963) It was discovered that QEMU incorrectly handled LSI53C895A device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-18849) Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC controller. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-18954) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19364) Update Instructions: Run `sudo pro fix USN-3826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.8 qemu-user-static - 1:2.11+dfsg-1ubuntu7.8 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.8 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.8 qemu-kvm - 1:2.11+dfsg-1ubuntu7.8 qemu-user - 1:2.11+dfsg-1ubuntu7.8 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.8 qemu-system - 1:2.11+dfsg-1ubuntu7.8 qemu-utils - 1:2.11+dfsg-1ubuntu7.8 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.8 qemu - 1:2.11+dfsg-1ubuntu7.8 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.8 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.8 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.8 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.8 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.8 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.8 No subscription required Medium CVE-2018-10839 CVE-2018-11806 CVE-2018-12617 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-18954 CVE-2018-19364 Ubuntu 18.04 LTS Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-14629) Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16841) Garming Sam discovered that Samba incorrectly handled memory when processing LDAP searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2018-16851) Update Instructions: Run `sudo pro fix USN-3827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 No subscription required Medium CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.22.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.22.4-0ubuntu0.18.04.1 webkit2gtk-driver - 2.22.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.22.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.22.4-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.22.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.22.4-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-4345 CVE-2018-4372 CVE-2018-4386 Ubuntu 18.04 LTS It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486) Update Instructions: Run `sudo pro fix USN-3829-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.4 gitweb - 1:2.17.1-1ubuntu0.4 git-gui - 1:2.17.1-1ubuntu0.4 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.4 git-el - 1:2.17.1-1ubuntu0.4 gitk - 1:2.17.1-1ubuntu0.4 git-all - 1:2.17.1-1ubuntu0.4 git-mediawiki - 1:2.17.1-1ubuntu0.4 git-daemon-run - 1:2.17.1-1ubuntu0.4 git-man - 1:2.17.1-1ubuntu0.4 git-doc - 1:2.17.1-1ubuntu0.4 git-svn - 1:2.17.1-1ubuntu0.4 git-cvs - 1:2.17.1-1ubuntu0.4 git-email - 1:2.17.1-1ubuntu0.4 No subscription required Medium CVE-2017-15298 CVE-2018-19486 Ubuntu 18.04 LTS USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-3830-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jre-zero - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-doc - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jre-headless - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jdk - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jdk-headless - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-jre - 10.0.2+13-1ubuntu0.18.04.4 openjdk-11-demo - 10.0.2+13-1ubuntu0.18.04.4 No subscription required None https://launchpad.net/bugs/1800792 https://usn.ubuntu.com/usn/usn-3804-1 Ubuntu 18.04 LTS It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.1 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.1 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.1 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.1 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.1 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Ubuntu 18.04 LTS USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3831-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.3 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.3 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.3 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.3 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.3 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.3 No subscription required None https://launchpad.net/bugs/1806517 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559) Update Instructions: Run `sudo pro fix USN-3833-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1029-aws - 4.15.0-1029.30 No subscription required Medium CVE-2018-18955 CVE-2018-6559 Ubuntu 18.04 LTS Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314) Update Instructions: Run `sudo pro fix USN-3834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.26.1-6ubuntu0.3 perl-modules-5.26 - 5.26.1-6ubuntu0.3 perl-doc - 5.26.1-6ubuntu0.3 perl - 5.26.1-6ubuntu0.3 perl-base - 5.26.1-6ubuntu0.3 libperl5.26 - 5.26.1-6ubuntu0.3 perl-debug - 5.26.1-6ubuntu0.3 No subscription required Medium CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559) Update Instructions: Run `sudo pro fix USN-3836-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1025-gcp - 4.15.0-1025.26 No subscription required linux-image-4.15.0-1027-kvm - 4.15.0-1027.27 No subscription required linux-image-4.15.0-1029-raspi2 - 4.15.0-1029.31 No subscription required linux-image-4.15.0-42-snapdragon - 4.15.0-42.45 linux-image-4.15.0-42-generic-lpae - 4.15.0-42.45 linux-image-4.15.0-42-lowlatency - 4.15.0-42.45 linux-image-unsigned-4.15.0-42-generic - 4.15.0-42.45 linux-image-unsigned-4.15.0-42-lowlatency - 4.15.0-42.45 linux-image-4.15.0-42-generic - 4.15.0-42.45 No subscription required Medium CVE-2018-18955 CVE-2018-6559 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.4 libpoppler-cpp-dev - 0.62.0-2ubuntu2.4 libpoppler-glib-doc - 0.62.0-2ubuntu2.4 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.4 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.4 libpoppler-glib8 - 0.62.0-2ubuntu2.4 libpoppler-private-dev - 0.62.0-2ubuntu2.4 libpoppler-glib-dev - 0.62.0-2ubuntu2.4 libpoppler-dev - 0.62.0-2ubuntu2.4 libpoppler-qt5-dev - 0.62.0-2ubuntu2.4 libpoppler-qt5-1 - 0.62.0-2ubuntu2.4 poppler-utils - 0.62.0-2ubuntu2.4 No subscription required Medium CVE-2018-16646 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 Ubuntu 18.04 LTS USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-19149) Update Instructions: Run `sudo pro fix USN-3837-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.5 libpoppler-cpp-dev - 0.62.0-2ubuntu2.5 libpoppler-glib-doc - 0.62.0-2ubuntu2.5 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.5 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.5 libpoppler-glib8 - 0.62.0-2ubuntu2.5 libpoppler-private-dev - 0.62.0-2ubuntu2.5 libpoppler-glib-dev - 0.62.0-2ubuntu2.5 libpoppler-dev - 0.62.0-2ubuntu2.5 libpoppler-qt5-dev - 0.62.0-2ubuntu2.5 libpoppler-qt5-1 - 0.62.0-2ubuntu2.5 poppler-utils - 0.62.0-2ubuntu2.5 No subscription required Low CVE-2018-16646 CVE-2018-19149 Ubuntu 18.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.18.8-1ubuntu0.2 libraw-bin - 0.18.8-1ubuntu0.2 libraw16 - 0.18.8-1ubuntu0.2 libraw-dev - 0.18.8-1ubuntu0.2 No subscription required Medium CVE-2018-5807 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 Ubuntu 18.04 LTS It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19840, CVE-2018-19841) Update Instructions: Run `sudo pro fix USN-3839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 5.1.0-2ubuntu1.2 libwavpack-dev - 5.1.0-2ubuntu1.2 wavpack - 5.1.0-2ubuntu1.2 No subscription required Medium CVE-2018-19840 CVE-2018-19841 Ubuntu 18.04 LTS Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407) Update Instructions: Run `sudo pro fix USN-3840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.2 libssl1.0-dev - 1.0.2n-1ubuntu5.2 openssl1.0 - 1.0.2n-1ubuntu5.2 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.2 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.2 No subscription required libcrypto1.1-udeb - 1.1.0g-2ubuntu4.3 libssl-dev - 1.1.0g-2ubuntu4.3 openssl - 1.1.0g-2ubuntu4.3 libssl-doc - 1.1.0g-2ubuntu4.3 libssl1.1-udeb - 1.1.0g-2ubuntu4.3 libssl1.1 - 1.1.0g-2ubuntu4.3 No subscription required Low CVE-2018-0734 CVE-2018-0735 CVE-2018-5407 Ubuntu 18.04 LTS It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-3841-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 4.2.1-1ubuntu0.1 python-lxml - 4.2.1-1ubuntu0.1 python-lxml-doc - 4.2.1-1ubuntu0.1 No subscription required Medium CVE-2018-19787 Ubuntu 18.04 LTS Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery (CSRF) attacks. Update Instructions: Run `sudo pro fix USN-3842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.2 libcups2-dev - 2.2.7-1ubuntu2.2 cups-bsd - 2.2.7-1ubuntu2.2 cups-common - 2.2.7-1ubuntu2.2 cups-core-drivers - 2.2.7-1ubuntu2.2 cups-server-common - 2.2.7-1ubuntu2.2 libcupsimage2 - 2.2.7-1ubuntu2.2 cups-client - 2.2.7-1ubuntu2.2 libcupsmime1 - 2.2.7-1ubuntu2.2 cups-ipp-utils - 2.2.7-1ubuntu2.2 libcups2 - 2.2.7-1ubuntu2.2 cups-ppdc - 2.2.7-1ubuntu2.2 libcupsppdc1 - 2.2.7-1ubuntu2.2 cups - 2.2.7-1ubuntu2.2 libcupsimage2-dev - 2.2.7-1ubuntu2.2 cups-daemon - 2.2.7-1ubuntu2.2 No subscription required Medium CVE-2018-4700 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. (CVE-2018-18495, CVE-2018-18497) Update Instructions: Run `sudo pro fix USN-3844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 64.0+build3-0ubuntu0.18.04.1 firefox-testsuite - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 64.0+build3-0ubuntu0.18.04.1 firefox - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 64.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 64.0+build3-0ubuntu0.18.04.1 firefox-dev - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 64.0+build3-0ubuntu0.18.04.1 firefox-globalmenu - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 64.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 64.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 CVE-2018-18498 Ubuntu 18.04 LTS Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update Instructions: Run `sudo pro fix USN-3845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 freerdp2-shadow-x11 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libfreerdp2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 freerdp2-dev - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 freerdp2-wayland - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libwinpr2-dev - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libfreerdp-shadow2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libuwac0-0 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 freerdp2-x11 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libwinpr2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libwinpr-tools2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libuwac0-dev - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libfreerdp-shadow-subsystem2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 libfreerdp-client2-2 - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 winpr-utils - 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 No subscription required Medium CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Ubuntu 18.04 LTS USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory details: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update Instructions: Run `sudo pro fix USN-3845-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-common1.1.0 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-dev - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-crt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-primitives1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-pool0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-library0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-io0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-core1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-locale1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-gdi1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-winhttp0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-synch0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-sysinfo0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-codec1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-rpc0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-dev - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-environment0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-cache1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-crypto0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-sspi0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-utils1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-credui0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 freerdp-x11 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-heap0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-rail1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-thread0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-asn1-0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-bcrypt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libxfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-file0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-handle0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-interlocked0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-sspicli0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-utils0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-path0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-error0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-dsparse0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-plugins-standard - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-timezone0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libfreerdp-crypto1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-winsock0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-pipe0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-credentials0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-registry0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 libwinpr-input0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 No subscription required Medium CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 Ubuntu 18.04 LTS It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710) Update Instructions: Run `sudo pro fix USN-3847-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1026-gcp - 4.15.0-1026.27 No subscription required linux-image-4.15.0-1028-kvm - 4.15.0-1028.28 No subscription required linux-image-4.15.0-1030-raspi2 - 4.15.0-1030.32 No subscription required linux-image-unsigned-4.15.0-1030-oem - 4.15.0-1030.35 No subscription required linux-image-4.15.0-1031-aws - 4.15.0-1031.33 No subscription required linux-image-unsigned-4.15.0-1036-azure - 4.15.0-1036.38 No subscription required linux-image-4.15.0-43-generic - 4.15.0-43.46 linux-image-4.15.0-43-snapdragon - 4.15.0-43.46 linux-image-unsigned-4.15.0-43-generic - 4.15.0-43.46 linux-image-4.15.0-43-lowlatency - 4.15.0-43.46 linux-image-4.15.0-43-generic-lpae - 4.15.0-43.46 linux-image-unsigned-4.15.0-43-lowlatency - 4.15.0-43.46 No subscription required Medium CVE-2018-10902 CVE-2018-12896 CVE-2018-14734 CVE-2018-16276 CVE-2018-18445 CVE-2018-18690 CVE-2018-18710 Ubuntu 18.04 LTS Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Update Instructions: Run `sudo pro fix USN-3850-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.1 libnss3 - 2:3.35-2ubuntu2.1 libnss3-tools - 2:3.35-2ubuntu2.1 No subscription required Medium CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL. Update Instructions: Run `sudo pro fix USN-3851-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.2 python-django-doc - 1:1.11.11-1ubuntu1.2 python-django-common - 1:1.11.11-1ubuntu1.2 python-django - 1:1.11.11-1ubuntu1.2 No subscription required Medium CVE-2019-3498 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669, CVE-2017-9239, CVE-2018-16336, CVE-2018-1758) Update Instructions: Run `sudo pro fix USN-3852-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.2 libexiv2-14 - 0.25-3.1ubuntu0.18.04.2 libexiv2-doc - 0.25-3.1ubuntu0.18.04.2 libexiv2-dev - 0.25-3.1ubuntu0.18.04.2 No subscription required Medium CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-9239 CVE-2018-16336 CVE-2018-17581 Ubuntu 18.04 LTS Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks. Update Instructions: Run `sudo pro fix USN-3853-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.4-1ubuntu1.2 gpgv-static - 2.2.4-1ubuntu1.2 gpgv-win32 - 2.2.4-1ubuntu1.2 scdaemon - 2.2.4-1ubuntu1.2 gpgsm - 2.2.4-1ubuntu1.2 gpgv - 2.2.4-1ubuntu1.2 gpg - 2.2.4-1ubuntu1.2 gnupg-agent - 2.2.4-1ubuntu1.2 gnupg2 - 2.2.4-1ubuntu1.2 gpgconf - 2.2.4-1ubuntu1.2 gpgv-udeb - 2.2.4-1ubuntu1.2 gpg-wks-client - 2.2.4-1ubuntu1.2 gpg-wks-server - 2.2.4-1ubuntu1.2 gpg-agent - 2.2.4-1ubuntu1.2 gnupg - 2.2.4-1ubuntu1.2 gnupg-utils - 2.2.4-1ubuntu1.2 gnupg-l10n - 2.2.4-1ubuntu1.2 gpgv2 - 2.2.4-1ubuntu1.2 No subscription required Medium CVE-2018-1000858 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3854-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.22.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.22.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.22.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.22.5-0ubuntu0.18.04.1 webkit2gtk-driver - 2.22.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.22.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.22.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.22.5-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.22.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.22.5-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-4437 Ubuntu 18.04 LTS It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16864) It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16865) An out-of-bounds read was discovered in systemd-journald. A local attacker could potentially exploit this to obtain sensitive information and bypass ASLR protections. (CVE-2018-16866) Update Instructions: Run `sudo pro fix USN-3855-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.11 systemd-coredump - 237-3ubuntu10.11 systemd - 237-3ubuntu10.11 udev-udeb - 237-3ubuntu10.11 libsystemd0 - 237-3ubuntu10.11 systemd-container - 237-3ubuntu10.11 libnss-myhostname - 237-3ubuntu10.11 libudev1-udeb - 237-3ubuntu10.11 libudev1 - 237-3ubuntu10.11 libsystemd-dev - 237-3ubuntu10.11 libnss-systemd - 237-3ubuntu10.11 systemd-journal-remote - 237-3ubuntu10.11 libpam-systemd - 237-3ubuntu10.11 libnss-mymachines - 237-3ubuntu10.11 libnss-resolve - 237-3ubuntu10.11 systemd-sysv - 237-3ubuntu10.11 udev - 237-3ubuntu10.11 libudev-dev - 237-3ubuntu10.11 No subscription required High CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 Ubuntu 18.04 LTS Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue. Update Instructions: Run `sudo pro fix USN-3856-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnome-bluetooth - 3.28.0-2ubuntu0.1 libgnome-bluetooth13 - 3.28.0-2ubuntu0.1 libgnome-bluetooth-dev - 3.28.0-2ubuntu0.1 gir1.2-gnomebluetooth-1.0 - 3.28.0-2ubuntu0.1 No subscription required Low CVE-2018-10910 Ubuntu 18.04 LTS Fariskhi Vidyan discovered that PEAR Archive_Tar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3857-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 No subscription required Medium CVE-2018-1000888 Ubuntu 18.04 LTS It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. (CVE-2018-20102) It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20103, CVE-2018-20615) Update Instructions: Run `sudo pro fix USN-3858-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.3 haproxy-doc - 1.8.8-1ubuntu0.3 vim-haproxy - 1.8.8-1ubuntu0.3 No subscription required Medium CVE-2018-20102 CVE-2018-20103 CVE-2018-20615 Ubuntu 18.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-14502) Update Instructions: Run `sudo pro fix USN-3859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.2.2-3.1ubuntu0.2 libarchive-tools - 3.2.2-3.1ubuntu0.2 libarchive13 - 3.2.2-3.1ubuntu0.2 bsdtar - 3.2.2-3.1ubuntu0.2 libarchive-dev - 3.2.2-3.1ubuntu0.2 No subscription required Medium CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000880 Ubuntu 18.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20544) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-20545, CVE-2018-20548, CVE-2018-20459) It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20546, CVE-2018-20547) Update Instructions: Run `sudo pro fix USN-3860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.18.04.1 libcaca-dev - 0.99.beta19-2ubuntu0.18.04.1 libcaca0 - 0.99.beta19-2ubuntu0.18.04.1 No subscription required Medium CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 Ubuntu 18.04 LTS It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Update Instructions: Run `sudo pro fix USN-3861-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-20ubuntu0.18.04.4 policykit-1-doc - 0.105-20ubuntu0.18.04.4 libpolkit-gobject-1-dev - 0.105-20ubuntu0.18.04.4 libpolkit-agent-1-0 - 0.105-20ubuntu0.18.04.4 libpolkit-gobject-1-0 - 0.105-20ubuntu0.18.04.4 policykit-1 - 0.105-20ubuntu0.18.04.4 gir1.2-polkit-1.0 - 0.105-20ubuntu0.18.04.4 libpolkit-backend-1-dev - 0.105-20ubuntu0.18.04.4 libpolkit-agent-1-dev - 0.105-20ubuntu0.18.04.4 No subscription required Medium CVE-2018-19788 Ubuntu 18.04 LTS It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 1.0.5-1ubuntu4.1 irssi - 1.0.5-1ubuntu4.1 No subscription required Medium CVE-2019-5882 Ubuntu 18.04 LTS Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. Update Instructions: Run `sudo pro fix USN-3863-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.6.6ubuntu0.1 apt-transport-https - 1.6.6ubuntu0.1 libapt-pkg5.0 - 1.6.6ubuntu0.1 libapt-pkg-doc - 1.6.6ubuntu0.1 apt - 1.6.6ubuntu0.1 apt-utils - 1.6.6ubuntu0.1 libapt-inst2.0 - 1.6.6ubuntu0.1 libapt-pkg-dev - 1.6.6ubuntu0.1 No subscription required High CVE-2019-3462 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3864-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.1 libtiffxx5 - 4.0.9-5ubuntu0.1 libtiff5-dev - 4.0.9-5ubuntu0.1 libtiff-dev - 4.0.9-5ubuntu0.1 libtiff5 - 4.0.9-5ubuntu0.1 libtiff-tools - 4.0.9-5ubuntu0.1 libtiff-doc - 4.0.9-5ubuntu0.1 No subscription required Medium CVE-2018-10963 CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20481, CVE-2018-20650) Update Instructions: Run `sudo pro fix USN-3865-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.6 libpoppler-cpp-dev - 0.62.0-2ubuntu2.6 libpoppler-glib-doc - 0.62.0-2ubuntu2.6 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.6 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.6 libpoppler-glib8 - 0.62.0-2ubuntu2.6 libpoppler-private-dev - 0.62.0-2ubuntu2.6 libpoppler-glib-dev - 0.62.0-2ubuntu2.6 libpoppler-dev - 0.62.0-2ubuntu2.6 libpoppler-qt5-dev - 0.62.0-2ubuntu2.6 libpoppler-qt5-1 - 0.62.0-2ubuntu2.6 poppler-utils - 0.62.0-2ubuntu2.6 No subscription required Medium CVE-2018-20481 CVE-2018-20650 Ubuntu 18.04 LTS Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.4 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.4 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.4 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.4 No subscription required High CVE-2019-6116 Ubuntu 18.04 LTS USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.5 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.5 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.5 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.5 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.5 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.5 No subscription required None https://launchpad.net/bugs/1815339 Ubuntu 18.04 LTS USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3866-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.7 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.7 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.7 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.7 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.7 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.7 No subscription required None https://launchpad.net/bugs/1817308 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update Instructions: Run `sudo pro fix USN-3867-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.25-0ubuntu0.18.04.2 mysql-source-5.7 - 5.7.25-0ubuntu0.18.04.2 libmysqlclient-dev - 5.7.25-0ubuntu0.18.04.2 mysql-client-core-5.7 - 5.7.25-0ubuntu0.18.04.2 mysql-client-5.7 - 5.7.25-0ubuntu0.18.04.2 libmysqlclient20 - 5.7.25-0ubuntu0.18.04.2 mysql-server-5.7 - 5.7.25-0ubuntu0.18.04.2 mysql-server - 5.7.25-0ubuntu0.18.04.2 mysql-server-core-5.7 - 5.7.25-0ubuntu0.18.04.2 mysql-testsuite - 5.7.25-0ubuntu0.18.04.2 libmysqld-dev - 5.7.25-0ubuntu0.18.04.2 mysql-testsuite-5.7 - 5.7.25-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.4.0+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-testsuite - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.4.0+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.4.0+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.4.0+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.4.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Ubuntu 18.04 LTS Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.14.0-1ubuntu2.4 libspice-server-dev - 0.14.0-1ubuntu2.4 No subscription required High CVE-2019-3813 Ubuntu 18.04 LTS Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-44-generic-lpae - 4.15.0-44.47 linux-image-4.15.0-44-snapdragon - 4.15.0-44.47 linux-image-4.15.0-44-lowlatency - 4.15.0-44.47 linux-image-4.15.0-44-generic - 4.15.0-44.47 No subscription required linux-image-generic-lpae - 4.15.0.44.46 linux-image-virtual-hwe-16.04 - 4.15.0.44.46 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.44.46 linux-image-generic - 4.15.0.44.46 linux-image-virtual-hwe-16.04-edge - 4.15.0.44.46 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.44.46 linux-image-lowlatency-hwe-16.04 - 4.15.0.44.46 linux-image-virtual - 4.15.0.44.46 linux-image-generic-hwe-16.04-edge - 4.15.0.44.46 linux-image-generic-hwe-16.04 - 4.15.0.44.46 linux-image-snapdragon - 4.15.0.44.46 linux-image-lowlatency - 4.15.0.44.46 linux-image-generic-lpae-hwe-16.04 - 4.15.0.44.46 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 18.04 LTS USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-45-generic - 4.15.0-45.48 linux-image-4.15.0-45-lowlatency - 4.15.0-45.48 linux-image-4.15.0-45-snapdragon - 4.15.0-45.48 linux-image-4.15.0-45-generic-lpae - 4.15.0-45.48 No subscription required linux-image-generic-lpae-hwe-16.04 - 4.15.0.45.47 linux-image-virtual-hwe-16.04 - 4.15.0.45.47 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.45.47 linux-image-generic - 4.15.0.45.47 linux-image-virtual-hwe-16.04-edge - 4.15.0.45.47 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.45.47 linux-image-lowlatency-hwe-16.04 - 4.15.0.45.47 linux-image-virtual - 4.15.0.45.47 linux-image-generic-hwe-16.04-edge - 4.15.0.45.47 linux-image-generic-lpae - 4.15.0.45.47 linux-image-snapdragon - 4.15.0.45.47 linux-image-lowlatency - 4.15.0.45.47 linux-image-generic-hwe-16.04 - 4.15.0.45.47 No subscription required None https://launchpad.net/bugs/1813663 https://launchpad.net/bugs/1813727 Ubuntu 18.04 LTS Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1027-gcp - 4.15.0-1027.28 No subscription required linux-image-4.15.0-1029-kvm - 4.15.0-1029.29 No subscription required linux-image-4.15.0-1031-raspi2 - 4.15.0-1031.33 No subscription required linux-image-4.15.0-1032-aws - 4.15.0-1032.34 No subscription required linux-image-4.15.0-1033-oem - 4.15.0-1033.38 No subscription required linux-image-gke - 4.15.0.1027.29 linux-image-gcp - 4.15.0.1027.29 No subscription required linux-image-kvm - 4.15.0.1029.29 No subscription required linux-image-raspi2 - 4.15.0.1031.29 No subscription required linux-image-aws - 4.15.0.1032.31 No subscription required linux-image-oem - 4.15.0.1033.38 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 18.04 LTS Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516) Update Instructions: Run `sudo pro fix USN-3871-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-azure - 4.15.0-1037.39 No subscription required linux-image-azure - 4.15.0.1037.37 No subscription required Medium CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10882 CVE-2018-10883 CVE-2018-14625 CVE-2018-16882 CVE-2018-17972 CVE-2018-18281 CVE-2018-19407 CVE-2018-9516 Ubuntu 18.04 LTS It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Update Instructions: Run `sudo pro fix USN-3872-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-14-lowlatency - 4.18.0-14.15~18.04.1 linux-image-4.18.0-14-snapdragon - 4.18.0-14.15~18.04.1 linux-image-4.18.0-14-generic - 4.18.0-14.15~18.04.1 linux-image-4.18.0-14-generic-lpae - 4.18.0-14.15~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04 - 4.18.0.14.64 linux-image-lowlatency-hwe-18.04 - 4.18.0.14.64 linux-image-virtual-hwe-18.04 - 4.18.0.14.64 linux-image-generic-lpae-hwe-18.04 - 4.18.0.14.64 linux-image-generic-hwe-18.04 - 4.18.0.14.64 No subscription required Medium CVE-2018-14625 CVE-2018-16882 CVE-2018-19407 CVE-2018-19854 Ubuntu 18.04 LTS It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17204) It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17205) It was discovered that Open vSwitch incorrectly handled BUNDLE action decoding. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17206) Update Instructions: Run `sudo pro fix USN-3873-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.2-0ubuntu0.18.04.3 openvswitch-switch - 2.9.2-0ubuntu0.18.04.3 openvswitch-pki - 2.9.2-0ubuntu0.18.04.3 ovn-docker - 2.9.2-0ubuntu0.18.04.3 openvswitch-common - 2.9.2-0ubuntu0.18.04.3 openvswitch-testcontroller - 2.9.2-0ubuntu0.18.04.3 openvswitch-vtep - 2.9.2-0ubuntu0.18.04.3 python-openvswitch - 2.9.2-0ubuntu0.18.04.3 python3-openvswitch - 2.9.2-0ubuntu0.18.04.3 ovn-host - 2.9.2-0ubuntu0.18.04.3 ovn-common - 2.9.2-0ubuntu0.18.04.3 ovn-central - 2.9.2-0ubuntu0.18.04.3 ovn-controller-vtep - 2.9.2-0ubuntu0.18.04.3 openvswitch-switch-dpdk - 2.9.2-0ubuntu0.18.04.3 openvswitch-test - 2.9.2-0ubuntu0.18.04.3 No subscription required Medium CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505) It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Update Instructions: Run `sudo pro fix USN-3874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 65.0+build2-0ubuntu0.18.04.1 firefox-testsuite - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 65.0+build2-0ubuntu0.18.04.1 firefox - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 65.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 65.0+build2-0ubuntu0.18.04.1 firefox-dev - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 65.0+build2-0ubuntu0.18.04.1 firefox-globalmenu - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 65.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 65.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 Ubuntu 18.04 LTS Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845) Update Instructions: Run `sudo pro fix USN-3876-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.7-3.1ubuntu1.2 libavahi-ui-gtk3-0 - 0.7-3.1ubuntu1.2 libavahi-core7-udeb - 0.7-3.1ubuntu1.2 libavahi-core7 - 0.7-3.1ubuntu1.2 libavahi-client3 - 0.7-3.1ubuntu1.2 libavahi-core-dev - 0.7-3.1ubuntu1.2 libavahi-client-dev - 0.7-3.1ubuntu1.2 avahi-ui-utils - 0.7-3.1ubuntu1.2 libavahi-gobject-dev - 0.7-3.1ubuntu1.2 avahi-dnsconfd - 0.7-3.1ubuntu1.2 libavahi-compat-libdnssd1 - 0.7-3.1ubuntu1.2 libavahi-common3 - 0.7-3.1ubuntu1.2 avahi-daemon - 0.7-3.1ubuntu1.2 avahi-discover - 0.7-3.1ubuntu1.2 libavahi-common-dev - 0.7-3.1ubuntu1.2 libavahi-common-data - 0.7-3.1ubuntu1.2 avahi-utils - 0.7-3.1ubuntu1.2 libavahi-common3-udeb - 0.7-3.1ubuntu1.2 libavahi-ui-gtk3-dev - 0.7-3.1ubuntu1.2 libavahi-glib-dev - 0.7-3.1ubuntu1.2 libavahi-gobject0 - 0.7-3.1ubuntu1.2 gir1.2-avahi-0.6 - 0.7-3.1ubuntu1.2 avahi-autoipd - 0.7-3.1ubuntu1.2 python-avahi - 0.7-3.1ubuntu1.2 libavahi-glib1 - 0.7-3.1ubuntu1.2 No subscription required Medium CVE-2017-6519 CVE-2018-1000845 Ubuntu 18.04 LTS It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.11+dfsg-1ubuntu1.1 libvncserver-dev - 0.9.11+dfsg-1ubuntu1.1 libvncserver1 - 0.9.11+dfsg-1ubuntu1.1 libvncclient1 - 0.9.11+dfsg-1ubuntu1.1 No subscription required Medium CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-6307 Ubuntu 18.04 LTS USN-3878-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that could prevent systems with certain graphics chipsets from booting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Update Instructions: Run `sudo pro fix USN-3878-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-15-lowlatency - 4.18.0-15.16~18.04.1 linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16~18.04.1 linux-image-4.18.0-15-snapdragon - 4.18.0-15.16~18.04.1 linux-image-4.18.0-15-generic - 4.18.0-15.16~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04 - 4.18.0.15.65 linux-image-lowlatency-hwe-18.04 - 4.18.0.15.65 linux-image-virtual-hwe-18.04 - 4.18.0.15.65 linux-image-generic-lpae-hwe-18.04 - 4.18.0.15.65 linux-image-generic-hwe-18.04 - 4.18.0.15.65 No subscription required None https://launchpad.net/bugs/1814555 Ubuntu 18.04 LTS It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Update Instructions: Run `sudo pro fix USN-3881-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.2 dovecot-mysql - 1:2.2.33.2-1ubuntu4.2 dovecot-sieve - 1:2.2.33.2-1ubuntu4.2 dovecot-core - 1:2.2.33.2-1ubuntu4.2 dovecot-ldap - 1:2.2.33.2-1ubuntu4.2 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.2 dovecot-dev - 1:2.2.33.2-1ubuntu4.2 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.2 dovecot-imapd - 1:2.2.33.2-1ubuntu4.2 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.2 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.2 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.2 dovecot-solr - 1:2.2.33.2-1ubuntu4.2 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.2 No subscription required Medium CVE-2019-3814 Ubuntu 18.04 LTS Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822) Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823) Update Instructions: Run `sudo pro fix USN-3882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.6 libcurl4-openssl-dev - 7.58.0-2ubuntu3.6 libcurl3-gnutls - 7.58.0-2ubuntu3.6 libcurl4-doc - 7.58.0-2ubuntu3.6 libcurl3-nss - 7.58.0-2ubuntu3.6 libcurl4-nss-dev - 7.58.0-2ubuntu3.6 libcurl4 - 7.58.0-2ubuntu3.6 curl - 7.58.0-2ubuntu3.6 No subscription required Medium CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Ubuntu 18.04 LTS It was discovered that libarchive incorrectly handled certain 7zip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1000019, CVE-2019-1000020) Update Instructions: Run `sudo pro fix USN-3884-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.2.2-3.1ubuntu0.3 libarchive-tools - 3.2.2-3.1ubuntu0.3 libarchive13 - 3.2.2-3.1ubuntu0.3 bsdtar - 3.2.2-3.1ubuntu0.3 libarchive-dev - 3.2.2-3.1ubuntu0.3 No subscription required Medium CVE-2019-1000019 CVE-2019-1000020 Ubuntu 18.04 LTS Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.6p1-4ubuntu0.2 openssh-client - 1:7.6p1-4ubuntu0.2 openssh-server - 1:7.6p1-4ubuntu0.2 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.2 ssh - 1:7.6p1-4ubuntu0.2 openssh-client-udeb - 1:7.6p1-4ubuntu0.2 openssh-sftp-server - 1:7.6p1-4ubuntu0.2 No subscription required Medium CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 Ubuntu 18.04 LTS USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Update Instructions: Run `sudo pro fix USN-3885-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-server-udeb - 1:7.6p1-4ubuntu0.3 openssh-client - 1:7.6p1-4ubuntu0.3 openssh-server - 1:7.6p1-4ubuntu0.3 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.3 ssh - 1:7.6p1-4ubuntu0.3 openssh-client-udeb - 1:7.6p1-4ubuntu0.3 openssh-sftp-server - 1:7.6p1-4ubuntu0.3 No subscription required Low CVE-2019-6111 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20551, CVE-2019-7310) Update Instructions: Run `sudo pro fix USN-3886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.7 libpoppler-cpp-dev - 0.62.0-2ubuntu2.7 libpoppler-glib-doc - 0.62.0-2ubuntu2.7 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.7 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.7 libpoppler-glib8 - 0.62.0-2ubuntu2.7 libpoppler-private-dev - 0.62.0-2ubuntu2.7 libpoppler-glib-dev - 0.62.0-2ubuntu2.7 libpoppler-dev - 0.62.0-2ubuntu2.7 libpoppler-qt5-dev - 0.62.0-2ubuntu2.7 libpoppler-qt5-1 - 0.62.0-2ubuntu2.7 poppler-utils - 0.62.0-2ubuntu2.7 No subscription required Medium CVE-2018-20551 CVE-2019-7310 Ubuntu 18.04 LTS Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected. Update Instructions: Run `sudo pro fix USN-3887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.34.2+18.04.1 ubuntu-core-launcher - 2.34.2+18.04.1 snap-confine - 2.34.2+18.04.1 ubuntu-snappy-cli - 2.34.2+18.04.1 golang-github-snapcore-snapd-dev - 2.34.2+18.04.1 snapd-xdg-open - 2.34.2+18.04.1 snapd - 2.34.2+18.04.1 golang-github-ubuntu-core-snappy-dev - 2.34.2+18.04.1 ubuntu-snappy - 2.34.2+18.04.1 No subscription required High CVE-2019-7304 https://launchpad.net/bugs/1813365 Ubuntu 18.04 LTS It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3888-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gvfs-backends - 1.36.1-0ubuntu1.3 gvfs-libs - 1.36.1-0ubuntu1.3 gvfs-daemons - 1.36.1-0ubuntu1.3 gvfs-bin - 1.36.1-0ubuntu1.3 gvfs-common - 1.36.1-0ubuntu1.3 gvfs-fuse - 1.36.1-0ubuntu1.3 gvfs - 1.36.1-0ubuntu1.3 No subscription required Medium CVE-2019-3827 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3889-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.22.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.22.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.22.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.22.6-0ubuntu0.18.04.1 webkit2gtk-driver - 2.22.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.22.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.22.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.22.6-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.22.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.22.6-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-6212 CVE-2019-6215 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.3 python-django-doc - 1:1.11.11-1ubuntu1.3 python-django-common - 1:1.11.11-1ubuntu1.3 python-django - 1:1.11.11-1ubuntu1.3 No subscription required Medium CVE-2019-6975 Ubuntu 18.04 LTS It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service (kernel panic). Update Instructions: Run `sudo pro fix USN-3891-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.13 systemd-coredump - 237-3ubuntu10.13 systemd - 237-3ubuntu10.13 udev-udeb - 237-3ubuntu10.13 libsystemd0 - 237-3ubuntu10.13 systemd-container - 237-3ubuntu10.13 libnss-myhostname - 237-3ubuntu10.13 libudev1-udeb - 237-3ubuntu10.13 libudev1 - 237-3ubuntu10.13 libsystemd-dev - 237-3ubuntu10.13 libnss-systemd - 237-3ubuntu10.13 systemd-journal-remote - 237-3ubuntu10.13 libpam-systemd - 237-3ubuntu10.13 libnss-mymachines - 237-3ubuntu10.13 libnss-resolve - 237-3ubuntu10.13 systemd-sysv - 237-3ubuntu10.13 udev - 237-3ubuntu10.13 libudev-dev - 237-3ubuntu10.13 No subscription required Medium CVE-2019-6454 Ubuntu 18.04 LTS Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user. Update Instructions: Run `sudo pro fix USN-3892-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-gdm-1.0 - 3.28.3-0ubuntu18.04.4 libgdm-dev - 3.28.3-0ubuntu18.04.4 gdm3 - 3.28.3-0ubuntu18.04.4 libgdm1 - 3.28.3-0ubuntu18.04.4 No subscription required Medium CVE-2019-3825 Ubuntu 18.04 LTS Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2018-5745) It was discovered that Bind incorrectly handled certain controls for zone transfers, contrary to expectations. (CVE-2019-6465) Update Instructions: Run `sudo pro fix USN-3893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.5 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.5 libisc169 - 1:9.11.3+dfsg-1ubuntu1.5 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.5 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.5 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.5 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.5 bind9 - 1:9.11.3+dfsg-1ubuntu1.5 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.5 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.5 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.5 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.5 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.5 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.5 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.5 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.5 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.5 bind9-host - 1:9.11.3+dfsg-1ubuntu1.5 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.5 dnsutils - 1:9.11.3+dfsg-1ubuntu1.5 bind9utils - 1:9.11.3+dfsg-1ubuntu1.5 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.5 libirs160 - 1:9.11.3+dfsg-1ubuntu1.5 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.5 No subscription required Medium CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 Ubuntu 18.04 LTS It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldb-tools - 2:1.2.3-1ubuntu0.1 libldb-dev - 2:1.2.3-1ubuntu0.1 python-ldb-dev - 2:1.2.3-1ubuntu0.1 python-ldb - 2:1.2.3-1ubuntu0.1 libldb1 - 2:1.2.3-1ubuntu0.1 No subscription required Medium CVE-2019-3824 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same origin protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 65.0.1+build2-0ubuntu0.18.04.1 firefox-testsuite - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 65.0.1+build2-0ubuntu0.18.04.1 firefox - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 65.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 65.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 65.0.1+build2-0ubuntu0.18.04.1 firefox-globalmenu - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 65.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 65.0.1+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-18356 CVE-2018-18511 CVE-2019-5785 Ubuntu 18.04 LTS A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18501, CVE-2018-18505) An issue was discovered with S/MIME signature verification in some circumstances. An attacker could potentially exploit this by spoofing signatures for arbitrary content. (CVE-2018-18509) Update Instructions: Run `sudo pro fix USN-3897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.5.1+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-testsuite - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.5.1+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.5.1+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.5.1+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.5.1+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2016-5824 CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2019-5785 Ubuntu 18.04 LTS Hanno Böck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.2 libnss3 - 2:3.35-2ubuntu2.2 libnss3-tools - 2:3.35-2ubuntu2.2 No subscription required Medium CVE-2018-18508 Ubuntu 18.04 LTS Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. Update Instructions: Run `sudo pro fix USN-3899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0-dev - 1.0.2n-1ubuntu5.3 libssl1.0.0 - 1.0.2n-1ubuntu5.3 openssl1.0 - 1.0.2n-1ubuntu5.3 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.3 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.3 No subscription required Medium CVE-2019-1559 Ubuntu 18.04 LTS It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.2.5-4ubuntu0.3 libgd-tools - 2.2.5-4ubuntu0.3 libgd-dev - 2.2.5-4ubuntu0.3 No subscription required Medium CVE-2019-6977 CVE-2019-6978 Ubuntu 18.04 LTS Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3901-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1009-oracle - 4.15.0-1009.11 No subscription required linux-image-4.15.0-1028-gcp - 4.15.0-1028.29 No subscription required linux-image-4.15.0-1030-kvm - 4.15.0-1030.30 No subscription required linux-image-4.15.0-1032-raspi2 - 4.15.0-1032.34 No subscription required linux-image-4.15.0-1033-aws - 4.15.0-1033.35 No subscription required linux-image-4.15.0-1034-oem - 4.15.0-1034.39 No subscription required linux-image-4.15.0-46-generic - 4.15.0-46.49 linux-image-4.15.0-46-snapdragon - 4.15.0-46.49 linux-image-4.15.0-46-lowlatency - 4.15.0-46.49 linux-image-4.15.0-46-generic-lpae - 4.15.0-46.49 No subscription required linux-image-oracle - 4.15.0.1009.12 No subscription required linux-image-gke - 4.15.0.1028.30 linux-image-gcp - 4.15.0.1028.30 No subscription required linux-image-kvm - 4.15.0.1030.30 No subscription required linux-image-raspi2 - 4.15.0.1032.30 No subscription required linux-image-aws - 4.15.0.1033.32 No subscription required linux-image-oem - 4.15.0.1034.39 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.46.48 linux-image-lowlatency-hwe-16.04 - 4.15.0.46.48 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.46.48 linux-image-generic-lpae-hwe-16.04 - 4.15.0.46.48 linux-image-virtual - 4.15.0.46.48 linux-image-generic - 4.15.0.46.48 linux-image-snapdragon - 4.15.0.46.48 linux-image-virtual-hwe-16.04 - 4.15.0.46.48 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.46.48 linux-image-generic-lpae - 4.15.0.46.48 linux-image-generic-hwe-16.04 - 4.15.0.46.48 linux-image-lowlatency - 4.15.0.46.48 linux-image-generic-hwe-16.04-edge - 4.15.0.46.48 No subscription required Medium CVE-2018-18397 CVE-2018-19854 CVE-2019-6133 Ubuntu 18.04 LTS USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133) Update Instructions: Run `sudo pro fix USN-3903-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-1013-azure - 4.18.0-1013.13~18.04.1 No subscription required linux-image-4.18.0-16-generic-lpae - 4.18.0-16.17~18.04.1 linux-image-4.18.0-16-lowlatency - 4.18.0-16.17~18.04.1 linux-image-4.18.0-16-generic - 4.18.0-16.17~18.04.1 linux-image-4.18.0-16-snapdragon - 4.18.0-16.17~18.04.1 No subscription required linux-image-azure - 4.18.0.1013.12 No subscription required linux-image-lowlatency-hwe-18.04 - 4.18.0.16.66 linux-image-virtual-hwe-18.04 - 4.18.0.16.66 linux-image-generic-lpae-hwe-18.04 - 4.18.0.16.66 linux-image-generic-hwe-18.04 - 4.18.0.16.66 linux-image-snapdragon-hwe-18.04 - 4.18.0.16.66 No subscription required Medium CVE-2018-16880 CVE-2018-18397 CVE-2019-6133 Ubuntu 18.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU. Update Instructions: Run `sudo pro fix USN-3904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnvidia-common-390 - 390.116-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.116-0ubuntu0.18.04.1 nvidia-compute-utils-390 - 390.116-0ubuntu0.18.04.1 nvidia-headless-390 - 390.116-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.116-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.116-0ubuntu0.18.04.1 nvidia-driver-390 - 390.116-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.116-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.116-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.116-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.116-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.116-0ubuntu0.18.04.1 nvidia-384-dev - 390.116-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.116-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.116-0ubuntu0.18.04.1 nvidia-384 - 390.116-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.116-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.116-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.116-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.116-0ubuntu0.18.04.1 libcuda1-384 - 390.116-0ubuntu0.18.04.1 nvidia-utils-390 - 390.116-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-6260 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.8 libpoppler-cpp-dev - 0.62.0-2ubuntu2.8 libpoppler-glib-doc - 0.62.0-2ubuntu2.8 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.8 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.8 libpoppler-glib8 - 0.62.0-2ubuntu2.8 libpoppler-private-dev - 0.62.0-2ubuntu2.8 libpoppler-glib-dev - 0.62.0-2ubuntu2.8 libpoppler-dev - 0.62.0-2ubuntu2.8 libpoppler-qt5-dev - 0.62.0-2ubuntu2.8 libpoppler-qt5-1 - 0.62.0-2ubuntu2.8 poppler-utils - 0.62.0-2ubuntu2.8 No subscription required Medium CVE-2019-9200 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-3906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.2 libtiffxx5 - 4.0.9-5ubuntu0.2 libtiff5-dev - 4.0.9-5ubuntu0.2 libtiff-dev - 4.0.9-5ubuntu0.2 libtiff5 - 4.0.9-5ubuntu0.2 libtiff-tools - 4.0.9-5ubuntu0.2 libtiff-doc - 4.0.9-5ubuntu0.2 No subscription required Medium CVE-2018-10779 CVE-2018-12900 CVE-2018-17000 CVE-2018-19210 CVE-2019-6128 CVE-2019-7663 Ubuntu 18.04 LTS It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file. Update Instructions: Run `sudo pro fix USN-3907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: walinuxagent - 2.2.32-0ubuntu1~18.04.2 No subscription required Medium CVE-2019-0804 Ubuntu 18.04 LTS It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3909-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.8 libvirt-dev - 4.0.0-1ubuntu8.8 libnss-libvirt - 4.0.0-1ubuntu8.8 libvirt-daemon - 4.0.0-1ubuntu8.8 libvirt-sanlock - 4.0.0-1ubuntu8.8 libvirt-wireshark - 4.0.0-1ubuntu8.8 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.8 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.8 libvirt-doc - 4.0.0-1ubuntu8.8 libvirt-daemon-system - 4.0.0-1ubuntu8.8 libvirt-clients - 4.0.0-1ubuntu8.8 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.8 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.8 libvirt-bin - 4.0.0-1ubuntu8.8 No subscription required Medium CVE-2019-3840 Ubuntu 18.04 LTS It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3911-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.32-2ubuntu0.2 libmagic-mgc - 1:5.32-2ubuntu0.2 libmagic1 - 1:5.32-2ubuntu0.2 file - 1:5.32-2ubuntu0.2 No subscription required Medium CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Ubuntu 18.04 LTS USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3911-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.32-2ubuntu0.4 libmagic-mgc - 1:5.32-2ubuntu0.4 libmagic1 - 1:5.32-2ubuntu0.4 file - 1:5.32-2ubuntu0.4 No subscription required None https://launchpad.net/bugs/1835596 Ubuntu 18.04 LTS A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update Instructions: Run `sudo pro fix USN-3914-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.1 ntfs-3g-dev - 1:2017.3.23-2ubuntu0.18.04.1 libntfs-3g88 - 1:2017.3.23-2ubuntu0.18.04.1 ntfs-3g-udeb - 1:2017.3.23-2ubuntu0.18.04.1 No subscription required High CVE-2019-9755 Ubuntu 18.04 LTS USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Update Instructions: Run `sudo pro fix USN-3914-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libntfs-3g88 - 1:2017.3.23-2ubuntu0.18.04.2 ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.2 ntfs-3g-udeb - 1:2017.3.23-2ubuntu0.18.04.2 ntfs-3g-dev - 1:2017.3.23-2ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1821250 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3915-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.8 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.8 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.8 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.8 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.8 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.8 No subscription required Medium CVE-2019-3835 CVE-2019-3838 Ubuntu 18.04 LTS The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected. Update Instructions: Run `sudo pro fix USN-3917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.37.4+18.04.1 ubuntu-core-launcher - 2.37.4+18.04.1 snap-confine - 2.37.4+18.04.1 ubuntu-snappy-cli - 2.37.4+18.04.1 golang-github-snapcore-snapd-dev - 2.37.4+18.04.1 snapd-xdg-open - 2.37.4+18.04.1 snapd - 2.37.4+18.04.1 golang-github-ubuntu-core-snappy-dev - 2.37.4+18.04.1 ubuntu-snappy - 2.37.4+18.04.1 No subscription required Medium CVE-2019-7303 https://launchpad.net/bugs/1812973 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 66.0+build3-0ubuntu0.18.04.1 firefox-testsuite - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 66.0+build3-0ubuntu0.18.04.1 firefox - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 66.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 66.0+build3-0ubuntu0.18.04.1 firefox-dev - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 66.0+build3-0ubuntu0.18.04.1 firefox-globalmenu - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 66.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 66.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-9788 CVE-2019-9789 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9797 CVE-2019-9799 CVE-2019-9802 CVE-2019-9803 CVE-2019-9805 CVE-2019-9806 CVE-2019-9807 CVE-2019-9808 CVE-2019-9809 Ubuntu 18.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 66.0.2+build1-0ubuntu0.18.04.1 firefox-testsuite - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 66.0.2+build1-0ubuntu0.18.04.1 firefox - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 66.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 66.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 66.0.2+build1-0ubuntu0.18.04.1 firefox-globalmenu - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 66.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 66.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1822185 Ubuntu 18.04 LTS USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803) Update Instructions: Run `sudo pro fix USN-3918-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nn - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ne - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nb - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fa - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fi - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fr - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fy - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-or - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kab - 66.0.3+build1-0ubuntu0.18.04.1 firefox-testsuite - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-oc - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cs - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ga - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gd - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gn - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gl - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gu - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pa - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pl - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cy - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pt - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hi - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uk - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-he - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hy - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hr - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hu - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-as - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ar - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ia - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-az - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-id - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mai - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-af - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-is - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-it - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-an - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bs - 66.0.3+build1-0ubuntu0.18.04.1 firefox - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ro - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ja - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ru - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-br - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bn - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-be - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bg - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sl - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sk - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-si - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sw - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sv - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sr - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sq - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ko - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kn - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-km - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kk - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ka - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-xh - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ca - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ku - 66.0.3+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lv - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lt - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-th - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 66.0.3+build1-0ubuntu0.18.04.1 firefox-dev - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-te - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cak - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ta - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lg - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-tr - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nso - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-de - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-da - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ms - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mr - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-my - 66.0.3+build1-0ubuntu0.18.04.1 firefox-globalmenu - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uz - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ml - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mn - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mk - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ur - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-vi - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eu - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-et - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-es - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-csb - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-el - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eo - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-en - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zu - 66.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ast - 66.0.3+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1825051 Ubuntu 18.04 LTS Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update Instructions: Run `sudo pro fix USN-3919-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 66.0.1+build1-0ubuntu0.18.04.1 firefox-testsuite - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 66.0.1+build1-0ubuntu0.18.04.1 firefox - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 66.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 66.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 66.0.1+build1-0ubuntu0.18.04.1 firefox-globalmenu - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 66.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 66.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-9810 CVE-2019-9813 Ubuntu 18.04 LTS It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xmltooling-schemas - 1.6.4-1ubuntu2.1 libxmltooling7 - 1.6.4-1ubuntu2.1 libxmltooling-dev - 1.6.4-1ubuntu2.1 libxmltooling-doc - 1.6.4-1ubuntu2.1 No subscription required Medium CVE-2019-9628 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641) Update Instructions: Run `sudo pro fix USN-3922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.15-0ubuntu0.18.04.2 php7.2-enchant - 7.2.15-0ubuntu0.18.04.2 php7.2-ldap - 7.2.15-0ubuntu0.18.04.2 php7.2-fpm - 7.2.15-0ubuntu0.18.04.2 php7.2-recode - 7.2.15-0ubuntu0.18.04.2 php7.2-cli - 7.2.15-0ubuntu0.18.04.2 php7.2-json - 7.2.15-0ubuntu0.18.04.2 php7.2-bcmath - 7.2.15-0ubuntu0.18.04.2 php7.2-phpdbg - 7.2.15-0ubuntu0.18.04.2 php7.2 - 7.2.15-0ubuntu0.18.04.2 php7.2-pspell - 7.2.15-0ubuntu0.18.04.2 php7.2-dev - 7.2.15-0ubuntu0.18.04.2 php7.2-sqlite3 - 7.2.15-0ubuntu0.18.04.2 php7.2-gmp - 7.2.15-0ubuntu0.18.04.2 php7.2-mbstring - 7.2.15-0ubuntu0.18.04.2 php7.2-opcache - 7.2.15-0ubuntu0.18.04.2 php7.2-gd - 7.2.15-0ubuntu0.18.04.2 php7.2-soap - 7.2.15-0ubuntu0.18.04.2 libphp7.2-embed - 7.2.15-0ubuntu0.18.04.2 php7.2-intl - 7.2.15-0ubuntu0.18.04.2 php7.2-odbc - 7.2.15-0ubuntu0.18.04.2 libapache2-mod-php7.2 - 7.2.15-0ubuntu0.18.04.2 php7.2-tidy - 7.2.15-0ubuntu0.18.04.2 php7.2-imap - 7.2.15-0ubuntu0.18.04.2 php7.2-readline - 7.2.15-0ubuntu0.18.04.2 php7.2-mysql - 7.2.15-0ubuntu0.18.04.2 php7.2-dba - 7.2.15-0ubuntu0.18.04.2 php7.2-xml - 7.2.15-0ubuntu0.18.04.2 php7.2-interbase - 7.2.15-0ubuntu0.18.04.2 php7.2-xsl - 7.2.15-0ubuntu0.18.04.2 php7.2-xmlrpc - 7.2.15-0ubuntu0.18.04.2 php7.2-pgsql - 7.2.15-0ubuntu0.18.04.2 php7.2-sybase - 7.2.15-0ubuntu0.18.04.2 php7.2-curl - 7.2.15-0ubuntu0.18.04.2 php7.2-common - 7.2.15-0ubuntu0.18.04.2 php7.2-cgi - 7.2.15-0ubuntu0.18.04.2 php7.2-snmp - 7.2.15-0ubuntu0.18.04.2 php7.2-zip - 7.2.15-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 Ubuntu 18.04 LTS Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. (CVE-2018-16867) Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16872) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19489) Li Quang and Saar Amar discovered multiple issues in the QEMU PVRDMA device. An attacker inside the guest could use these issues to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. These issues were resolved by disabling PVRDMA support in Ubuntu 18.10. (CVE-2018-20123, CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216) Michael Hanselmann discovered that QEMU incorrectly handled certain i2c commands. A local attacker could possibly use this issue to read QEMU process memory. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-3812) It was discovered that QEMU incorrectly handled the Slirp networking back-end. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2019-6778) Update Instructions: Run `sudo pro fix USN-3923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.12 qemu-user-static - 1:2.11+dfsg-1ubuntu7.12 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.12 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.12 qemu-kvm - 1:2.11+dfsg-1ubuntu7.12 qemu-user - 1:2.11+dfsg-1ubuntu7.12 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.12 qemu-system - 1:2.11+dfsg-1ubuntu7.12 qemu-utils - 1:2.11+dfsg-1ubuntu7.12 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.12 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.12 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.12 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.12 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.12 qemu - 1:2.11+dfsg-1ubuntu7.12 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.12 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.12 No subscription required Medium CVE-2018-16867 CVE-2018-16872 CVE-2018-19489 CVE-2018-20123 CVE-2018-20124 CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216 CVE-2019-3812 CVE-2019-6778 Ubuntu 18.04 LTS It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. (CVE-2019-3877) It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2019-3878) Update Instructions: Run `sudo pro fix USN-3924-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-mellon - 0.13.1-1ubuntu0.1 No subscription required Medium CVE-2019-3877 CVE-2019-3878 Ubuntu 18.04 LTS It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gpac-modules-base - 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 libgpac-dev - 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 libgpac4 - 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 gpac - 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 No subscription required Medium CVE-2018-1000100 CVE-2018-13005 CVE-2018-13006 CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763 CVE-2018-7752 Ubuntu 18.04 LTS It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website in a browsing context with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) Update Instructions: Run `sudo pro fix USN-3927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.6.1+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.6.1+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.6.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.6.1+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 Ubuntu 18.04 LTS It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.3 dovecot-mysql - 1:2.2.33.2-1ubuntu4.3 dovecot-sieve - 1:2.2.33.2-1ubuntu4.3 dovecot-core - 1:2.2.33.2-1ubuntu4.3 dovecot-ldap - 1:2.2.33.2-1ubuntu4.3 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.3 dovecot-dev - 1:2.2.33.2-1ubuntu4.3 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.3 dovecot-imapd - 1:2.2.33.2-1ubuntu4.3 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.3 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.3 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.3 dovecot-solr - 1:2.2.33.2-1ubuntu4.3 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.3 No subscription required Medium CVE-2019-7524 Ubuntu 18.04 LTS USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003) Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Update Instructions: Run `sudo pro fix USN-3930-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-1014-azure - 4.18.0-1014.14~18.04.1 No subscription required linux-image-4.18.0-17-snapdragon - 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-generic-lpae - 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-generic - 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-lowlatency - 4.18.0-17.18~18.04.1 No subscription required linux-image-azure - 4.18.0.1014.13 No subscription required linux-image-snapdragon-hwe-18.04 - 4.18.0.17.67 linux-image-lowlatency-hwe-18.04 - 4.18.0.17.67 linux-image-generic-lpae-hwe-18.04 - 4.18.0.17.67 linux-image-generic-hwe-18.04 - 4.18.0.17.67 linux-image-virtual-hwe-18.04 - 4.18.0.17.67 No subscription required Medium CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8956 CVE-2019-8980 CVE-2019-9003 CVE-2019-9162 CVE-2019-9213 Ubuntu 18.04 LTS M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Update Instructions: Run `sudo pro fix USN-3931-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1010-oracle - 4.15.0-1010.12 No subscription required linux-image-4.15.0-1029-gcp - 4.15.0-1029.31 No subscription required linux-image-4.15.0-1031-kvm - 4.15.0-1031.31 No subscription required linux-image-4.15.0-1033-raspi2 - 4.15.0-1033.35 No subscription required linux-image-4.15.0-1035-aws - 4.15.0-1035.37 No subscription required linux-image-4.15.0-1035-oem - 4.15.0-1035.40 No subscription required linux-image-4.15.0-47-snapdragon - 4.15.0-47.50 linux-image-4.15.0-47-generic-lpae - 4.15.0-47.50 linux-image-4.15.0-47-lowlatency - 4.15.0-47.50 linux-image-4.15.0-47-generic - 4.15.0-47.50 No subscription required linux-image-oracle - 4.15.0.1010.13 No subscription required linux-image-gke - 4.15.0.1029.31 linux-image-gcp - 4.15.0.1029.31 No subscription required linux-image-kvm - 4.15.0.1031.31 No subscription required linux-image-raspi2 - 4.15.0.1033.31 No subscription required linux-image-aws - 4.15.0.1035.34 No subscription required linux-image-oem - 4.15.0.1035.40 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.47.49 linux-image-lowlatency-hwe-16.04 - 4.15.0.47.49 linux-image-generic-hwe-16.04-edge - 4.15.0.47.49 linux-image-generic-lpae-hwe-16.04 - 4.15.0.47.49 linux-image-virtual - 4.15.0.47.49 linux-image-snapdragon - 4.15.0.47.49 linux-image-virtual-hwe-16.04 - 4.15.0.47.49 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.47.49 linux-image-generic - 4.15.0.47.49 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.47.49 linux-image-generic-hwe-16.04 - 4.15.0.47.49 linux-image-generic-lpae - 4.15.0.47.49 linux-image-lowlatency - 4.15.0.47.49 No subscription required Medium CVE-2018-14678 CVE-2018-18021 CVE-2018-19824 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 Ubuntu 18.04 LTS It was discovered that PolicyKit incorrectly relied on the fork() system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Update Instructions: Run `sudo pro fix USN-3934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-20ubuntu0.18.04.5 policykit-1-doc - 0.105-20ubuntu0.18.04.5 libpolkit-gobject-1-dev - 0.105-20ubuntu0.18.04.5 libpolkit-agent-1-0 - 0.105-20ubuntu0.18.04.5 libpolkit-gobject-1-0 - 0.105-20ubuntu0.18.04.5 policykit-1 - 0.105-20ubuntu0.18.04.5 gir1.2-polkit-1.0 - 0.105-20ubuntu0.18.04.5 libpolkit-backend-1-dev - 0.105-20ubuntu0.18.04.5 libpolkit-agent-1-dev - 0.105-20ubuntu0.18.04.5 No subscription required Medium CVE-2019-6133 Ubuntu 18.04 LTS Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325) Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645) It was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147) Nico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148) It was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873) It was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544) It was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517) It was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747) Update Instructions: Run `sudo pro fix USN-3935-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.27.2-2ubuntu3.2 udhcpc - 1:1.27.2-2ubuntu3.2 busybox-syslogd - 1:1.27.2-2ubuntu3.2 udhcpd - 1:1.27.2-2ubuntu3.2 busybox-initramfs - 1:1.27.2-2ubuntu3.2 busybox-udeb - 1:1.27.2-2ubuntu3.2 busybox-static - 1:1.27.2-2ubuntu3.2 No subscription required Medium CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 Ubuntu 18.04 LTS It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3936-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 2.1-1ubuntu0.18.04.1 No subscription required Medium CVE-2019-9210 Ubuntu 18.04 LTS Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. (CVE-2019-0211) It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-17189) It was discovered that the Apache HTTP Server incorrectly handled session expiry times. When used with mod_session_cookie, this may result in the session expiry time to be ignored, contrary to expectations. (CVE-2018-17199) Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to process requests incorrectly. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-0196) Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217) Bernhard Lorenz discovered that the Apache HTTP Server was inconsistent when processing requests containing multiple consecutive slashes. This could lead to directives such as LocationMatch and RewriteRule to perform contrary to expectations. (CVE-2019-0220) Update Instructions: Run `sudo pro fix USN-3937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.6 apache2-utils - 2.4.29-1ubuntu4.6 apache2-dev - 2.4.29-1ubuntu4.6 apache2-suexec-pristine - 2.4.29-1ubuntu4.6 apache2-suexec-custom - 2.4.29-1ubuntu4.6 apache2 - 2.4.29-1ubuntu4.6 apache2-doc - 2.4.29-1ubuntu4.6 apache2-ssl-dev - 2.4.29-1ubuntu4.6 apache2-bin - 2.4.29-1ubuntu4.6 No subscription required High CVE-2018-17189 CVE-2018-17199 CVE-2019-0196 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Ubuntu 18.04 LTS Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update Instructions: Run `sudo pro fix USN-3938-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.19 systemd-coredump - 237-3ubuntu10.19 systemd - 237-3ubuntu10.19 udev-udeb - 237-3ubuntu10.19 libsystemd0 - 237-3ubuntu10.19 systemd-container - 237-3ubuntu10.19 libnss-myhostname - 237-3ubuntu10.19 libudev1-udeb - 237-3ubuntu10.19 libudev1 - 237-3ubuntu10.19 libsystemd-dev - 237-3ubuntu10.19 libnss-systemd - 237-3ubuntu10.19 systemd-journal-remote - 237-3ubuntu10.19 libpam-systemd - 237-3ubuntu10.19 libudev-dev - 237-3ubuntu10.19 libnss-mymachines - 237-3ubuntu10.19 libnss-resolve - 237-3ubuntu10.19 systemd-sysv - 237-3ubuntu10.19 udev - 237-3ubuntu10.19 No subscription required Medium CVE-2019-3842 Ubuntu 18.04 LTS Michael Hanselmann discovered that Samba incorrectly handled registry files. A remote attacker could possibly use this issue to create new registry files outside of the share, contrary to expectations. Update Instructions: Run `sudo pro fix USN-3939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 No subscription required Medium CVE-2019-3880 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789) Update Instructions: Run `sudo pro fix USN-3940-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-base - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav - 0.100.3+dfsg-0ubuntu0.18.04.1 libclamav7 - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.100.3+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.100.3+dfsg-0ubuntu0.18.04.1 clamdscan - 0.100.3+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Ubuntu 18.04 LTS Fady Othman discovered that Lua incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3941-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lua5.3 - 5.3.3-1ubuntu0.18.04.1 liblua5.3-dev - 5.3.3-1ubuntu0.18.04.1 liblua5.3-0 - 5.3.3-1ubuntu0.18.04.1 No subscription required Medium CVE-2019-6706 Ubuntu 18.04 LTS It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483) Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953) Update Instructions: Run `sudo pro fix USN-3943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wget - 1.19.4-1ubuntu2.2 wget-udeb - 1.19.4-1ubuntu2.2 No subscription required Medium CVE-2018-20483 CVE-2019-5953 Ubuntu 18.04 LTS It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. (CVE-2019-9495) Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly validated received scalar and element values in EAP-pwd-Commit messages. A remote attacker could possibly use this issue to perform a reflection attack and authenticate without the appropriate password. (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499) It was discovered that hostapd incorrectly handled obtaining random numbers. In rare cases where the urandom device isn't available, it would fall back to using a low-quality PRNG. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743) Update Instructions: Run `sudo pro fix USN-3944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.2 wpagui - 2:2.6-15ubuntu2.2 wpasupplicant - 2:2.6-15ubuntu2.2 wpasupplicant-udeb - 2:2.6-15ubuntu2.2 No subscription required Medium CVE-2016-10743 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2019-8320) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325) Update Instructions: Run `sudo pro fix USN-3945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.2 ruby2.5 - 2.5.1-1ubuntu1.2 ruby2.5-doc - 2.5.1-1ubuntu1.2 libruby2.5 - 2.5.1-1ubuntu1.2 No subscription required Medium CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 Ubuntu 18.04 LTS It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands. Update Instructions: Run `sudo pro fix USN-3946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rssh - 2.3.4-7ubuntu0.1 No subscription required High CVE-2019-1000018 CVE-2019-3463 CVE-2019-3464 Ubuntu 18.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-3947-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.29-5ubuntu0.1 libxslt1-dev - 1.1.29-5ubuntu0.1 libxslt1.1 - 1.1.29-5ubuntu0.1 xsltproc - 1.1.29-5ubuntu0.1 No subscription required Medium CVE-2019-11068 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3948-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.24.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.24.1-0ubuntu0.18.04.1 webkit2gtk-driver - 2.24.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.24.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.24.1-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.24.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.24.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11070 CVE-2019-6251 CVE-2019-8375 CVE-2019-8506 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 Ubuntu 18.04 LTS It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11. Update Instructions: Run `sudo pro fix USN-3949-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jre-zero - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-doc - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jre-headless - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jdk - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jdk-headless - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-jre - 11.0.2+9-3ubuntu1~18.04.3 openjdk-11-demo - 11.0.2+9-3ubuntu1~18.04.3 No subscription required Low CVE-2019-2422 Ubuntu 18.04 LTS Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877) Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. (CVE-2018-16878) Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3885) Update Instructions: Run `sudo pro fix USN-3952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pacemaker-remote - 1.1.18-0ubuntu1.1 libcrmcommon-dev - 1.1.18-0ubuntu1.1 pacemaker-resource-agents - 1.1.18-0ubuntu1.1 pacemaker-cli-utils - 1.1.18-0ubuntu1.1 pacemaker-common - 1.1.18-0ubuntu1.1 liblrmd1 - 1.1.18-0ubuntu1.1 libcrmcluster-dev - 1.1.18-0ubuntu1.1 libstonithd-dev - 1.1.18-0ubuntu1.1 libpe-status10 - 1.1.18-0ubuntu1.1 libtransitioner2 - 1.1.18-0ubuntu1.1 libstonithd2 - 1.1.18-0ubuntu1.1 libcrmservice3 - 1.1.18-0ubuntu1.1 libcrmcommon3 - 1.1.18-0ubuntu1.1 libcib-dev - 1.1.18-0ubuntu1.1 pacemaker - 1.1.18-0ubuntu1.1 libcrmservice-dev - 1.1.18-0ubuntu1.1 libpe-rules2 - 1.1.18-0ubuntu1.1 liblrmd-dev - 1.1.18-0ubuntu1.1 libpengine10 - 1.1.18-0ubuntu1.1 libpengine-dev - 1.1.18-0ubuntu1.1 pacemaker-doc - 1.1.18-0ubuntu1.1 libcrmcluster4 - 1.1.18-0ubuntu1.1 libcib4 - 1.1.18-0ubuntu1.1 No subscription required Medium CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.17-0ubuntu0.18.04.1 php7.2-enchant - 7.2.17-0ubuntu0.18.04.1 php7.2-ldap - 7.2.17-0ubuntu0.18.04.1 php7.2-fpm - 7.2.17-0ubuntu0.18.04.1 php7.2-recode - 7.2.17-0ubuntu0.18.04.1 php7.2-cli - 7.2.17-0ubuntu0.18.04.1 php7.2-json - 7.2.17-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.17-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.17-0ubuntu0.18.04.1 php7.2 - 7.2.17-0ubuntu0.18.04.1 php7.2-pspell - 7.2.17-0ubuntu0.18.04.1 php7.2-dev - 7.2.17-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.17-0ubuntu0.18.04.1 php7.2-gmp - 7.2.17-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.17-0ubuntu0.18.04.1 php7.2-opcache - 7.2.17-0ubuntu0.18.04.1 php7.2-gd - 7.2.17-0ubuntu0.18.04.1 php7.2-soap - 7.2.17-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.17-0ubuntu0.18.04.1 php7.2-intl - 7.2.17-0ubuntu0.18.04.1 php7.2-odbc - 7.2.17-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.17-0ubuntu0.18.04.1 php7.2-tidy - 7.2.17-0ubuntu0.18.04.1 php7.2-imap - 7.2.17-0ubuntu0.18.04.1 php7.2-readline - 7.2.17-0ubuntu0.18.04.1 php7.2-mysql - 7.2.17-0ubuntu0.18.04.1 php7.2-dba - 7.2.17-0ubuntu0.18.04.1 php7.2-xml - 7.2.17-0ubuntu0.18.04.1 php7.2-interbase - 7.2.17-0ubuntu0.18.04.1 php7.2-xsl - 7.2.17-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.17-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.17-0ubuntu0.18.04.1 php7.2-sybase - 7.2.17-0ubuntu0.18.04.1 php7.2-curl - 7.2.17-0ubuntu0.18.04.1 php7.2-common - 7.2.17-0ubuntu0.18.04.1 php7.2-cgi - 7.2.17-0ubuntu0.18.04.1 php7.2-snmp - 7.2.17-0ubuntu0.18.04.1 php7.2-zip - 7.2.17-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11034 CVE-2019-11035 Ubuntu 18.04 LTS It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication. (CVE-2019-11234, CVE-2019-11235) Update Instructions: Run `sudo pro fix USN-3954-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeradius-dev - 3.0.16+dfsg-1ubuntu3.1 freeradius-ldap - 3.0.16+dfsg-1ubuntu3.1 freeradius-redis - 3.0.16+dfsg-1ubuntu3.1 libfreeradius3 - 3.0.16+dfsg-1ubuntu3.1 freeradius-yubikey - 3.0.16+dfsg-1ubuntu3.1 freeradius-config - 3.0.16+dfsg-1ubuntu3.1 freeradius-mysql - 3.0.16+dfsg-1ubuntu3.1 freeradius-postgresql - 3.0.16+dfsg-1ubuntu3.1 freeradius-dhcp - 3.0.16+dfsg-1ubuntu3.1 freeradius-utils - 3.0.16+dfsg-1ubuntu3.1 freeradius - 3.0.16+dfsg-1ubuntu3.1 freeradius-iodbc - 3.0.16+dfsg-1ubuntu3.1 freeradius-common - 3.0.16+dfsg-1ubuntu3.1 freeradius-rest - 3.0.16+dfsg-1ubuntu3.1 freeradius-memcached - 3.0.16+dfsg-1ubuntu3.1 freeradius-krb5 - 3.0.16+dfsg-1ubuntu3.1 No subscription required Medium CVE-2019-11234 CVE-2019-11235 Ubuntu 18.04 LTS It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information. Update Instructions: Run `sudo pro fix USN-3955-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpflow-nox - 1.4.5+repack1-4ubuntu0.18.04.1 tcpflow - 1.4.5+repack1-4ubuntu0.18.04.1 No subscription required Medium CVE-2018-14938 CVE-2018-18409 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-3956-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.7 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.7 libisc169 - 1:9.11.3+dfsg-1ubuntu1.7 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.7 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.7 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.7 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.7 bind9 - 1:9.11.3+dfsg-1ubuntu1.7 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.7 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.7 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.7 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.7 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.7 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.7 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.7 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.7 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.7 bind9-host - 1:9.11.3+dfsg-1ubuntu1.7 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.7 dnsutils - 1:9.11.3+dfsg-1ubuntu1.7 bind9utils - 1:9.11.3+dfsg-1ubuntu1.7 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.7 libirs160 - 1:9.11.3+dfsg-1ubuntu1.7 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.7 No subscription required Medium CVE-2018-5743 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Update Instructions: Run `sudo pro fix USN-3957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.26-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.26-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.26-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.26-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.26-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.26-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.26-0ubuntu0.18.04.1 mysql-server - 5.7.26-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.26-0ubuntu0.18.04.1 mysql-testsuite - 5.7.26-0ubuntu0.18.04.1 libmysqld-dev - 5.7.26-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.26-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-2566 CVE-2019-2581 CVE-2019-2592 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2632 CVE-2019-2683 Ubuntu 18.04 LTS USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.40. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10140-changelog/ https://mariadb.com/kb/en/library/mariadb-10140-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Update Instructions: Run `sudo pro fix USN-3957-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.40-0ubuntu0.18.04.1 mariadb-server - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.40-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.40-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.40-0ubuntu0.18.04.1 mariadb-client - 1:10.1.40-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.40-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.40-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.40-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.40-0ubuntu0.18.04.1 mariadb-test - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.40-0ubuntu0.18.04.1 mariadb-common - 1:10.1.40-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.40-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.40-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-2614 CVE-2019-2627 Ubuntu 18.04 LTS It was discovered that GStreamer Base Plugins did not correctly handle certain malformed RTSP streams. If a user were tricked into opening a crafted RTSP stream with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3958-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-base - 1.14.1-1ubuntu1~ubuntu18.04.2 libgstreamer-plugins-base1.0-0 - 1.14.1-1ubuntu1~ubuntu18.04.2 gstreamer1.0-x - 1.14.1-1ubuntu1~ubuntu18.04.2 gstreamer1.0-plugins-base-doc - 1.14.1-1ubuntu1~ubuntu18.04.2 libgstreamer-gl1.0-0 - 1.14.1-1ubuntu1~ubuntu18.04.2 gstreamer1.0-gl - 1.14.1-1ubuntu1~ubuntu18.04.2 libgstreamer-plugins-base1.0-dev - 1.14.1-1ubuntu1~ubuntu18.04.2 gir1.2-gst-plugins-base-1.0 - 1.14.1-1ubuntu1~ubuntu18.04.2 gstreamer1.0-alsa - 1.14.1-1ubuntu1~ubuntu18.04.2 gstreamer1.0-plugins-base-apps - 1.14.1-1ubuntu1~ubuntu18.04.2 No subscription required High CVE-2019-9928 Ubuntu 18.04 LTS It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-3959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.28.4-0ubuntu1.1 libevview3-3 - 3.28.4-0ubuntu1.1 evince-common - 3.28.4-0ubuntu1.1 libevince-dev - 3.28.4-0ubuntu1.1 evince - 3.28.4-0ubuntu1.1 libevdocument3-4 - 3.28.4-0ubuntu1.1 browser-plugin-evince - 3.28.4-0ubuntu1.1 No subscription required Medium CVE-2019-11459 Ubuntu 18.04 LTS It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 5.1.0-2ubuntu1.3 libwavpack-dev - 5.1.0-2ubuntu1.3 wavpack - 5.1.0-2ubuntu1.3 No subscription required Medium CVE-2019-11498 Ubuntu 18.04 LTS It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3962-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-tools - 1.6.34-1ubuntu0.18.04.2 libpng16-16-udeb - 1.6.34-1ubuntu0.18.04.2 libpng-dev - 1.6.34-1ubuntu0.18.04.2 libpng16-16 - 1.6.34-1ubuntu0.18.04.2 No subscription required Medium CVE-2019-7317 Ubuntu 18.04 LTS It was discovered that Memcached incorrectly handled certain lru command messages. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.5.6-0ubuntu1.1 No subscription required Medium CVE-2019-11596 Ubuntu 18.04 LTS Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update Instructions: Run `sudo pro fix USN-3964-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-gnupg - 0.4.1-1ubuntu1.18.04.1 python-gnupg - 0.4.1-1ubuntu1.18.04.1 No subscription required Medium CVE-2018-12020 CVE-2019-6690 Ubuntu 18.04 LTS It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked. Update Instructions: Run `sudo pro fix USN-3966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnome-shell - 3.28.3+git20190124-0ubuntu18.04.2 gnome-shell-common - 3.28.3+git20190124-0ubuntu18.04.2 No subscription required Medium CVE-2019-3820 Ubuntu 18.04 LTS It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-3967-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavresample-dev - 7:3.4.6-0ubuntu0.18.04.1 libavcodec-extra - 7:3.4.6-0ubuntu0.18.04.1 libavfilter-extra6 - 7:3.4.6-0ubuntu0.18.04.1 libavresample3 - 7:3.4.6-0ubuntu0.18.04.1 libavcodec-dev - 7:3.4.6-0ubuntu0.18.04.1 libavutil-dev - 7:3.4.6-0ubuntu0.18.04.1 libavfilter-extra - 7:3.4.6-0ubuntu0.18.04.1 libswscale-dev - 7:3.4.6-0ubuntu0.18.04.1 libswresample-dev - 7:3.4.6-0ubuntu0.18.04.1 libswresample2 - 7:3.4.6-0ubuntu0.18.04.1 libavdevice-dev - 7:3.4.6-0ubuntu0.18.04.1 libswscale4 - 7:3.4.6-0ubuntu0.18.04.1 libavfilter-dev - 7:3.4.6-0ubuntu0.18.04.1 libpostproc54 - 7:3.4.6-0ubuntu0.18.04.1 libpostproc-dev - 7:3.4.6-0ubuntu0.18.04.1 libavdevice57 - 7:3.4.6-0ubuntu0.18.04.1 libavformat57 - 7:3.4.6-0ubuntu0.18.04.1 libavformat-dev - 7:3.4.6-0ubuntu0.18.04.1 libavutil55 - 7:3.4.6-0ubuntu0.18.04.1 libavfilter6 - 7:3.4.6-0ubuntu0.18.04.1 libavcodec-extra57 - 7:3.4.6-0ubuntu0.18.04.1 libavcodec57 - 7:3.4.6-0ubuntu0.18.04.1 ffmpeg - 7:3.4.6-0ubuntu0.18.04.1 ffmpeg-doc - 7:3.4.6-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-15822 CVE-2019-11338 CVE-2019-11339 CVE-2019-9718 CVE-2019-9721 Ubuntu 18.04 LTS It was discovered that wpa_supplicant and hostapd incorrectly handled unexpected fragments when using EAP-pwd. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-3969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.3 wpagui - 2:2.6-15ubuntu2.3 wpasupplicant - 2:2.6-15ubuntu2.3 wpasupplicant-udeb - 2:2.6-15ubuntu2.3 No subscription required Medium CVE-2019-11555 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-3970-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.9 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.9 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.9 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.9 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.9 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.9 No subscription required Medium CVE-2019-3839 Ubuntu 18.04 LTS It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130) Update Instructions: Run `sudo pro fix USN-3972-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.8-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.8-0ubuntu0.18.04.1 libecpg6 - 10.8-0ubuntu0.18.04.1 libpq-dev - 10.8-0ubuntu0.18.04.1 libpgtypes3 - 10.8-0ubuntu0.18.04.1 postgresql-10 - 10.8-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.8-0ubuntu0.18.04.1 libecpg-dev - 10.8-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.8-0ubuntu0.18.04.1 libpq5 - 10.8-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.8-0ubuntu0.18.04.1 postgresql-doc-10 - 10.8-0ubuntu0.18.04.1 postgresql-client-10 - 10.8-0ubuntu0.18.04.1 libecpg-compat3 - 10.8-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-10129 CVE-2019-10130 Ubuntu 18.04 LTS It was discovered that DHCP, when built with a mismatched external BIND library, incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3973-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-relay - 4.3.5-3ubuntu7.1 isc-dhcp-client-ddns - 4.3.5-3ubuntu7.1 isc-dhcp-dev - 4.3.5-3ubuntu7.1 isc-dhcp-client - 4.3.5-3ubuntu7.1 isc-dhcp-common - 4.3.5-3ubuntu7.1 isc-dhcp-server - 4.3.5-3ubuntu7.1 isc-dhcp-client-udeb - 4.3.5-3ubuntu7.1 isc-dhcp-server-ldap - 4.3.5-3ubuntu7.1 No subscription required Medium CVE-2019-6470 Ubuntu 18.04 LTS It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602) Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. (CVE-2019-2684) Mateusz Jurczyk discovered a vulnerability in the 2D component of OpenJDK. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2697) Mateusz Jurczyk discovered a vulnerability in the font layout engine of OpenJDK's 2D component. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2698) Update Instructions: Run `sudo pro fix USN-3975-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-jdk - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-doc - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-jre-zero - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-source - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-jre-headless - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-jdk-headless - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-jre - 11.0.3+7-1ubuntu2~18.04.1 openjdk-11-demo - 11.0.3+7-1ubuntu2~18.04.1 No subscription required openjdk-8-doc - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-jdk - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-jre-headless - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-jdk-headless - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-jre - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-source - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-jre-zero - 8u212-b03-0ubuntu1.18.04.1 openjdk-8-demo - 8u212-b03-0ubuntu1.18.04.1 No subscription required Medium CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2019-2697 Ubuntu 18.04 LTS Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 No subscription required Medium CVE-2018-16860 Ubuntu 18.04 LTS USN-3976-1 fixed a vulnerability in Samba. The update introduced a regression causing Samba to occasionally crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-3976-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 No subscription required None https://launchpad.net/bugs/1827924 Ubuntu 18.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.18.04.2 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190514.0ubuntu0.18.04.3 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3977-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20190618.0ubuntu0.18.04.1 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. (CVE-2018-20815) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) It was discovered that a NULL pointer dereference existed in the sun4u power device implementation in QEMU. A local attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-5008) William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. An attacker could use this to expose sensitive information. (CVE-2019-9824) Update Instructions: Run `sudo pro fix USN-3978-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.13 qemu-user-static - 1:2.11+dfsg-1ubuntu7.13 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.13 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.13 qemu-kvm - 1:2.11+dfsg-1ubuntu7.13 qemu-user - 1:2.11+dfsg-1ubuntu7.13 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.13 qemu-system - 1:2.11+dfsg-1ubuntu7.13 qemu-utils - 1:2.11+dfsg-1ubuntu7.13 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.13 qemu - 1:2.11+dfsg-1ubuntu7.13 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.13 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.13 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.13 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.13 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.13 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.13 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-5008 CVE-2019-9824 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Marc Orr discovered that the KVM hypervisor implementation in the Linux kernel did not properly restrict APIC MSR register values when nested virtualization is used. An attacker in a guest vm could use this to cause a denial of service (host OS crash). (CVE-2019-3887) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) Update Instructions: Run `sudo pro fix USN-3980-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-1018-azure - 4.18.0-1018.18~18.04.1 No subscription required linux-image-4.18.0-20-lowlatency - 4.18.0-20.21~18.04.1 linux-image-4.18.0-20-generic-lpae - 4.18.0-20.21~18.04.1 linux-image-4.18.0-20-snapdragon - 4.18.0-20.21~18.04.1 linux-image-4.18.0-20-generic - 4.18.0-20.21~18.04.1 No subscription required linux-image-azure - 4.18.0.1018.17 No subscription required linux-image-snapdragon-hwe-18.04 - 4.18.0.20.70 linux-image-lowlatency-hwe-18.04 - 4.18.0.20.70 linux-image-virtual-hwe-18.04 - 4.18.0.20.70 linux-image-generic-lpae-hwe-18.04 - 4.18.0.20.70 linux-image-generic-hwe-18.04 - 4.18.0.20.70 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16884 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 CVE-2019-3887 CVE-2019-9500 CVE-2019-9503 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups subsystem of the Linux kernel did not properly account for SCTP socket buffers. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-3874) Alex Williamson discovered that the vfio subsystem of the Linux kernel did not properly limit DMA mappings. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-3882) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel contained a heap buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9500) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) Update Instructions: Run `sudo pro fix USN-3981-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1013-oracle - 4.15.0-1013.15 No subscription required linux-image-4.15.0-1032-gcp - 4.15.0-1032.34 No subscription required linux-image-4.15.0-1034-kvm - 4.15.0-1034.34 No subscription required linux-image-4.15.0-1036-raspi2 - 4.15.0-1036.38 No subscription required linux-image-4.15.0-1038-oem - 4.15.0-1038.43 No subscription required linux-image-4.15.0-1039-aws - 4.15.0-1039.41 No subscription required linux-image-4.15.0-1053-snapdragon - 4.15.0-1053.57 No subscription required linux-image-4.15.0-50-generic - 4.15.0-50.54 linux-image-4.15.0-50-lowlatency - 4.15.0-50.54 linux-image-4.15.0-50-generic-lpae - 4.15.0-50.54 No subscription required linux-image-oracle - 4.15.0.1013.16 No subscription required linux-image-gcp - 4.15.0.1032.34 No subscription required linux-image-kvm - 4.15.0.1034.34 No subscription required linux-image-raspi2 - 4.15.0.1036.34 No subscription required linux-image-oem - 4.15.0.1038.43 No subscription required linux-image-aws - 4.15.0.1039.38 No subscription required linux-image-snapdragon - 4.15.0.1053.56 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.50.52 linux-image-lowlatency-hwe-16.04 - 4.15.0.50.52 linux-image-generic-hwe-16.04-edge - 4.15.0.50.52 linux-image-generic-lpae-hwe-16.04 - 4.15.0.50.52 linux-image-virtual - 4.15.0.50.52 linux-image-virtual-hwe-16.04 - 4.15.0.50.52 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.50.52 linux-image-generic - 4.15.0.50.52 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.50.52 linux-image-generic-lpae - 4.15.0.50.52 linux-image-generic-hwe-16.04 - 4.15.0.50.52 linux-image-lowlatency - 4.15.0.50.52 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16884 CVE-2019-11091 CVE-2019-3874 CVE-2019-3882 CVE-2019-9500 CVE-2019-9503 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130) Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126) Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091) Update Instructions: Run `sudo pro fix USN-3985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.10 libvirt-dev - 4.0.0-1ubuntu8.10 libnss-libvirt - 4.0.0-1ubuntu8.10 libvirt-sanlock - 4.0.0-1ubuntu8.10 libvirt-daemon - 4.0.0-1ubuntu8.10 libvirt-wireshark - 4.0.0-1ubuntu8.10 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.10 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.10 libvirt-doc - 4.0.0-1ubuntu8.10 libvirt-daemon-system - 4.0.0-1ubuntu8.10 libvirt-clients - 4.0.0-1ubuntu8.10 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.10 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.10 libvirt-bin - 4.0.0-1ubuntu8.10 No subscription required High CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS Ubuntu 18.04 LTS It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malform packets onto the wire or convincing someone to read a malformed packet trace file. Update Instructions: Run `sudo pro fix USN-3986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwsutil-dev - 2.6.8-1~ubuntu18.04.0 wireshark-dev - 2.6.8-1~ubuntu18.04.0 tshark - 2.6.8-1~ubuntu18.04.0 libwireshark-dev - 2.6.8-1~ubuntu18.04.0 libwiretap8 - 2.6.8-1~ubuntu18.04.0 wireshark-qt - 2.6.8-1~ubuntu18.04.0 libwiretap-dev - 2.6.8-1~ubuntu18.04.0 libwscodecs2 - 2.6.8-1~ubuntu18.04.0 wireshark-doc - 2.6.8-1~ubuntu18.04.0 wireshark-common - 2.6.8-1~ubuntu18.04.0 wireshark-gtk - 2.6.8-1~ubuntu18.04.0 libwireshark-data - 2.6.8-1~ubuntu18.04.0 libwireshark11 - 2.6.8-1~ubuntu18.04.0 libwsutil9 - 2.6.8-1~ubuntu18.04.0 wireshark - 2.6.8-1~ubuntu18.04.0 No subscription required Medium CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 Ubuntu 18.04 LTS It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-3988-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 17.12-1ubuntu0.1 libmediainfo-dev - 17.12-1ubuntu0.1 python3-mediainfodll - 17.12-1ubuntu0.1 libmediainfo0v5 - 17.12-1ubuntu0.1 libmediainfo-doc - 17.12-1ubuntu0.1 No subscription required Medium CVE-2019-11372 CVE-2019-11373 Ubuntu 18.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3989-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.18.8-1ubuntu0.3 libraw-bin - 0.18.8-1ubuntu0.3 libraw16 - 0.18.8-1ubuntu0.3 libraw-dev - 0.18.8-1ubuntu0.3 No subscription required Medium CVE-2018-20337 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 Ubuntu 18.04 LTS It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-11324) Update Instructions: Run `sudo pro fix USN-3990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.22-1ubuntu0.18.04.1 python3-urllib3 - 1.22-1ubuntu0.18.04.1 No subscription required Medium CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 67.0+build2-0ubuntu0.18.04.1 firefox-testsuite - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 67.0+build2-0ubuntu0.18.04.1 firefox - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 67.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 67.0+build2-0ubuntu0.18.04.1 firefox-dev - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 67.0+build2-0ubuntu0.18.04.1 firefox-globalmenu - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 67.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 67.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11695 CVE-2019-11696 CVE-2019-11697 CVE-2019-11698 CVE-2019-11699 CVE-2019-11701 CVE-2019-7317 CVE-2019-9800 CVE-2019-9814 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 Ubuntu 18.04 LTS USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 67.0.1+build1-0ubuntu0.18.04.1 firefox-testsuite - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 67.0.1+build1-0ubuntu0.18.04.1 firefox - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 67.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 67.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 67.0.1+build1-0ubuntu0.18.04.1 firefox-globalmenu - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 67.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 67.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1830096 Ubuntu 18.04 LTS USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) Update Instructions: Run `sudo pro fix USN-3991-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nn - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ne - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nb - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fa - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fi - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fr - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fy - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-or - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kab - 67.0.2+build2-0ubuntu0.18.04.1 firefox-testsuite - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-oc - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cs - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ga - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gd - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gn - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gl - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gu - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pa - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pl - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cy - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pt - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hi - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-uk - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-he - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hy - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hr - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hu - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-as - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ar - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ia - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-az - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-id - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mai - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-af - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-is - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-it - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-an - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bs - 67.0.2+build2-0ubuntu0.18.04.1 firefox - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ro - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ja - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ru - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-br - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bn - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-be - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bg - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sl - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sk - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-si - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sw - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sv - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sr - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sq - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ko - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kn - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-km - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kk - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ka - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-xh - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ca - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ku - 67.0.2+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lv - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lt - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-th - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 67.0.2+build2-0ubuntu0.18.04.1 firefox-dev - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-te - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cak - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ta - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lg - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-csb - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-tr - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nso - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-de - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-da - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ms - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mr - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-my - 67.0.2+build2-0ubuntu0.18.04.1 firefox-globalmenu - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-uz - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ml - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mn - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mk - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ur - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-eu - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-et - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-es - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-vi - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-el - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-eo - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-en - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zu - 67.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ast - 67.0.2+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1832907 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-3992-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.24.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.24.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.24.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.24.2-0ubuntu0.18.04.1 webkit2gtk-driver - 2.24.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.24.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.24.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.24.2-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.24.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.24.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 Ubuntu 18.04 LTS Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update Instructions: Run `sudo pro fix USN-3993-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.7 libcurl4-openssl-dev - 7.58.0-2ubuntu3.7 libcurl3-gnutls - 7.58.0-2ubuntu3.7 libcurl4-doc - 7.58.0-2ubuntu3.7 libcurl3-nss - 7.58.0-2ubuntu3.7 libcurl4-nss-dev - 7.58.0-2ubuntu3.7 libcurl4 - 7.58.0-2ubuntu3.7 curl - 7.58.0-2ubuntu3.7 No subscription required Medium CVE-2019-5435 CVE-2019-5436 Ubuntu 18.04 LTS It was discovered that gnome-desktop incorrectly confined thumbnailers. If a user were tricked into downloading a malicious image file, a remote attacker could possibly combine this issue with another vulnerability to escape the sandbox and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3994-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnome-desktop-3-17 - 3.28.2-0ubuntu1.3 gir1.2-gnomedesktop-3.0 - 3.28.2-0ubuntu1.3 gnome-desktop3-data - 3.28.2-0ubuntu1.3 libgnome-desktop-3-dev - 3.28.2-0ubuntu1.3 No subscription required Medium CVE-2019-11460 Ubuntu 18.04 LTS It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-3995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: keepalived - 1:1.3.9-1ubuntu0.18.04.2 No subscription required Medium CVE-2018-19115 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317) A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816) It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698) Update Instructions: Run `sudo pro fix USN-3997-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.7.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.7.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.7.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 Ubuntu 18.04 LTS Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted. Update Instructions: Run `sudo pro fix USN-3998-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libedata-cal1.2-dev - 3.28.5-0ubuntu0.18.04.2 libedataserver-1.2-23 - 3.28.5-0ubuntu0.18.04.2 libebackend-1.2-10 - 3.28.5-0ubuntu0.18.04.2 libebook1.2-dev - 3.28.5-0ubuntu0.18.04.2 libecal1.2-dev - 3.28.5-0ubuntu0.18.04.2 evolution-data-server-tests - 3.28.5-0ubuntu0.18.04.2 gir1.2-camel-1.2 - 3.28.5-0ubuntu0.18.04.2 libebook-contacts-1.2-2 - 3.28.5-0ubuntu0.18.04.2 libedata-book1.2-dev - 3.28.5-0ubuntu0.18.04.2 libecal-1.2-19 - 3.28.5-0ubuntu0.18.04.2 evolution-data-server-online-accounts - 3.28.5-0ubuntu0.18.04.2 libebackend1.2-dev - 3.28.5-0ubuntu0.18.04.2 libcamel1.2-dev - 3.28.5-0ubuntu0.18.04.2 libedataserverui-1.2-2 - 3.28.5-0ubuntu0.18.04.2 libedata-book-1.2-25 - 3.28.5-0ubuntu0.18.04.2 gir1.2-edataserver-1.2 - 3.28.5-0ubuntu0.18.04.2 libedataserver1.2-dev - 3.28.5-0ubuntu0.18.04.2 libebook-contacts1.2-dev - 3.28.5-0ubuntu0.18.04.2 gir1.2-ebookcontacts-1.2 - 3.28.5-0ubuntu0.18.04.2 libcamel-1.2-61 - 3.28.5-0ubuntu0.18.04.2 evolution-data-server - 3.28.5-0ubuntu0.18.04.2 evolution-data-server-common - 3.28.5-0ubuntu0.18.04.2 gir1.2-edataserverui-1.2 - 3.28.5-0ubuntu0.18.04.2 libedataserverui1.2-dev - 3.28.5-0ubuntu0.18.04.2 libebook-1.2-19 - 3.28.5-0ubuntu0.18.04.2 evolution-data-server-doc - 3.28.5-0ubuntu0.18.04.2 evolution-data-server-dev - 3.28.5-0ubuntu0.18.04.2 gir1.2-ebook-1.2 - 3.28.5-0ubuntu0.18.04.2 libedata-cal-1.2-28 - 3.28.5-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-15587 Ubuntu 18.04 LTS Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846) Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3829) It was discovered that GnuTLS incorrectly handled certain post-handshake messages. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3836) Update Instructions: Run `sudo pro fix USN-3999-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.5.18-1ubuntu1.1 libgnutls28-dev - 3.5.18-1ubuntu1.1 libgnutlsxx28 - 3.5.18-1ubuntu1.1 gnutls-doc - 3.5.18-1ubuntu1.1 libgnutls-dane0 - 3.5.18-1ubuntu1.1 gnutls-bin - 3.5.18-1ubuntu1.1 libgnutls-openssl27 - 3.5.18-1ubuntu1.1 No subscription required Medium CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 CVE-2019-3829 CVE-2019-3836 Ubuntu 18.04 LTS It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4000-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: corosync-notifyd - 2.4.3-0ubuntu1.1 libcmap-dev - 2.4.3-0ubuntu1.1 libvotequorum-dev - 2.4.3-0ubuntu1.1 libquorum5 - 2.4.3-0ubuntu1.1 libcmap4 - 2.4.3-0ubuntu1.1 libtotem-pg-dev - 2.4.3-0ubuntu1.1 libvotequorum8 - 2.4.3-0ubuntu1.1 corosync - 2.4.3-0ubuntu1.1 libtotem-pg5 - 2.4.3-0ubuntu1.1 corosync-dev - 2.4.3-0ubuntu1.1 libquorum-dev - 2.4.3-0ubuntu1.1 libcpg-dev - 2.4.3-0ubuntu1.1 corosync-qdevice - 2.4.3-0ubuntu1.1 libcorosync-common-dev - 2.4.3-0ubuntu1.1 libcfg-dev - 2.4.3-0ubuntu1.1 libcfg6 - 2.4.3-0ubuntu1.1 corosync-qnetd - 2.4.3-0ubuntu1.1 libcpg4 - 2.4.3-0ubuntu1.1 libsam4 - 2.4.3-0ubuntu1.1 libsam-dev - 2.4.3-0ubuntu1.1 corosync-doc - 2.4.3-0ubuntu1.1 libcorosync-common4 - 2.4.3-0ubuntu1.1 No subscription required Medium CVE-2018-1084 Ubuntu 18.04 LTS Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Update Instructions: Run `sudo pro fix USN-4001-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libseccomp-dev - 2.4.1-0ubuntu0.18.04.2 libseccomp2 - 2.4.1-0ubuntu0.18.04.2 seccomp - 2.4.1-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-9893 Ubuntu 18.04 LTS It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-15518) It was discovered that Qt incorrectly handled certain GIF images. A remote attacker could use this issue with a specially crafted GIF image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19870) It was discovered that Qt incorrectly handled certain BMP images. A remote attacker could use this issue with a specially crafted BMP image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19873) Update Instructions: Run `sudo pro fix USN-4003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5widgets5 - 5.9.5+dfsg-0ubuntu2.1 libqt5opengl5 - 5.9.5+dfsg-0ubuntu2.1 libqt5concurrent5 - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-mysql - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-tds - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-sqlite - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-psql - 5.9.5+dfsg-0ubuntu2.1 libqt5core5a - 5.9.5+dfsg-0ubuntu2.1 libqt5network5 - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5 - 5.9.5+dfsg-0ubuntu2.1 libqt5dbus5 - 5.9.5+dfsg-0ubuntu2.1 libqt5gui5 - 5.9.5+dfsg-0ubuntu2.1 qtbase5-doc - 5.9.5+dfsg-0ubuntu2.1 libqt5opengl5-dev - 5.9.5+dfsg-0ubuntu2.1 qtbase5-doc-html - 5.9.5+dfsg-0ubuntu2.1 qtbase5-dev-tools - 5.9.5+dfsg-0ubuntu2.1 qt5-qmake - 5.9.5+dfsg-0ubuntu2.1 libqt5xml5 - 5.9.5+dfsg-0ubuntu2.1 qtbase5-dev - 5.9.5+dfsg-0ubuntu2.1 qtbase5-private-dev - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-ibase - 5.9.5+dfsg-0ubuntu2.1 libqt5printsupport5 - 5.9.5+dfsg-0ubuntu2.1 qt5-qmake-bin - 5.9.5+dfsg-0ubuntu2.1 qt5-gtk-platformtheme - 5.9.5+dfsg-0ubuntu2.1 qtbase5-examples - 5.9.5+dfsg-0ubuntu2.1 libqt5test5 - 5.9.5+dfsg-0ubuntu2.1 libqt5sql5-odbc - 5.9.5+dfsg-0ubuntu2.1 qt5-default - 5.9.5+dfsg-0ubuntu2.1 No subscription required Medium CVE-2018-15518 CVE-2018-19870 CVE-2018-19873 Ubuntu 18.04 LTS It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. Update Instructions: Run `sudo pro fix USN-4004-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: db5.3-doc - 5.3.28-13.1ubuntu1.1 libdb5.3-java-jni - 5.3.28-13.1ubuntu1.1 libdb5.3-tcl - 5.3.28-13.1ubuntu1.1 libdb5.3-java-dev - 5.3.28-13.1ubuntu1.1 libdb5.3-dev - 5.3.28-13.1ubuntu1.1 db5.3-util - 5.3.28-13.1ubuntu1.1 libdb5.3-stl-dev - 5.3.28-13.1ubuntu1.1 libdb5.3-sql - 5.3.28-13.1ubuntu1.1 libdb5.3++-dev - 5.3.28-13.1ubuntu1.1 db5.3-sql-util - 5.3.28-13.1ubuntu1.1 libdb5.3 - 5.3.28-13.1ubuntu1.1 libdb5.3-stl - 5.3.28-13.1ubuntu1.1 libdb5.3-sql-dev - 5.3.28-13.1ubuntu1.1 libdb5.3-java - 5.3.28-13.1ubuntu1.1 libdb5.3++ - 5.3.28-13.1ubuntu1.1 No subscription required Medium CVE-2019-8457 Ubuntu 18.04 LTS USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4006-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-21-lowlatency - 4.18.0-21.22~18.04.1 linux-image-4.18.0-21-snapdragon - 4.18.0-21.22~18.04.1 linux-image-4.18.0-21-generic - 4.18.0-21.22~18.04.1 linux-image-4.18.0-21-generic-lpae - 4.18.0-21.22~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04 - 4.18.0.21.71 linux-image-lowlatency-hwe-18.04 - 4.18.0.21.71 linux-image-virtual-hwe-18.04 - 4.18.0.21.71 linux-image-generic-lpae-hwe-18.04 - 4.18.0.21.71 linux-image-generic-hwe-18.04 - 4.18.0.21.71 No subscription required Negligible CVE-2019-11191 Ubuntu 18.04 LTS Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support. Update Instructions: Run `sudo pro fix USN-4007-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1014-oracle - 4.15.0-1014.16 No subscription required linux-image-4.15.0-1033-gcp - 4.15.0-1033.35 No subscription required linux-image-4.15.0-1035-kvm - 4.15.0-1035.35 No subscription required linux-image-4.15.0-1037-raspi2 - 4.15.0-1037.39 No subscription required linux-image-4.15.0-1039-oem - 4.15.0-1039.44 No subscription required linux-image-4.15.0-1040-aws - 4.15.0-1040.42 No subscription required linux-image-4.15.0-1054-snapdragon - 4.15.0-1054.58 No subscription required linux-image-4.15.0-51-generic - 4.15.0-51.55 linux-image-4.15.0-51-generic-lpae - 4.15.0-51.55 linux-image-4.15.0-51-lowlatency - 4.15.0-51.55 No subscription required linux-image-oracle - 4.15.0.1014.17 No subscription required linux-image-gcp - 4.15.0.1033.35 No subscription required linux-image-kvm - 4.15.0.1035.35 No subscription required linux-image-raspi2 - 4.15.0.1037.35 No subscription required linux-image-oem - 4.15.0.1039.43 No subscription required linux-image-aws - 4.15.0.1040.39 No subscription required linux-image-snapdragon - 4.15.0.1054.57 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.51.53 linux-image-lowlatency-hwe-16.04 - 4.15.0.51.53 linux-image-generic-hwe-16.04-edge - 4.15.0.51.53 linux-image-generic-lpae-hwe-16.04 - 4.15.0.51.53 linux-image-virtual - 4.15.0.51.53 linux-image-virtual-hwe-16.04 - 4.15.0.51.53 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.51.53 linux-image-generic - 4.15.0.51.53 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.51.53 linux-image-generic-lpae - 4.15.0.51.53 linux-image-generic-hwe-16.04 - 4.15.0.51.53 linux-image-lowlatency - 4.15.0.51.53 No subscription required Negligible CVE-2019-11191 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11036) It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-11039) It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-11040) Update Instructions: Run `sudo pro fix USN-4009-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.19-0ubuntu0.18.04.1 php7.2-enchant - 7.2.19-0ubuntu0.18.04.1 php7.2-ldap - 7.2.19-0ubuntu0.18.04.1 php7.2-fpm - 7.2.19-0ubuntu0.18.04.1 php7.2-recode - 7.2.19-0ubuntu0.18.04.1 php7.2-cli - 7.2.19-0ubuntu0.18.04.1 php7.2-json - 7.2.19-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.19-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.19-0ubuntu0.18.04.1 php7.2 - 7.2.19-0ubuntu0.18.04.1 php7.2-pspell - 7.2.19-0ubuntu0.18.04.1 php7.2-dev - 7.2.19-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.19-0ubuntu0.18.04.1 php7.2-gmp - 7.2.19-0ubuntu0.18.04.1 php7.2-opcache - 7.2.19-0ubuntu0.18.04.1 php7.2-gd - 7.2.19-0ubuntu0.18.04.1 php7.2-soap - 7.2.19-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.19-0ubuntu0.18.04.1 php7.2-intl - 7.2.19-0ubuntu0.18.04.1 php7.2-cgi - 7.2.19-0ubuntu0.18.04.1 php7.2-odbc - 7.2.19-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.19-0ubuntu0.18.04.1 php7.2-tidy - 7.2.19-0ubuntu0.18.04.1 php7.2-imap - 7.2.19-0ubuntu0.18.04.1 php7.2-readline - 7.2.19-0ubuntu0.18.04.1 php7.2-mysql - 7.2.19-0ubuntu0.18.04.1 php7.2-dba - 7.2.19-0ubuntu0.18.04.1 php7.2-xml - 7.2.19-0ubuntu0.18.04.1 php7.2-interbase - 7.2.19-0ubuntu0.18.04.1 php7.2-xsl - 7.2.19-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.19-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.19-0ubuntu0.18.04.1 php7.2-sybase - 7.2.19-0ubuntu0.18.04.1 php7.2-curl - 7.2.19-0ubuntu0.18.04.1 php7.2-common - 7.2.19-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.19-0ubuntu0.18.04.1 php7.2-snmp - 7.2.19-0ubuntu0.18.04.1 php7.2-zip - 7.2.19-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4010-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.2 eximon4 - 4.90.1-1ubuntu1.2 exim4 - 4.90.1-1ubuntu1.2 exim4-base - 4.90.1-1ubuntu1.2 exim4-config - 4.90.1-1ubuntu1.2 exim4-daemon-heavy - 4.90.1-1ubuntu1.2 exim4-daemon-light - 4.90.1-1ubuntu1.2 No subscription required Medium CVE-2019-10149 Ubuntu 18.04 LTS Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906) Update Instructions: Run `sudo pro fix USN-4011-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.10-1ubuntu0.18.04.1 python-jinja2-doc - 2.10-1ubuntu0.18.04.1 python3-jinja2 - 2.10-1ubuntu0.18.04.1 No subscription required Medium CVE-2016-10745 CVE-2019-10906 Ubuntu 18.04 LTS It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4012-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libasm1 - 0.170-0.4ubuntu0.1 libdw-dev - 0.170-0.4ubuntu0.1 libelf1 - 0.170-0.4ubuntu0.1 libelf-dev - 0.170-0.4ubuntu0.1 elfutils - 0.170-0.4ubuntu0.1 libdw1 - 0.170-0.4ubuntu0.1 libasm-dev - 0.170-0.4ubuntu0.1 No subscription required Medium CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 Ubuntu 18.04 LTS It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4013-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.28-4ubuntu0.18.04.1 libsndfile1-dev - 1.0.28-4ubuntu0.18.04.1 sndfile-programs - 1.0.28-4ubuntu0.18.04.1 No subscription required Medium CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832 Ubuntu 18.04 LTS It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.3 libglib2.0-data - 2.56.4-0ubuntu0.18.04.3 libglib2.0-udeb - 2.56.4-0ubuntu0.18.04.3 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.3 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.3 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.3 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.3 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.3 No subscription required Medium CVE-2019-12450 Ubuntu 18.04 LTS Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges. Update Instructions: Run `sudo pro fix USN-4015-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.12.2-1ubuntu1.1 dbus - 1.12.2-1ubuntu1.1 libdbus-1-dev - 1.12.2-1ubuntu1.1 dbus-udeb - 1.12.2-1ubuntu1.1 dbus-user-session - 1.12.2-1ubuntu1.1 libdbus-1-3-udeb - 1.12.2-1ubuntu1.1 dbus-x11 - 1.12.2-1ubuntu1.1 dbus-tests - 1.12.2-1ubuntu1.1 libdbus-1-3 - 1.12.2-1ubuntu1.1 No subscription required Medium CVE-2019-12749 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735) Update Instructions: Run `sudo pro fix USN-4016-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.1 vim-gnome - 2:8.0.1453-1ubuntu1.1 vim-athena - 2:8.0.1453-1ubuntu1.1 xxd - 2:8.0.1453-1ubuntu1.1 vim-gtk - 2:8.0.1453-1ubuntu1.1 vim-gui-common - 2:8.0.1453-1ubuntu1.1 vim - 2:8.0.1453-1ubuntu1.1 vim-doc - 2:8.0.1453-1ubuntu1.1 vim-tiny - 2:8.0.1453-1ubuntu1.1 vim-runtime - 2:8.0.1453-1ubuntu1.1 vim-gtk3 - 2:8.0.1453-1ubuntu1.1 vim-nox - 2:8.0.1453-1ubuntu1.1 No subscription required Medium CVE-2017-5953 CVE-2019-12735 Ubuntu 18.04 LTS Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Update Instructions: Run `sudo pro fix USN-4017-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1015-oracle - 4.15.0-1015.17 No subscription required linux-image-4.15.0-1034-gcp - 4.15.0-1034.36 No subscription required linux-image-4.15.0-1036-kvm - 4.15.0-1036.36 No subscription required linux-image-4.15.0-1038-raspi2 - 4.15.0-1038.40 No subscription required linux-image-4.15.0-1041-aws - 4.15.0-1041.43 No subscription required linux-image-4.15.0-1043-oem - 4.15.0-1043.48 No subscription required linux-image-4.15.0-1055-snapdragon - 4.15.0-1055.59 No subscription required linux-image-4.15.0-52-generic-lpae - 4.15.0-52.56 linux-image-4.15.0-52-generic - 4.15.0-52.56 linux-image-4.15.0-52-lowlatency - 4.15.0-52.56 No subscription required linux-image-oracle - 4.15.0.1015.18 No subscription required linux-image-gcp - 4.15.0.1034.36 No subscription required linux-image-kvm - 4.15.0.1036.36 No subscription required linux-image-raspi2 - 4.15.0.1038.36 No subscription required linux-image-aws - 4.15.0.1041.40 No subscription required linux-image-oem - 4.15.0.1043.47 No subscription required linux-image-snapdragon - 4.15.0.1055.58 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.52.54 linux-image-generic-hwe-16.04 - 4.15.0.52.54 linux-image-generic-hwe-16.04-edge - 4.15.0.52.54 linux-image-generic-lpae-hwe-16.04 - 4.15.0.52.54 linux-image-virtual - 4.15.0.52.54 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.52.54 linux-image-generic - 4.15.0.52.54 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.52.54 linux-image-virtual-hwe-16.04 - 4.15.0.52.54 linux-image-generic-lpae - 4.15.0.52.54 linux-image-lowlatency-hwe-16.04 - 4.15.0.52.54 linux-image-lowlatency - 4.15.0.52.54 No subscription required linux-image-4.18.0-1020-azure - 4.18.0-1020.20~18.04.1 No subscription required linux-image-4.18.0-22-generic - 4.18.0-22.23~18.04.1 linux-image-4.18.0-22-lowlatency - 4.18.0-22.23~18.04.1 linux-image-4.18.0-22-generic-lpae - 4.18.0-22.23~18.04.1 linux-image-4.18.0-22-snapdragon - 4.18.0-22.23~18.04.1 No subscription required linux-image-azure - 4.18.0.1020.19 No subscription required linux-image-generic-hwe-18.04 - 4.18.0.22.72 linux-image-snapdragon-hwe-18.04 - 4.18.0.22.72 linux-image-generic-lpae-hwe-18.04 - 4.18.0.22.72 linux-image-lowlatency-hwe-18.04 - 4.18.0.22.72 linux-image-virtual-hwe-18.04 - 4.18.0.22.72 No subscription required High CVE-2019-11477 CVE-2019-11478 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2518, CVE-2017-2520) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20505) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20346, CVE-2018-20506) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2019-8457) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9936) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-9937) It was discovered that SQLite incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6153) It was discovered that SQLite incorrectly handled certain databases. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-10989) It was discovered that SQLite incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-13685) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2519) Update Instructions: Run `sudo pro fix USN-4019-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.1 sqlite3-doc - 3.22.0-1ubuntu0.1 libsqlite3-0 - 3.22.0-1ubuntu0.1 libsqlite3-tcl - 3.22.0-1ubuntu0.1 sqlite3 - 3.22.0-1ubuntu0.1 libsqlite3-dev - 3.22.0-1ubuntu0.1 No subscription required Medium CVE-2016-6153 CVE-2017-10989 CVE-2017-13685 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520 CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 CVE-2019-8457 CVE-2019-9936 CVE-2019-9937 Ubuntu 18.04 LTS A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code. Update Instructions: Run `sudo pro fix USN-4020-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nn - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ne - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nb - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fa - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fi - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fr - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fy - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-or - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kab - 67.0.3+build1-0ubuntu0.18.04.1 firefox-testsuite - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-oc - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cs - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ga - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gd - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gn - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gl - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gu - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pa - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pl - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cy - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pt - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hi - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uk - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-he - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hy - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hr - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hu - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-as - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ar - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ia - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-az - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-id - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mai - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-af - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-is - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-it - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-an - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bs - 67.0.3+build1-0ubuntu0.18.04.1 firefox - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ro - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ja - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ru - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-br - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bn - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-be - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bg - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sl - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sk - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-si - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sw - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sv - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sr - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sq - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ko - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kn - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-km - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kk - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ka - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-xh - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ca - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ku - 67.0.3+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lv - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lt - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-th - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 67.0.3+build1-0ubuntu0.18.04.1 firefox-dev - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-te - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cak - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ta - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lg - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-csb - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-tr - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nso - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-de - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-da - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ms - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mr - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-my - 67.0.3+build1-0ubuntu0.18.04.1 firefox-globalmenu - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uz - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ml - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mn - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mk - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ur - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eu - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-et - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-es - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-vi - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-el - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eo - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-en - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zu - 67.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ast - 67.0.3+build1-0ubuntu0.18.04.1 No subscription required High CVE-2019-11707 Ubuntu 18.04 LTS It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mosquitto-dev - 1.4.15-2ubuntu0.18.04.3 libmosquitto-dev - 1.4.15-2ubuntu0.18.04.3 libmosquitto1 - 1.4.15-2ubuntu0.18.04.3 mosquitto - 1.4.15-2ubuntu0.18.04.3 libmosquittopp1 - 1.4.15-2ubuntu0.18.04.3 libmosquittopp-dev - 1.4.15-2ubuntu0.18.04.3 mosquitto-clients - 1.4.15-2ubuntu0.18.04.3 No subscription required Medium CVE-2017-7653 CVE-2017-7654 Ubuntu 18.04 LTS As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on parent directories of sensitive files. Update Instructions: Run `sudo pro fix USN-4024-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-evince-3.0 - 3.28.4-0ubuntu1.2 libevview3-3 - 3.28.4-0ubuntu1.2 evince-common - 3.28.4-0ubuntu1.2 libevince-dev - 3.28.4-0ubuntu1.2 evince - 3.28.4-0ubuntu1.2 libevdocument3-4 - 3.28.4-0ubuntu1.2 browser-plugin-evince - 3.28.4-0ubuntu1.2 No subscription required None https://launchpad.net/bugs/1794848 https://launchpad.net/bugs/1788929 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.8 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.8 libisc169 - 1:9.11.3+dfsg-1ubuntu1.8 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.8 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.8 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.8 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.8 bind9 - 1:9.11.3+dfsg-1ubuntu1.8 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.8 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.8 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.8 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.8 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.8 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.8 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.8 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.8 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.8 bind9-host - 1:9.11.3+dfsg-1ubuntu1.8 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.8 dnsutils - 1:9.11.3+dfsg-1ubuntu1.8 bind9utils - 1:9.11.3+dfsg-1ubuntu1.8 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.8 libirs160 - 1:9.11.3+dfsg-1ubuntu1.8 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.8 No subscription required Medium CVE-2019-6471 Ubuntu 18.04 LTS Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Update Instructions: Run `sudo pro fix USN-4027-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.9-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.9-0ubuntu0.18.04.1 libecpg6 - 10.9-0ubuntu0.18.04.1 libpq-dev - 10.9-0ubuntu0.18.04.1 libpgtypes3 - 10.9-0ubuntu0.18.04.1 postgresql-10 - 10.9-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.9-0ubuntu0.18.04.1 libecpg-dev - 10.9-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.9-0ubuntu0.18.04.1 libpq5 - 10.9-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.9-0ubuntu0.18.04.1 postgresql-doc-10 - 10.9-0ubuntu0.18.04.1 postgresql-client-10 - 10.9-0ubuntu0.18.04.1 libecpg-compat3 - 10.9-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-10164 Ubuntu 18.04 LTS Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.7.1+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.7.1+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.7.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.7.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power (ppc64el) systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system. Update Instructions: Run `sudo pro fix USN-4031-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.18.0-24-generic-lpae - 4.18.0-24.25~18.04.1 linux-image-4.18.0-24-snapdragon - 4.18.0-24.25~18.04.1 linux-image-4.18.0-24-lowlatency - 4.18.0-24.25~18.04.1 linux-image-4.18.0-24-generic - 4.18.0-24.25~18.04.1 No subscription required linux-image-lowlatency-hwe-18.04 - 4.18.0.24.74 linux-image-virtual-hwe-18.04 - 4.18.0.24.74 linux-image-generic-lpae-hwe-18.04 - 4.18.0.24.74 linux-image-generic-hwe-18.04 - 4.18.0.24.74 linux-image-snapdragon-hwe-18.04 - 4.18.0.24.74 No subscription required High CVE-2019-12817 Ubuntu 18.04 LTS It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4032-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-nn - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ne - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-nb - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-fa - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-fi - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-fr - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-fy - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-or - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-kab - 67.0.4+build1-0ubuntu0.18.04.1 firefox-testsuite - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-oc - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-cs - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ga - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-gd - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-gn - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-gl - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-gu - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-pa - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-pl - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-cy - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-pt - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-hi - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-uk - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-he - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-hy - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-hr - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-hu - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-as - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ar - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ia - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-az - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-id - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-mai - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-af - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-is - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-it - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-an - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-bs - 67.0.4+build1-0ubuntu0.18.04.1 firefox - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ro - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ja - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ru - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-br - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-bn - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-be - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-bg - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sl - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sk - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-si - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sw - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sv - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sr - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-sq - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ko - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-kn - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-km - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-kk - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ka - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-xh - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ca - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ku - 67.0.4+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-lv - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-lt - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-th - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 67.0.4+build1-0ubuntu0.18.04.1 firefox-dev - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-te - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-cak - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ta - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-lg - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-tr - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-nso - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-de - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-da - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ms - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-mr - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-my - 67.0.4+build1-0ubuntu0.18.04.1 firefox-globalmenu - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-uz - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ml - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-mn - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-mk - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ur - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-vi - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-eu - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-et - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-es - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-csb - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-el - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-eo - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-en - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-zu - 67.0.4+build1-0ubuntu0.18.04.1 firefox-locale-ast - 67.0.4+build1-0ubuntu0.18.04.1 No subscription required High CVE-2019-11708 Ubuntu 18.04 LTS It was discovered that a libmysofa component does not properly validate multiplications and additions, and may crash with some specific input. Update Instructions: Run `sudo pro fix USN-4033-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysofa-utils - 0.6~dfsg0-2ubuntu0.18.04.1 libmysofa0 - 0.6~dfsg0-2ubuntu0.18.04.1 libmysofa-dev - 0.6~dfsg0-2ubuntu0.18.04.1 No subscription required Medium CVE-2019-10672 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. Update Instructions: Run `sudo pro fix USN-4034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.7 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.7 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.7 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.7 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.7 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.7 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.7 No subscription required Medium CVE-2017-12805 CVE-2017-12806 CVE-2018-14434 CVE-2018-15607 CVE-2018-16323 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-16645 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18023 CVE-2018-18024 CVE-2018-18025 CVE-2018-18544 CVE-2018-20467 CVE-2019-10131 CVE-2019-10649 CVE-2019-10650 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Ubuntu 18.04 LTS The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication. Update Instructions: Run `sudo pro fix USN-4037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: policykit-desktop-privileges - 0.20ubuntu18.04.1 No subscription required None https://launchpad.net/bugs/1832337 Ubuntu 18.04 LTS Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189) It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-8.1ubuntu0.1 bzip2-doc - 1.0.6-8.1ubuntu0.1 libbz2-dev - 1.0.6-8.1ubuntu0.1 libbz2-1.0 - 1.0.6-8.1ubuntu0.1 No subscription required Medium CVE-2016-3189 CVE-2019-12900 Ubuntu 18.04 LTS USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4038-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bzip2 - 1.0.6-8.1ubuntu0.2 bzip2-doc - 1.0.6-8.1ubuntu0.2 libbz2-dev - 1.0.6-8.1ubuntu0.2 libbz2-1.0 - 1.0.6-8.1ubuntu0.2 No subscription required None https://launchpad.net/bugs/1834494 Ubuntu 18.04 LTS It was discovered that allocation failures could occur in CImg when loading crafted bmp images. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-7587) It was discovered that a heap-based buffer over-read existed in CImg when loading crafted bmp images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7588) It was discovered that a double free existed in CImg when loading crafted bmp images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7589) Update Instructions: Run `sudo pro fix USN-4039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cimg-doc - 1.7.9+dfsg-2ubuntu0.18.04.1 cimg-dev - 1.7.9+dfsg-2ubuntu0.18.04.1 cimg-examples - 1.7.9+dfsg-2ubuntu0.18.04.1 No subscription required Medium CVE-2018-7587 CVE-2018-7588 CVE-2018-7589 Ubuntu 18.04 LTS It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4040-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1-udeb - 2.2.5-3ubuntu0.1 expat - 2.2.5-3ubuntu0.1 libexpat1-dev - 2.2.5-3ubuntu0.1 libexpat1 - 2.2.5-3ubuntu0.1 No subscription required Low CVE-2018-20843 Ubuntu 18.04 LTS USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SO_SNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that the Linux kernel could be coerced into segmenting responses into multiple TCP segments. A remote attacker could construct an ongoing sequence of requests to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4041-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1017-oracle - 4.15.0-1017.19 No subscription required linux-image-4.15.0-1036-gcp - 4.15.0-1036.38 linux-image-4.15.0-1036-gke - 4.15.0-1036.38 No subscription required linux-image-4.15.0-1038-kvm - 4.15.0-1038.38 No subscription required linux-image-4.15.0-1040-raspi2 - 4.15.0-1040.43 No subscription required linux-image-4.15.0-1043-aws - 4.15.0-1043.45 No subscription required linux-image-4.15.0-1045-oem - 4.15.0-1045.50 No subscription required linux-image-4.15.0-1057-snapdragon - 4.15.0-1057.62 No subscription required linux-image-4.15.0-54-generic-lpae - 4.15.0-54.58 linux-image-4.15.0-54-lowlatency - 4.15.0-54.58 linux-image-4.15.0-54-generic - 4.15.0-54.58 No subscription required linux-image-oracle - 4.15.0.1017.20 No subscription required linux-image-gcp - 4.15.0.1036.38 No subscription required linux-image-gke-4.15 - 4.15.0.1036.39 linux-image-gke - 4.15.0.1036.39 No subscription required linux-image-kvm - 4.15.0.1038.38 No subscription required linux-image-raspi2 - 4.15.0.1040.38 No subscription required linux-image-aws - 4.15.0.1043.42 No subscription required linux-image-oem - 4.15.0.1045.49 No subscription required linux-image-snapdragon - 4.15.0.1057.60 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.54.56 linux-image-generic-hwe-16.04 - 4.15.0.54.56 linux-image-generic-hwe-16.04-edge - 4.15.0.54.56 linux-image-generic-lpae-hwe-16.04 - 4.15.0.54.56 linux-image-virtual - 4.15.0.54.56 linux-image-virtual-hwe-16.04 - 4.15.0.54.56 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.54.56 linux-image-generic - 4.15.0.54.56 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.54.56 linux-image-generic-lpae - 4.15.0.54.56 linux-image-lowlatency-hwe-16.04 - 4.15.0.54.56 linux-image-lowlatency - 4.15.0.54.56 No subscription required linux-image-4.18.0-1023-azure - 4.18.0-1023.24~18.04.1 No subscription required linux-image-4.18.0-25-lowlatency - 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-generic-lpae - 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-generic - 4.18.0-25.26~18.04.1 linux-image-4.18.0-25-snapdragon - 4.18.0-25.26~18.04.1 No subscription required linux-image-azure - 4.18.0.1023.21 No subscription required linux-image-generic-hwe-18.04 - 4.18.0.25.74 linux-image-snapdragon-hwe-18.04 - 4.18.0.25.74 linux-image-generic-lpae-hwe-18.04 - 4.18.0.25.74 linux-image-lowlatency-hwe-18.04 - 4.18.0.25.74 linux-image-virtual-hwe-18.04 - 4.18.0.25.74 No subscription required Medium CVE-2019-11479 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-4042-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.9 libpoppler-cpp-dev - 0.62.0-2ubuntu2.9 libpoppler-glib-doc - 0.62.0-2ubuntu2.9 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.9 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.9 libpoppler-glib8 - 0.62.0-2ubuntu2.9 libpoppler-private-dev - 0.62.0-2ubuntu2.9 libpoppler-glib-dev - 0.62.0-2ubuntu2.9 libpoppler-dev - 0.62.0-2ubuntu2.9 libpoppler-qt5-dev - 0.62.0-2ubuntu2.9 libpoppler-qt5-1 - 0.62.0-2ubuntu2.9 poppler-utils - 0.62.0-2ubuntu2.9 No subscription required Medium CVE-2017-9865 CVE-2018-18897 CVE-2018-20662 CVE-2019-10018 CVE-2019-10019 CVE-2019-10021 CVE-2019-10023 CVE-2019-10872 CVE-2019-10873 CVE-2019-12293 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308) Gavin Wahl discovered that Django incorrectly handled HTTP detection when used behind a reverse-proxy. Client requests made via HTTP would cause incorrect API results and would not be redirected to HTTPS, contrary to expectations. (CVE-2019-12781) Update Instructions: Run `sudo pro fix USN-4043-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.4 python-django-doc - 1:1.11.11-1ubuntu1.4 python-django-common - 1:1.11.11-1ubuntu1.4 python-django - 1:1.11.11-1ubuntu1.4 No subscription required Medium CVE-2019-12308 CVE-2019-12781 Ubuntu 18.04 LTS Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code. Update Instructions: Run `sudo pro fix USN-4044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: znc - 1.6.6-1ubuntu0.2 znc-python - 1.6.6-1ubuntu0.2 znc-tcl - 1.6.6-1ubuntu0.2 znc-dev - 1.6.6-1ubuntu0.2 znc-perl - 1.6.6-1ubuntu0.2 No subscription required Medium CVE-2019-12816 Ubuntu 18.04 LTS A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708) Update Instructions: Run `sudo pro fix USN-4045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.7.2+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.7.2+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.7.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.7.2+build2-0ubuntu0.18.04.1 No subscription required High CVE-2019-11707 CVE-2019-11708 Ubuntu 18.04 LTS It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7054) It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-13045) Update Instructions: Run `sudo pro fix USN-4046-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: irssi-dev - 1.0.5-1ubuntu4.2 irssi - 1.0.5-1ubuntu4.2 No subscription required Medium CVE-2018-7054 CVE-2019-13045 Ubuntu 18.04 LTS Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-4047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.12 libvirt-dev - 4.0.0-1ubuntu8.12 libnss-libvirt - 4.0.0-1ubuntu8.12 libvirt-sanlock - 4.0.0-1ubuntu8.12 libvirt-daemon - 4.0.0-1ubuntu8.12 libvirt-wireshark - 4.0.0-1ubuntu8.12 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.12 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.12 libvirt-doc - 4.0.0-1ubuntu8.12 libvirt-daemon-system - 4.0.0-1ubuntu8.12 libvirt-clients - 4.0.0-1ubuntu8.12 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.12 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.12 libvirt-bin - 4.0.0-1ubuntu8.12 No subscription required Medium CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 Ubuntu 18.04 LTS Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Update Instructions: Run `sudo pro fix USN-4048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~18.04.3 docker.io - 18.09.7-0ubuntu1~18.04.3 golang-docker-dev - 18.09.7-0ubuntu1~18.04.3 vim-syntax-docker - 18.09.7-0ubuntu1~18.04.3 docker-doc - 18.09.7-0ubuntu1~18.04.3 No subscription required Medium CVE-2018-15664 CVE-2019-5736 Ubuntu 18.04 LTS It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4049-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.4 libglib2.0-data - 2.56.4-0ubuntu0.18.04.4 libglib2.0-udeb - 2.56.4-0ubuntu0.18.04.4 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.4 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.4 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.4 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.4 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.4 No subscription required Medium CVE-2019-13012 Ubuntu 18.04 LTS It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4050-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzmq5 - 4.2.5-1ubuntu0.2 libzmq3-dev - 4.2.5-1ubuntu0.2 No subscription required High CVE-2019-13132 Ubuntu 18.04 LTS Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Update Instructions: Run `sudo pro fix USN-4051-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.7 python3-problem-report - 2.20.9-0ubuntu7.7 apport-kde - 2.20.9-0ubuntu7.7 apport-retrace - 2.20.9-0ubuntu7.7 apport-valgrind - 2.20.9-0ubuntu7.7 python3-apport - 2.20.9-0ubuntu7.7 dh-apport - 2.20.9-0ubuntu7.7 apport-gtk - 2.20.9-0ubuntu7.7 apport - 2.20.9-0ubuntu7.7 python-problem-report - 2.20.9-0ubuntu7.7 apport-noui - 2.20.9-0ubuntu7.7 No subscription required Medium CVE-2019-7307 Ubuntu 18.04 LTS Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4052-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.62ubuntu0.1 libwhoopsie0 - 0.2.62ubuntu0.1 libwhoopsie-dev - 0.2.62ubuntu0.1 No subscription required Medium CVE-2019-11476 Ubuntu 18.04 LTS It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795) Update Instructions: Run `sudo pro fix USN-4053-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gvfs-backends - 1.36.1-0ubuntu1.3.3 gvfs-libs - 1.36.1-0ubuntu1.3.3 gvfs-daemons - 1.36.1-0ubuntu1.3.3 gvfs-bin - 1.36.1-0ubuntu1.3.3 gvfs-common - 1.36.1-0ubuntu1.3.3 gvfs-fuse - 1.36.1-0ubuntu1.3.3 gvfs - 1.36.1-0ubuntu1.3.3 No subscription required Medium CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 Ubuntu 18.04 LTS A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4054-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 68.0+build3-0ubuntu0.18.04.1 firefox - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 68.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 68.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 68.0+build3-0ubuntu0.18.04.1 firefox-dev - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 68.0+build3-0ubuntu0.18.04.1 firefox-globalmenu - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 68.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 68.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-9811 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 Ubuntu 18.04 LTS USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, conduct cross-site request forgery (CSRF) attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729) It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4054-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 68.0.1+build1-0ubuntu0.18.04.1 firefox - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 68.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 68.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 68.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 68.0.1+build1-0ubuntu0.18.04.1 firefox-globalmenu - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 68.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 68.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1837941 Ubuntu 18.04 LTS Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. (CVE-2019-13032) Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2019-13241) Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update Instructions: Run `sudo pro fix USN-4055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflightcrew0v5 - 0.7.2+dfsg-10ubuntu0.1 libflightcrew-dev - 0.7.2+dfsg-10ubuntu0.1 flightcrew - 0.7.2+dfsg-10ubuntu0.1 No subscription required Medium CVE-2019-13032 CVE-2019-13241 CVE-2019-13453 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19107, CVE-2018-19108) It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-19535, CVE-2019-13112) It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13110, CVE-2019-13113) It was discovered that incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-13114) Update Instructions: Run `sudo pro fix USN-4056-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.3 libexiv2-14 - 0.25-3.1ubuntu0.18.04.3 libexiv2-doc - 0.25-3.1ubuntu0.18.04.3 libexiv2-dev - 0.25-3.1ubuntu0.18.04.3 No subscription required Medium CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2019-13110 CVE-2019-13112 CVE-2019-13113 CVE-2019-13114 Ubuntu 18.04 LTS Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. (CVE-2019-13453) Update Instructions: Run `sudo pro fix USN-4057-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzipios++0v5 - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 libzipios++-dev - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 libzipios++-doc - 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 No subscription required Medium CVE-2019-13453 Ubuntu 18.04 LTS It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19132) It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-13345) Update Instructions: Run `sudo pro fix USN-4059-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.2 squid - 3.5.27-1ubuntu1.2 squid-cgi - 3.5.27-1ubuntu1.2 squid-purge - 3.5.27-1ubuntu1.2 squidclient - 3.5.27-1ubuntu1.2 squid3 - 3.5.27-1ubuntu1.2 No subscription required Medium CVE-2018-19132 CVE-2019-13345 Ubuntu 18.04 LTS Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. (CVE-2019-11727) Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729) Update Instructions: Run `sudo pro fix USN-4060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.3 libnss3 - 2:3.35-2ubuntu2.3 libnss3-tools - 2:3.35-2ubuntu2.3 No subscription required Medium CVE-2019-11719 CVE-2019-11727 CVE-2019-11729 Ubuntu 18.04 LTS It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4061-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-sentinel - 5:4.0.9-1ubuntu0.2 redis-server - 5:4.0.9-1ubuntu0.2 redis - 5:4.0.9-1ubuntu0.2 redis-tools - 5:4.0.9-1ubuntu0.2 No subscription required Medium CVE-2019-10192 CVE-2019-10193 Ubuntu 18.04 LTS Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319) Update Instructions: Run `sudo pro fix USN-4062-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 5.1.0-2ubuntu1.4 libwavpack-dev - 5.1.0-2ubuntu1.4 wavpack - 5.1.0-2ubuntu1.4 No subscription required Medium CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010318 CVE-2019-1010319 Ubuntu 18.04 LTS Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9848) Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. (CVE-2019-9849) Update Instructions: Run `sudo pro fix USN-4063-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.8 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.8 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.8 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.8 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.8 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.8 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.8 python3-uno - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.8 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.8 libreoffice - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.8 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.8 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.8 No subscription required ure - 6.0.7-0ubuntu0.18.04.8 uno-libs3 - 6.0.7-0ubuntu0.18.04.8 No subscription required Medium CVE-2019-9848 CVE-2019-9849 Ubuntu 18.04 LTS A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. (CVE-2019-9811) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting (XSS) attacks, spoof origin attributes, or execute arbitrary code. (CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717) It was discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could exploit this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719) It was discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly exploit this issue to cause Thunderbird to crash, resulting in a denial of service. (CVE-2019-11729) It was discovered that Thunderbird treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2019-11730) Update Instructions: Run `sudo pro fix USN-4064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.8.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.8.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.8.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.8.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 Ubuntu 18.04 LTS It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-12527) It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12529) Update Instructions: Run `sudo pro fix USN-4065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.3 squid - 3.5.27-1ubuntu1.3 squid-cgi - 3.5.27-1ubuntu1.3 squid-purge - 3.5.27-1ubuntu1.3 squidclient - 3.5.27-1ubuntu1.3 squid3 - 3.5.27-1ubuntu1.3 No subscription required Medium CVE-2019-12525 CVE-2019-12527 CVE-2019-12529 Ubuntu 18.04 LTS It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmspack0 - 0.6-3ubuntu0.3 libmspack-dev - 0.6-3ubuntu0.3 libmspack-doc - 0.6-3ubuntu0.3 No subscription required Medium CVE-2019-1010305 Ubuntu 18.04 LTS Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) Update Instructions: Run `sudo pro fix USN-4068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1018-oracle - 4.15.0-1018.20 No subscription required linux-image-4.15.0-1037-gcp - 4.15.0-1037.39 No subscription required linux-image-4.15.0-1039-kvm - 4.15.0-1039.39 No subscription required linux-image-4.15.0-1041-raspi2 - 4.15.0-1041.44 No subscription required linux-image-4.15.0-1044-aws - 4.15.0-1044.46 No subscription required linux-image-4.15.0-1058-snapdragon - 4.15.0-1058.64 No subscription required linux-image-4.15.0-55-lowlatency - 4.15.0-55.60 linux-image-4.15.0-55-generic - 4.15.0-55.60 linux-image-4.15.0-55-generic-lpae - 4.15.0-55.60 No subscription required linux-image-oracle - 4.15.0.1018.21 No subscription required linux-image-gcp - 4.15.0.1037.39 No subscription required linux-image-kvm - 4.15.0.1039.39 No subscription required linux-image-raspi2 - 4.15.0.1041.39 No subscription required linux-image-aws - 4.15.0.1044.43 No subscription required linux-image-snapdragon - 4.15.0.1058.61 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.55.57 linux-image-virtual-hwe-16.04-edge - 4.15.0.55.57 linux-image-generic-hwe-16.04 - 4.15.0.55.57 linux-image-generic-hwe-16.04-edge - 4.15.0.55.57 linux-image-generic-lpae-hwe-16.04 - 4.15.0.55.57 linux-image-virtual - 4.15.0.55.57 linux-image-virtual-hwe-16.04 - 4.15.0.55.57 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.55.57 linux-image-generic - 4.15.0.55.57 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.55.57 linux-image-generic-lpae - 4.15.0.55.57 linux-image-lowlatency - 4.15.0.55.57 No subscription required Medium CVE-2019-11085 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 Ubuntu 18.04 LTS USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) Update Instructions: Run `sudo pro fix USN-4069-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-23-generic - 5.0.0-23.24~18.04.1 linux-image-5.0.0-23-lowlatency - 5.0.0-23.24~18.04.1 linux-image-5.0.0-23-generic-lpae - 5.0.0-23.24~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.23.80 linux-image-lowlatency-hwe-18.04 - 5.0.0.23.80 linux-image-virtual-hwe-18.04 - 5.0.0.23.80 linux-image-generic-lpae-hwe-18.04 - 5.0.0.23.80 linux-image-generic-hwe-18.04 - 5.0.0.23.80 No subscription required Medium CVE-2019-11487 CVE-2019-11599 CVE-2019-11833 CVE-2019-11884 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Update Instructions: Run `sudo pro fix USN-4070-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.27-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.27-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.27-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.27-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.27-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.27-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.27-0ubuntu0.18.04.1 mysql-server - 5.7.27-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.27-0ubuntu0.18.04.1 mysql-testsuite - 5.7.27-0ubuntu0.18.04.1 libmysqld-dev - 5.7.27-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.27-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2791 CVE-2019-2797 CVE-2019-2805 CVE-2019-2819 Ubuntu 18.04 LTS USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10141-changelog/ https://mariadb.com/kb/en/library/mariadb-10141-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Update Instructions: Run `sudo pro fix USN-4070-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.41-0ubuntu0.18.04.1 mariadb-server - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.41-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.41-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.41-0ubuntu0.18.04.1 mariadb-client - 1:10.1.41-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.41-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.41-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.41-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.41-0ubuntu0.18.04.1 mariadb-test - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.41-0ubuntu0.18.04.1 mariadb-common - 1:10.1.41-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.41-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.41-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Ubuntu 18.04 LTS It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-13636) It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-13638) Update Instructions: Run `sudo pro fix USN-4071-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: patch - 2.7.6-2ubuntu1.1 No subscription required Medium CVE-2019-13636 CVE-2019-13638 Ubuntu 18.04 LTS It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828) Update Instructions: Run `sudo pro fix USN-4072-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ansible - 2.5.1+dfsg-1ubuntu0.1 No subscription required Medium CVE-2017-7481 CVE-2018-10855 CVE-2018-10874 CVE-2018-10875 CVE-2018-16837 CVE-2018-16876 CVE-2019-10156 CVE-2019-3828 Ubuntu 18.04 LTS It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libebml4v5 - 1.3.5-2ubuntu0.1 libebml-dev - 1.3.5-2ubuntu0.1 No subscription required Low CVE-2019-13615 Ubuntu 18.04 LTS It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19857) It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12874) It was discovered that the VLC MP4 demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MP4 file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13602) It was discovered that the VLC AVI demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted AVI file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5439) Update Instructions: Run `sudo pro fix USN-4074-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vlc-l10n - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-video-splitter - 3.0.7.1-0ubuntu18.04.1 libvlc-bin - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-visualization - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-samba - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-skins2 - 3.0.7.1-0ubuntu18.04.1 vlc-data - 3.0.7.1-0ubuntu18.04.1 libvlc5 - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-base - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-access-extra - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-qt - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-video-output - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-svg - 3.0.7.1-0ubuntu18.04.1 libvlccore9 - 3.0.7.1-0ubuntu18.04.1 vlc - 3.0.7.1-0ubuntu18.04.1 vlc-bin - 3.0.7.1-0ubuntu18.04.1 libvlccore-dev - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-notify - 3.0.7.1-0ubuntu18.04.1 libvlc-dev - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-fluidsynth - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-jack - 3.0.7.1-0ubuntu18.04.1 vlc-plugin-zvbi - 3.0.7.1-0ubuntu18.04.1 No subscription required Medium CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-5439 Ubuntu 18.04 LTS Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root. Update Instructions: Run `sudo pro fix USN-4075-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.3 eximon4 - 4.90.1-1ubuntu1.3 exim4 - 4.90.1-1ubuntu1.3 exim4-daemon-light - 4.90.1-1ubuntu1.3 exim4-config - 4.90.1-1ubuntu1.3 exim4-daemon-heavy - 4.90.1-1ubuntu1.3 exim4-base - 4.90.1-1ubuntu1.3 No subscription required Medium CVE-2019-13917 Ubuntu 18.04 LTS It was discovered that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation. Update Instructions: Run `sudo pro fix USN-4077-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tmpreaper - 1.6.13+nmu1+deb9u1build0.18.04.1 No subscription required Medium CVE-2019-3461 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565) Update Instructions: Run `sudo pro fix USN-4078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.3 libldap-common - 2.4.45+dfsg-1ubuntu1.3 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.3 ldap-utils - 2.4.45+dfsg-1ubuntu1.3 libldap2-dev - 2.4.45+dfsg-1ubuntu1.3 slapd - 2.4.45+dfsg-1ubuntu1.3 No subscription required Medium CVE-2019-13057 CVE-2019-13565 Ubuntu 18.04 LTS USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory details: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) Update Instructions: Run `sudo pro fix USN-4079-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-pulse - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-ao - 14.4.2-3ubuntu0.18.04.1 sox - 14.4.2-3ubuntu0.18.04.1 libsox3 - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-base - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-all - 14.4.2-3ubuntu0.18.04.1 libsox-dev - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-alsa - 14.4.2-3ubuntu0.18.04.1 libsox-fmt-oss - 14.4.2-3ubuntu0.18.04.1 No subscription required Medium CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Ubuntu 18.04 LTS It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) It was discovered that the ChaCha20Cipher implementation in OpenJDK did not use constant time computations in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2818) It was discovered that the Java Secure Socket Extension (JSSE) component in OpenJDK did not properly handle OCSP stapling messages during TLS handshake in some situations. An attacker could use this to expose sensitive information. (CVE-2019-2821) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update Instructions: Run `sudo pro fix USN-4083-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre-zero - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-source - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre-headless - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jdk - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jdk-headless - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-jre - 11.0.4+11-1ubuntu2~18.04.3 openjdk-11-demo - 11.0.4+11-1ubuntu2~18.04.3 No subscription required Medium CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-7317 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled the Truncator function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14232) It was discovered that Django incorrectly handled the strip_tags function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14233) It was discovered that Django incorrectly handled certain lookups in the PostgreSQL support. A remote attacker could possibly use this issue to perform SQL injection attacks. (CVE-2019-14234) It was discovered that Django incorrectly handled certain invalid UTF-8 octet sequences. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14235) Update Instructions: Run `sudo pro fix USN-4084-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.5 python-django-doc - 1:1.11.11-1ubuntu1.5 python-django-common - 1:1.11.11-1ubuntu1.5 python-django - 1:1.11.11-1ubuntu1.5 No subscription required Medium CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Ubuntu 18.04 LTS Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4085-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sigil - 0.9.9+dfsg-1ubuntu0.1~esm1 sigil-data - 0.9.9+dfsg-1ubuntu0.1~esm1 No subscription required Medium CVE-2019-14452 Ubuntu 18.04 LTS It was discovered that Burrows-Wheeler Aligner (BWA) mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bwa - 0.7.17-1ubuntu0.1 libbwa-dev - 0.7.17-1ubuntu0.1 No subscription required Medium CVE-2019-10269 Ubuntu 18.04 LTS It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. Update Instructions: Run `sudo pro fix USN-4089-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-4ubuntu0.1 No subscription required Medium CVE-2018-16471 Ubuntu 18.04 LTS Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. (CVE-2019-10208) Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory). This issue only affected Ubuntu 19.04. (CVE-2019-10209) Update Instructions: Run `sudo pro fix USN-4090-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.10-0ubuntu0.18.04.1 postgresql-10 - 10.10-0ubuntu0.18.04.1 libecpg6 - 10.10-0ubuntu0.18.04.1 libpq5 - 10.10-0ubuntu0.18.04.1 libpgtypes3 - 10.10-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.10-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.10-0ubuntu0.18.04.1 libecpg-dev - 10.10-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.10-0ubuntu0.18.04.1 libpq-dev - 10.10-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.10-0ubuntu0.18.04.1 postgresql-doc-10 - 10.10-0ubuntu0.18.04.1 postgresql-client-10 - 10.10-0ubuntu0.18.04.1 libecpg-compat3 - 10.10-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-10208 CVE-2019-10209 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4091-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.10 libpoppler-cpp-dev - 0.62.0-2ubuntu2.10 libpoppler-glib-doc - 0.62.0-2ubuntu2.10 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.10 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.10 libpoppler-glib8 - 0.62.0-2ubuntu2.10 libpoppler-private-dev - 0.62.0-2ubuntu2.10 libpoppler-glib-dev - 0.62.0-2ubuntu2.10 libpoppler-dev - 0.62.0-2ubuntu2.10 libpoppler-qt5-dev - 0.62.0-2ubuntu2.10 libpoppler-qt5-1 - 0.62.0-2ubuntu2.10 poppler-utils - 0.62.0-2ubuntu2.10 No subscription required Medium CVE-2019-14494 Ubuntu 18.04 LTS Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. Update Instructions: Run `sudo pro fix USN-4092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.10 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.10 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.10 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.10 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.10 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.10 No subscription required Medium CVE-2019-10216 Ubuntu 18.04 LTS It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Update Instructions: Run `sudo pro fix USN-4093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1014-azure - 5.0.0-1014.14~18.04.1 No subscription required linux-image-5.0.0-25-lowlatency - 5.0.0-25.26~18.04.1 linux-image-5.0.0-25-generic - 5.0.0-25.26~18.04.1 linux-image-5.0.0-25-generic-lpae - 5.0.0-25.26~18.04.1 No subscription required linux-image-azure - 5.0.0.1014.25 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.25.82 linux-image-generic-hwe-18.04 - 5.0.0.25.82 linux-image-virtual-hwe-18.04 - 5.0.0.25.82 linux-image-generic-lpae-hwe-18.04 - 5.0.0.25.82 linux-image-lowlatency-hwe-18.04 - 5.0.0.25.82 No subscription required Medium CVE-2019-10126 CVE-2019-1125 CVE-2019-12614 CVE-2019-12984 CVE-2019-13233 CVE-2019-13272 CVE-2019-3846 Ubuntu 18.04 LTS It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update Instructions: Run `sudo pro fix USN-4094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1021-oracle - 4.15.0-1021.23 No subscription required linux-image-4.15.0-1040-gke - 4.15.0-1040.42 linux-image-4.15.0-1040-gcp - 4.15.0-1040.42 No subscription required linux-image-4.15.0-1042-kvm - 4.15.0-1042.42 No subscription required linux-image-4.15.0-1043-raspi2 - 4.15.0-1043.46 No subscription required linux-image-4.15.0-1050-oem - 4.15.0-1050.57 No subscription required linux-image-4.15.0-1060-snapdragon - 4.15.0-1060.66 No subscription required linux-image-4.15.0-58-lowlatency - 4.15.0-58.64 linux-image-4.15.0-58-generic - 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae - 4.15.0-58.64 No subscription required linux-image-oracle - 4.15.0.1021.24 No subscription required linux-image-gcp - 4.15.0.1040.42 No subscription required linux-image-gke-4.15 - 4.15.0.1040.43 linux-image-gke - 4.15.0.1040.43 No subscription required linux-image-kvm - 4.15.0.1042.42 No subscription required linux-image-raspi2 - 4.15.0.1043.41 No subscription required linux-image-oem - 4.15.0.1050.54 No subscription required linux-image-snapdragon - 4.15.0.1060.63 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.58.60 linux-image-generic-hwe-16.04 - 4.15.0.58.60 linux-image-generic-hwe-16.04-edge - 4.15.0.58.60 linux-image-generic-lpae-hwe-16.04 - 4.15.0.58.60 linux-image-virtual - 4.15.0.58.60 linux-image-virtual-hwe-16.04 - 4.15.0.58.60 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.58.60 linux-image-generic - 4.15.0.58.60 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.58.60 linux-image-generic-lpae - 4.15.0.58.60 linux-image-lowlatency-hwe-16.04 - 4.15.0.58.60 linux-image-lowlatency - 4.15.0.58.60 No subscription required Medium CVE-2018-13053 CVE-2018-13093 CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14609 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14615 CVE-2018-14616 CVE-2018-14617 CVE-2018-16862 CVE-2018-20169 CVE-2018-20511 CVE-2018-20856 CVE-2018-5383 CVE-2019-10126 CVE-2019-1125 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-12984 CVE-2019-13233 CVE-2019-13272 CVE-2019-2024 CVE-2019-2101 CVE-2019-3846 Ubuntu 18.04 LTS Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). Update Instructions: Run `sudo pro fix USN-4096-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1045-aws - 4.15.0-1045.47 No subscription required linux-image-aws - 4.15.0.1045.44 No subscription required Medium CVE-2019-1125 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update Instructions: Run `sudo pro fix USN-4097-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.19-0ubuntu0.18.04.2 php7.2-enchant - 7.2.19-0ubuntu0.18.04.2 php7.2-ldap - 7.2.19-0ubuntu0.18.04.2 php7.2-fpm - 7.2.19-0ubuntu0.18.04.2 php7.2-recode - 7.2.19-0ubuntu0.18.04.2 php7.2-cli - 7.2.19-0ubuntu0.18.04.2 php7.2-json - 7.2.19-0ubuntu0.18.04.2 php7.2-bcmath - 7.2.19-0ubuntu0.18.04.2 php7.2-phpdbg - 7.2.19-0ubuntu0.18.04.2 php7.2 - 7.2.19-0ubuntu0.18.04.2 php7.2-pspell - 7.2.19-0ubuntu0.18.04.2 php7.2-dev - 7.2.19-0ubuntu0.18.04.2 php7.2-sqlite3 - 7.2.19-0ubuntu0.18.04.2 php7.2-gmp - 7.2.19-0ubuntu0.18.04.2 php7.2-mbstring - 7.2.19-0ubuntu0.18.04.2 php7.2-opcache - 7.2.19-0ubuntu0.18.04.2 php7.2-gd - 7.2.19-0ubuntu0.18.04.2 php7.2-soap - 7.2.19-0ubuntu0.18.04.2 libphp7.2-embed - 7.2.19-0ubuntu0.18.04.2 php7.2-intl - 7.2.19-0ubuntu0.18.04.2 php7.2-odbc - 7.2.19-0ubuntu0.18.04.2 libapache2-mod-php7.2 - 7.2.19-0ubuntu0.18.04.2 php7.2-tidy - 7.2.19-0ubuntu0.18.04.2 php7.2-imap - 7.2.19-0ubuntu0.18.04.2 php7.2-readline - 7.2.19-0ubuntu0.18.04.2 php7.2-mysql - 7.2.19-0ubuntu0.18.04.2 php7.2-dba - 7.2.19-0ubuntu0.18.04.2 php7.2-xml - 7.2.19-0ubuntu0.18.04.2 php7.2-interbase - 7.2.19-0ubuntu0.18.04.2 php7.2-xsl - 7.2.19-0ubuntu0.18.04.2 php7.2-xmlrpc - 7.2.19-0ubuntu0.18.04.2 php7.2-pgsql - 7.2.19-0ubuntu0.18.04.2 php7.2-sybase - 7.2.19-0ubuntu0.18.04.2 php7.2-curl - 7.2.19-0ubuntu0.18.04.2 php7.2-common - 7.2.19-0ubuntu0.18.04.2 php7.2-cgi - 7.2.19-0ubuntu0.18.04.2 php7.2-snmp - 7.2.19-0ubuntu0.18.04.2 php7.2-zip - 7.2.19-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-11041 CVE-2019-11042 Ubuntu 18.04 LTS It was discovered that wpa_supplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. Update Instructions: Run `sudo pro fix USN-4098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.4 wpagui - 2:2.6-15ubuntu2.4 wpasupplicant-udeb - 2:2.6-15ubuntu2.4 wpasupplicant - 2:2.6-15ubuntu2.4 No subscription required Medium CVE-2019-13377 Ubuntu 18.04 LTS Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.4 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.4 nginx-doc - 1.14.0-0ubuntu1.4 libnginx-mod-mail - 1.14.0-0ubuntu1.4 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.4 libnginx-mod-http-echo - 1.14.0-0ubuntu1.4 libnginx-mod-nchan - 1.14.0-0ubuntu1.4 nginx-common - 1.14.0-0ubuntu1.4 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.4 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.4 nginx-light - 1.14.0-0ubuntu1.4 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.4 nginx-extras - 1.14.0-0ubuntu1.4 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.4 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.4 libnginx-mod-http-lua - 1.14.0-0ubuntu1.4 libnginx-mod-http-perl - 1.14.0-0ubuntu1.4 nginx-core - 1.14.0-0ubuntu1.4 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.4 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.4 nginx - 1.14.0-0ubuntu1.4 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.4 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.4 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.4 nginx-full - 1.14.0-0ubuntu1.4 libnginx-mod-rtmp - 1.14.0-0ubuntu1.4 No subscription required Medium CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Ubuntu 18.04 LTS It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. (CVE-2019-14744) It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232) Update Instructions: Run `sudo pro fix USN-4100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libktexteditor4 - 4:4.14.38-0ubuntu3.1 libkde3support4 - 4:4.14.38-0ubuntu3.1 libkutils4 - 4:4.14.38-0ubuntu3.1 libkdeui5 - 4:4.14.38-0ubuntu3.1 libkprintutils4 - 4:4.14.38-0ubuntu3.1 kdelibs5-data - 4:4.14.38-0ubuntu3.1 kdelibs-bin - 4:4.14.38-0ubuntu3.1 libsolid4 - 4:4.14.38-0ubuntu3.1 libkdeclarative5 - 4:4.14.38-0ubuntu3.1 libknotifyconfig4 - 4:4.14.38-0ubuntu3.1 kdelibs5-plugins - 4:4.14.38-0ubuntu3.1 libkdnssd4 - 4:4.14.38-0ubuntu3.1 libkhtml5 - 4:4.14.38-0ubuntu3.1 libkfile4 - 4:4.14.38-0ubuntu3.1 libkemoticons4 - 4:4.14.38-0ubuntu3.1 libkunitconversion4 - 4:4.14.38-0ubuntu3.1 libkidletime4 - 4:4.14.38-0ubuntu3.1 libkmediaplayer4 - 4:4.14.38-0ubuntu3.1 libplasma3 - 4:4.14.38-0ubuntu3.1 libkdecore5 - 4:4.14.38-0ubuntu3.1 libkntlm4 - 4:4.14.38-0ubuntu3.1 libkpty4 - 4:4.14.38-0ubuntu3.1 libknewstuff3-4 - 4:4.14.38-0ubuntu3.1 libkparts4 - 4:4.14.38-0ubuntu3.1 libkdewebkit5 - 4:4.14.38-0ubuntu3.1 libkrosscore4 - 4:4.14.38-0ubuntu3.1 kdelibs5-dev - 4:4.14.38-0ubuntu3.1 libkio5 - 4:4.14.38-0ubuntu3.1 libkcmutils4 - 4:4.14.38-0ubuntu3.1 libknewstuff2-4 - 4:4.14.38-0ubuntu3.1 libkdesu5 - 4:4.14.38-0ubuntu3.1 libkrossui4 - 4:4.14.38-0ubuntu3.1 libkimproxy4 - 4:4.14.38-0ubuntu3.1 libthreadweaver4 - 4:4.14.38-0ubuntu3.1 libkjsembed4 - 4:4.14.38-0ubuntu3.1 kdoctools - 4:4.14.38-0ubuntu3.1 libkjsapi4 - 4:4.14.38-0ubuntu3.1 No subscription required libkf5configgui5 - 5.44.0-0ubuntu1.1 libkf5config-bin - 5.44.0-0ubuntu1.1 libkf5config-bin-dev - 5.44.0-0ubuntu1.1 libkf5configcore5 - 5.44.0-0ubuntu1.1 libkf5config-dev - 5.44.0-0ubuntu1.1 libkf5config-data - 5.44.0-0ubuntu1.1 No subscription required Medium CVE-2016-6232 CVE-2019-14744 Ubuntu 18.04 LTS It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords. Update Instructions: Run `sudo pro fix USN-4101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 68.0.2+build1-0ubuntu0.18.04.1 firefox - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 68.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 68.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 68.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 68.0.2+build1-0ubuntu0.18.04.1 firefox-globalmenu - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 68.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 68.0.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11733 Ubuntu 18.04 LTS It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. (CVE-2019-9852) Update Instructions: Run `sudo pro fix USN-4102-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.9 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.9 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.9 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.9 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.9 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.9 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.9 python3-uno - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.9 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.9 libreoffice - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.9 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.9 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.9 No subscription required ure - 6.0.7-0ubuntu0.18.04.9 uno-libs3 - 6.0.7-0ubuntu0.18.04.9 No subscription required Medium CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 Ubuntu 18.04 LTS Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4103-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 18.09.7-0ubuntu1~18.04.4 docker.io - 18.09.7-0ubuntu1~18.04.4 golang-docker-dev - 18.09.7-0ubuntu1~18.04.4 vim-syntax-docker - 18.09.7-0ubuntu1~18.04.4 docker-doc - 18.09.7-0ubuntu1~18.04.4 No subscription required Low CVE-2019-1020014 Ubuntu 18.04 LTS Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4104-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 2:17.0.10-0ubuntu2.1 nova-common - 2:17.0.10-0ubuntu2.1 nova-compute-xen - 2:17.0.10-0ubuntu2.1 nova-api-os-compute - 2:17.0.10-0ubuntu2.1 nova-novncproxy - 2:17.0.10-0ubuntu2.1 nova-serialproxy - 2:17.0.10-0ubuntu2.1 nova-api-os-volume - 2:17.0.10-0ubuntu2.1 nova-compute-lxc - 2:17.0.10-0ubuntu2.1 nova-placement-api - 2:17.0.10-0ubuntu2.1 nova-consoleauth - 2:17.0.10-0ubuntu2.1 python-nova - 2:17.0.10-0ubuntu2.1 nova-network - 2:17.0.10-0ubuntu2.1 nova-api-metadata - 2:17.0.10-0ubuntu2.1 nova-compute-libvirt - 2:17.0.10-0ubuntu2.1 nova-compute-kvm - 2:17.0.10-0ubuntu2.1 nova-xvpvncproxy - 2:17.0.10-0ubuntu2.1 nova-doc - 2:17.0.10-0ubuntu2.1 nova-conductor - 2:17.0.10-0ubuntu2.1 nova-volume - 2:17.0.10-0ubuntu2.1 nova-compute-vmware - 2:17.0.10-0ubuntu2.1 nova-spiceproxy - 2:17.0.10-0ubuntu2.1 nova-scheduler - 2:17.0.10-0ubuntu2.1 nova-console - 2:17.0.10-0ubuntu2.1 nova-ajax-console-proxy - 2:17.0.10-0ubuntu2.1 nova-compute - 2:17.0.10-0ubuntu2.1 nova-compute-qemu - 2:17.0.10-0ubuntu2.1 nova-cells - 2:17.0.10-0ubuntu2.1 No subscription required Medium CVE-2019-14433 Ubuntu 18.04 LTS Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675) It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server. Update Instructions: Run `sudo pro fix USN-4105-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.7 libcups2-dev - 2.2.7-1ubuntu2.7 cups-bsd - 2.2.7-1ubuntu2.7 cups-common - 2.2.7-1ubuntu2.7 cups-core-drivers - 2.2.7-1ubuntu2.7 cups-server-common - 2.2.7-1ubuntu2.7 libcupsimage2 - 2.2.7-1ubuntu2.7 cups-client - 2.2.7-1ubuntu2.7 libcupsimage2-dev - 2.2.7-1ubuntu2.7 cups-ipp-utils - 2.2.7-1ubuntu2.7 libcups2 - 2.2.7-1ubuntu2.7 cups-ppdc - 2.2.7-1ubuntu2.7 libcupsppdc1 - 2.2.7-1ubuntu2.7 libcupsmime1 - 2.2.7-1ubuntu2.7 cups - 2.2.7-1ubuntu2.7 cups-daemon - 2.2.7-1ubuntu2.7 No subscription required Medium CVE-2019-8675 CVE-2019-8696 Ubuntu 18.04 LTS Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem Update Instructions: Run `sudo pro fix USN-4106-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-nltk - 3.2.5-1ubuntu0.1 python3-nltk - 3.2.5-1ubuntu0.1 No subscription required Medium CVE-2019-14751 Ubuntu 18.04 LTS It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11490, CVE-2019-15133) Update Instructions: Run `sudo pro fix USN-4107-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgif7 - 5.1.4-2ubuntu0.1 libgif-dev - 5.1.4-2ubuntu0.1 giflib-tools - 5.1.4-2ubuntu0.1 No subscription required Medium CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 Ubuntu 18.04 LTS It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4108-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zstd - 1.3.3+dfsg-2ubuntu1.1 libzstd1-udeb - 1.3.3+dfsg-2ubuntu1.1 libzstd1-dev - 1.3.3+dfsg-2ubuntu1.1 libzstd-dev - 1.3.3+dfsg-2ubuntu1.1 libzstd1 - 1.3.3+dfsg-2ubuntu1.1 No subscription required Medium CVE-2019-11922 Ubuntu 18.04 LTS It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480) It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14423) It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-18088) It was discovered that OpenJPEG incorrectly handled certain BMP files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5785, CVE-2018-6616) Update Instructions: Run `sudo pro fix USN-4109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.3.0-2build0.18.04.1 libopenjpip-server - 2.3.0-2build0.18.04.1 libopenjpip-viewer - 2.3.0-2build0.18.04.1 libopenjp3d-tools - 2.3.0-2build0.18.04.1 libopenjpip7 - 2.3.0-2build0.18.04.1 libopenjp2-7 - 2.3.0-2build0.18.04.1 libopenjp2-7-dev - 2.3.0-2build0.18.04.1 libopenjp3d7 - 2.3.0-2build0.18.04.1 libopenjpip-dec-server - 2.3.0-2build0.18.04.1 No subscription required Medium CVE-2017-17480 CVE-2018-14423 CVE-2018-18088 CVE-2018-5785 CVE-2018-6616 Ubuntu 18.04 LTS Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.4 dovecot-mysql - 1:2.2.33.2-1ubuntu4.4 dovecot-sieve - 1:2.2.33.2-1ubuntu4.4 dovecot-core - 1:2.2.33.2-1ubuntu4.4 dovecot-ldap - 1:2.2.33.2-1ubuntu4.4 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.4 dovecot-dev - 1:2.2.33.2-1ubuntu4.4 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.4 dovecot-imapd - 1:2.2.33.2-1ubuntu4.4 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.4 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.4 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.4 dovecot-solr - 1:2.2.33.2-1ubuntu4.4 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.4 No subscription required High CVE-2019-11500 Ubuntu 18.04 LTS USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4110-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.5 dovecot-mysql - 1:2.2.33.2-1ubuntu4.5 dovecot-sieve - 1:2.2.33.2-1ubuntu4.5 dovecot-core - 1:2.2.33.2-1ubuntu4.5 dovecot-ldap - 1:2.2.33.2-1ubuntu4.5 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.5 dovecot-dev - 1:2.2.33.2-1ubuntu4.5 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.5 dovecot-imapd - 1:2.2.33.2-1ubuntu4.5 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.5 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.5 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.5 dovecot-solr - 1:2.2.33.2-1ubuntu4.5 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.5 No subscription required High CVE-2019-11500 Ubuntu 18.04 LTS Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817) Update Instructions: Run `sudo pro fix USN-4111-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.11 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.11 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.11 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.11 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.11 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.11 No subscription required Medium CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 Ubuntu 18.04 LTS Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rbd - 12.2.12-0ubuntu0.18.04.2 python3-rbd - 12.2.12-0ubuntu0.18.04.2 python-rados - 12.2.12-0ubuntu0.18.04.2 ceph-mgr - 12.2.12-0ubuntu0.18.04.2 ceph - 12.2.12-0ubuntu0.18.04.2 ceph-test - 12.2.12-0ubuntu0.18.04.2 rbd-mirror - 12.2.12-0ubuntu0.18.04.2 rbd-nbd - 12.2.12-0ubuntu0.18.04.2 librbd-dev - 12.2.12-0ubuntu0.18.04.2 libradosstriper1 - 12.2.12-0ubuntu0.18.04.2 rbd-fuse - 12.2.12-0ubuntu0.18.04.2 librados-dev - 12.2.12-0ubuntu0.18.04.2 libcephfs-jni - 12.2.12-0ubuntu0.18.04.2 libradosstriper-dev - 12.2.12-0ubuntu0.18.04.2 librados2 - 12.2.12-0ubuntu0.18.04.2 ceph-mon - 12.2.12-0ubuntu0.18.04.2 libcephfs2 - 12.2.12-0ubuntu0.18.04.2 librgw2 - 12.2.12-0ubuntu0.18.04.2 ceph-mds - 12.2.12-0ubuntu0.18.04.2 radosgw - 12.2.12-0ubuntu0.18.04.2 librbd1 - 12.2.12-0ubuntu0.18.04.2 python3-rgw - 12.2.12-0ubuntu0.18.04.2 python-rgw - 12.2.12-0ubuntu0.18.04.2 python-ceph - 12.2.12-0ubuntu0.18.04.2 libcephfs-dev - 12.2.12-0ubuntu0.18.04.2 rados-objclass-dev - 12.2.12-0ubuntu0.18.04.2 ceph-osd - 12.2.12-0ubuntu0.18.04.2 python3-ceph-argparse - 12.2.12-0ubuntu0.18.04.2 librgw-dev - 12.2.12-0ubuntu0.18.04.2 python3-rados - 12.2.12-0ubuntu0.18.04.2 ceph-base - 12.2.12-0ubuntu0.18.04.2 python-cephfs - 12.2.12-0ubuntu0.18.04.2 python3-cephfs - 12.2.12-0ubuntu0.18.04.2 ceph-fuse - 12.2.12-0ubuntu0.18.04.2 ceph-common - 12.2.12-0ubuntu0.18.04.2 libcephfs-java - 12.2.12-0ubuntu0.18.04.2 ceph-resource-agents - 12.2.12-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-10222 Ubuntu 18.04 LTS Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517) Update Instructions: Run `sudo pro fix USN-4113-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.10 apache2-utils - 2.4.29-1ubuntu4.10 apache2-dev - 2.4.29-1ubuntu4.10 apache2-suexec-pristine - 2.4.29-1ubuntu4.10 apache2-suexec-custom - 2.4.29-1ubuntu4.10 apache2 - 2.4.29-1ubuntu4.10 apache2-doc - 2.4.29-1ubuntu4.10 apache2-ssl-dev - 2.4.29-1ubuntu4.10 apache2-bin - 2.4.29-1ubuntu4.10 No subscription required Medium CVE-2019-0197 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 Ubuntu 18.04 LTS USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081) Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082) Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092) Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097) Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098) Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517) Update Instructions: Run `sudo pro fix USN-4113-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.11 apache2-utils - 2.4.29-1ubuntu4.11 apache2-dev - 2.4.29-1ubuntu4.11 apache2-suexec-pristine - 2.4.29-1ubuntu4.11 apache2-suexec-custom - 2.4.29-1ubuntu4.11 apache2 - 2.4.29-1ubuntu4.11 apache2-doc - 2.4.29-1ubuntu4.11 apache2-ssl-dev - 2.4.29-1ubuntu4.11 apache2-bin - 2.4.29-1ubuntu4.11 No subscription required None https://launchpad.net/bugs/1842701 Ubuntu 18.04 LTS Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Update Instructions: Run `sudo pro fix USN-4114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1015-gke - 5.0.0-1015.15~18.04.1 No subscription required linux-image-5.0.0-1018-azure - 5.0.0-1018.19~18.04.1 No subscription required linux-image-5.0.0-27-lowlatency - 5.0.0-27.28~18.04.1 linux-image-5.0.0-27-generic - 5.0.0-27.28~18.04.1 linux-image-5.0.0-27-generic-lpae - 5.0.0-27.28~18.04.1 No subscription required linux-image-gke-5.0 - 5.0.0.1015.5 No subscription required linux-image-azure - 5.0.0.1018.28 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.27.84 linux-image-virtual-hwe-18.04 - 5.0.0.27.84 linux-image-generic-lpae-hwe-18.04 - 5.0.0.27.84 linux-image-lowlatency-hwe-18.04 - 5.0.0.27.84 linux-image-generic-hwe-18.04 - 5.0.0.27.84 No subscription required Medium CVE-2019-10638 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-3900 Ubuntu 18.04 LTS Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4115-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1022-oracle - 4.15.0-1022.25 No subscription required linux-image-4.15.0-1041-gke - 4.15.0-1041.43 No subscription required linux-image-4.15.0-1043-kvm - 4.15.0-1043.43 No subscription required linux-image-4.15.0-1044-raspi2 - 4.15.0-1044.47 No subscription required linux-image-4.15.0-60-generic - 4.15.0-60.67 linux-image-4.15.0-60-generic-lpae - 4.15.0-60.67 linux-image-4.15.0-60-lowlatency - 4.15.0-60.67 No subscription required linux-image-oracle - 4.15.0.1022.25 No subscription required linux-image-gke-4.15 - 4.15.0.1041.44 linux-image-gke - 4.15.0.1041.44 No subscription required linux-image-kvm - 4.15.0.1043.43 No subscription required linux-image-raspi2 - 4.15.0.1044.42 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.60.62 linux-image-generic-hwe-16.04 - 4.15.0.60.62 linux-image-generic-hwe-16.04-edge - 4.15.0.60.62 linux-image-generic-lpae-hwe-16.04 - 4.15.0.60.62 linux-image-virtual - 4.15.0.60.62 linux-image-virtual-hwe-16.04 - 4.15.0.60.62 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.60.62 linux-image-generic - 4.15.0.60.62 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.60.62 linux-image-generic-lpae - 4.15.0.60.62 linux-image-lowlatency-hwe-16.04 - 4.15.0.60.62 linux-image-lowlatency - 4.15.0.60.62 No subscription required Medium CVE-2018-19985 CVE-2018-20784 CVE-2019-0136 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-14763 CVE-2019-15090 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-3701 CVE-2019-3819 CVE-2019-3900 CVE-2019-9506 Ubuntu 18.04 LTS USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4115-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1023-oracle - 4.15.0-1023.26 No subscription required linux-image-4.15.0-1042-gke - 4.15.0-1042.44 No subscription required linux-image-4.15.0-1044-kvm - 4.15.0-1044.44 No subscription required linux-image-4.15.0-1045-raspi2 - 4.15.0-1045.49 No subscription required linux-image-4.15.0-1048-aws - 4.15.0-1048.50 No subscription required linux-image-4.15.0-62-generic-lpae - 4.15.0-62.69 linux-image-4.15.0-62-generic - 4.15.0-62.69 linux-image-4.15.0-62-lowlatency - 4.15.0-62.69 No subscription required linux-image-oracle - 4.15.0.1023.26 No subscription required linux-image-gke-4.15 - 4.15.0.1042.45 linux-image-gke - 4.15.0.1042.45 No subscription required linux-image-kvm - 4.15.0.1044.44 No subscription required linux-image-raspi2 - 4.15.0.1045.43 No subscription required linux-image-aws - 4.15.0.1048.47 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.62.64 linux-image-lowlatency-hwe-16.04 - 4.15.0.62.64 linux-image-generic-hwe-16.04-edge - 4.15.0.62.64 linux-image-generic-lpae-hwe-16.04 - 4.15.0.62.64 linux-image-virtual - 4.15.0.62.64 linux-image-virtual-hwe-16.04 - 4.15.0.62.64 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.62.64 linux-image-generic - 4.15.0.62.64 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.62.64 linux-image-generic-lpae - 4.15.0.62.64 linux-image-generic-hwe-16.04 - 4.15.0.62.64 linux-image-lowlatency - 4.15.0.62.64 No subscription required None https://launchpad.net/bugs/1842447 Ubuntu 18.04 LTS It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update Instructions: Run `sudo pro fix USN-4118-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1047-aws - 4.15.0-1047.49 No subscription required linux-image-aws - 4.15.0.1047.46 No subscription required Medium CVE-2018-13053 CVE-2018-13093 CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14609 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2018-14614 CVE-2018-14615 CVE-2018-14616 CVE-2018-14617 CVE-2018-16862 CVE-2018-19985 CVE-2018-20169 CVE-2018-20511 CVE-2018-20784 CVE-2018-20856 CVE-2018-5383 CVE-2019-0136 CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11085 CVE-2019-11487 CVE-2019-11599 CVE-2019-11810 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12818 CVE-2019-12819 CVE-2019-12984 CVE-2019-13233 CVE-2019-13272 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-14763 CVE-2019-15090 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-2024 CVE-2019-2101 CVE-2019-3701 CVE-2019-3819 CVE-2019-3846 CVE-2019-3900 CVE-2019-9506 Ubuntu 18.04 LTS It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings. Update Instructions: Run `sudo pro fix USN-4120-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.28 systemd-coredump - 237-3ubuntu10.28 systemd - 237-3ubuntu10.28 udev-udeb - 237-3ubuntu10.28 libsystemd0 - 237-3ubuntu10.28 systemd-container - 237-3ubuntu10.28 libnss-myhostname - 237-3ubuntu10.28 libudev1-udeb - 237-3ubuntu10.28 libudev1 - 237-3ubuntu10.28 libsystemd-dev - 237-3ubuntu10.28 libnss-systemd - 237-3ubuntu10.28 systemd-journal-remote - 237-3ubuntu10.28 libpam-systemd - 237-3ubuntu10.28 libnss-mymachines - 237-3ubuntu10.28 libnss-resolve - 237-3ubuntu10.28 systemd-sysv - 237-3ubuntu10.28 udev - 237-3ubuntu10.28 libudev-dev - 237-3ubuntu10.28 No subscription required Medium CVE-2019-15718 Ubuntu 18.04 LTS USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings. Update Instructions: Run `sudo pro fix USN-4120-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.29 systemd-coredump - 237-3ubuntu10.29 systemd - 237-3ubuntu10.29 udev-udeb - 237-3ubuntu10.29 libsystemd0 - 237-3ubuntu10.29 systemd-container - 237-3ubuntu10.29 libnss-myhostname - 237-3ubuntu10.29 libudev1-udeb - 237-3ubuntu10.29 libudev1 - 237-3ubuntu10.29 libsystemd-dev - 237-3ubuntu10.29 libnss-systemd - 237-3ubuntu10.29 systemd-journal-remote - 237-3ubuntu10.29 libpam-systemd - 237-3ubuntu10.29 libudev-dev - 237-3ubuntu10.29 libnss-mymachines - 237-3ubuntu10.29 libnss-resolve - 237-3ubuntu10.29 systemd-sysv - 237-3ubuntu10.29 udev - 237-3ubuntu10.29 No subscription required None https://launchpad.net/bugs/1842651 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752) It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812) It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741) It was discovered that the "Forget about this site" feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747) Update Instructions: Run `sudo pro fix USN-4122-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 69.0+build2-0ubuntu0.18.04.1 firefox - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 69.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 69.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 69.0+build2-0ubuntu0.18.04.1 firefox-dev - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 69.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 69.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-5849 CVE-2019-9812 CVE-2019-11734 CVE-2019-11735 CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11752 Ubuntu 18.04 LTS USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752) It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812) It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741) It was discovered that the "Forget about this site" feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747) Update Instructions: Run `sudo pro fix USN-4122-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 69.0.2+build1-0ubuntu0.18.04.1 firefox - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 69.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 69.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 69.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 69.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 69.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1847354 Ubuntu 18.04 LTS It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4123-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-fstream - 1.0.10-1ubuntu0.18.04.1 No subscription required Low CVE-2019-13173 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4124-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.4 eximon4 - 4.90.1-1ubuntu1.4 exim4 - 4.90.1-1ubuntu1.4 exim4-daemon-light - 4.90.1-1ubuntu1.4 exim4-config - 4.90.1-1ubuntu1.4 exim4-daemon-heavy - 4.90.1-1ubuntu1.4 exim4-base - 4.90.1-1ubuntu1.4 No subscription required High CVE-2019-15846 https://launchpad.net/bugs/1843041 Ubuntu 18.04 LTS It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.5.6-0ubuntu1.2 No subscription required Medium CVE-2019-15026 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blocklist meschanisms. (CVE-2019-9948) Update Instructions: Run `sudo pro fix USN-4127-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.15-4ubuntu4~18.04.1 python2.7-doc - 2.7.15-4ubuntu4~18.04.1 libpython2.7-minimal - 2.7.15-4ubuntu4~18.04.1 libpython2.7 - 2.7.15-4ubuntu4~18.04.1 libpython2.7-stdlib - 2.7.15-4ubuntu4~18.04.1 libpython2.7-testsuite - 2.7.15-4ubuntu4~18.04.1 python2.7 - 2.7.15-4ubuntu4~18.04.1 idle-python2.7 - 2.7.15-4ubuntu4~18.04.1 python2.7-examples - 2.7.15-4ubuntu4~18.04.1 libpython2.7-dev - 2.7.15-4ubuntu4~18.04.1 python2.7-minimal - 2.7.15-4ubuntu4~18.04.1 No subscription required python3.6-dev - 3.6.8-1~18.04.2 libpython3.6-dev - 3.6.8-1~18.04.2 libpython3.6-minimal - 3.6.8-1~18.04.2 python3.6-examples - 3.6.8-1~18.04.2 libpython3.6-stdlib - 3.6.8-1~18.04.2 python3.6-venv - 3.6.8-1~18.04.2 python3.6-minimal - 3.6.8-1~18.04.2 python3.6 - 3.6.8-1~18.04.2 idle-python3.6 - 3.6.8-1~18.04.2 python3.6-doc - 3.6.8-1~18.04.2 libpython3.6-testsuite - 3.6.8-1~18.04.2 libpython3.6 - 3.6.8-1~18.04.2 No subscription required Medium CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 Ubuntu 18.04 LTS It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update Instructions: Run `sudo pro fix USN-4128-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat8-docs - 8.5.39-1ubuntu1~18.04.3 tomcat8-user - 8.5.39-1ubuntu1~18.04.3 tomcat8-examples - 8.5.39-1ubuntu1~18.04.3 libtomcat8-embed-java - 8.5.39-1ubuntu1~18.04.3 tomcat8-admin - 8.5.39-1ubuntu1~18.04.3 libtomcat8-java - 8.5.39-1ubuntu1~18.04.3 tomcat8-common - 8.5.39-1ubuntu1~18.04.3 tomcat8 - 8.5.39-1ubuntu1~18.04.3 No subscription required Medium CVE-2019-0221 CVE-2019-10072 Ubuntu 18.04 LTS It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-10072) Update Instructions: Run `sudo pro fix USN-4128-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat9-docs - 9.0.16-3ubuntu0.18.04.1 libtomcat9-embed-java - 9.0.16-3ubuntu0.18.04.1 tomcat9-admin - 9.0.16-3ubuntu0.18.04.1 tomcat9-common - 9.0.16-3ubuntu0.18.04.1 libtomcat9-java - 9.0.16-3ubuntu0.18.04.1 tomcat9-user - 9.0.16-3ubuntu0.18.04.1 tomcat9 - 9.0.16-3ubuntu0.18.04.1 tomcat9-examples - 9.0.16-3ubuntu0.18.04.1 No subscription required Medium CVE-2019-0221 CVE-2019-10072 Ubuntu 18.04 LTS Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. (CVE-2019-5481) Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5482) Update Instructions: Run `sudo pro fix USN-4129-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.8 libcurl4-openssl-dev - 7.58.0-2ubuntu3.8 libcurl3-gnutls - 7.58.0-2ubuntu3.8 libcurl4-doc - 7.58.0-2ubuntu3.8 libcurl3-nss - 7.58.0-2ubuntu3.8 libcurl4-nss-dev - 7.58.0-2ubuntu3.8 libcurl4 - 7.58.0-2ubuntu3.8 curl - 7.58.0-2ubuntu3.8 No subscription required Medium CVE-2019-5481 CVE-2019-5482 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.24.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.24.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.24.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.24.4-0ubuntu0.18.04.1 webkit2gtk-driver - 2.24.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.24.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.24.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.24.4-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.24.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.24.4-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8673 CVE-2019-8676 CVE-2019-8678 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 Ubuntu 18.04 LTS It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4131-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vlc-l10n - 3.0.8-0ubuntu18.04.1 vlc-plugin-video-splitter - 3.0.8-0ubuntu18.04.1 libvlc-bin - 3.0.8-0ubuntu18.04.1 vlc-plugin-visualization - 3.0.8-0ubuntu18.04.1 vlc-plugin-samba - 3.0.8-0ubuntu18.04.1 vlc-plugin-skins2 - 3.0.8-0ubuntu18.04.1 vlc-data - 3.0.8-0ubuntu18.04.1 libvlc5 - 3.0.8-0ubuntu18.04.1 vlc-plugin-base - 3.0.8-0ubuntu18.04.1 vlc-plugin-access-extra - 3.0.8-0ubuntu18.04.1 vlc-plugin-qt - 3.0.8-0ubuntu18.04.1 vlc-plugin-video-output - 3.0.8-0ubuntu18.04.1 vlc-plugin-svg - 3.0.8-0ubuntu18.04.1 libvlccore9 - 3.0.8-0ubuntu18.04.1 vlc - 3.0.8-0ubuntu18.04.1 vlc-bin - 3.0.8-0ubuntu18.04.1 libvlccore-dev - 3.0.8-0ubuntu18.04.1 vlc-plugin-notify - 3.0.8-0ubuntu18.04.1 libvlc-dev - 3.0.8-0ubuntu18.04.1 vlc-plugin-fluidsynth - 3.0.8-0ubuntu18.04.1 vlc-plugin-jack - 3.0.8-0ubuntu18.04.1 vlc-plugin-zvbi - 3.0.8-0ubuntu18.04.1 No subscription required Medium CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970 Ubuntu 18.04 LTS It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4132-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexpat1-udeb - 2.2.5-3ubuntu0.2 expat - 2.2.5-3ubuntu0.2 libexpat1-dev - 2.2.5-3ubuntu0.2 libexpat1 - 2.2.5-3ubuntu0.2 No subscription required Medium CVE-2019-15903 Ubuntu 18.04 LTS It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file. Update Instructions: Run `sudo pro fix USN-4133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwsutil-dev - 2.6.10-1~ubuntu18.04.0 wireshark-dev - 2.6.10-1~ubuntu18.04.0 tshark - 2.6.10-1~ubuntu18.04.0 libwireshark-dev - 2.6.10-1~ubuntu18.04.0 wireshark-qt - 2.6.10-1~ubuntu18.04.0 libwiretap-dev - 2.6.10-1~ubuntu18.04.0 wireshark-gtk - 2.6.10-1~ubuntu18.04.0 libwscodecs2 - 2.6.10-1~ubuntu18.04.0 wireshark-doc - 2.6.10-1~ubuntu18.04.0 wireshark-common - 2.6.10-1~ubuntu18.04.0 libwiretap8 - 2.6.10-1~ubuntu18.04.0 libwireshark-data - 2.6.10-1~ubuntu18.04.0 libwireshark11 - 2.6.10-1~ubuntu18.04.0 libwsutil9 - 2.6.10-1~ubuntu18.04.0 wireshark - 2.6.10-1~ubuntu18.04.0 No subscription required Medium CVE-2019-12295 CVE-2019-13619 Ubuntu 18.04 LTS Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-wayland - 1.5.17-3ubuntu5.1 ibus-doc - 1.5.17-3ubuntu5.1 gir1.2-ibus-1.0 - 1.5.17-3ubuntu5.1 ibus - 1.5.17-3ubuntu5.1 ibus-gtk - 1.5.17-3ubuntu5.1 ibus-gtk3 - 1.5.17-3ubuntu5.1 libibus-1.0-5 - 1.5.17-3ubuntu5.1 libibus-1.0-dev - 1.5.17-3ubuntu5.1 No subscription required Medium CVE-2019-14822 Ubuntu 18.04 LTS USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-gtk - 1.5.17-3ubuntu5.2 ibus-wayland - 1.5.17-3ubuntu5.2 ibus - 1.5.17-3ubuntu5.2 libibus-1.0-5 - 1.5.17-3ubuntu5.2 gir1.2-ibus-1.0 - 1.5.17-3ubuntu5.2 libibus-1.0-dev - 1.5.17-3ubuntu5.2 ibus-gtk3 - 1.5.17-3ubuntu5.2 ibus-doc - 1.5.17-3ubuntu5.2 No subscription required None https://launchpad.net/bugs/1844853 Ubuntu 18.04 LTS USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Update Instructions: Run `sudo pro fix USN-4134-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ibus-wayland - 1.5.17-3ubuntu5.3 ibus-doc - 1.5.17-3ubuntu5.3 gir1.2-ibus-1.0 - 1.5.17-3ubuntu5.3 ibus - 1.5.17-3ubuntu5.3 ibus-gtk - 1.5.17-3ubuntu5.3 ibus-gtk3 - 1.5.17-3ubuntu5.3 libibus-1.0-5 - 1.5.17-3ubuntu5.3 libibus-1.0-dev - 1.5.17-3ubuntu5.3 No subscription required Medium CVE-2019-14822 Ubuntu 18.04 LTS Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030) It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031) Update Instructions: Run `sudo pro fix USN-4135-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1025-oracle - 4.15.0-1025.28 No subscription required linux-image-4.15.0-1044-gke - 4.15.0-1044.46 No subscription required linux-image-4.15.0-1044-gcp - 4.15.0-1044.70 No subscription required linux-image-4.15.0-1046-kvm - 4.15.0-1046.46 No subscription required linux-image-4.15.0-1047-raspi2 - 4.15.0-1047.51 No subscription required linux-image-4.15.0-1050-aws - 4.15.0-1050.52 No subscription required linux-image-4.15.0-1056-oem - 4.15.0-1056.65 No subscription required linux-image-4.15.0-1064-snapdragon - 4.15.0-1064.71 No subscription required linux-image-4.15.0-64-lowlatency - 4.15.0-64.73 linux-image-4.15.0-64-generic - 4.15.0-64.73 linux-image-4.15.0-64-generic-lpae - 4.15.0-64.73 No subscription required linux-image-oracle - 4.15.0.1025.28 No subscription required linux-image-gke-4.15 - 4.15.0.1044.47 linux-image-gke - 4.15.0.1044.47 No subscription required linux-image-gcp - 4.15.0.1044.70 No subscription required linux-image-kvm - 4.15.0.1046.46 No subscription required linux-image-raspi2 - 4.15.0.1047.45 No subscription required linux-image-aws - 4.15.0.1050.49 No subscription required linux-image-oem - 4.15.0.1056.60 No subscription required linux-image-snapdragon - 4.15.0.1064.67 No subscription required linux-image-generic - 4.15.0.64.66 linux-image-virtual-hwe-16.04-edge - 4.15.0.64.66 linux-image-generic-hwe-16.04 - 4.15.0.64.66 linux-image-generic-hwe-16.04-edge - 4.15.0.64.66 linux-image-generic-lpae-hwe-16.04 - 4.15.0.64.66 linux-image-virtual - 4.15.0.64.66 linux-image-virtual-hwe-16.04 - 4.15.0.64.66 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.64.66 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.64.66 linux-image-generic-lpae - 4.15.0.64.66 linux-image-lowlatency-hwe-16.04 - 4.15.0.64.66 linux-image-lowlatency - 4.15.0.64.66 No subscription required linux-image-5.0.0-1017-gke - 5.0.0-1017.17~18.04.1 No subscription required linux-image-5.0.0-1020-azure - 5.0.0-1020.21~18.04.1 No subscription required linux-image-5.0.0-29-generic - 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-generic-lpae - 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-lowlatency - 5.0.0-29.31~18.04.1 No subscription required linux-image-gke-5.0 - 5.0.0.1017.7 No subscription required linux-image-azure - 5.0.0.1020.30 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.29.86 linux-image-generic-hwe-18.04 - 5.0.0.29.86 linux-image-generic-lpae-hwe-18.04 - 5.0.0.29.86 linux-image-lowlatency-hwe-18.04 - 5.0.0.29.86 linux-image-virtual-hwe-18.04 - 5.0.0.29.86 No subscription required High CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 Ubuntu 18.04 LTS It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.5 wpagui - 2:2.6-15ubuntu2.5 wpasupplicant - 2:2.6-15ubuntu2.5 wpasupplicant-udeb - 2:2.6-15ubuntu2.5 No subscription required Medium CVE-2019-16275 Ubuntu 18.04 LTS It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4138-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.10 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.10 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.10 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.10 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.10 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.10 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.10 python3-uno - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.10 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.10 libreoffice - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.10 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.10 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.10 No subscription required ure - 6.0.7-0ubuntu0.18.04.10 uno-libs3 - 6.0.7-0ubuntu0.18.04.10 No subscription required Medium CVE-2019-9854 Ubuntu 18.04 LTS It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction. Update Instructions: Run `sudo pro fix USN-4139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.28.0-1ubuntu1.1 No subscription required Medium CVE-2019-16680 Ubuntu 18.04 LTS It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users. Update Instructions: Run `sudo pro fix USN-4140-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 69.0.1+build1-0ubuntu0.18.04.1 firefox - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 69.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 69.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 69.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 69.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 69.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11754 Ubuntu 18.04 LTS It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.44.1-1ubuntu1.2 e2fslibs-dev - 1.44.1-1ubuntu1.2 libcomerr2 - 1.44.1-1ubuntu1.2 libcom-err2 - 1.44.1-1ubuntu1.2 e2fsprogs - 1.44.1-1ubuntu1.2 e2fsck-static - 1.44.1-1ubuntu1.2 e2fslibs - 1.44.1-1ubuntu1.2 e2fsprogs-l10n - 1.44.1-1ubuntu1.2 libext2fs-dev - 1.44.1-1ubuntu1.2 e2fsprogs-udeb - 1.44.1-1ubuntu1.2 libext2fs2 - 1.44.1-1ubuntu1.2 fuse2fs - 1.44.1-1ubuntu1.2 No subscription required ss-dev - 2.0-1.44.1-1ubuntu1.2 No subscription required comerr-dev - 2.1-1.44.1-1ubuntu1.2 No subscription required Medium CVE-2019-5094 Ubuntu 18.04 LTS It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2017-2888) It was discovered that SDL 2.0 mishandled crafted image files. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. (CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638) Update Instructions: Run `sudo pro fix USN-4143-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl2-dev - 2.0.8+dfsg1-1ubuntu1.18.04.4 libsdl2-doc - 2.0.8+dfsg1-1ubuntu1.18.04.4 libsdl2-2.0-0 - 2.0.8+dfsg1-1ubuntu1.18.04.4 No subscription required Medium CVE-2017-2888 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Ubuntu 18.04 LTS It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) Update Instructions: Run `sudo pro fix USN-4144-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1026-oracle - 4.15.0-1026.29 No subscription required linux-image-4.15.0-1047-kvm - 4.15.0-1047.47 No subscription required linux-image-4.15.0-1048-raspi2 - 4.15.0-1048.52 No subscription required linux-image-4.15.0-1051-aws - 4.15.0-1051.53 No subscription required linux-image-4.15.0-1057-oem - 4.15.0-1057.66 No subscription required linux-image-4.15.0-1065-snapdragon - 4.15.0-1065.72 No subscription required linux-image-4.15.0-65-generic-lpae - 4.15.0-65.74 linux-image-4.15.0-65-generic - 4.15.0-65.74 linux-image-4.15.0-65-lowlatency - 4.15.0-65.74 No subscription required linux-image-oracle - 4.15.0.1026.29 No subscription required linux-image-kvm - 4.15.0.1047.47 No subscription required linux-image-raspi2 - 4.15.0.1048.46 No subscription required linux-image-aws - 4.15.0.1051.50 No subscription required linux-image-oem - 4.15.0.1057.61 No subscription required linux-image-snapdragon - 4.15.0.1065.68 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.65.67 linux-image-lowlatency-hwe-16.04 - 4.15.0.65.67 linux-image-generic-hwe-16.04-edge - 4.15.0.65.67 linux-image-generic-lpae-hwe-16.04 - 4.15.0.65.67 linux-image-virtual - 4.15.0.65.67 linux-image-virtual-hwe-16.04 - 4.15.0.65.67 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.65.67 linux-image-generic - 4.15.0.65.67 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.65.67 linux-image-generic-lpae - 4.15.0.65.67 linux-image-generic-hwe-16.04 - 4.15.0.65.67 linux-image-lowlatency - 4.15.0.65.67 No subscription required Medium CVE-2018-20976 CVE-2019-15538 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-12625) It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12900) Update Instructions: Run `sudo pro fix USN-4146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-base - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.101.4+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.101.4+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.101.4+dfsg-0ubuntu0.18.04.1 clamdscan - 0.101.4+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-12625 CVE-2019-12900 Ubuntu 18.04 LTS It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223) Update Instructions: Run `sudo pro fix USN-4147-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1020-gke - 5.0.0-1020.20~18.04.1 No subscription required linux-image-5.0.0-31-generic-lpae - 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-generic - 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-lowlatency - 5.0.0-31.33~18.04.1 No subscription required linux-image-gke-5.0 - 5.0.0.1020.9 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.31.88 linux-image-lowlatency-hwe-18.04 - 5.0.0.31.88 linux-image-virtual-hwe-18.04 - 5.0.0.31.88 linux-image-generic-lpae-hwe-18.04 - 5.0.0.31.88 linux-image-generic-hwe-18.04 - 5.0.0.31.88 No subscription required Medium CVE-2019-0136 CVE-2019-10207 CVE-2019-13631 CVE-2019-15090 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15217 CVE-2019-15218 CVE-2019-15220 CVE-2019-15221 CVE-2019-15223 CVE-2019-15538 CVE-2019-15925 CVE-2019-15926 CVE-2019-9506 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12596) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-9110, CVE-2017-9112, CVE-2017-9116) Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2018-18444) Update Instructions: Run `sudo pro fix USN-4148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.1 openexr - 2.2.0-11.1ubuntu1.1 libopenexr22 - 2.2.0-11.1ubuntu1.1 openexr-doc - 2.2.0-11.1ubuntu1.1 No subscription required Medium CVE-2017-12596 CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2017-9116 CVE-2018-18444 Ubuntu 18.04 LTS It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to obtain sensitive information, conduct cross-site scripting (XSS) attack, scause a denial of service, or execute arbitrary code. (CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752) Update Instructions: Run `sudo pro fix USN-4150-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xul-ext-gdata-provider - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-ar - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:60.9.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:60.9.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-globalmenu - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:60.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:60.9.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 Ubuntu 18.04 LTS It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Update Instructions: Run `sudo pro fix USN-4151-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.15-4ubuntu4~18.04.2 python2.7-doc - 2.7.15-4ubuntu4~18.04.2 libpython2.7-minimal - 2.7.15-4ubuntu4~18.04.2 libpython2.7 - 2.7.15-4ubuntu4~18.04.2 libpython2.7-stdlib - 2.7.15-4ubuntu4~18.04.2 libpython2.7-testsuite - 2.7.15-4ubuntu4~18.04.2 python2.7 - 2.7.15-4ubuntu4~18.04.2 idle-python2.7 - 2.7.15-4ubuntu4~18.04.2 python2.7-examples - 2.7.15-4ubuntu4~18.04.2 libpython2.7-dev - 2.7.15-4ubuntu4~18.04.2 python2.7-minimal - 2.7.15-4ubuntu4~18.04.2 No subscription required python3.6-dev - 3.6.8-1~18.04.3 libpython3.6-dev - 3.6.8-1~18.04.3 libpython3.6-minimal - 3.6.8-1~18.04.3 python3.6-examples - 3.6.8-1~18.04.3 libpython3.6-stdlib - 3.6.8-1~18.04.3 python3.6-venv - 3.6.8-1~18.04.3 python3.6-minimal - 3.6.8-1~18.04.3 python3.6 - 3.6.8-1~18.04.3 idle-python3.6 - 3.6.8-1~18.04.3 python3.6-doc - 3.6.8-1~18.04.3 libpython3.6-testsuite - 3.6.8-1~18.04.3 libpython3.6 - 3.6.8-1~18.04.3 No subscription required Medium CVE-2019-16056 CVE-2019-16935 Ubuntu 18.04 LTS It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4152-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoup-gnome2.4-1 - 2.62.1-1ubuntu0.4 libsoup-gnome2.4-dev - 2.62.1-1ubuntu0.4 gir1.2-soup-2.4 - 2.62.1-1ubuntu0.4 libsoup2.4-1 - 2.62.1-1ubuntu0.4 libsoup2.4-dev - 2.62.1-1ubuntu0.4 libsoup2.4-doc - 2.62.1-1ubuntu0.4 No subscription required Medium CVE-2019-17266 Ubuntu 18.04 LTS Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user. Update Instructions: Run `sudo pro fix USN-4154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.21p2-3ubuntu1.1 sudo - 1.8.21p2-3ubuntu1.1 No subscription required Medium CVE-2019-14287 Ubuntu 18.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information. Update Instructions: Run `sudo pro fix USN-4155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-4ubuntu0.1 aspell-doc - 0.60.7~20110707-4ubuntu0.1 aspell - 0.60.7~20110707-4ubuntu0.1 libpspell-dev - 0.60.7~20110707-4ubuntu0.1 libaspell-dev - 0.60.7~20110707-4ubuntu0.1 No subscription required Medium CVE-2019-17544 Ubuntu 18.04 LTS It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4156-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15+dfsg2-0.1ubuntu0.1 libsdl1.2-dev - 1.2.15+dfsg2-0.1ubuntu0.1 No subscription required Medium CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Ubuntu 18.04 LTS USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15504) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is disabled via blocklist in Ubuntu by default. (CVE-2019-16714) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181) Update Instructions: Run `sudo pro fix USN-4157-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1021-gcp - 5.0.0-1021.21~18.04.1 No subscription required linux-image-5.0.0-1023-gke - 5.0.0-1023.23~18.04.2 No subscription required linux-image-5.0.0-1023-azure - 5.0.0-1023.24~18.04.1 No subscription required linux-image-5.0.0-32-generic - 5.0.0-32.34~18.04.2 linux-image-5.0.0-32-generic-lpae - 5.0.0-32.34~18.04.2 linux-image-5.0.0-32-lowlatency - 5.0.0-32.34~18.04.2 No subscription required linux-image-gcp - 5.0.0.1021.26 No subscription required linux-image-gke-5.0 - 5.0.0.1023.12 No subscription required linux-image-azure - 5.0.0.1023.33 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.32.89 linux-image-lowlatency-hwe-18.04 - 5.0.0.32.89 linux-image-generic-lpae-hwe-18.04 - 5.0.0.32.89 linux-image-virtual-hwe-18.04 - 5.0.0.32.89 linux-image-generic-hwe-18.04 - 5.0.0.32.89 No subscription required Medium CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15504 CVE-2019-15505 CVE-2019-15902 CVE-2019-16714 CVE-2019-2181 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.3 libtiff-tools - 4.0.9-5ubuntu0.3 libtiff5-dev - 4.0.9-5ubuntu0.3 libtiff-dev - 4.0.9-5ubuntu0.3 libtiff5 - 4.0.9-5ubuntu0.3 libtiffxx5 - 4.0.9-5ubuntu0.3 libtiff-doc - 4.0.9-5ubuntu0.3 No subscription required Medium CVE-2019-14973 CVE-2019-17546 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4159-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.4 libexiv2-14 - 0.25-3.1ubuntu0.18.04.4 libexiv2-doc - 0.25-3.1ubuntu0.18.04.4 libexiv2-dev - 0.25-3.1ubuntu0.18.04.4 No subscription required Medium CVE-2019-17402 Ubuntu 18.04 LTS It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update Instructions: Run `sudo pro fix USN-4160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-client2007e - 8:2007f~dfsg-5ubuntu0.18.04.2 uw-mailutils - 8:2007f~dfsg-5ubuntu0.18.04.2 libc-client2007e-dev - 8:2007f~dfsg-5ubuntu0.18.04.2 mlock - 8:2007f~dfsg-5ubuntu0.18.04.2 No subscription required Medium CVE-2018-19518 Ubuntu 18.04 LTS It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918) Update Instructions: Run `sudo pro fix USN-4162-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1027-oracle - 4.15.0-1027.30 No subscription required linux-image-4.15.0-1046-gke - 4.15.0-1046.49 No subscription required linux-image-4.15.0-1048-kvm - 4.15.0-1048.48 No subscription required linux-image-4.15.0-1049-raspi2 - 4.15.0-1049.53 No subscription required linux-image-4.15.0-1052-aws - 4.15.0-1052.54 No subscription required linux-image-4.15.0-1059-oem - 4.15.0-1059.68 No subscription required linux-image-4.15.0-1066-snapdragon - 4.15.0-1066.73 No subscription required linux-image-4.15.0-66-generic - 4.15.0-66.75 linux-image-4.15.0-66-generic-lpae - 4.15.0-66.75 linux-image-4.15.0-66-lowlatency - 4.15.0-66.75 No subscription required linux-image-oracle - 4.15.0.1027.30 No subscription required linux-image-gke-4.15 - 4.15.0.1046.49 linux-image-gke - 4.15.0.1046.49 No subscription required linux-image-kvm - 4.15.0.1048.48 No subscription required linux-image-raspi2 - 4.15.0.1049.47 No subscription required linux-image-aws - 4.15.0.1052.51 No subscription required linux-image-oem - 4.15.0.1059.63 No subscription required linux-image-snapdragon - 4.15.0.1066.69 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.66.68 linux-image-generic-hwe-16.04-edge - 4.15.0.66.68 linux-image-generic-lpae-hwe-16.04 - 4.15.0.66.68 linux-image-virtual - 4.15.0.66.68 linux-image-virtual-hwe-16.04-edge - 4.15.0.66.68 linux-image-virtual-hwe-16.04 - 4.15.0.66.68 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.66.68 linux-image-generic - 4.15.0.66.68 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.66.68 linux-image-generic-lpae - 4.15.0.66.68 linux-image-generic-hwe-16.04 - 4.15.0.66.68 linux-image-lowlatency - 4.15.0.66.68 No subscription required Medium CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902 CVE-2019-15918 Ubuntu 18.04 LTS It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118) It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18197) Update Instructions: Run `sudo pro fix USN-4164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.29-5ubuntu0.2 libxslt1-dev - 1.1.29-5ubuntu0.2 libxslt1.1 - 1.1.29-5ubuntu0.2 xsltproc - 1.1.29-5ubuntu0.2 No subscription required Medium CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4165-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 70.0+build2-0ubuntu0.18.04.1 firefox - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 70.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 70.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 70.0+build2-0ubuntu0.18.04.1 firefox-dev - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 70.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 70.0+build2-0ubuntu0.18.04.1 No subscription required High CVE-2018-6156 CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-11765 CVE-2019-15903 CVE-2019-17000 CVE-2019-17001 CVE-2019-17002 Ubuntu 18.04 LTS USN-4165-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) protections, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4165-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 70.0.1+build1-0ubuntu0.18.04.1 firefox - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 70.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 70.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 70.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 70.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 70.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1851445 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4166-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.1 php7.2-enchant - 7.2.24-0ubuntu0.18.04.1 php7.2-ldap - 7.2.24-0ubuntu0.18.04.1 php7.2-fpm - 7.2.24-0ubuntu0.18.04.1 php7.2-recode - 7.2.24-0ubuntu0.18.04.1 php7.2-cli - 7.2.24-0ubuntu0.18.04.1 php7.2-json - 7.2.24-0ubuntu0.18.04.1 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.1 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.1 php7.2 - 7.2.24-0ubuntu0.18.04.1 php7.2-pspell - 7.2.24-0ubuntu0.18.04.1 php7.2-dev - 7.2.24-0ubuntu0.18.04.1 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.1 php7.2-gmp - 7.2.24-0ubuntu0.18.04.1 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.1 php7.2-opcache - 7.2.24-0ubuntu0.18.04.1 php7.2-gd - 7.2.24-0ubuntu0.18.04.1 php7.2-soap - 7.2.24-0ubuntu0.18.04.1 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.1 php7.2-intl - 7.2.24-0ubuntu0.18.04.1 php7.2-odbc - 7.2.24-0ubuntu0.18.04.1 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.1 php7.2-tidy - 7.2.24-0ubuntu0.18.04.1 php7.2-imap - 7.2.24-0ubuntu0.18.04.1 php7.2-readline - 7.2.24-0ubuntu0.18.04.1 php7.2-mysql - 7.2.24-0ubuntu0.18.04.1 php7.2-dba - 7.2.24-0ubuntu0.18.04.1 php7.2-xml - 7.2.24-0ubuntu0.18.04.1 php7.2-interbase - 7.2.24-0ubuntu0.18.04.1 php7.2-xsl - 7.2.24-0ubuntu0.18.04.1 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.1 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.1 php7.2-sybase - 7.2.24-0ubuntu0.18.04.1 php7.2-curl - 7.2.24-0ubuntu0.18.04.1 php7.2-common - 7.2.24-0ubuntu0.18.04.1 php7.2-cgi - 7.2.24-0ubuntu0.18.04.1 php7.2-snmp - 7.2.24-0ubuntu0.18.04.1 php7.2-zip - 7.2.24-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11043 Ubuntu 18.04 LTS Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with "get changes" permissions could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14847) Update Instructions: Run `sudo pro fix USN-4167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 No subscription required Medium CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Ubuntu 18.04 LTS It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. (CVE-2019-12290) It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18224) Update Instructions: Run `sudo pro fix USN-4168-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libidn2-doc - 2.0.4-1.1ubuntu0.2 libidn2-0-dev - 2.0.4-1.1ubuntu0.2 libidn2-dev - 2.0.4-1.1ubuntu0.2 libidn2-0 - 2.0.4-1.1ubuntu0.2 idn2 - 2.0.4-1.1ubuntu0.2 No subscription required Medium CVE-2019-12290 CVE-2019-18224 Ubuntu 18.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.2.2-3.1ubuntu0.5 libarchive-tools - 3.2.2-3.1ubuntu0.5 libarchive13 - 3.2.2-3.1ubuntu0.5 bsdtar - 3.2.2-3.1ubuntu0.5 libarchive-dev - 3.2.2-3.1ubuntu0.5 No subscription required Medium CVE-2019-18408 Ubuntu 18.04 LTS Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.62ubuntu0.2 libwhoopsie0 - 0.2.62ubuntu0.2 libwhoopsie-dev - 0.2.62ubuntu0.2 No subscription required Medium CVE-2019-11484 Ubuntu 18.04 LTS USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.62ubuntu0.3 libwhoopsie0 - 0.2.62ubuntu0.3 libwhoopsie-dev - 0.2.62ubuntu0.3 No subscription required None https://launchpad.net/bugs/1850608 Ubuntu 18.04 LTS USN-4170-1 fixed a vulnerability in Whoopsie and USN-4170-2 fixed a subsequent regression. That update was incomplete and could still result in Whoopsie potentially crashing when uploading crash reports on some architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Update Instructions: Run `sudo pro fix USN-4170-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.62ubuntu0.4 libwhoopsie0 - 0.2.62ubuntu0.4 libwhoopsie-dev - 0.2.62ubuntu0.4 No subscription required None https://launchpad.net/bugs/1850608 Ubuntu 18.04 LTS Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.8 python3-problem-report - 2.20.9-0ubuntu7.8 apport-kde - 2.20.9-0ubuntu7.8 apport-retrace - 2.20.9-0ubuntu7.8 apport-valgrind - 2.20.9-0ubuntu7.8 python3-apport - 2.20.9-0ubuntu7.8 dh-apport - 2.20.9-0ubuntu7.8 apport-gtk - 2.20.9-0ubuntu7.8 apport - 2.20.9-0ubuntu7.8 python-problem-report - 2.20.9-0ubuntu7.8 apport-noui - 2.20.9-0ubuntu7.8 No subscription required Medium CVE-2019-11481 CVE-2019-11482 CVE-2019-11483 CVE-2019-11485 CVE-2019-15790 Ubuntu 18.04 LTS USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.9 python3-problem-report - 2.20.9-0ubuntu7.9 apport-kde - 2.20.9-0ubuntu7.9 apport-retrace - 2.20.9-0ubuntu7.9 apport-valgrind - 2.20.9-0ubuntu7.9 python3-apport - 2.20.9-0ubuntu7.9 dh-apport - 2.20.9-0ubuntu7.9 apport-gtk - 2.20.9-0ubuntu7.9 apport - 2.20.9-0ubuntu7.9 python-problem-report - 2.20.9-0ubuntu7.9 apport-noui - 2.20.9-0ubuntu7.9 No subscription required None https://launchpad.net/bugs/1850929 Ubuntu 18.04 LTS USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.12 python3-problem-report - 2.20.9-0ubuntu7.12 apport-kde - 2.20.9-0ubuntu7.12 apport-retrace - 2.20.9-0ubuntu7.12 apport-valgrind - 2.20.9-0ubuntu7.12 python3-apport - 2.20.9-0ubuntu7.12 dh-apport - 2.20.9-0ubuntu7.12 apport-gtk - 2.20.9-0ubuntu7.12 apport - 2.20.9-0ubuntu7.12 python-problem-report - 2.20.9-0ubuntu7.12 apport-noui - 2.20.9-0ubuntu7.12 No subscription required None https://launchpad.net/bugs/1851806 https://launchpad.net/bugs/1854237 Ubuntu 18.04 LTS USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11482) Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-11483) Sander Bos discovered Apport mishandled lock-file creation. This could be used by a local attacker to cause a denial of service against Apport. (CVE-2019-11485) Kevin Backhouse discovered Apport read various process-specific files with elevated privileges during crash dump generation. This could could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. (CVE-2019-15790) Update Instructions: Run `sudo pro fix USN-4171-6` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.20 python3-problem-report - 2.20.9-0ubuntu7.20 apport-kde - 2.20.9-0ubuntu7.20 apport-retrace - 2.20.9-0ubuntu7.20 apport-valgrind - 2.20.9-0ubuntu7.20 python3-apport - 2.20.9-0ubuntu7.20 dh-apport - 2.20.9-0ubuntu7.20 apport-gtk - 2.20.9-0ubuntu7.20 apport - 2.20.9-0ubuntu7.20 python-problem-report - 2.20.9-0ubuntu7.20 apport-noui - 2.20.9-0ubuntu7.20 No subscription required None https://launchpad.net/bugs/1903332 Ubuntu 18.04 LTS It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4172-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagic-dev - 1:5.32-2ubuntu0.3 libmagic-mgc - 1:5.32-2ubuntu0.3 libmagic1 - 1:5.32-2ubuntu0.3 file - 1:5.32-2ubuntu0.3 No subscription required Medium CVE-2019-18218 Ubuntu 18.04 LTS Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4173-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freetds-bin - 1.00.82-2ubuntu0.1 freetds-dev - 1.00.82-2ubuntu0.1 freetds-common - 1.00.82-2ubuntu0.1 tdsodbc - 1.00.82-2ubuntu0.1 libct4 - 1.00.82-2ubuntu0.1 libsybdb5 - 1.00.82-2ubuntu0.1 No subscription required Medium CVE-2019-13508 Ubuntu 18.04 LTS It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling). Update Instructions: Run `sudo pro fix USN-4174-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.7 haproxy-doc - 1.8.8-1ubuntu0.7 vim-haproxy - 1.8.8-1ubuntu0.7 No subscription required Medium CVE-2019-18277 Ubuntu 18.04 LTS It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. Update Instructions: Run `sudo pro fix USN-4175-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-nokogiri - 1.8.2-1ubuntu0.1 No subscription required Medium CVE-2019-5477 Ubuntu 18.04 LTS Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation. Update Instructions: Run `sudo pro fix USN-4176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.12+dfsg-6ubuntu0.18.04.1 cpio-win32 - 2.12+dfsg-6ubuntu0.18.04.1 No subscription required Medium CVE-2019-14866 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4178-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.26.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.26.1-0ubuntu0.18.04.1 webkit2gtk-driver - 2.26.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.26.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.26.1-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.26.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4181-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.26.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.26.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.26.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.26.2-0ubuntu0.18.04.1 webkit2gtk-driver - 2.26.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.26.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.26.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.26.2-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.26.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.26.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-8812 CVE-2019-8814 Ubuntu 18.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191112-0ubuntu0.18.04.2 No subscription required High CVE-2019-11135 CVE-2019-11139 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 18.04 LTS USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that certain Intel Xeon processors did not properly restrict access to a voltage modulation interface. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2019-11139) Update Instructions: Run `sudo pro fix USN-4182-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20191115.1ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1854764 Ubuntu 18.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4184-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1025-gcp - 5.0.0-1025.26~18.04.1 linux-image-5.0.0-1025-gke - 5.0.0-1025.26~18.04.1 No subscription required linux-image-5.0.0-1025-azure - 5.0.0-1025.27~18.04.1 No subscription required linux-image-5.0.0-1027-oem-osp1 - 5.0.0-1027.31 No subscription required linux-image-5.0.0-35-generic - 5.0.0-35.38~18.04.1 linux-image-5.0.0-35-generic-lpae - 5.0.0-35.38~18.04.1 linux-image-5.0.0-35-lowlatency - 5.0.0-35.38~18.04.1 No subscription required linux-image-gke-5.0 - 5.0.0.1025.14 No subscription required linux-image-gcp - 5.0.0.1025.29 No subscription required linux-image-azure - 5.0.0.1025.36 No subscription required linux-image-oem-osp1 - 5.0.0.1027.31 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.35.93 linux-image-lowlatency-hwe-18.04 - 5.0.0.35.93 linux-image-virtual-hwe-18.04 - 5.0.0.35.93 linux-image-generic-lpae-hwe-18.04 - 5.0.0.35.93 linux-image-generic-hwe-18.04 - 5.0.0.35.93 No subscription required High CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15098 CVE-2019-15791 CVE-2019-15792 CVE-2019-15793 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17666 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 18.04 LTS USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4184-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1028-oem-osp1 - 5.0.0-1028.32 No subscription required linux-image-5.0.0-36-lowlatency - 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-generic - 5.0.0-36.39~18.04.1 linux-image-5.0.0-36-generic-lpae - 5.0.0-36.39~18.04.1 No subscription required linux-image-oem-osp1 - 5.0.0.1028.32 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.36.94 linux-image-generic-hwe-18.04 - 5.0.0.36.94 linux-image-virtual-hwe-18.04 - 5.0.0.36.94 linux-image-generic-lpae-hwe-18.04 - 5.0.0.36.94 linux-image-lowlatency-hwe-18.04 - 5.0.0.36.94 No subscription required High CVE-2019-0155 https://bugs.launchpad.net/bugs/1851709 https://bugs.launchpad.net/bugs/1852141 Ubuntu 18.04 LTS Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1029-oracle - 4.15.0-1029.32 No subscription required linux-image-4.15.0-1048-gke - 4.15.0-1048.51 No subscription required linux-image-4.15.0-1050-kvm - 4.15.0-1050.50 No subscription required linux-image-4.15.0-1054-aws - 4.15.0-1054.56 No subscription required linux-image-4.15.0-1063-oem - 4.15.0-1063.72 No subscription required linux-image-4.15.0-69-generic - 4.15.0-69.78 linux-image-4.15.0-69-generic-lpae - 4.15.0-69.78 linux-image-4.15.0-69-lowlatency - 4.15.0-69.78 No subscription required linux-image-oracle - 4.15.0.1029.34 linux-image-oracle-lts-18.04 - 4.15.0.1029.34 No subscription required linux-image-gke-4.15 - 4.15.0.1048.51 linux-image-gke - 4.15.0.1048.51 No subscription required linux-image-kvm - 4.15.0.1050.50 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1054.55 linux-image-aws - 4.15.0.1054.55 No subscription required linux-image-oem - 4.15.0.1063.67 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.69.71 linux-image-generic-hwe-16.04 - 4.15.0.69.71 linux-image-generic-hwe-16.04-edge - 4.15.0.69.71 linux-image-generic-lpae-hwe-16.04 - 4.15.0.69.71 linux-image-virtual - 4.15.0.69.71 linux-image-virtual-hwe-16.04 - 4.15.0.69.71 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.69.71 linux-image-generic - 4.15.0.69.71 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.69.71 linux-image-generic-lpae - 4.15.0.69.71 linux-image-lowlatency-hwe-16.04 - 4.15.0.69.71 linux-image-lowlatency - 4.15.0.69.71 No subscription required High CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-15098 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056 CVE-2019-17666 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Ubuntu 18.04 LTS USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update Instructions: Run `sudo pro fix USN-4185-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1064-oem - 4.15.0-1064.73 No subscription required linux-image-4.15.0-70-generic - 4.15.0-70.79 linux-image-4.15.0-70-lowlatency - 4.15.0-70.79 linux-image-4.15.0-70-generic-lpae - 4.15.0-70.79 No subscription required linux-image-oem - 4.15.0.1064.68 No subscription required linux-image-virtual-hwe-16.04 - 4.15.0.70.72 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.70.72 linux-image-generic-lpae - 4.15.0.70.72 linux-image-virtual-hwe-16.04-edge - 4.15.0.70.72 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.70.72 linux-image-lowlatency-hwe-16.04 - 4.15.0.70.72 linux-image-virtual - 4.15.0.70.72 linux-image-generic-lpae-hwe-16.04 - 4.15.0.70.72 linux-image-generic - 4.15.0.70.72 linux-image-lowlatency - 4.15.0.70.72 linux-image-generic-hwe-16.04 - 4.15.0.70.72 linux-image-generic-hwe-16.04-edge - 4.15.0.70.72 No subscription required High CVE-2019-0155 https://bugs.launchpad.net/bugs/1851709 https://bugs.launchpad.net/bugs/1852141 Ubuntu 18.04 LTS Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librte-pmd-thunderx-nicvf17.11 - 17.11.8-0~ubuntu18.04.2 dpdk-igb-uio-dkms - 17.11.8-0~ubuntu18.04.2 librte-pmd-softnic17.11 - 17.11.8-0~ubuntu18.04.2 librte-timer17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-af-packet17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-sw-event17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-fm10k17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-bond17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-vmxnet3-uio17.11 - 17.11.8-0~ubuntu18.04.2 librte-flow-classify17.11 - 17.11.8-0~ubuntu18.04.2 librte-ring17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-sfc-efx17.11 - 17.11.8-0~ubuntu18.04.2 librte-bus-pci17.11 - 17.11.8-0~ubuntu18.04.2 dpdk-doc - 17.11.8-0~ubuntu18.04.2 librte-distributor17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-vhost17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-null-crypto17.11 - 17.11.8-0~ubuntu18.04.2 librte-net17.11 - 17.11.8-0~ubuntu18.04.2 librte-ip-frag17.11 - 17.11.8-0~ubuntu18.04.2 librte-lpm17.11 - 17.11.8-0~ubuntu18.04.2 librte-vhost17.11 - 17.11.8-0~ubuntu18.04.2 dpdk-dev - 17.11.8-0~ubuntu18.04.2 librte-mbuf17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-e1000-17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-nfp17.11 - 17.11.8-0~ubuntu18.04.2 librte-mempool-octeontx17.11 - 17.11.8-0~ubuntu18.04.2 librte-latencystats17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-avp17.11 - 17.11.8-0~ubuntu18.04.2 dpdk-rte-kni-dkms - 17.11.8-0~ubuntu18.04.2 librte-gro17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-crypto-scheduler17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-ixgbe17.11 - 17.11.8-0~ubuntu18.04.2 librte-cryptodev17.11 - 17.11.8-0~ubuntu18.04.2 librte-cmdline17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-lio17.11 - 17.11.8-0~ubuntu18.04.2 librte-bus-vdev17.11 - 17.11.8-0~ubuntu18.04.2 librte-pdump17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-skeleton-event17.11 - 17.11.8-0~ubuntu18.04.2 librte-table17.11 - 17.11.8-0~ubuntu18.04.2 librte-gso17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-i40e17.11 - 17.11.8-0~ubuntu18.04.2 librte-eventdev17.11 - 17.11.8-0~ubuntu18.04.2 librte-kvargs17.11 - 17.11.8-0~ubuntu18.04.2 librte-mempool-stack17.11 - 17.11.8-0~ubuntu18.04.2 librte-metrics17.11 - 17.11.8-0~ubuntu18.04.2 librte-jobstats17.11 - 17.11.8-0~ubuntu18.04.2 librte-kni17.11 - 17.11.8-0~ubuntu18.04.2 librte-eal17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-octeontx17.11 - 17.11.8-0~ubuntu18.04.2 librte-sched17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-enic17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-mlx5-17.11 - 17.11.8-0~ubuntu18.04.2 librte-pci17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-octeontx-ssovf17.11 - 17.11.8-0~ubuntu18.04.2 librte-bitratestats17.11 - 17.11.8-0~ubuntu18.04.2 librte-security17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-null17.11 - 17.11.8-0~ubuntu18.04.2 librte-hash17.11 - 17.11.8-0~ubuntu18.04.2 librte-member17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-tap17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-pcap17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-mlx4-17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-ark17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-bnxt17.11 - 17.11.8-0~ubuntu18.04.2 librte-meter17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-virtio17.11 - 17.11.8-0~ubuntu18.04.2 librte-power17.11 - 17.11.8-0~ubuntu18.04.2 librte-port17.11 - 17.11.8-0~ubuntu18.04.2 librte-mempool17.11 - 17.11.8-0~ubuntu18.04.2 librte-cfgfile17.11 - 17.11.8-0~ubuntu18.04.2 librte-efd17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-cxgbe17.11 - 17.11.8-0~ubuntu18.04.2 dpdk - 17.11.8-0~ubuntu18.04.2 librte-pipeline17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-qede17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-failsafe17.11 - 17.11.8-0~ubuntu18.04.2 librte-reorder17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-kni17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-ena17.11 - 17.11.8-0~ubuntu18.04.2 librte-mempool-ring17.11 - 17.11.8-0~ubuntu18.04.2 librte-ethdev17.11 - 17.11.8-0~ubuntu18.04.2 librte-pmd-ring17.11 - 17.11.8-0~ubuntu18.04.2 librte-acl17.11 - 17.11.8-0~ubuntu18.04.2 libdpdk-dev - 17.11.8-0~ubuntu18.04.2 No subscription required Low CVE-2019-14818 Ubuntu 18.04 LTS USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a regression in certain environments. This update fixes the problem. Original advisory details: Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4189-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librte-pmd-thunderx-nicvf17.11 - 17.11.9-0ubuntu18.04.1 dpdk-igb-uio-dkms - 17.11.9-0ubuntu18.04.1 librte-pmd-softnic17.11 - 17.11.9-0ubuntu18.04.1 librte-timer17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-af-packet17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-sw-event17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-fm10k17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-bond17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-vmxnet3-uio17.11 - 17.11.9-0ubuntu18.04.1 librte-flow-classify17.11 - 17.11.9-0ubuntu18.04.1 librte-ring17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-sfc-efx17.11 - 17.11.9-0ubuntu18.04.1 librte-bus-pci17.11 - 17.11.9-0ubuntu18.04.1 dpdk-doc - 17.11.9-0ubuntu18.04.1 librte-distributor17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-vhost17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-null-crypto17.11 - 17.11.9-0ubuntu18.04.1 librte-net17.11 - 17.11.9-0ubuntu18.04.1 librte-ip-frag17.11 - 17.11.9-0ubuntu18.04.1 librte-lpm17.11 - 17.11.9-0ubuntu18.04.1 librte-vhost17.11 - 17.11.9-0ubuntu18.04.1 dpdk-dev - 17.11.9-0ubuntu18.04.1 librte-mbuf17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-e1000-17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-nfp17.11 - 17.11.9-0ubuntu18.04.1 librte-mempool-octeontx17.11 - 17.11.9-0ubuntu18.04.1 librte-latencystats17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-avp17.11 - 17.11.9-0ubuntu18.04.1 dpdk-rte-kni-dkms - 17.11.9-0ubuntu18.04.1 librte-gro17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-crypto-scheduler17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-ixgbe17.11 - 17.11.9-0ubuntu18.04.1 librte-cryptodev17.11 - 17.11.9-0ubuntu18.04.1 librte-cmdline17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-lio17.11 - 17.11.9-0ubuntu18.04.1 librte-bus-vdev17.11 - 17.11.9-0ubuntu18.04.1 librte-pdump17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-skeleton-event17.11 - 17.11.9-0ubuntu18.04.1 librte-table17.11 - 17.11.9-0ubuntu18.04.1 librte-gso17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-i40e17.11 - 17.11.9-0ubuntu18.04.1 librte-eventdev17.11 - 17.11.9-0ubuntu18.04.1 librte-kvargs17.11 - 17.11.9-0ubuntu18.04.1 librte-mempool-stack17.11 - 17.11.9-0ubuntu18.04.1 librte-metrics17.11 - 17.11.9-0ubuntu18.04.1 librte-jobstats17.11 - 17.11.9-0ubuntu18.04.1 librte-kni17.11 - 17.11.9-0ubuntu18.04.1 librte-eal17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-octeontx17.11 - 17.11.9-0ubuntu18.04.1 librte-sched17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-enic17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-mlx5-17.11 - 17.11.9-0ubuntu18.04.1 librte-pci17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-octeontx-ssovf17.11 - 17.11.9-0ubuntu18.04.1 librte-bitratestats17.11 - 17.11.9-0ubuntu18.04.1 librte-security17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-null17.11 - 17.11.9-0ubuntu18.04.1 librte-hash17.11 - 17.11.9-0ubuntu18.04.1 librte-member17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-tap17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-pcap17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-mlx4-17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-ark17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-bnxt17.11 - 17.11.9-0ubuntu18.04.1 librte-meter17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-virtio17.11 - 17.11.9-0ubuntu18.04.1 librte-power17.11 - 17.11.9-0ubuntu18.04.1 librte-port17.11 - 17.11.9-0ubuntu18.04.1 librte-mempool17.11 - 17.11.9-0ubuntu18.04.1 librte-cfgfile17.11 - 17.11.9-0ubuntu18.04.1 librte-efd17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-cxgbe17.11 - 17.11.9-0ubuntu18.04.1 dpdk - 17.11.9-0ubuntu18.04.1 librte-pipeline17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-qede17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-failsafe17.11 - 17.11.9-0ubuntu18.04.1 librte-reorder17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-kni17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-ena17.11 - 17.11.9-0ubuntu18.04.1 librte-mempool-ring17.11 - 17.11.9-0ubuntu18.04.1 librte-ethdev17.11 - 17.11.9-0ubuntu18.04.1 librte-pmd-ring17.11 - 17.11.9-0ubuntu18.04.1 librte-acl17.11 - 17.11.9-0ubuntu18.04.1 libdpdk-dev - 17.11.9-0ubuntu18.04.1 No subscription required None https://launchpad.net/bugs/1853463 Ubuntu 18.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14498) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. (CVE-2018-19664) It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2018-20330) It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly cause a denial of service or execute arbitrary code. (CVE-2019-2201) Update Instructions: Run `sudo pro fix USN-4190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libturbojpeg0-dev - 1.5.2-0ubuntu5.18.04.3 libjpeg-turbo8-dev - 1.5.2-0ubuntu5.18.04.3 libjpeg-turbo-progs - 1.5.2-0ubuntu5.18.04.3 libturbojpeg - 1.5.2-0ubuntu5.18.04.3 libjpeg-turbo8 - 1.5.2-0ubuntu5.18.04.3 libjpeg-turbo-test - 1.5.2-0ubuntu5.18.04.3 No subscription required Medium CVE-2018-14498 CVE-2018-19664 CVE-2018-20330 CVE-2019-2201 Ubuntu 18.04 LTS It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A local attacker could possibly use this to bypass ACL restrictions. (CVE-2019-13164) It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. (CVE-2019-14378) It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-15890) Update Instructions: Run `sudo pro fix USN-4191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.20 qemu-user-static - 1:2.11+dfsg-1ubuntu7.20 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.20 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.20 qemu-kvm - 1:2.11+dfsg-1ubuntu7.20 qemu-user - 1:2.11+dfsg-1ubuntu7.20 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.20 qemu-system - 1:2.11+dfsg-1ubuntu7.20 qemu-utils - 1:2.11+dfsg-1ubuntu7.20 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.20 qemu - 1:2.11+dfsg-1ubuntu7.20 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.20 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.20 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.20 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.20 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.20 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.20 No subscription required Medium CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-4192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.8 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.8 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.8 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.8 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.8 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.8 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.8 No subscription required Medium CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 Ubuntu 18.04 LTS Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-4193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.12 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.12 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.12 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.12 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.12 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.12 No subscription required High CVE-2019-14869 Ubuntu 18.04 LTS Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4194-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql - 10+190ubuntu0.1 postgresql-contrib - 10+190ubuntu0.1 postgresql-all - 10+190ubuntu0.1 postgresql-doc - 10+190ubuntu0.1 postgresql-client - 10+190ubuntu0.1 No subscription required postgresql-server-dev-all - 190ubuntu0.1 postgresql-client-common - 190ubuntu0.1 postgresql-common - 190ubuntu0.1 No subscription required Medium CVE-2019-3466 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Update Instructions: Run `sudo pro fix USN-4195-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.28-0ubuntu0.18.04.4 mysql-source-5.7 - 5.7.28-0ubuntu0.18.04.4 libmysqlclient-dev - 5.7.28-0ubuntu0.18.04.4 mysql-client-core-5.7 - 5.7.28-0ubuntu0.18.04.4 mysql-client-5.7 - 5.7.28-0ubuntu0.18.04.4 libmysqlclient20 - 5.7.28-0ubuntu0.18.04.4 mysql-server-5.7 - 5.7.28-0ubuntu0.18.04.4 mysql-server - 5.7.28-0ubuntu0.18.04.4 mysql-server-core-5.7 - 5.7.28-0ubuntu0.18.04.4 mysql-testsuite - 5.7.28-0ubuntu0.18.04.4 libmysqld-dev - 5.7.28-0ubuntu0.18.04.4 mysql-testsuite-5.7 - 5.7.28-0ubuntu0.18.04.4 No subscription required Medium CVE-2019-2910 CVE-2019-2911 CVE-2019-2914 CVE-2019-2920 CVE-2019-2922 CVE-2019-2923 CVE-2019-2924 CVE-2019-2938 CVE-2019-2946 CVE-2019-2948 CVE-2019-2950 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2969 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3003 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 Ubuntu 18.04 LTS USN-4195-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1 and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04 and 19.10 has been updated to MariaDB 10.3.20. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10143-changelog/ https://mariadb.com/kb/en/library/mariadb-10143-release-notes/ https://mariadb.com/kb/en/library/mariadb-10320-changelog/ https://mariadb.com/kb/en/library/mariadb-10320-release-notes/ Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Update Instructions: Run `sudo pro fix USN-4195-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.43-0ubuntu0.18.04.1 mariadb-server - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.43-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.43-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.43-0ubuntu0.18.04.1 mariadb-client - 1:10.1.43-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.43-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.43-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.43-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.43-0ubuntu0.18.04.1 mariadb-test - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.43-0ubuntu0.18.04.1 mariadb-common - 1:10.1.43-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.43-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.43-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-2938 CVE-2019-2974 Ubuntu 18.04 LTS It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853) It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. (CVE-2019-14859) Update Instructions: Run `sudo pro fix USN-4196-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ecdsa - 0.13-2ubuntu0.18.04.1 python3-ecdsa - 0.13-2ubuntu0.18.04.1 No subscription required Medium CVE-2019-14853 CVE-2019-14859 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.11 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.11 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.11 libisc169 - 1:9.11.3+dfsg-1ubuntu1.11 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.11 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.11 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.11 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.11 bind9-host - 1:9.11.3+dfsg-1ubuntu1.11 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.11 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.11 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.11 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.11 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.11 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.11 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.11 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.11 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.11 dnsutils - 1:9.11.3+dfsg-1ubuntu1.11 bind9 - 1:9.11.3+dfsg-1ubuntu1.11 bind9utils - 1:9.11.3+dfsg-1ubuntu1.11 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.11 libirs160 - 1:9.11.3+dfsg-1ubuntu1.11 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.11 No subscription required Medium CVE-2019-6477 Ubuntu 18.04 LTS It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4198-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-8ubuntu0.1 libdjvulibre-text - 3.5.27.1-8ubuntu0.1 djvulibre-desktop - 3.5.27.1-8ubuntu0.1 djview3 - 3.5.27.1-8ubuntu0.1 djvuserve - 3.5.27.1-8ubuntu0.1 libdjvulibre-dev - 3.5.27.1-8ubuntu0.1 djview - 3.5.27.1-8ubuntu0.1 djvulibre-bin - 3.5.27.1-8ubuntu0.1 No subscription required Medium CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 Ubuntu 18.04 LTS It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4199-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.7.0-3ubuntu0.18.04.1 vpx-tools - 1.7.0-3ubuntu0.18.04.1 libvpx-doc - 1.7.0-3ubuntu0.18.04.1 libvpx5 - 1.7.0-3ubuntu0.18.04.1 No subscription required Medium CVE-2017-13194 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 Ubuntu 18.04 LTS It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update Instructions: Run `sudo pro fix USN-4200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redmine-sqlite - 3.4.4-1ubuntu0.1 redmine - 3.4.4-1ubuntu0.1 redmine-mysql - 3.4.4-1ubuntu0.1 redmine-pgsql - 3.4.4-1ubuntu0.1 No subscription required Medium CVE-2019-17427 CVE-2019-18890 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16254) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-16255) Update Instructions: Run `sudo pro fix USN-4201-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.5 - 2.5.1-1ubuntu1.6 ruby2.5 - 2.5.1-1ubuntu1.6 ruby2.5-doc - 2.5.1-1ubuntu1.6 ruby2.5-dev - 2.5.1-1ubuntu1.6 No subscription required Medium CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Ubuntu 18.04 LTS It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) Update Instructions: Run `sudo pro fix USN-4202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:68.2.1+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:68.2.1+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:68.2.1+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:68.2.1+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:68.2.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11755 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Ubuntu 18.04 LTS USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) Update Instructions: Run `sudo pro fix USN-4202-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:68.2.2+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:68.2.2+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:68.2.2+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:68.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:68.2.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1854150 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4203-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.5 libnss3 - 2:3.35-2ubuntu2.5 libnss3-tools - 2:3.35-2ubuntu2.5 No subscription required Medium CVE-2019-11745 Ubuntu 18.04 LTS Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4204-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-psutil-doc - 5.4.2-1ubuntu0.1 python-psutil - 5.4.2-1ubuntu0.1 python3-psutil - 5.4.2-1ubuntu0.1 No subscription required Medium CVE-2019-18874 Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-16168) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244) It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018) It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5827) Update Instructions: Run `sudo pro fix USN-4205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.2 sqlite3-doc - 3.22.0-1ubuntu0.2 libsqlite3-0 - 3.22.0-1ubuntu0.2 libsqlite3-tcl - 3.22.0-1ubuntu0.2 sqlite3 - 3.22.0-1ubuntu0.2 libsqlite3-dev - 3.22.0-1ubuntu0.2 No subscription required Medium CVE-2018-8740 CVE-2019-16168 CVE-2019-19242 CVE-2019-19244 CVE-2019-5018 CVE-2019-5827 Ubuntu 18.04 LTS It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4207-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.28-2ubuntu0.1 libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1 libgraphicsmagick1-dev - 1.3.28-2ubuntu0.1 graphicsmagick - 1.3.28-2ubuntu0.1 graphicsmagick-imagemagick-compat - 1.3.28-2ubuntu0.1 graphicsmagick-libmagick-dev-compat - 1.3.28-2ubuntu0.1 libgraphicsmagick++1-dev - 1.3.28-2ubuntu0.1 libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1 No subscription required Medium CVE-2018-20184 CVE-2018-20185 CVE-2018-20189 CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Ubuntu 18.04 LTS Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) It was discovered that the ARM Komeda display driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18810) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19048) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060, CVE-2019-19061) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065) It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067) It was discovered in the Qualcomm FastRPC Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19069) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) Update Instructions: Run `sudo pro fix USN-4208-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1009-gcp - 5.3.0-1009.10~18.04.1 No subscription required linux-image-gcp-edge - 5.3.0.1009.9 No subscription required Medium CVE-2019-15794 CVE-2019-17075 CVE-2019-17133 CVE-2019-18810 CVE-2019-19048 CVE-2019-19060 CVE-2019-19061 CVE-2019-19065 CVE-2019-19067 CVE-2019-19069 CVE-2019-19075 CVE-2019-19083 Ubuntu 18.04 LTS Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) It was discovered that there was a memory leak in the Advanced Buffer Management functionality of the Netronome NFP4000/NFP6000 NIC Driver in the Linux kernel during certain error scenarios. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19076) Update Instructions: Run `sudo pro fix USN-4209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1008-oracle - 5.0.0-1008.13~18.04.1 No subscription required linux-image-5.0.0-1022-aws - 5.0.0-1022.25~18.04.1 No subscription required linux-image-5.0.0-1026-gcp - 5.0.0-1026.27~18.04.1 No subscription required linux-image-5.0.0-1026-gke - 5.0.0-1026.27~18.04.2 No subscription required linux-image-5.0.0-1030-oem-osp1 - 5.0.0-1030.34 No subscription required linux-image-5.0.0-37-generic - 5.0.0-37.40~18.04.1 linux-image-5.0.0-37-lowlatency - 5.0.0-37.40~18.04.1 linux-image-5.0.0-37-generic-lpae - 5.0.0-37.40~18.04.1 No subscription required linux-image-oracle-edge - 5.0.0.1008.7 No subscription required linux-image-aws-edge - 5.0.0.1022.36 No subscription required linux-image-gke-5.0 - 5.0.0.1026.15 No subscription required linux-image-gcp - 5.0.0.1026.30 No subscription required linux-image-oem-osp1 - 5.0.0.1030.34 No subscription required linux-image-snapdragon-hwe-18.04 - 5.0.0.37.95 linux-image-generic-lpae-hwe-18.04 - 5.0.0.37.95 linux-image-virtual-hwe-18.04 - 5.0.0.37.95 linux-image-lowlatency-hwe-18.04 - 5.0.0.37.95 linux-image-generic-hwe-18.04 - 5.0.0.37.95 No subscription required Medium CVE-2019-15794 CVE-2019-16746 CVE-2019-19076 Ubuntu 18.04 LTS It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) Update Instructions: Run `sudo pro fix USN-4210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1030-oracle - 4.15.0-1030.33 No subscription required linux-image-4.15.0-1049-gke - 4.15.0-1049.52 No subscription required linux-image-4.15.0-1051-kvm - 4.15.0-1051.51 No subscription required linux-image-4.15.0-1052-raspi2 - 4.15.0-1052.56 No subscription required linux-image-4.15.0-1056-aws - 4.15.0-1056.58 No subscription required linux-image-4.15.0-1065-oem - 4.15.0-1065.75 No subscription required linux-image-4.15.0-1069-snapdragon - 4.15.0-1069.76 No subscription required linux-image-4.15.0-72-generic-lpae - 4.15.0-72.81 linux-image-4.15.0-72-lowlatency - 4.15.0-72.81 linux-image-4.15.0-72-generic - 4.15.0-72.81 No subscription required linux-image-oracle - 4.15.0.1030.35 linux-image-oracle-lts-18.04 - 4.15.0.1030.35 No subscription required linux-image-gke-4.15 - 4.15.0.1049.52 linux-image-gke - 4.15.0.1049.52 No subscription required linux-image-kvm - 4.15.0.1051.51 No subscription required linux-image-raspi2 - 4.15.0.1052.50 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1056.57 linux-image-aws - 4.15.0.1056.57 No subscription required linux-image-oem - 4.15.0.1065.69 No subscription required linux-image-snapdragon - 4.15.0.1069.72 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.72.74 linux-image-generic-hwe-16.04-edge - 4.15.0.72.74 linux-image-generic-lpae-hwe-16.04 - 4.15.0.72.74 linux-image-virtual - 4.15.0.72.74 linux-image-generic-hwe-16.04 - 4.15.0.72.74 linux-image-virtual-hwe-16.04 - 4.15.0.72.74 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.72.74 linux-image-generic - 4.15.0.72.74 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.72.74 linux-image-generic-lpae - 4.15.0.72.74 linux-image-lowlatency-hwe-16.04 - 4.15.0.72.74 linux-image-lowlatency - 4.15.0.72.74 No subscription required Medium CVE-2019-16746 CVE-2019-17075 CVE-2019-17133 CVE-2019-19060 CVE-2019-19065 CVE-2019-19075 Ubuntu 18.04 LTS Tim Düsterhus discovered that HAProxy incorrectly handled certain HTTP/2 headers. An attacker could possibly use this issue to execute arbitrary code through CRLF injection. Update Instructions: Run `sudo pro fix USN-4212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.9 haproxy-doc - 1.8.8-1ubuntu0.9 vim-haproxy - 1.8.8-1ubuntu0.9 No subscription required Medium CVE-2019-19330 Ubuntu 18.04 LTS Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-12526) Alex Rousskov discovered that Squid incorrectly handled certain strings. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 19.04. (CVE-2019-12854) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain input. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-18676) Kristoffer Danielsson discovered that Squid incorrectly handled certain messages. This issue could result in traffic being redirected to origins it should not be delivered to. (CVE-2019-18677) Régis Leroy discovered that Squid incorrectly handled certain HTTP request headers. A remote attacker could use this to smuggle HTTP requests and corrupt caches with arbitrary content. (CVE-2019-18678) David Fifield discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to obtain pointer contents and bypass ASLR protections. (CVE-2019-18679) Update Instructions: Run `sudo pro fix USN-4213-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.4 squid - 3.5.27-1ubuntu1.4 squid-cgi - 3.5.27-1ubuntu1.4 squid-purge - 3.5.27-1ubuntu1.4 squidclient - 3.5.27-1ubuntu1.4 squid3 - 3.5.27-1ubuntu1.4 No subscription required Medium CVE-2019-12523 CVE-2019-12526 CVE-2019-12854 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 Ubuntu 18.04 LTS USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4214-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librabbitmq4 - 0.8.0-1ubuntu0.18.04.2 amqp-tools - 0.8.0-1ubuntu0.18.04.2 librabbitmq-dev - 0.8.0-1ubuntu0.18.04.2 No subscription required Medium CVE-2019-18609 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled certain certificates. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.6 libnss3 - 2:3.35-2ubuntu2.6 libnss3-tools - 2:3.35-2ubuntu2.6 No subscription required Medium CVE-2019-17007 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-nn - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ne - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-nb - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-fa - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-fi - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-fr - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-fy - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-or - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-kab - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-oc - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-cs - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ga - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-gd - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-gn - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-gl - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-gu - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-pa - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-pl - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-cy - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-pt - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-hi - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-uk - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-he - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-hy - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-hr - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-hu - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-as - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ar - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ia - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-az - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-id - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-mai - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-af - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-is - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-it - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-an - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-bs - 71.0+build5-0ubuntu0.18.04.1 firefox - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ro - 71.0+build5-0ubuntu0.18.04.1 firefox-geckodriver - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ja - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ru - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-br - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-zh-hant - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-zh-hans - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-bn - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-be - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-bg - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sl - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sk - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-si - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sw - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sv - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sr - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-sq - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ko - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-kn - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-km - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-kk - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ka - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-xh - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ca - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ku - 71.0+build5-0ubuntu0.18.04.1 firefox-mozsymbols - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-lv - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-lt - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-th - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-hsb - 71.0+build5-0ubuntu0.18.04.1 firefox-dev - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-te - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-cak - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ta - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-lg - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-csb - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-tr - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-nso - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-de - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-da - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ms - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-mr - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-my - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-uz - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ml - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-mn - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-mk - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ur - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-eu - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-et - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-es - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-vi - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-el - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-eo - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-en - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-zu - 71.0+build5-0ubuntu0.18.04.1 firefox-locale-ast - 71.0+build5-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11745 CVE-2019-11756 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17013 CVE-2019-17014 Ubuntu 18.04 LTS Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations. (CVE-2019-14870) Update Instructions: Run `sudo pro fix USN-4217-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 No subscription required Medium CVE-2019-14861 CVE-2019-14870 Ubuntu 18.04 LTS It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server. Update Instructions: Run `sudo pro fix USN-4219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.5 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.5 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.5 libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.5 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.5 No subscription required Medium CVE-2019-14889 Ubuntu 18.04 LTS Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory. Update Instructions: Run `sudo pro fix USN-4220-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.5 gitweb - 1:2.17.1-1ubuntu0.5 git-gui - 1:2.17.1-1ubuntu0.5 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.5 git-el - 1:2.17.1-1ubuntu0.5 gitk - 1:2.17.1-1ubuntu0.5 git-all - 1:2.17.1-1ubuntu0.5 git-mediawiki - 1:2.17.1-1ubuntu0.5 git-daemon-run - 1:2.17.1-1ubuntu0.5 git-man - 1:2.17.1-1ubuntu0.5 git-doc - 1:2.17.1-1ubuntu0.5 git-svn - 1:2.17.1-1ubuntu0.5 git-cvs - 1:2.17.1-1ubuntu0.5 git-email - 1:2.17.1-1ubuntu0.5 No subscription required Medium CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 Ubuntu 18.04 LTS It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion). Update Instructions: Run `sudo pro fix USN-4221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcap-dev - 1.8.1-6ubuntu1.18.04.1 libpcap0.8-dev - 1.8.1-6ubuntu1.18.04.1 libpcap0.8 - 1.8.1-6ubuntu1.18.04.1 No subscription required Medium CVE-2019-15165 Ubuntu 18.04 LTS Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. (CVE-2019-2945) Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. (CVE-2019-2949) It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2962) It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2964) It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2973, CVE-2019-2981) It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2975) It was discovered that the String class in OpenJDK contained an out-of- bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. This issue only affected OpenJDK 11 in Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977) It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2978) It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2983) It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). (CVE-2019-2987) It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash). (CVE-2019-2988) It was discovered that the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. An attacker controlling a malicious HTTP proxy could possibly use this to inject content into a proxied HTTP connection. (CVE-2019-2989) It was discovered that the font handling implementation in OpenJDK did not properly validate TrueType font files in some situations. An attacker could specially craft a font file that could cause a denial of service (excessive memory consumption). (CVE-2019-2992) It was discovered that the JavaDoc generator in OpenJDK did not properly filter out some HTML elements properly, including documentation comments in Java source code. An attacker could possibly use this to craft a Cross-Site Scripting attack. (CVE-2019-2999) Update Instructions: Run `sudo pro fix USN-4223-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre-zero - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-doc - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre-headless - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jdk - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jdk-headless - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-jre - 11.0.5+10-0ubuntu1.1~18.04 openjdk-11-demo - 11.0.5+10-0ubuntu1.1~18.04 No subscription required Medium CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Ubuntu 18.04 LTS Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update Instructions: Run `sudo pro fix USN-4224-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.6 python-django-doc - 1:1.11.11-1ubuntu1.6 python-django-common - 1:1.11.11-1ubuntu1.6 python-django - 1:1.11.11-1ubuntu1.6 No subscription required High CVE-2019-19844 Ubuntu 18.04 LTS It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Broadcom V3D DRI driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19044) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that the Mellanox Technologies ConnectX driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19047) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19055) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19072) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19807) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2019-18813) Update Instructions: Run `sudo pro fix USN-4225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1009-azure - 5.3.0-1009.10~18.04.1 No subscription required linux-image-5.3.0-1010-gcp - 5.3.0-1010.11~18.04.1 No subscription required linux-image-azure-edge - 5.3.0.1009.9 No subscription required linux-image-gcp-edge - 5.3.0.1010.10 No subscription required Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-18660 CVE-2019-18813 CVE-2019-19044 CVE-2019-19045 CVE-2019-19047 CVE-2019-19051 CVE-2019-19052 CVE-2019-19055 CVE-2019-19072 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 CVE-2019-19807 Ubuntu 18.04 LTS USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19055) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19072) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2019-18813) Update Instructions: Run `sudo pro fix USN-4225-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-26-generic - 5.3.0-26.28~18.04.1 linux-image-5.3.0-26-generic-lpae - 5.3.0-26.28~18.04.1 linux-image-5.3.0-26-lowlatency - 5.3.0-26.28~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.3.0.26.95 linux-image-snapdragon-hwe-18.04 - 5.3.0.26.95 linux-image-lowlatency-hwe-18.04 - 5.3.0.26.95 linux-image-virtual-hwe-18.04 - 5.3.0.26.95 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.26.95 linux-image-generic-lpae-hwe-18.04 - 5.3.0.26.95 linux-image-generic-hwe-18.04-edge - 5.3.0.26.95 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.26.95 linux-image-generic-hwe-18.04 - 5.3.0.26.95 linux-image-virtual-hwe-18.04-edge - 5.3.0.26.95 No subscription required Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-18660 CVE-2019-18813 CVE-2019-19045 CVE-2019-19051 CVE-2019-19052 CVE-2019-19055 CVE-2019-19072 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 Ubuntu 18.04 LTS Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065) It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2019-18813) Update Instructions: Run `sudo pro fix USN-4226-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1009-oracle - 5.0.0-1009.14~18.04.1 No subscription required linux-image-5.0.0-1023-aws - 5.0.0-1023.26~18.04.1 No subscription required linux-image-5.0.0-1027-gke - 5.0.0-1027.28~18.04.1 No subscription required linux-image-5.0.0-1028-azure - 5.0.0-1028.30~18.04.1 No subscription required linux-image-5.0.0-1033-oem-osp1 - 5.0.0-1033.38 No subscription required linux-image-oracle-edge - 5.0.0.1009.8 No subscription required linux-image-aws-edge - 5.0.0.1023.37 No subscription required linux-image-gke-5.0 - 5.0.0.1027.16 No subscription required linux-image-azure - 5.0.0.1028.39 No subscription required linux-image-oem-osp1 - 5.0.0.1033.37 No subscription required Medium CVE-2019-10220 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-16233 CVE-2019-17075 CVE-2019-17133 CVE-2019-18660 CVE-2019-18813 CVE-2019-19045 CVE-2019-19048 CVE-2019-19052 CVE-2019-19055 CVE-2019-19060 CVE-2019-19065 CVE-2019-19067 CVE-2019-19072 CVE-2019-19075 CVE-2019-19083 CVE-2019-19524 CVE-2019-19526 CVE-2019-19529 CVE-2019-19532 CVE-2019-19534 CVE-2019-19922 CVE-2019-2214 Ubuntu 18.04 LTS It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083) It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19807) Update Instructions: Run `sudo pro fix USN-4227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1031-oracle - 4.15.0-1031.34 No subscription required linux-image-4.15.0-1050-gke - 4.15.0-1050.53 No subscription required linux-image-4.15.0-1052-kvm - 4.15.0-1052.52 No subscription required linux-image-4.15.0-1053-raspi2 - 4.15.0-1053.57 No subscription required linux-image-4.15.0-1057-aws - 4.15.0-1057.59 No subscription required linux-image-4.15.0-1066-oem - 4.15.0-1066.76 No subscription required linux-image-4.15.0-1070-snapdragon - 4.15.0-1070.77 No subscription required linux-image-4.15.0-74-generic - 4.15.0-74.84 linux-image-4.15.0-74-lowlatency - 4.15.0-74.84 linux-image-4.15.0-74-generic-lpae - 4.15.0-74.84 No subscription required linux-image-oracle - 4.15.0.1031.36 linux-image-oracle-lts-18.04 - 4.15.0.1031.36 No subscription required linux-image-gke-4.15 - 4.15.0.1050.53 linux-image-gke - 4.15.0.1050.53 No subscription required linux-image-kvm - 4.15.0.1052.52 No subscription required linux-image-raspi2 - 4.15.0.1053.51 No subscription required linux-image-aws - 4.15.0.1057.58 linux-image-aws-lts-18.04 - 4.15.0.1057.58 No subscription required linux-image-oem - 4.15.0.1066.70 No subscription required linux-image-snapdragon - 4.15.0.1070.73 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.74.76 linux-image-generic-hwe-16.04 - 4.15.0.74.76 linux-image-generic-hwe-16.04-edge - 4.15.0.74.76 linux-image-generic-lpae-hwe-16.04 - 4.15.0.74.76 linux-image-virtual - 4.15.0.74.76 linux-image-virtual-hwe-16.04 - 4.15.0.74.76 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.74.76 linux-image-generic - 4.15.0.74.76 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.74.76 linux-image-generic-lpae - 4.15.0.74.76 linux-image-lowlatency-hwe-16.04 - 4.15.0.74.76 linux-image-lowlatency - 4.15.0.74.76 No subscription required Medium CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16231 CVE-2019-16233 CVE-2019-18660 CVE-2019-19045 CVE-2019-19052 CVE-2019-19083 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 CVE-2019-19807 Ubuntu 18.04 LTS USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary code, or escalate to higher privileges. Update Instructions: Run `sudo pro fix USN-4229-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p10+dfsg-5ubuntu7.3+esm1 sntp - 1:4.2.8p10+dfsg-5ubuntu7.3+esm1 ntp-doc - 1:4.2.8p10+dfsg-5ubuntu7.3+esm1 ntpdate - 1:4.2.8p10+dfsg-5ubuntu7.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Negligible CVE-2018-12327 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-testfiles - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-base - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-daemon - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-docs - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-milter - 0.102.1+dfsg-0ubuntu0.18.04.2 clamav-freshclam - 0.102.1+dfsg-0ubuntu0.18.04.2 libclamav9 - 0.102.1+dfsg-0ubuntu0.18.04.2 clamdscan - 0.102.1+dfsg-0ubuntu0.18.04.2 No subscription required Medium CVE-2019-15961 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.7 libnss3 - 2:3.35-2ubuntu2.7 libnss3-tools - 2:3.35-2ubuntu2.7 No subscription required Medium CVE-2019-17006 Ubuntu 18.04 LTS As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update Instructions: Run `sudo pro fix USN-4233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.5.18-1ubuntu1.2 libgnutls28-dev - 3.5.18-1ubuntu1.2 libgnutlsxx28 - 3.5.18-1ubuntu1.2 gnutls-doc - 3.5.18-1ubuntu1.2 libgnutls-dane0 - 3.5.18-1ubuntu1.2 gnutls-bin - 3.5.18-1ubuntu1.2 libgnutls-openssl27 - 3.5.18-1ubuntu1.2 No subscription required None https://launchpad.net/bugs/1858691 Ubuntu 18.04 LTS USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update Instructions: Run `sudo pro fix USN-4233-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.5.18-1ubuntu1.3 libgnutls28-dev - 3.5.18-1ubuntu1.3 libgnutlsxx28 - 3.5.18-1ubuntu1.3 gnutls-doc - 3.5.18-1ubuntu1.3 libgnutls-dane0 - 3.5.18-1ubuntu1.3 gnutls-bin - 3.5.18-1ubuntu1.3 libgnutls-openssl27 - 3.5.18-1ubuntu1.3 No subscription required None https://launchpad.net/bugs/1860656 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4234-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 72.0.1+build1-0ubuntu0.18.04.1 firefox - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 72.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 72.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 72.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 72.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 72.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-17016 CVE-2019-17017 CVE-2019-17020 CVE-2019-17022 CVE-2019-17023 CVE-2019-17024 CVE-2019-17025 CVE-2019-17026 Ubuntu 18.04 LTS USN-4234-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4234-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 72.0.2+build1-0ubuntu0.18.04.1 firefox - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 72.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 72.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 72.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 72.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 72.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1856707 Ubuntu 18.04 LTS Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Update Instructions: Run `sudo pro fix USN-4235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.7 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.7 nginx-doc - 1.14.0-0ubuntu1.7 libnginx-mod-mail - 1.14.0-0ubuntu1.7 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.7 libnginx-mod-http-echo - 1.14.0-0ubuntu1.7 libnginx-mod-rtmp - 1.14.0-0ubuntu1.7 libnginx-mod-nchan - 1.14.0-0ubuntu1.7 nginx-common - 1.14.0-0ubuntu1.7 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.7 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.7 nginx-light - 1.14.0-0ubuntu1.7 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.7 nginx-extras - 1.14.0-0ubuntu1.7 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.7 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.7 libnginx-mod-http-lua - 1.14.0-0ubuntu1.7 libnginx-mod-http-perl - 1.14.0-0ubuntu1.7 nginx-core - 1.14.0-0ubuntu1.7 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.7 nginx - 1.14.0-0ubuntu1.7 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.7 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.7 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.7 nginx-full - 1.14.0-0ubuntu1.7 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.7 No subscription required Medium CVE-2019-20372 Ubuntu 18.04 LTS It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Update Instructions: Run `sudo pro fix USN-4236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.8.1-4ubuntu1.2 No subscription required libgcrypt-mingw-w64-dev - 1.8.1-4ubuntu1.2 libgcrypt20-udeb - 1.8.1-4ubuntu1.2 libgcrypt20 - 1.8.1-4ubuntu1.2 libgcrypt20-doc - 1.8.1-4ubuntu1.2 libgcrypt20-dev - 1.8.1-4ubuntu1.2 No subscription required Medium CVE-2019-13627 Ubuntu 18.04 LTS It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. (CVE-2018-11805) It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. (CVE-2019-12420) Update Instructions: Run `sudo pro fix USN-4237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.18.04.2 sa-compile - 3.4.2-0ubuntu0.18.04.2 spamc - 3.4.2-0ubuntu0.18.04.2 No subscription required Medium CVE-2018-11805 CVE-2019-12420 Ubuntu 18.04 LTS It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl-image1.2 - 1.2.12-8ubuntu0.1 libsdl-image1.2-dev - 1.2.12-8ubuntu0.1 No subscription required Medium CVE-2018-3977 CVE-2019-12216 CVE-2019-12217 CVE-2019-12218 CVE-2019-12219 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 CVE-2019-13616 CVE-2019-5051 CVE-2019-5052 CVE-2019-7635 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-11046) It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2019-11047, CVE-2019-11050) Update Instructions: Run `sudo pro fix USN-4239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.2 php7.2-enchant - 7.2.24-0ubuntu0.18.04.2 php7.2-ldap - 7.2.24-0ubuntu0.18.04.2 php7.2-fpm - 7.2.24-0ubuntu0.18.04.2 php7.2-recode - 7.2.24-0ubuntu0.18.04.2 php7.2-cli - 7.2.24-0ubuntu0.18.04.2 php7.2-json - 7.2.24-0ubuntu0.18.04.2 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.2 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.2 php7.2 - 7.2.24-0ubuntu0.18.04.2 php7.2-pspell - 7.2.24-0ubuntu0.18.04.2 php7.2-dev - 7.2.24-0ubuntu0.18.04.2 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.2 php7.2-gmp - 7.2.24-0ubuntu0.18.04.2 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.2 php7.2-opcache - 7.2.24-0ubuntu0.18.04.2 php7.2-gd - 7.2.24-0ubuntu0.18.04.2 php7.2-soap - 7.2.24-0ubuntu0.18.04.2 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.2 php7.2-intl - 7.2.24-0ubuntu0.18.04.2 php7.2-odbc - 7.2.24-0ubuntu0.18.04.2 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.2 php7.2-tidy - 7.2.24-0ubuntu0.18.04.2 php7.2-imap - 7.2.24-0ubuntu0.18.04.2 php7.2-readline - 7.2.24-0ubuntu0.18.04.2 php7.2-mysql - 7.2.24-0ubuntu0.18.04.2 php7.2-dba - 7.2.24-0ubuntu0.18.04.2 php7.2-xml - 7.2.24-0ubuntu0.18.04.2 php7.2-interbase - 7.2.24-0ubuntu0.18.04.2 php7.2-xsl - 7.2.24-0ubuntu0.18.04.2 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.2 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.2 php7.2-sybase - 7.2.24-0ubuntu0.18.04.2 php7.2-curl - 7.2.24-0ubuntu0.18.04.2 php7.2-common - 7.2.24-0ubuntu0.18.04.2 php7.2-cgi - 7.2.24-0ubuntu0.18.04.2 php7.2-snmp - 7.2.24-0ubuntu0.18.04.2 php7.2-zip - 7.2.24-0ubuntu0.18.04.2 No subscription required Low CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) Update Instructions: Run `sudo pro fix USN-4241-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:68.4.1+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:68.4.1+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:68.4.1+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:68.4.1+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:68.4.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-11745 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 Ubuntu 18.04 LTS It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-16167) It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19725) Update Instructions: Run `sudo pro fix USN-4242-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.6.1-1ubuntu0.1 sysstat - 11.6.1-1ubuntu0.1 No subscription required Medium CVE-2019-16167 CVE-2019-19725 Ubuntu 18.04 LTS It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090) It was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information. (CVE-2019-20367) Update Instructions: Run `sudo pro fix USN-4243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbsd-dev - 0.8.7-1ubuntu0.1 libbsd0-udeb - 0.8.7-1ubuntu0.1 libbsd0 - 0.8.7-1ubuntu0.1 No subscription required Medium CVE-2016-2090 CVE-2019-20367 Ubuntu 18.04 LTS It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902) Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is set to 3 or above. In certain environments, a remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14907) Christian Naumer discovered that Samba incorrectly handled DNS zone scavenging. This issue could possibly result in some incorrect data being written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344) Update Instructions: Run `sudo pro fix USN-4244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 No subscription required Medium CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 Ubuntu 18.04 LTS It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data. Update Instructions: Run `sudo pro fix USN-4245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 4.0.2-0ubuntu3.1 python-pysaml2 - 4.0.2-0ubuntu3.1 python3-pysaml2 - 4.0.2-0ubuntu3.1 No subscription required Medium CVE-2020-5390 Ubuntu 18.04 LTS It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update Instructions: Run `sudo pro fix USN-4247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.6.5ubuntu0.1 python-apt - 1.6.5ubuntu0.1 python-apt-common - 1.6.5ubuntu0.1 python-apt-dev - 1.6.5ubuntu0.1 python-apt-doc - 1.6.5ubuntu0.1 No subscription required Medium CVE-2019-15795 CVE-2019-15796 Ubuntu 18.04 LTS USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update Instructions: Run `sudo pro fix USN-4247-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.6.5ubuntu0.2 python-apt - 1.6.5ubuntu0.2 python-apt-common - 1.6.5ubuntu0.2 python-apt-dev - 1.6.5ubuntu0.2 python-apt-doc - 1.6.5ubuntu0.2 No subscription required None https://launchpad.net/bugs/1860606 Ubuntu 18.04 LTS It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.44.1-1ubuntu1.3 e2fslibs-dev - 1.44.1-1ubuntu1.3 libcomerr2 - 1.44.1-1ubuntu1.3 libcom-err2 - 1.44.1-1ubuntu1.3 e2fsprogs - 1.44.1-1ubuntu1.3 e2fsck-static - 1.44.1-1ubuntu1.3 e2fslibs - 1.44.1-1ubuntu1.3 e2fsprogs-l10n - 1.44.1-1ubuntu1.3 libext2fs-dev - 1.44.1-1ubuntu1.3 e2fsprogs-udeb - 1.44.1-1ubuntu1.3 libext2fs2 - 1.44.1-1ubuntu1.3 fuse2fs - 1.44.1-1ubuntu1.3 No subscription required ss-dev - 2.0-1.44.1-1ubuntu1.3 No subscription required comerr-dev - 2.1-1.44.1-1ubuntu1.3 No subscription required Medium CVE-2019-5188 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html https://www.oracle.com/security-alerts/cpujan2020.html Update Instructions: Run `sudo pro fix USN-4250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.29-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.29-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.29-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.29-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.29-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.29-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.29-0ubuntu0.18.04.1 mysql-server - 5.7.29-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.29-0ubuntu0.18.04.1 mysql-testsuite - 5.7.29-0ubuntu0.18.04.1 libmysqld-dev - 5.7.29-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.29-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-2570 CVE-2020-2572 CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 CVE-2020-2579 CVE-2020-2584 CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 CVE-2020-2694 Ubuntu 18.04 LTS It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run `sudo pro fix USN-4250-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.44-0ubuntu0.18.04.1 mariadb-server - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.44-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.44-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.44-0ubuntu0.18.04.1 mariadb-client - 1:10.1.44-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.44-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.44-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.44-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.44-0ubuntu0.18.04.1 mariadb-test - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.44-0ubuntu0.18.04.1 mariadb-common - 1:10.1.44-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.44-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.44-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-2574 https://mariadb.com/kb/en/mariadb-10322-release-notes/ https://mariadb.com/kb/en/mariadb-10144-release-notes/ Ubuntu 18.04 LTS Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-19519 CVE-2019-1010220 CVE-2019-15166 CVE-2019-15167 Ubuntu 18.04 LTS USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4253-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-28-generic-lpae - 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-lowlatency - 5.3.0-28.30~18.04.1 linux-image-5.3.0-28-generic - 5.3.0-28.30~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.3.0.28.96 linux-image-snapdragon-hwe-18.04 - 5.3.0.28.96 linux-image-lowlatency-hwe-18.04 - 5.3.0.28.96 linux-image-virtual-hwe-18.04 - 5.3.0.28.96 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.28.96 linux-image-generic-lpae-hwe-18.04 - 5.3.0.28.96 linux-image-generic-hwe-18.04-edge - 5.3.0.28.96 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.28.96 linux-image-generic-hwe-18.04 - 5.3.0.28.96 linux-image-virtual-hwe-18.04-edge - 5.3.0.28.96 No subscription required Medium CVE-2019-14615 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) Update Instructions: Run `sudo pro fix USN-4255-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1058-aws - 4.15.0-1058.60 No subscription required linux-image-4.15.0-1067-oem - 4.15.0-1067.77 No subscription required linux-image-4.15.0-76-generic - 4.15.0-76.86 linux-image-4.15.0-76-lowlatency - 4.15.0-76.86 linux-image-4.15.0-76-generic-lpae - 4.15.0-76.86 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1058.59 linux-image-aws - 4.15.0.1058.59 No subscription required linux-image-oem - 4.15.0.1067.71 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.76.78 linux-image-virtual-hwe-16.04 - 4.15.0.76.78 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.76.78 linux-image-generic - 4.15.0.76.78 linux-image-virtual-hwe-16.04-edge - 4.15.0.76.78 linux-image-lowlatency-hwe-16.04 - 4.15.0.76.78 linux-image-virtual - 4.15.0.76.78 linux-image-generic-lpae-hwe-16.04 - 4.15.0.76.78 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.76.78 linux-image-generic-lpae - 4.15.0.76.78 linux-image-lowlatency - 4.15.0.76.78 linux-image-generic-hwe-16.04-edge - 4.15.0.76.78 No subscription required Medium CVE-2019-14615 CVE-2020-7053 Ubuntu 18.04 LTS It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update Instructions: Run `sudo pro fix USN-4256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-gssapi-heimdal - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 sasl2-bin - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-gssapi-mit - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-dev - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-sql - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 cyrus-sasl2-doc - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-otp - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-ldap - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 libsasl2-modules-db - 2.1.27~101-g0780600+dfsg-3ubuntu2.1 No subscription required Medium CVE-2019-19906 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-2583) It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. (CVE-2020-2590) It was discovered that OpenJDK incorrectly validated URLs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2593) It was discovered that OpenJDK Security component still used MD5 algorithm. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-2601) It was discovered that OpenJDK incorrectly handled the application of serialization filters. An attacker could possibly use this issue to bypass the intended filter during serialization. (CVE-2020-2604) Bo Zhang and Long Kuan discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2654) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled CertificateVerify TLS handshake messages. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2655) It was discovered that OpenJDK incorrectly enforced the limit of datagram sockets that can be created by a code running within a Java sandbox. An attacker could possibly use this issue to bypass the sandbox restrictions causing a denial of service. This issue only affected OpenJDK 8. (CVE-2020-2659) Update Instructions: Run `sudo pro fix USN-4257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-jre-zero - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-doc - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-jre-headless - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-jdk - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-jdk-headless - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-jre - 11.0.6+10-1ubuntu1~18.04.1 openjdk-11-demo - 11.0.6+10-1ubuntu1~18.04.1 No subscription required openjdk-8-source - 8u242-b08-0ubuntu3~18.04 openjdk-8-doc - 8u242-b08-0ubuntu3~18.04 openjdk-8-jdk - 8u242-b08-0ubuntu3~18.04 openjdk-8-jre-headless - 8u242-b08-0ubuntu3~18.04 openjdk-8-jdk-headless - 8u242-b08-0ubuntu3~18.04 openjdk-8-jre - 8u242-b08-0ubuntu3~18.04 openjdk-8-jre-zero - 8u242-b08-0ubuntu3~18.04 openjdk-8-demo - 8u242-b08-0ubuntu3~18.04 No subscription required Medium CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 CVE-2020-2659 Ubuntu 18.04 LTS It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19050, CVE-2019-19062) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Broadcom Netxtreme HCA device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19077) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the Qualcomm IPC Router TUN device driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19079) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) Or Cohen discovered that the virtual console subsystem in the Linux kernel did not properly restrict writes to unimplemented vcsu (unicode) devices. A local attacker could possibly use this to cause a denial of service (system crash) or have other unspecified impacts. (CVE-2019-19252) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4258-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1010-oracle - 5.0.0-1010.15~18.04.1 No subscription required linux-image-5.0.0-1024-aws - 5.0.0-1024.27~18.04.1 No subscription required linux-image-5.0.0-1029-gke - 5.0.0-1029.30~18.04.1 linux-image-5.0.0-1029-gcp - 5.0.0-1029.30~18.04.1 No subscription required linux-image-oracle-edge - 5.0.0.1010.9 No subscription required linux-image-aws-edge - 5.0.0.1024.38 No subscription required linux-image-gke-5.0 - 5.0.0.1029.17 No subscription required linux-image-gcp - 5.0.0.1029.33 No subscription required Medium CVE-2019-15099 CVE-2019-15291 CVE-2019-18683 CVE-2019-18885 CVE-2019-19050 CVE-2019-19062 CVE-2019-19071 CVE-2019-19077 CVE-2019-19078 CVE-2019-19079 CVE-2019-19082 CVE-2019-19227 CVE-2019-19252 CVE-2019-19332 CVE-2019-19767 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4261-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.26.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.26.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.26.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.26.3-0ubuntu0.18.04.1 webkit2gtk-driver - 2.26.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.26.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.26.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.26.3-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.26.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.26.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 Ubuntu 18.04 LTS Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Update Instructions: Run `sudo pro fix USN-4263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.21p2-3ubuntu1.2 sudo - 1.8.21p2-3ubuntu1.2 No subscription required Low CVE-2019-18634 Ubuntu 18.04 LTS Simon Charette discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks. Update Instructions: Run `sudo pro fix USN-4264-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.7 python-django-doc - 1:1.11.11-1ubuntu1.7 python-django-common - 1:1.11.11-1ubuntu1.7 python-django - 1:1.11.11-1ubuntu1.7 No subscription required Medium CVE-2020-7471 Ubuntu 18.04 LTS It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4265-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.18.04.3 sa-compile - 3.4.2-0ubuntu0.18.04.3 spamc - 3.4.2-0ubuntu0.18.04.3 No subscription required Medium CVE-2020-1930 CVE-2020-1931 Ubuntu 18.04 LTS It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root. Update Instructions: Run `sudo pro fix USN-4268-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensmtpd - 6.0.3p1-1ubuntu0.1 No subscription required High CVE-2020-7247 Ubuntu 18.04 LTS It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3843, CVE-2019-3844) Tavis Ormandy discovered that systemd incorrectly handled certain Polkit queries. A local attacker could use this issue to cause systemd to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. (CVE-2020-1712) Update Instructions: Run `sudo pro fix USN-4269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.38 systemd-coredump - 237-3ubuntu10.38 systemd - 237-3ubuntu10.38 udev-udeb - 237-3ubuntu10.38 libsystemd0 - 237-3ubuntu10.38 systemd-container - 237-3ubuntu10.38 libnss-myhostname - 237-3ubuntu10.38 libudev1-udeb - 237-3ubuntu10.38 libudev1 - 237-3ubuntu10.38 libsystemd-dev - 237-3ubuntu10.38 libnss-systemd - 237-3ubuntu10.38 systemd-journal-remote - 237-3ubuntu10.38 libpam-systemd - 237-3ubuntu10.38 libudev-dev - 237-3ubuntu10.38 libnss-mymachines - 237-3ubuntu10.38 libnss-resolve - 237-3ubuntu10.38 systemd-sysv - 237-3ubuntu10.38 udev - 237-3ubuntu10.38 No subscription required Medium CVE-2018-16888 CVE-2019-20386 CVE-2019-3843 CVE-2019-3844 CVE-2020-1712 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.5 libexiv2-14 - 0.25-3.1ubuntu0.18.04.5 libexiv2-doc - 0.25-3.1ubuntu0.18.04.5 libexiv2-dev - 0.25-3.1ubuntu0.18.04.5 No subscription required Medium CVE-2019-20421 Ubuntu 18.04 LTS Tim Brown discovered that Mesa incorrectly handled shared memory permissions. A local attacker could use this issue to obtain and possibly alter sensitive information belonging to another user. Update Instructions: Run `sudo pro fix USN-4271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mesa-common-dev - 19.2.8-0ubuntu0~18.04.2 libxatracker-dev - 19.2.8-0ubuntu0~18.04.2 libd3dadapter9-mesa-dev - 19.2.8-0ubuntu0~18.04.2 libgl1-mesa-glx - 19.2.8-0ubuntu0~18.04.2 libegl1-mesa-dev - 19.2.8-0ubuntu0~18.04.2 libglapi-mesa - 19.2.8-0ubuntu0~18.04.2 libgles2-mesa - 19.2.8-0ubuntu0~18.04.2 libegl1-mesa - 19.2.8-0ubuntu0~18.04.2 libosmesa6-dev - 19.2.8-0ubuntu0~18.04.2 mesa-vulkan-drivers - 19.2.8-0ubuntu0~18.04.2 mesa-opencl-icd - 19.2.8-0ubuntu0~18.04.2 libglx-mesa0 - 19.2.8-0ubuntu0~18.04.2 libegl-mesa0 - 19.2.8-0ubuntu0~18.04.2 libxatracker2 - 19.2.8-0ubuntu0~18.04.2 libgl1-mesa-dri - 19.2.8-0ubuntu0~18.04.2 libosmesa6 - 19.2.8-0ubuntu0~18.04.2 libgbm-dev - 19.2.8-0ubuntu0~18.04.2 libgles2-mesa-dev - 19.2.8-0ubuntu0~18.04.2 libwayland-egl1-mesa - 19.2.8-0ubuntu0~18.04.2 libgl1-mesa-dev - 19.2.8-0ubuntu0~18.04.2 mesa-vdpau-drivers - 19.2.8-0ubuntu0~18.04.2 libd3dadapter9-mesa - 19.2.8-0ubuntu0~18.04.2 mesa-va-drivers - 19.2.8-0ubuntu0~18.04.2 libgbm1 - 19.2.8-0ubuntu0~18.04.2 No subscription required Medium CVE-2019-5068 Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-16865, CVE-2019-19911) It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. (CVE-2020-5310) It was discovered that Pillow incorrectly handled certain SGI images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 and Ubuntu 19.10. (CVE-2020-5311) It was discovered that Pillow incorrectly handled certain PCX images. An attackter could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5312) It was discovered that Pillow incorrectly handled certain Flip images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2020-5313) Update Instructions: Run `sudo pro fix USN-4272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.2 python-pil-doc - 5.1.0-1ubuntu0.2 python3-pil - 5.1.0-1ubuntu0.2 python-pil - 5.1.0-1ubuntu0.2 python-pil.imagetk - 5.1.0-1ubuntu0.2 No subscription required Medium CVE-2019-16865 CVE-2019-19911 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 Ubuntu 18.04 LTS It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-reportlab-doc - 3.4.0-3ubuntu0.1 python-reportlab-accel - 3.4.0-3ubuntu0.1 python3-reportlab-accel - 3.4.0-3ubuntu0.1 python3-reportlab - 3.4.0-3ubuntu0.1 python-renderpm - 3.4.0-3ubuntu0.1 python-reportlab - 3.4.0-3ubuntu0.1 python3-renderpm - 3.4.0-3ubuntu0.1 No subscription required Medium CVE-2019-17626 Ubuntu 18.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update Instructions: Run `sudo pro fix USN-4274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.3 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-udeb - 2.9.4+dfsg1-6.1ubuntu1.3 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.3 No subscription required Low CVE-2019-19956 CVE-2020-7595 Ubuntu 18.04 LTS It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19872) It was discovered that Qt incorrectly handled certain text files. If a user or automated system were tricked into opening a specially crafted text file, a remote attacker could cause Qt to crash, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2019-18281) It was discovered that Qt incorrectly searched for plugins in the current working directory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-0569) It was discovered that Qt incorrectly searched for libraries relative to the current working directory. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-0570) Update Instructions: Run `sudo pro fix USN-4275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5widgets5 - 5.9.5+dfsg-0ubuntu2.5 libqt5opengl5 - 5.9.5+dfsg-0ubuntu2.5 libqt5concurrent5 - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-mysql - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-tds - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-sqlite - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-psql - 5.9.5+dfsg-0ubuntu2.5 libqt5core5a - 5.9.5+dfsg-0ubuntu2.5 libqt5network5 - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5 - 5.9.5+dfsg-0ubuntu2.5 libqt5dbus5 - 5.9.5+dfsg-0ubuntu2.5 libqt5gui5 - 5.9.5+dfsg-0ubuntu2.5 qtbase5-doc - 5.9.5+dfsg-0ubuntu2.5 libqt5opengl5-dev - 5.9.5+dfsg-0ubuntu2.5 qtbase5-doc-html - 5.9.5+dfsg-0ubuntu2.5 qtbase5-dev-tools - 5.9.5+dfsg-0ubuntu2.5 qt5-qmake - 5.9.5+dfsg-0ubuntu2.5 libqt5xml5 - 5.9.5+dfsg-0ubuntu2.5 qtbase5-dev - 5.9.5+dfsg-0ubuntu2.5 qtbase5-private-dev - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-ibase - 5.9.5+dfsg-0ubuntu2.5 libqt5printsupport5 - 5.9.5+dfsg-0ubuntu2.5 qt5-qmake-bin - 5.9.5+dfsg-0ubuntu2.5 qt5-gtk-platformtheme - 5.9.5+dfsg-0ubuntu2.5 qtbase5-examples - 5.9.5+dfsg-0ubuntu2.5 libqt5test5 - 5.9.5+dfsg-0ubuntu2.5 libqt5sql5-odbc - 5.9.5+dfsg-0ubuntu2.5 qt5-default - 5.9.5+dfsg-0ubuntu2.5 No subscription required Medium CVE-2018-19872 CVE-2019-18281 CVE-2020-0569 CVE-2020-0570 Ubuntu 18.04 LTS It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. Update Instructions: Run `sudo pro fix USN-4276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libykpiv-dev - 1.4.2-2ubuntu0.1 libykpiv1 - 1.4.2-2ubuntu0.1 ykcs11 - 1.4.2-2ubuntu0.1 yubico-piv-tool - 1.4.2-2ubuntu0.1 No subscription required High CVE-2018-14779 CVE-2018-14780 Ubuntu 18.04 LTS Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9278) Update Instructions: Run `sudo pro fix USN-4277-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-doc - 0.6.21-4ubuntu0.1 libexif-dev - 0.6.21-4ubuntu0.1 libexif12 - 0.6.21-4ubuntu0.1 No subscription required Medium CVE-2016-6328 CVE-2017-7544 CVE-2019-9278 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4278-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 73.0+build3-0ubuntu0.18.04.1 firefox - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 73.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 73.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 73.0+build3-0ubuntu0.18.04.1 firefox-dev - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 73.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 73.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Ubuntu 18.04 LTS USN-4278-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4278-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 73.0.1+build1-0ubuntu0.18.04.1 firefox - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 73.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 73.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 73.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 73.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 73.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1864852 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060) Update Instructions: Run `sudo pro fix USN-4279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.3 php7.2-enchant - 7.2.24-0ubuntu0.18.04.3 php7.2-ldap - 7.2.24-0ubuntu0.18.04.3 php7.2-fpm - 7.2.24-0ubuntu0.18.04.3 php7.2-recode - 7.2.24-0ubuntu0.18.04.3 php7.2-cli - 7.2.24-0ubuntu0.18.04.3 php7.2-json - 7.2.24-0ubuntu0.18.04.3 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.3 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.3 php7.2 - 7.2.24-0ubuntu0.18.04.3 php7.2-pspell - 7.2.24-0ubuntu0.18.04.3 php7.2-dev - 7.2.24-0ubuntu0.18.04.3 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.3 php7.2-gmp - 7.2.24-0ubuntu0.18.04.3 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.3 php7.2-opcache - 7.2.24-0ubuntu0.18.04.3 php7.2-gd - 7.2.24-0ubuntu0.18.04.3 php7.2-soap - 7.2.24-0ubuntu0.18.04.3 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.3 php7.2-intl - 7.2.24-0ubuntu0.18.04.3 php7.2-odbc - 7.2.24-0ubuntu0.18.04.3 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.3 php7.2-tidy - 7.2.24-0ubuntu0.18.04.3 php7.2-imap - 7.2.24-0ubuntu0.18.04.3 php7.2-readline - 7.2.24-0ubuntu0.18.04.3 php7.2-mysql - 7.2.24-0ubuntu0.18.04.3 php7.2-dba - 7.2.24-0ubuntu0.18.04.3 php7.2-xml - 7.2.24-0ubuntu0.18.04.3 php7.2-interbase - 7.2.24-0ubuntu0.18.04.3 php7.2-xsl - 7.2.24-0ubuntu0.18.04.3 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.3 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.3 php7.2-sybase - 7.2.24-0ubuntu0.18.04.3 php7.2-curl - 7.2.24-0ubuntu0.18.04.3 php7.2-common - 7.2.24-0ubuntu0.18.04.3 php7.2-cgi - 7.2.24-0ubuntu0.18.04.3 php7.2-snmp - 7.2.24-0ubuntu0.18.04.3 php7.2-zip - 7.2.24-0ubuntu0.18.04.3 No subscription required Medium CVE-2015-9253 CVE-2020-7059 CVE-2020-7060 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled memory when the Data-Loss-Prevention (DLP) feature was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-base - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.102.2+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.102.2+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.102.2+dfsg-0ubuntu0.18.04.1 clamdscan - 0.102.2+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-3123 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.26.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.26.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.26.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.26.4-0ubuntu0.18.04.1 webkit2gtk-driver - 2.26.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.26.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.26.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.26.4-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.26.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.26.4-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Ubuntu 18.04 LTS It was discovered that PostgreSQL incorrectly performed authorization checks when handling the "ALTER ... DEPENDS ON EXTENSION" sub-commands. A remote attacker could possibly use this issue to drop any function, procedure, materialized view, index, or trigger under certain conditions. Update Instructions: Run `sudo pro fix USN-4282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.12-0ubuntu0.18.04.1 postgresql-10 - 10.12-0ubuntu0.18.04.1 libecpg6 - 10.12-0ubuntu0.18.04.1 libpq5 - 10.12-0ubuntu0.18.04.1 libpgtypes3 - 10.12-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.12-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.12-0ubuntu0.18.04.1 libecpg-dev - 10.12-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.12-0ubuntu0.18.04.1 libpq-dev - 10.12-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.12-0ubuntu0.18.04.1 postgresql-doc-10 - 10.12-0ubuntu0.18.04.1 postgresql-client-10 - 10.12-0ubuntu0.18.04.1 libecpg-compat3 - 10.12-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-1720 Ubuntu 18.04 LTS Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component incorrectly handled memory. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-7039, CVE-2020-8608) Update Instructions: Run `sudo pro fix USN-4283-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.23 qemu-user-static - 1:2.11+dfsg-1ubuntu7.23 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.23 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.23 qemu-kvm - 1:2.11+dfsg-1ubuntu7.23 qemu-user - 1:2.11+dfsg-1ubuntu7.23 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.23 qemu-system - 1:2.11+dfsg-1ubuntu7.23 qemu-utils - 1:2.11+dfsg-1ubuntu7.23 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.23 qemu - 1:2.11+dfsg-1ubuntu7.23 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.23 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.23 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.23 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.23 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.23 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.23 No subscription required Medium CVE-2020-1711 CVE-2020-7039 CVE-2020-8608 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Sound Open Firmware (SOF) driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18811) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19050, CVE-2019-19062) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Broadcom Netxtreme HCA device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19077) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) It was discovered that the IO uring implementation in the Linux kernel did not properly perform credentials checks in certain situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2019-19241) Or Cohen discovered that the virtual console subsystem in the Linux kernel did not properly restrict writes to unimplemented vcsu (unicode) devices. A local attacker could possibly use this to cause a denial of service (system crash) or have other unspecified impacts. (CVE-2019-19252) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that a race condition existed in the Linux kernel on x86 platforms when keeping track of which process was assigned control of the FPU. A local attacker could use this to cause a denial of service (memory corruption) or possibly gain administrative privileges. (CVE-2019-19602) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4284-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1012-gcp - 5.3.0-1012.13~18.04.1 No subscription required linux-image-5.3.0-1013-azure - 5.3.0-1013.14~18.04.1 No subscription required linux-image-5.3.0-1018-raspi2 - 5.3.0-1018.20~18.04.1 No subscription required linux-image-5.3.0-40-generic-lpae - 5.3.0-40.32~18.04.1 linux-image-5.3.0-40-generic - 5.3.0-40.32~18.04.1 linux-image-5.3.0-40-lowlatency - 5.3.0-40.32~18.04.1 No subscription required linux-image-gcp-edge - 5.3.0.1012.11 No subscription required linux-image-azure-edge - 5.3.0.1013.13 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1018.7 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.3.0.40.97 linux-image-snapdragon-hwe-18.04 - 5.3.0.40.97 linux-image-lowlatency-hwe-18.04 - 5.3.0.40.97 linux-image-virtual-hwe-18.04 - 5.3.0.40.97 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.40.97 linux-image-generic-lpae-hwe-18.04 - 5.3.0.40.97 linux-image-generic-hwe-18.04-edge - 5.3.0.40.97 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.40.97 linux-image-generic-hwe-18.04 - 5.3.0.40.97 linux-image-virtual-hwe-18.04-edge - 5.3.0.40.97 No subscription required Medium CVE-2019-14615 CVE-2019-15099 CVE-2019-15291 CVE-2019-16229 CVE-2019-16232 CVE-2019-18683 CVE-2019-18786 CVE-2019-18811 CVE-2019-19050 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19071 CVE-2019-19077 CVE-2019-19078 CVE-2019-19082 CVE-2019-19241 CVE-2019-19252 CVE-2019-19332 CVE-2019-19602 CVE-2019-19767 CVE-2019-19947 CVE-2019-19965 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786). It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) Update Instructions: Run `sudo pro fix USN-4285-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1011-oracle - 5.0.0-1011.16 No subscription required linux-image-5.0.0-1025-aws - 5.0.0-1025.28 No subscription required linux-image-5.0.0-1030-gke - 5.0.0-1030.31 No subscription required linux-image-5.0.0-1031-gcp - 5.0.0-1031.32 No subscription required linux-image-5.0.0-1032-azure - 5.0.0-1032.34 No subscription required linux-image-oracle-edge - 5.0.0.1011.10 No subscription required linux-image-aws-edge - 5.0.0.1025.39 No subscription required linux-image-gke-5.0 - 5.0.0.1030.18 No subscription required linux-image-gcp - 5.0.0.1031.35 No subscription required linux-image-azure - 5.0.0.1032.43 No subscription required Medium CVE-2019-14615 CVE-2019-16229 CVE-2019-16232 CVE-2019-18786 CVE-2019-18809 CVE-2019-19057 CVE-2019-19063 CVE-2019-19947 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 CVE-2020-7053 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update Instructions: Run `sudo pro fix USN-4287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1033-oracle - 4.15.0-1033.36 No subscription required linux-image-4.15.0-1052-gke - 4.15.0-1052.55 No subscription required linux-image-4.15.0-1053-kvm - 4.15.0-1053.53 No subscription required linux-image-4.15.0-1055-raspi2 - 4.15.0-1055.59 No subscription required linux-image-4.15.0-1060-aws - 4.15.0-1060.62 No subscription required linux-image-4.15.0-1072-snapdragon - 4.15.0-1072.79 No subscription required linux-image-4.15.0-88-generic-lpae - 4.15.0-88.88 linux-image-4.15.0-88-generic - 4.15.0-88.88 linux-image-4.15.0-88-lowlatency - 4.15.0-88.88 No subscription required linux-image-oracle - 4.15.0.1033.38 linux-image-oracle-lts-18.04 - 4.15.0.1033.38 No subscription required linux-image-gke - 4.15.0.1052.56 linux-image-gke-4.15 - 4.15.0.1052.56 No subscription required linux-image-kvm - 4.15.0.1053.53 No subscription required linux-image-raspi2 - 4.15.0.1055.53 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1060.61 linux-image-aws - 4.15.0.1060.61 No subscription required linux-image-snapdragon - 4.15.0.1072.75 No subscription required linux-image-virtual - 4.15.0.88.80 linux-image-virtual-hwe-16.04-edge - 4.15.0.88.80 linux-image-lowlatency-hwe-16.04 - 4.15.0.88.80 linux-image-generic-hwe-16.04-edge - 4.15.0.88.80 linux-image-generic-lpae-hwe-16.04 - 4.15.0.88.80 linux-image-virtual-hwe-16.04 - 4.15.0.88.80 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.88.80 linux-image-generic - 4.15.0.88.80 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.88.80 linux-image-generic-lpae - 4.15.0.88.80 linux-image-generic-hwe-16.04 - 4.15.0.88.80 linux-image-lowlatency - 4.15.0.88.80 No subscription required Medium CVE-2019-14615 CVE-2019-15099 CVE-2019-15291 CVE-2019-16229 CVE-2019-16232 CVE-2019-18683 CVE-2019-18786 CVE-2019-18809 CVE-2019-18885 CVE-2019-19057 CVE-2019-19062 CVE-2019-19063 CVE-2019-19071 CVE-2019-19078 CVE-2019-19082 CVE-2019-19227 CVE-2019-19332 CVE-2019-19767 CVE-2019-19965 CVE-2019-20096 CVE-2019-5108 CVE-2020-7053 Ubuntu 18.04 LTS It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-2+2ubuntu1.2 ppp - 2.4.7-2+2ubuntu1.2 ppp-dev - 2.4.7-2+2ubuntu1.2 No subscription required Medium CVE-2020-8597 Ubuntu 18.04 LTS Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. (CVE-2020-8449) Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-8450) Aaron Costello discovered that Squid incorrectly handled certain NTLM authentication credentials. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2020-8517) Update Instructions: Run `sudo pro fix USN-4289-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.5 squid - 3.5.27-1ubuntu1.5 squid-cgi - 3.5.27-1ubuntu1.5 squid-purge - 3.5.27-1ubuntu1.5 squidclient - 3.5.27-1ubuntu1.5 squid3 - 3.5.27-1ubuntu1.5 No subscription required Medium CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Ubuntu 18.04 LTS It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-radius-auth - 1.3.17-0ubuntu5.18.04.1 No subscription required Medium CVE-2015-9542 Ubuntu 18.04 LTS It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. Update Instructions: Run `sudo pro fix USN-4291-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-mellon - 0.13.1-1ubuntu0.2 No subscription required Medium CVE-2019-13038 Ubuntu 18.04 LTS It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842) It was discovered that rsync incorrectly handled vectors involving big-endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843) Update Instructions: Run `sudo pro fix USN-4292-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.2-2.1ubuntu1.1 No subscription required Low CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Ubuntu 18.04 LTS It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. (CVE-2020-9308) Update Instructions: Run `sudo pro fix USN-4293-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdcpio - 3.2.2-3.1ubuntu0.6 libarchive-tools - 3.2.2-3.1ubuntu0.6 libarchive13 - 3.2.2-3.1ubuntu0.6 bsdtar - 3.2.2-3.1ubuntu0.6 libarchive-dev - 3.2.2-3.1ubuntu0.6 No subscription required Medium CVE-2019-19221 CVE-2020-9308 Ubuntu 18.04 LTS It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. (CVE-2020-8794) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem. (CVE-2020-8793) Update Instructions: Run `sudo pro fix USN-4294-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensmtpd - 6.0.3p1-1ubuntu0.2 No subscription required High CVE-2020-8793 CVE-2020-8794 Ubuntu 18.04 LTS It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-4295-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rake - 12.3.1-1ubuntu0.1 No subscription required Medium CVE-2020-8130 Ubuntu 18.04 LTS Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update Instructions: Run `sudo pro fix USN-4296-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.8 python-django-doc - 1:1.11.11-1ubuntu1.8 python-django-common - 1:1.11.11-1ubuntu1.8 python-django - 1:1.11.11-1ubuntu1.8 No subscription required Medium CVE-2020-9402 Ubuntu 18.04 LTS It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921) Update Instructions: Run `sudo pro fix USN-4297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.0.0~rc10-0ubuntu1~18.04.2 runc - 1.0.0~rc10-0ubuntu1~18.04.2 No subscription required Medium CVE-2019-16884 CVE-2019-19921 Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923) It was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924) It was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959) It was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926) It was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218) It was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327) Update Instructions: Run `sudo pro fix USN-4298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.3 sqlite3-doc - 3.22.0-1ubuntu0.3 libsqlite3-0 - 3.22.0-1ubuntu0.3 libsqlite3-tcl - 3.22.0-1ubuntu0.3 sqlite3 - 3.22.0-1ubuntu0.3 libsqlite3-dev - 3.22.0-1ubuntu0.3 No subscription required Medium CVE-2019-13734 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-9327 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6809) It was discovered that the Devtools' 'Copy as cURL' feature did not fully escape website-controlled data. If a user were tricked in to using the 'Copy as cURL' feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update Instructions: Run `sudo pro fix USN-4299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 74.0+build3-0ubuntu0.18.04.1 firefox - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 74.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 74.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 74.0+build3-0ubuntu0.18.04.1 firefox-dev - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 74.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 74.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-6815 Ubuntu 18.04 LTS It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016) Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the Intel(R) XL710 Ethernet Controller device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19043) It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19053) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058, CVE-2019-19059) It was discovered that the Serial Peripheral Interface (SPI) driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19064) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) Update Instructions: Run `sudo pro fix USN-4300-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1014-gcp - 5.3.0-1014.15~18.04.1 linux-image-5.3.0-1014-gke - 5.3.0-1014.15~18.04.1 No subscription required linux-image-5.3.0-1016-azure - 5.3.0-1016.17~18.04.1 No subscription required linux-image-5.3.0-1019-raspi2 - 5.3.0-1019.21~18.04.1 No subscription required linux-image-5.3.0-42-lowlatency - 5.3.0-42.34~18.04.1 linux-image-5.3.0-42-generic - 5.3.0-42.34~18.04.1 linux-image-5.3.0-42-generic-lpae - 5.3.0-42.34~18.04.1 No subscription required linux-image-gcp-edge - 5.3.0.1014.13 No subscription required linux-image-gke-5.3 - 5.3.0.1014.4 No subscription required linux-image-azure-edge - 5.3.0.1016.16 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1019.8 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.3.0.42.99 linux-image-snapdragon-hwe-18.04 - 5.3.0.42.99 linux-image-lowlatency-hwe-18.04 - 5.3.0.42.99 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.42.99 linux-image-generic-lpae-hwe-18.04 - 5.3.0.42.99 linux-image-virtual-hwe-18.04 - 5.3.0.42.99 linux-image-generic-hwe-18.04-edge - 5.3.0.42.99 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.42.99 linux-image-generic-hwe-18.04 - 5.3.0.42.99 linux-image-virtual-hwe-18.04-edge - 5.3.0.42.99 No subscription required Medium CVE-2019-18809 CVE-2019-19043 CVE-2019-19053 CVE-2019-19056 CVE-2019-19058 CVE-2019-19059 CVE-2019-19064 CVE-2019-19066 CVE-2019-19068 CVE-2019-3016 CVE-2020-2732 Ubuntu 18.04 LTS It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016) Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19053) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058, CVE-2019-19059) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) Update Instructions: Run `sudo pro fix USN-4301-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1013-oracle - 5.0.0-1013.18 No subscription required linux-image-5.0.0-1027-aws - 5.0.0-1027.30 No subscription required linux-image-5.0.0-1032-gke - 5.0.0-1032.33 No subscription required linux-image-5.0.0-1033-gcp - 5.0.0-1033.34 No subscription required linux-image-5.0.0-1035-azure - 5.0.0-1035.37 No subscription required linux-image-5.0.0-1043-oem-osp1 - 5.0.0-1043.48 No subscription required linux-image-oracle - 5.0.0.1013.13 No subscription required linux-image-aws-edge - 5.0.0.1027.41 No subscription required linux-image-gke-5.0 - 5.0.0.1032.20 No subscription required linux-image-gcp - 5.0.0.1033.37 No subscription required linux-image-azure - 5.0.0.1035.46 No subscription required linux-image-oem-osp1 - 5.0.0.1043.48 No subscription required Medium CVE-2019-19053 CVE-2019-19056 CVE-2019-19058 CVE-2019-19059 CVE-2019-19066 CVE-2019-19068 CVE-2019-3016 CVE-2020-2732 Ubuntu 18.04 LTS Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information. (CVE-2020-8832) It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19058) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19068) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) Update Instructions: Run `sudo pro fix USN-4302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1035-oracle - 4.15.0-1035.39 No subscription required linux-image-4.15.0-1055-gke - 4.15.0-1055.58 No subscription required linux-image-4.15.0-1056-kvm - 4.15.0-1056.57 No subscription required linux-image-4.15.0-1057-raspi2 - 4.15.0-1057.61 No subscription required linux-image-4.15.0-1063-aws - 4.15.0-1063.67 No subscription required linux-image-4.15.0-1074-snapdragon - 4.15.0-1074.81 No subscription required linux-image-4.15.0-1076-oem - 4.15.0-1076.86 No subscription required linux-image-4.15.0-91-generic - 4.15.0-91.92 linux-image-4.15.0-91-generic-lpae - 4.15.0-91.92 linux-image-4.15.0-91-lowlatency - 4.15.0-91.92 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1035.43 No subscription required linux-image-gke-4.15 - 4.15.0.1055.59 linux-image-gke - 4.15.0.1055.59 No subscription required linux-image-kvm - 4.15.0.1056.56 No subscription required linux-image-raspi2 - 4.15.0.1057.55 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1063.64 linux-image-aws - 4.15.0.1063.64 No subscription required linux-image-snapdragon - 4.15.0.1074.77 No subscription required linux-image-oem - 4.15.0.1076.80 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.91.83 linux-image-generic-hwe-16.04 - 4.15.0.91.83 linux-image-generic-hwe-16.04-edge - 4.15.0.91.83 linux-image-virtual - 4.15.0.91.83 linux-image-generic-lpae-hwe-16.04 - 4.15.0.91.83 linux-image-virtual-hwe-16.04 - 4.15.0.91.83 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.91.83 linux-image-generic - 4.15.0.91.83 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.91.83 linux-image-generic-lpae - 4.15.0.91.83 linux-image-lowlatency-hwe-16.04 - 4.15.0.91.83 linux-image-lowlatency - 4.15.0.91.83 No subscription required Medium CVE-2019-15217 CVE-2019-19046 CVE-2019-19051 CVE-2019-19056 CVE-2019-19058 CVE-2019-19066 CVE-2019-19068 CVE-2020-2732 CVE-2020-8832 Ubuntu 18.04 LTS Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4304-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rbd - 12.2.12-0ubuntu0.18.04.5 python3-rbd - 12.2.12-0ubuntu0.18.04.5 python-rados - 12.2.12-0ubuntu0.18.04.5 ceph-mgr - 12.2.12-0ubuntu0.18.04.5 ceph - 12.2.12-0ubuntu0.18.04.5 ceph-test - 12.2.12-0ubuntu0.18.04.5 rbd-mirror - 12.2.12-0ubuntu0.18.04.5 rbd-nbd - 12.2.12-0ubuntu0.18.04.5 librbd-dev - 12.2.12-0ubuntu0.18.04.5 libradosstriper1 - 12.2.12-0ubuntu0.18.04.5 rbd-fuse - 12.2.12-0ubuntu0.18.04.5 librados-dev - 12.2.12-0ubuntu0.18.04.5 libcephfs-jni - 12.2.12-0ubuntu0.18.04.5 libradosstriper-dev - 12.2.12-0ubuntu0.18.04.5 librados2 - 12.2.12-0ubuntu0.18.04.5 ceph-mon - 12.2.12-0ubuntu0.18.04.5 libcephfs2 - 12.2.12-0ubuntu0.18.04.5 librgw2 - 12.2.12-0ubuntu0.18.04.5 ceph-mds - 12.2.12-0ubuntu0.18.04.5 radosgw - 12.2.12-0ubuntu0.18.04.5 librbd1 - 12.2.12-0ubuntu0.18.04.5 python3-rgw - 12.2.12-0ubuntu0.18.04.5 python-rgw - 12.2.12-0ubuntu0.18.04.5 python-ceph - 12.2.12-0ubuntu0.18.04.5 libcephfs-dev - 12.2.12-0ubuntu0.18.04.5 rados-objclass-dev - 12.2.12-0ubuntu0.18.04.5 ceph-osd - 12.2.12-0ubuntu0.18.04.5 python3-ceph-argparse - 12.2.12-0ubuntu0.18.04.5 librgw-dev - 12.2.12-0ubuntu0.18.04.5 python3-rados - 12.2.12-0ubuntu0.18.04.5 ceph-base - 12.2.12-0ubuntu0.18.04.5 python-cephfs - 12.2.12-0ubuntu0.18.04.5 python3-cephfs - 12.2.12-0ubuntu0.18.04.5 ceph-fuse - 12.2.12-0ubuntu0.18.04.5 ceph-common - 12.2.12-0ubuntu0.18.04.5 libcephfs-java - 12.2.12-0ubuntu0.18.04.5 ceph-resource-agents - 12.2.12-0ubuntu0.18.04.5 No subscription required Medium CVE-2020-1700 Ubuntu 18.04 LTS André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4305-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 60.2-3ubuntu3.1 libiculx60 - 60.2-3ubuntu3.1 libicu60 - 60.2-3ubuntu3.1 libicu-dev - 60.2-3ubuntu3.1 icu-doc - 60.2-3ubuntu3.1 No subscription required Medium CVE-2020-10531 Ubuntu 18.04 LTS It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs. Update Instructions: Run `sudo pro fix USN-4306-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dino-im-common - 0.0.git20180130-1ubuntu0.1 dino-im - 0.0.git20180130-1ubuntu0.1 No subscription required Medium CVE-2019-16235 CVE-2019-16236 CVE-2019-16237 https://bugs.launchpad.net/bugs/1866115 Ubuntu 18.04 LTS As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments. Update Instructions: Run `sudo pro fix USN-4307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.13 apache2-utils - 2.4.29-1ubuntu4.13 apache2-dev - 2.4.29-1ubuntu4.13 apache2-suexec-pristine - 2.4.29-1ubuntu4.13 apache2-suexec-custom - 2.4.29-1ubuntu4.13 apache2 - 2.4.29-1ubuntu4.13 apache2-doc - 2.4.29-1ubuntu4.13 apache2-ssl-dev - 2.4.29-1ubuntu4.13 apache2-bin - 2.4.29-1ubuntu4.13 No subscription required None https://launchpad.net/bugs/1845263 Ubuntu 18.04 LTS it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387) It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and obtain sensitive information. (CVE-2019-12855) It was discovered that Twisted incorrectly handled HTTP/2 connections. A remote attacker could possibly use this issue to cause Twisted to hang or consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515) Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109) Update Instructions: Run `sudo pro fix USN-4308-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 17.9.0-2ubuntu0.1 python-twisted-news - 17.9.0-2ubuntu0.1 python3-twisted - 17.9.0-2ubuntu0.1 python-twisted-names - 17.9.0-2ubuntu0.1 python-twisted-words - 17.9.0-2ubuntu0.1 python-twisted-runner - 17.9.0-2ubuntu0.1 python-twisted-core - 17.9.0-2ubuntu0.1 python3-twisted-bin - 17.9.0-2ubuntu0.1 python-twisted-web - 17.9.0-2ubuntu0.1 python-twisted - 17.9.0-2ubuntu0.1 python-twisted-mail - 17.9.0-2ubuntu0.1 python-twisted-bin - 17.9.0-2ubuntu0.1 No subscription required python-twisted-conch - 1:17.9.0-2ubuntu0.1 No subscription required Medium CVE-2019-12387 CVE-2019-12855 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2020-10108 CVE-2020-10109 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS (CVE-2017-11109) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-20079) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-6349, CVE-2017-6350) Update Instructions: Run `sudo pro fix USN-4309-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.3 vim-gnome - 2:8.0.1453-1ubuntu1.3 vim-athena - 2:8.0.1453-1ubuntu1.3 xxd - 2:8.0.1453-1ubuntu1.3 vim-gtk - 2:8.0.1453-1ubuntu1.3 vim-gui-common - 2:8.0.1453-1ubuntu1.3 vim - 2:8.0.1453-1ubuntu1.3 vim-doc - 2:8.0.1453-1ubuntu1.3 vim-tiny - 2:8.0.1453-1ubuntu1.3 vim-runtime - 2:8.0.1453-1ubuntu1.3 vim-gtk3 - 2:8.0.1453-1ubuntu1.3 vim-nox - 2:8.0.1453-1ubuntu1.3 No subscription required Low CVE-2017-11109 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2018-20786 CVE-2019-20079 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4310-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.28.0-0ubuntu0.18.04.3 libwebkit2gtk-4.0-37-gtk2 - 2.28.0-0ubuntu0.18.04.3 libjavascriptcoregtk-4.0-dev - 2.28.0-0ubuntu0.18.04.3 libwebkit2gtk-4.0-37 - 2.28.0-0ubuntu0.18.04.3 webkit2gtk-driver - 2.28.0-0ubuntu0.18.04.3 libjavascriptcoregtk-4.0-18 - 2.28.0-0ubuntu0.18.04.3 libwebkit2gtk-4.0-doc - 2.28.0-0ubuntu0.18.04.3 libjavascriptcoregtk-4.0-bin - 2.28.0-0ubuntu0.18.04.3 gir1.2-webkit2-4.0 - 2.28.0-0ubuntu0.18.04.3 libwebkit2gtk-4.0-dev - 2.28.0-0ubuntu0.18.04.3 No subscription required Medium CVE-2020-10018 Ubuntu 18.04 LTS It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7837) Update Instructions: Run `sudo pro fix USN-4311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.4 bluez-tests - 5.48-0ubuntu3.4 bluez-obexd - 5.48-0ubuntu3.4 bluetooth - 5.48-0ubuntu3.4 bluez - 5.48-0ubuntu3.4 bluez-hcidump - 5.48-0ubuntu3.4 bluez-cups - 5.48-0ubuntu3.4 libbluetooth-dev - 5.48-0ubuntu3.4 No subscription required Medium CVE-2016-7837 CVE-2020-0556 Ubuntu 18.04 LTS Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges. Update Instructions: Run `sudo pro fix USN-4313-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1013-oracle - 5.3.0-1013.14~18.04.1 No subscription required linux-image-5.3.0-1016-gcp - 5.3.0-1016.17~18.04.1 linux-image-5.3.0-1016-gke - 5.3.0-1016.17~18.04.1 No subscription required linux-image-5.3.0-1018-azure - 5.3.0-1018.19~18.04.1 No subscription required linux-image-5.3.0-1021-raspi2 - 5.3.0-1021.23~18.04.1 No subscription required linux-image-5.3.0-45-generic - 5.3.0-45.37~18.04.1 linux-image-5.3.0-45-generic-lpae - 5.3.0-45.37~18.04.1 linux-image-5.3.0-45-lowlatency - 5.3.0-45.37~18.04.1 No subscription required linux-image-oracle-edge - 5.3.0.1013.12 No subscription required linux-image-gcp-edge - 5.3.0.1016.15 No subscription required linux-image-gke-5.3 - 5.3.0.1016.6 No subscription required linux-image-azure-edge - 5.3.0.1018.18 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1021.10 No subscription required linux-image-generic-hwe-18.04 - 5.3.0.45.101 linux-image-generic-lpae-hwe-18.04 - 5.3.0.45.101 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.45.101 linux-image-lowlatency-hwe-18.04 - 5.3.0.45.101 linux-image-virtual-hwe-18.04 - 5.3.0.45.101 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.45.101 linux-image-generic-hwe-18.04-edge - 5.3.0.45.101 linux-image-snapdragon-hwe-18.04 - 5.3.0.45.101 linux-image-snapdragon-hwe-18.04-edge - 5.3.0.45.101 linux-image-virtual-hwe-18.04-edge - 5.3.0.45.101 No subscription required High CVE-2020-8835 Ubuntu 18.04 LTS Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4314-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-heimdal - 4.8-1ubuntu0.1 libpam-krb5 - 4.8-1ubuntu0.1 No subscription required Medium CVE-2020-10595 Ubuntu 18.04 LTS Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. (CVE-2020-8831) Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions. This could allow a local attacker to read arbitrary files via a symlink attack. (CVE-2020-8833) Update Instructions: Run `sudo pro fix USN-4315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.14 python3-problem-report - 2.20.9-0ubuntu7.14 apport-kde - 2.20.9-0ubuntu7.14 apport-retrace - 2.20.9-0ubuntu7.14 apport-valgrind - 2.20.9-0ubuntu7.14 python3-apport - 2.20.9-0ubuntu7.14 dh-apport - 2.20.9-0ubuntu7.14 apport-gtk - 2.20.9-0ubuntu7.14 apport - 2.20.9-0ubuntu7.14 python-problem-report - 2.20.9-0ubuntu7.14 apport-noui - 2.20.9-0ubuntu7.14 No subscription required High CVE-2020-8831 CVE-2020-8833 Ubuntu 18.04 LTS It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. (CVE-2018-14553) It was discovered that GD Graphics Library incorrectly handled loading images from X bitmap format files. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service, or to disclose contents of the stack that has been left there by previous code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-11038) Update Instructions: Run `sudo pro fix USN-4316-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.2.5-4ubuntu0.4 libgd-tools - 2.2.5-4ubuntu0.4 libgd-dev - 2.2.5-4ubuntu0.4 No subscription required Low CVE-2018-14553 CVE-2019-11038 Ubuntu 18.04 LTS Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4317-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 74.0.1+build1-0ubuntu0.18.04.1 firefox - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 74.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 74.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 74.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 74.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 74.0.1+build1-0ubuntu0.18.04.1 No subscription required High CVE-2020-6819 CVE-2020-6820 Ubuntu 18.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for PowerPC processors did not properly keep guest state separate from host state. A local attacker in a KVM guest could use this to cause a denial of service (host system crash). (CVE-2020-8834) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-96-lowlatency - 4.15.0-96.97 linux-image-4.15.0-96-generic - 4.15.0-96.97 linux-image-4.15.0-96-generic-lpae - 4.15.0-96.97 No subscription required linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.96.87 linux-image-generic-lpae-hwe-16.04 - 4.15.0.96.87 linux-image-generic - 4.15.0.96.87 linux-image-virtual-hwe-16.04-edge - 4.15.0.96.87 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.96.87 linux-image-lowlatency-hwe-16.04 - 4.15.0.96.87 linux-image-virtual - 4.15.0.96.87 linux-image-generic-hwe-16.04-edge - 4.15.0.96.87 linux-image-generic-lpae - 4.15.0.96.87 linux-image-virtual-hwe-16.04 - 4.15.0.96.87 linux-image-lowlatency - 4.15.0.96.87 linux-image-generic-hwe-16.04 - 4.15.0.96.87 No subscription required Medium CVE-2020-8428 CVE-2020-8834 CVE-2020-8992 Ubuntu 18.04 LTS It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Update Instructions: Run `sudo pro fix USN-4319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1014-oracle - 5.3.0-1014.15~18.04.1 No subscription required linux-image-5.3.0-1017-gcp - 5.3.0-1017.18~18.04.1 No subscription required linux-image-5.3.0-1019-azure - 5.3.0-1019.20~18.04.1 No subscription required linux-image-5.3.0-1022-raspi2 - 5.3.0-1022.24~18.04.1 No subscription required linux-image-5.3.0-46-generic - 5.3.0-46.38~18.04.1 linux-image-5.3.0-46-generic-lpae - 5.3.0-46.38~18.04.1 linux-image-5.3.0-46-lowlatency - 5.3.0-46.38~18.04.1 No subscription required linux-image-oracle-edge - 5.3.0.1014.13 No subscription required linux-image-gcp-edge - 5.3.0.1017.16 No subscription required linux-image-azure-edge - 5.3.0.1019.19 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1022.11 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.3.0.46.102 linux-image-snapdragon-hwe-18.04 - 5.3.0.46.102 linux-image-lowlatency-hwe-18.04 - 5.3.0.46.102 linux-image-generic-hwe-18.04 - 5.3.0.46.102 linux-image-virtual-hwe-18.04 - 5.3.0.46.102 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.46.102 linux-image-generic-lpae-hwe-18.04 - 5.3.0.46.102 linux-image-generic-hwe-18.04-edge - 5.3.0.46.102 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.46.102 linux-image-virtual-hwe-18.04-edge - 5.3.0.46.102 No subscription required Medium CVE-2019-19046 CVE-2020-8428 Ubuntu 18.04 LTS Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4321-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.10 haproxy-doc - 1.8.8-1ubuntu0.10 vim-haproxy - 1.8.8-1ubuntu0.10 No subscription required Medium CVE-2020-11100 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822, CVE-2020-6824, CVE-2020-6825, CVE-2020-6826) It was discovered that extensions could obtain auth codes from OAuth login flows in some circumstances. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain access to the user's account. (CVE-2020-6823) Update Instructions: Run `sudo pro fix USN-4323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 75.0+build3-0ubuntu0.18.04.1 firefox - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 75.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 75.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 75.0+build3-0ubuntu0.18.04.1 firefox-dev - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 75.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 75.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-6821 CVE-2020-6822 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Ubuntu 18.04 LTS Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Update Instructions: Run `sudo pro fix USN-4324-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1037-oracle - 4.15.0-1037.41 No subscription required linux-image-4.15.0-1057-gke - 4.15.0-1057.60 No subscription required linux-image-4.15.0-1058-kvm - 4.15.0-1058.59 No subscription required linux-image-4.15.0-1060-raspi2 - 4.15.0-1060.64 No subscription required linux-image-4.15.0-1065-aws - 4.15.0-1065.69 No subscription required linux-image-4.15.0-1076-snapdragon - 4.15.0-1076.83 No subscription required linux-image-4.15.0-1079-oem - 4.15.0-1079.89 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1037.45 No subscription required linux-image-gke - 4.15.0.1057.61 linux-image-gke-4.15 - 4.15.0.1057.61 No subscription required linux-image-kvm - 4.15.0.1058.58 No subscription required linux-image-raspi2 - 4.15.0.1060.58 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1065.67 linux-image-aws - 4.15.0.1065.67 No subscription required linux-image-snapdragon - 4.15.0.1076.79 No subscription required linux-image-oem - 4.15.0.1079.83 No subscription required Medium CVE-2020-8428 CVE-2020-8992 Ubuntu 18.04 LTS It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Update Instructions: Run `sudo pro fix USN-4325-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1014-oracle - 5.0.0-1014.19 No subscription required linux-image-5.0.0-1033-gke - 5.0.0-1033.34 No subscription required linux-image-5.0.0-1034-gcp - 5.0.0-1034.35 No subscription required linux-image-5.0.0-1036-azure - 5.0.0-1036.38 No subscription required linux-image-5.0.0-1047-oem-osp1 - 5.0.0-1047.52 No subscription required linux-image-oracle - 5.0.0.1013.14 No subscription required linux-image-gke-5.0 - 5.0.0.1032.20 No subscription required linux-image-gcp - 5.0.0.1033.37 No subscription required linux-image-azure - 5.0.0.1035.46 No subscription required linux-image-oem-osp1 - 5.0.0.1043.48 No subscription required Medium CVE-2019-19046 CVE-2020-8428 Ubuntu 18.04 LTS It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code Update Instructions: Run `sudo pro fix USN-4326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libiberty-dev - 20170913-1ubuntu0.1 No subscription required Medium CVE-2018-12641 CVE-2018-12697 CVE-2018-12698 CVE-2018-12934 CVE-2018-17794 CVE-2018-17985 CVE-2018-18483 CVE-2018-18484 CVE-2018-18700 CVE-2018-18701 CVE-2018-9138 CVE-2019-14250 CVE-2019-9070 CVE-2019-9071 Ubuntu 18.04 LTS Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4327-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.6 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.6 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.6 libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.6 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.6 No subscription required Medium CVE-2020-1730 Ubuntu 18.04 LTS It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, obtain sensitive information, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update Instructions: Run `sudo pro fix USN-4328-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:68.7.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:68.7.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:68.7.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:68.7.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:68.7.0+build1-0ubuntu0.18.04.1 No subscription required High CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 Ubuntu 18.04 LTS Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update Instructions: Run `sudo pro fix USN-4329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.6 gitweb - 1:2.17.1-1ubuntu0.6 git-all - 1:2.17.1-1ubuntu0.6 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.6 git-el - 1:2.17.1-1ubuntu0.6 gitk - 1:2.17.1-1ubuntu0.6 git-gui - 1:2.17.1-1ubuntu0.6 git-mediawiki - 1:2.17.1-1ubuntu0.6 git-daemon-run - 1:2.17.1-1ubuntu0.6 git-man - 1:2.17.1-1ubuntu0.6 git-doc - 1:2.17.1-1ubuntu0.6 git-svn - 1:2.17.1-1ubuntu0.6 git-cvs - 1:2.17.1-1ubuntu0.6 git-email - 1:2.17.1-1ubuntu0.6 No subscription required Medium CVE-2020-5260 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7066) Update Instructions: Run `sudo pro fix USN-4330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.4 php7.2-enchant - 7.2.24-0ubuntu0.18.04.4 php7.2-ldap - 7.2.24-0ubuntu0.18.04.4 php7.2-fpm - 7.2.24-0ubuntu0.18.04.4 php7.2-recode - 7.2.24-0ubuntu0.18.04.4 php7.2-cli - 7.2.24-0ubuntu0.18.04.4 php7.2-json - 7.2.24-0ubuntu0.18.04.4 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.4 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.4 php7.2 - 7.2.24-0ubuntu0.18.04.4 php7.2-pspell - 7.2.24-0ubuntu0.18.04.4 php7.2-dev - 7.2.24-0ubuntu0.18.04.4 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.4 php7.2-gmp - 7.2.24-0ubuntu0.18.04.4 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.4 php7.2-opcache - 7.2.24-0ubuntu0.18.04.4 php7.2-gd - 7.2.24-0ubuntu0.18.04.4 php7.2-soap - 7.2.24-0ubuntu0.18.04.4 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.4 php7.2-intl - 7.2.24-0ubuntu0.18.04.4 php7.2-odbc - 7.2.24-0ubuntu0.18.04.4 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.4 php7.2-tidy - 7.2.24-0ubuntu0.18.04.4 php7.2-imap - 7.2.24-0ubuntu0.18.04.4 php7.2-readline - 7.2.24-0ubuntu0.18.04.4 php7.2-mysql - 7.2.24-0ubuntu0.18.04.4 php7.2-dba - 7.2.24-0ubuntu0.18.04.4 php7.2-xml - 7.2.24-0ubuntu0.18.04.4 php7.2-interbase - 7.2.24-0ubuntu0.18.04.4 php7.2-xsl - 7.2.24-0ubuntu0.18.04.4 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.4 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.4 php7.2-sybase - 7.2.24-0ubuntu0.18.04.4 php7.2-curl - 7.2.24-0ubuntu0.18.04.4 php7.2-common - 7.2.24-0ubuntu0.18.04.4 php7.2-cgi - 7.2.24-0ubuntu0.18.04.4 php7.2-snmp - 7.2.24-0ubuntu0.18.04.4 php7.2-zip - 7.2.24-0ubuntu0.18.04.4 No subscription required Medium CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4331-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.28.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.28.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.28.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.28.1-0ubuntu0.18.04.1 webkit2gtk-driver - 2.28.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.28.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.28.1-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.28.1-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.28.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.28.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-11793 Ubuntu 18.04 LTS It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4332-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.28.0-1ubuntu1.2 No subscription required Medium CVE-2020-11736 Ubuntu 18.04 LTS It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8492) Update Instructions: Run `sudo pro fix USN-4333-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1 python2.7-doc - 2.7.17-1~18.04ubuntu1 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1 libpython2.7 - 2.7.17-1~18.04ubuntu1 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1 python2.7 - 2.7.17-1~18.04ubuntu1 idle-python2.7 - 2.7.17-1~18.04ubuntu1 python2.7-examples - 2.7.17-1~18.04ubuntu1 libpython2.7-dev - 2.7.17-1~18.04ubuntu1 python2.7-minimal - 2.7.17-1~18.04ubuntu1 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1 libpython3.6-dev - 3.6.9-1~18.04ubuntu1 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1 python3.6-examples - 3.6.9-1~18.04ubuntu1 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1 python3.6-venv - 3.6.9-1~18.04ubuntu1 python3.6-minimal - 3.6.9-1~18.04ubuntu1 python3.6 - 3.6.9-1~18.04ubuntu1 idle-python3.6 - 3.6.9-1~18.04ubuntu1 python3.6-doc - 3.6.9-1~18.04ubuntu1 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1 libpython3.6 - 3.6.9-1~18.04ubuntu1 No subscription required Medium CVE-2019-18348 CVE-2020-8492 Ubuntu 18.04 LTS Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update Instructions: Run `sudo pro fix USN-4334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.7 gitweb - 1:2.17.1-1ubuntu0.7 git-gui - 1:2.17.1-1ubuntu0.7 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.7 git-el - 1:2.17.1-1ubuntu0.7 gitk - 1:2.17.1-1ubuntu0.7 git-all - 1:2.17.1-1ubuntu0.7 git-mediawiki - 1:2.17.1-1ubuntu0.7 git-daemon-run - 1:2.17.1-1ubuntu0.7 git-man - 1:2.17.1-1ubuntu0.7 git-doc - 1:2.17.1-1ubuntu0.7 git-svn - 1:2.17.1-1ubuntu0.7 git-cvs - 1:2.17.1-1ubuntu0.7 git-email - 1:2.17.1-1ubuntu0.7 No subscription required Medium CVE-2020-11008 Ubuntu 18.04 LTS It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.30-21ubuntu1~18.04.3 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.3 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.3 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-multiarch - 2.30-21ubuntu1~18.04.3 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.3 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.3 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.3 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-for-build - 2.30-21ubuntu1~18.04.3 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.3 binutils-i686-gnu - 2.30-21ubuntu1~18.04.3 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-for-host - 2.30-21ubuntu1~18.04.3 binutils-doc - 2.30-21ubuntu1~18.04.3 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.3 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-source - 2.30-21ubuntu1~18.04.3 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-common - 2.30-21ubuntu1~18.04.3 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.3 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.3 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.3 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.3 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.3 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.3 libbinutils - 2.30-21ubuntu1~18.04.3 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.3 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.3 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.3 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.3 binutils - 2.30-21ubuntu1~18.04.3 No subscription required Medium CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-12641 CVE-2018-12697 CVE-2018-12698 CVE-2018-12699 CVE-2018-12934 CVE-2018-13033 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17794 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-18700 CVE-2018-18701 CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-8945 CVE-2018-9138 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9070 CVE-2019-9071 CVE-2019-9073 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755) It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767) It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773) Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778) Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781) Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800) Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805) It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816) It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830) Update Instructions: Run `sudo pro fix USN-4337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-zero - 11.0.7+10-2ubuntu2~18.04 openjdk-11-doc - 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-headless - 11.0.7+10-2ubuntu2~18.04 openjdk-11-jdk - 11.0.7+10-2ubuntu2~18.04 openjdk-11-jdk-headless - 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre - 11.0.7+10-2ubuntu2~18.04 openjdk-11-demo - 11.0.7+10-2ubuntu2~18.04 No subscription required openjdk-8-source - 8u252-b09-1~18.04 openjdk-8-doc - 8u252-b09-1~18.04 openjdk-8-jdk - 8u252-b09-1~18.04 openjdk-8-jre-headless - 8u252-b09-1~18.04 openjdk-8-jdk-headless - 8u252-b09-1~18.04 openjdk-8-jre - 8u252-b09-1~18.04 openjdk-8-jre-zero - 8u252-b09-1~18.04 openjdk-8-demo - 8u252-b09-1~18.04 No subscription required Medium CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 Ubuntu 18.04 LTS Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2018-18444) Samuel Groß discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764) It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service. (CVE-2020-11765) Update Instructions: Run `sudo pro fix USN-4339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.2 openexr - 2.2.0-11.1ubuntu1.2 libopenexr22 - 2.2.0-11.1ubuntu1.2 openexr-doc - 2.2.0-11.1ubuntu1.2 No subscription required Medium CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 Ubuntu 18.04 LTS It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228) Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2020-3898) Update Instructions: Run `sudo pro fix USN-4340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.8 libcups2-dev - 2.2.7-1ubuntu2.8 cups-bsd - 2.2.7-1ubuntu2.8 cups-common - 2.2.7-1ubuntu2.8 cups-core-drivers - 2.2.7-1ubuntu2.8 cups-server-common - 2.2.7-1ubuntu2.8 libcupsimage2 - 2.2.7-1ubuntu2.8 cups-client - 2.2.7-1ubuntu2.8 libcupsimage2-dev - 2.2.7-1ubuntu2.8 cups-ipp-utils - 2.2.7-1ubuntu2.8 libcups2 - 2.2.7-1ubuntu2.8 cups-ppdc - 2.2.7-1ubuntu2.8 libcupsppdc1 - 2.2.7-1ubuntu2.8 libcupsmime1 - 2.2.7-1ubuntu2.8 cups - 2.2.7-1ubuntu2.8 cups-daemon - 2.2.7-1ubuntu2.8 No subscription required Medium CVE-2019-2228 CVE-2020-3898 Ubuntu 18.04 LTS Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700) It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update Instructions: Run `sudo pro fix USN-4341-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 No subscription required Medium CVE-2020-10700 CVE-2020-10704 Ubuntu 18.04 LTS Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1016-oracle - 5.3.0-1016.18~18.04.1 No subscription required linux-image-5.3.0-1018-gcp - 5.3.0-1018.19~18.04.1 linux-image-5.3.0-1018-gke - 5.3.0-1018.19~18.04.1 No subscription required linux-image-5.3.0-1020-azure - 5.3.0-1020.21~18.04.1 No subscription required linux-image-5.3.0-1023-raspi2 - 5.3.0-1023.25~18.04.1 No subscription required linux-image-5.3.0-51-generic - 5.3.0-51.44~18.04.2 linux-image-5.3.0-51-lowlatency - 5.3.0-51.44~18.04.2 linux-image-5.3.0-51-generic-lpae - 5.3.0-51.44~18.04.2 No subscription required linux-image-oracle - 5.3.0.1016.17 linux-image-oracle-edge - 5.3.0.1016.17 No subscription required linux-image-gcp-edge - 5.3.0.1018.17 linux-image-gcp - 5.3.0.1018.17 No subscription required linux-image-gke-5.3 - 5.3.0.1018.8 No subscription required linux-image-azure - 5.3.0.1020.20 linux-image-azure-edge - 5.3.0.1020.20 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1023.12 No subscription required linux-image-generic-hwe-18.04 - 5.3.0.51.104 linux-image-snapdragon-hwe-18.04 - 5.3.0.51.104 linux-image-generic-lpae-hwe-18.04 - 5.3.0.51.104 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.51.104 linux-image-virtual-hwe-18.04 - 5.3.0.51.104 linux-image-lowlatency-hwe-18.04 - 5.3.0.51.104 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.51.104 linux-image-generic-hwe-18.04-edge - 5.3.0.51.104 linux-image-snapdragon-hwe-18.04-edge - 5.3.0.51.104 linux-image-virtual-hwe-18.04-edge - 5.3.0.51.104 No subscription required High CVE-2019-16234 CVE-2019-19768 CVE-2020-10942 CVE-2020-11884 CVE-2020-8648 CVE-2020-8992 CVE-2020-9383 Ubuntu 18.04 LTS It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). (CVE-2020-8992) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4344-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1035-gke - 5.0.0-1035.36 No subscription required linux-image-5.0.0-1050-oem-osp1 - 5.0.0-1050.55 No subscription required linux-image-gke-5.0 - 5.0.0.1035.23 No subscription required linux-image-oem-osp1 - 5.0.0.1050.53 No subscription required Medium CVE-2019-16234 CVE-2019-19051 CVE-2019-19768 CVE-2020-10942 CVE-2020-8648 CVE-2020-8992 CVE-2020-9383 Ubuntu 18.04 LTS Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-19768) It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). (CVE-2020-10942) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2020-8648) Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-9383) Update Instructions: Run `sudo pro fix USN-4345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1038-oracle - 4.15.0-1038.42 No subscription required linux-image-4.15.0-1058-gke - 4.15.0-1058.61 No subscription required linux-image-4.15.0-1059-kvm - 4.15.0-1059.60 No subscription required linux-image-4.15.0-1061-raspi2 - 4.15.0-1061.65 No subscription required linux-image-4.15.0-1066-aws - 4.15.0-1066.70 No subscription required linux-image-4.15.0-1077-snapdragon - 4.15.0-1077.84 No subscription required linux-image-4.15.0-1080-oem - 4.15.0-1080.90 No subscription required linux-image-4.15.0-99-generic-lpae - 4.15.0-99.100 linux-image-4.15.0-99-generic - 4.15.0-99.100 linux-image-4.15.0-99-lowlatency - 4.15.0-99.100 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1038.47 No subscription required linux-image-gke-4.15 - 4.15.0.1058.62 linux-image-gke - 4.15.0.1058.62 No subscription required linux-image-kvm - 4.15.0.1059.59 No subscription required linux-image-raspi2 - 4.15.0.1061.59 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1066.69 No subscription required linux-image-snapdragon - 4.15.0.1077.80 No subscription required linux-image-oem - 4.15.0.1080.84 No subscription required linux-image-generic-lpae - 4.15.0.99.89 linux-image-virtual-hwe-16.04-edge - 4.15.0.99.89 linux-image-lowlatency-hwe-16.04 - 4.15.0.99.89 linux-image-generic-hwe-16.04-edge - 4.15.0.99.89 linux-image-generic-lpae-hwe-16.04 - 4.15.0.99.89 linux-image-virtual - 4.15.0.99.89 linux-image-virtual-hwe-16.04 - 4.15.0.99.89 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.99.89 linux-image-generic - 4.15.0.99.89 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.99.89 linux-image-generic-hwe-16.04 - 4.15.0.99.89 linux-image-lowlatency - 4.15.0.99.89 No subscription required High CVE-2019-16234 CVE-2019-19768 CVE-2020-10942 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-11884 CVE-2020-8648 CVE-2020-9383 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4347-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.28.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.28.2-0ubuntu0.18.04.1 webkit2gtk-driver - 2.28.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.28.2-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.28.2-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.28.2-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-3899 Ubuntu 18.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update Instructions: Run `sudo pro fix USN-4348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.1 No subscription required Medium CVE-2018-0618 CVE-2018-13796 CVE-2020-12137 Ubuntu 18.04 LTS A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12180) A stack overflow was discovered in bmp. An unprivileged user could potentially enable denial of service or elevation of privilege via local access. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12181) It was discovered that memory was not cleared before free that could lead to potential password leak. (CVE-2019-14558) A memory leak was discovered in ArpOnFrameRcvdDpc. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14559) An integer overflow was discovered in MdeModulePkg/PiDxeS3BootScriptLib. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-14563) It was discovered that the affected version doesn't properly check whether an unsigned EFI file should be allowed or not. An attacker could possibly load unsafe content by bypassing the verification. (CVE-2019-14575) It was discovered that original configuration runtime memory is freed, but it is still exposed to the OS runtime. (CVE-2019-14586) A double-unmap was discovered in TRB creation. An attacker could use it to cause a denial of service or other unspecified impact. (CVE-2019-14587) Update Instructions: Run `sudo pro fix USN-4349-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-efi-arm - 0~20180205.c0d9813c-2ubuntu0.2 qemu-efi - 0~20180205.c0d9813c-2ubuntu0.2 qemu-efi-aarch64 - 0~20180205.c0d9813c-2ubuntu0.2 ovmf - 0~20180205.c0d9813c-2ubuntu0.2 No subscription required Medium CVE-2018-12178 CVE-2018-12180 CVE-2018-12181 CVE-2019-14558 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 CVE-2019-14586 CVE-2019-14587 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html https://www.oracle.com/security-alerts/cpuapr2020.html Update Instructions: Run `sudo pro fix USN-4350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.30-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.30-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.30-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.30-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.30-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.30-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.30-0ubuntu0.18.04.1 mysql-server - 5.7.30-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.30-0ubuntu0.18.04.1 mysql-testsuite - 5.7.30-0ubuntu0.18.04.1 libmysqld-dev - 5.7.30-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.30-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-2759 CVE-2020-2760 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 Ubuntu 18.04 LTS Eli Biham and Lior Neumann discovered that certain Bluetooth devices incorrectly validated key exchange parameters. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: scsi-firmware - 1.173.18 nic-firmware - 1.173.18 linux-firmware - 1.173.18 No subscription required Medium CVE-2018-5383 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.5 libldap-common - 2.4.45+dfsg-1ubuntu1.5 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.5 ldap-utils - 2.4.45+dfsg-1ubuntu1.5 libldap2-dev - 2.4.45+dfsg-1ubuntu1.5 slapd - 2.4.45+dfsg-1ubuntu1.5 No subscription required Medium CVE-2020-12243 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) Update Instructions: Run `sudo pro fix USN-4353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 76.0+build2-0ubuntu0.18.04.1 firefox - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 76.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 76.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 76.0+build2-0ubuntu0.18.04.1 firefox-dev - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 76.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 76.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-12387 CVE-2020-12390 CVE-2020-12391 CVE-2020-12392 CVE-2020-12394 CVE-2020-12395 CVE-2020-12396 CVE-2020-6831 Ubuntu 18.04 LTS USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) Update Instructions: Run `sudo pro fix USN-4353-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 76.0.1+build1-0ubuntu0.18.04.1 firefox - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 76.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 76.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 76.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 76.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 76.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1878251 Ubuntu 18.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update Instructions: Run `sudo pro fix USN-4354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.2 No subscription required Medium CVE-2020-12108 Ubuntu 18.04 LTS PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio. Update Instructions: Run `sudo pro fix USN-4355-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpulse0 - 1:11.1-1ubuntu7.7 pulseaudio-module-zeroconf - 1:11.1-1ubuntu7.7 pulseaudio-module-bluetooth - 1:11.1-1ubuntu7.7 libpulse-dev - 1:11.1-1ubuntu7.7 pulseaudio-utils - 1:11.1-1ubuntu7.7 pulseaudio-module-raop - 1:11.1-1ubuntu7.7 pulseaudio - 1:11.1-1ubuntu7.7 libpulsedsp - 1:11.1-1ubuntu7.7 pulseaudio-esound-compat - 1:11.1-1ubuntu7.7 pulseaudio-equalizer - 1:11.1-1ubuntu7.7 pulseaudio-module-gconf - 1:11.1-1ubuntu7.7 libpulse-mainloop-glib0 - 1:11.1-1ubuntu7.7 pulseaudio-module-lirc - 1:11.1-1ubuntu7.7 pulseaudio-module-jack - 1:11.1-1ubuntu7.7 No subscription required Medium CVE-2020-11931 https://launchpad.net/bugs/1877102 Ubuntu 18.04 LTS Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes (ESI) responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. (CVE-2019-12519, CVE-2019-12521) It was discovered that Squid incorrectly handled the hostname parameter to cachemgr.cgi when certain browsers are used. A remote attacker could possibly use this issue to inject HTML or invalid characters in the hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-18860) Clément Berthaux and Florian Guilbert discovered that Squid incorrectly handled Digest Authentication nonce values. A remote attacker could use this issue to replay nonce values, or possibly execute arbitrary code. (CVE-2020-11945) Update Instructions: Run `sudo pro fix USN-4356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.6 squid - 3.5.27-1ubuntu1.6 squid-cgi - 3.5.27-1ubuntu1.6 squid-purge - 3.5.27-1ubuntu1.6 squidclient - 3.5.27-1ubuntu1.6 squid3 - 3.5.27-1ubuntu1.6 No subscription required Medium CVE-2019-12519 CVE-2019-12521 CVE-2019-18860 CVE-2020-11945 Ubuntu 18.04 LTS It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iproute2 - 4.15.0-2ubuntu1.1 iproute2-doc - 4.15.0-2ubuntu1.1 No subscription required Medium CVE-2019-20795 Ubuntu 18.04 LTS It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767) Update Instructions: Run `sudo pro fix USN-4358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-doc - 0.6.21-4ubuntu0.2 libexif-dev - 0.6.21-4ubuntu0.2 libexif12 - 0.6.21-4ubuntu0.2 No subscription required Medium CVE-2018-20030 CVE-2020-12767 Ubuntu 18.04 LTS It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Update Instructions: Run `sudo pro fix USN-4359-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.6.12ubuntu0.1 apt-transport-https - 1.6.12ubuntu0.1 libapt-pkg5.0 - 1.6.12ubuntu0.1 libapt-pkg-doc - 1.6.12ubuntu0.1 apt - 1.6.12ubuntu0.1 apt-utils - 1.6.12ubuntu0.1 libapt-inst2.0 - 1.6.12ubuntu0.1 libapt-pkg-dev - 1.6.12ubuntu0.1 No subscription required Medium CVE-2020-3810 Ubuntu 18.04 LTS It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c3 - 0.12.1-1.3ubuntu0.1 libjson-c3-udeb - 0.12.1-1.3ubuntu0.1 libjson-c-doc - 0.12.1-1.3ubuntu0.1 libjson-c-dev - 0.12.1-1.3ubuntu0.1 No subscription required Medium CVE-2020-12762 Ubuntu 18.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c3 - 0.12.1-1.3ubuntu0.2 libjson-c3-udeb - 0.12.1-1.3ubuntu0.2 libjson-c-doc - 0.12.1-1.3ubuntu0.2 libjson-c-dev - 0.12.1-1.3ubuntu0.2 No subscription required None https://launchpad.net/bugs/1878723 Ubuntu 18.04 LTS USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4360-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-c3 - 0.12.1-1.3ubuntu0.3 libjson-c3-udeb - 0.12.1-1.3ubuntu0.3 libjson-c-doc - 0.12.1-1.3ubuntu0.3 libjson-c-dev - 0.12.1-1.3ubuntu0.3 No subscription required Medium CVE-2020-12762 Ubuntu 18.04 LTS It was discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10726) Update Instructions: Run `sudo pro fix USN-4362-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librte-pmd-thunderx-nicvf17.11 - 17.11.9-0ubuntu18.04.2 dpdk-igb-uio-dkms - 17.11.9-0ubuntu18.04.2 librte-pmd-softnic17.11 - 17.11.9-0ubuntu18.04.2 librte-timer17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-af-packet17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-sw-event17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-fm10k17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-bond17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-vmxnet3-uio17.11 - 17.11.9-0ubuntu18.04.2 librte-flow-classify17.11 - 17.11.9-0ubuntu18.04.2 librte-ring17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-sfc-efx17.11 - 17.11.9-0ubuntu18.04.2 librte-bus-pci17.11 - 17.11.9-0ubuntu18.04.2 dpdk-doc - 17.11.9-0ubuntu18.04.2 librte-distributor17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-vhost17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-null-crypto17.11 - 17.11.9-0ubuntu18.04.2 librte-net17.11 - 17.11.9-0ubuntu18.04.2 librte-ip-frag17.11 - 17.11.9-0ubuntu18.04.2 librte-lpm17.11 - 17.11.9-0ubuntu18.04.2 librte-vhost17.11 - 17.11.9-0ubuntu18.04.2 dpdk-dev - 17.11.9-0ubuntu18.04.2 librte-mbuf17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-e1000-17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-nfp17.11 - 17.11.9-0ubuntu18.04.2 librte-mempool-octeontx17.11 - 17.11.9-0ubuntu18.04.2 librte-latencystats17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-avp17.11 - 17.11.9-0ubuntu18.04.2 dpdk-rte-kni-dkms - 17.11.9-0ubuntu18.04.2 librte-gro17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-crypto-scheduler17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-ixgbe17.11 - 17.11.9-0ubuntu18.04.2 librte-cryptodev17.11 - 17.11.9-0ubuntu18.04.2 librte-cmdline17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-lio17.11 - 17.11.9-0ubuntu18.04.2 librte-bus-vdev17.11 - 17.11.9-0ubuntu18.04.2 librte-pdump17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-skeleton-event17.11 - 17.11.9-0ubuntu18.04.2 librte-table17.11 - 17.11.9-0ubuntu18.04.2 librte-gso17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-i40e17.11 - 17.11.9-0ubuntu18.04.2 librte-eventdev17.11 - 17.11.9-0ubuntu18.04.2 librte-kvargs17.11 - 17.11.9-0ubuntu18.04.2 librte-mempool-stack17.11 - 17.11.9-0ubuntu18.04.2 librte-metrics17.11 - 17.11.9-0ubuntu18.04.2 librte-jobstats17.11 - 17.11.9-0ubuntu18.04.2 librte-kni17.11 - 17.11.9-0ubuntu18.04.2 librte-eal17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-octeontx17.11 - 17.11.9-0ubuntu18.04.2 librte-sched17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-enic17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-mlx5-17.11 - 17.11.9-0ubuntu18.04.2 librte-pci17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-octeontx-ssovf17.11 - 17.11.9-0ubuntu18.04.2 librte-bitratestats17.11 - 17.11.9-0ubuntu18.04.2 librte-security17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-null17.11 - 17.11.9-0ubuntu18.04.2 librte-hash17.11 - 17.11.9-0ubuntu18.04.2 librte-member17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-tap17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-pcap17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-mlx4-17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-ark17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-bnxt17.11 - 17.11.9-0ubuntu18.04.2 librte-meter17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-virtio17.11 - 17.11.9-0ubuntu18.04.2 librte-power17.11 - 17.11.9-0ubuntu18.04.2 librte-port17.11 - 17.11.9-0ubuntu18.04.2 librte-mempool17.11 - 17.11.9-0ubuntu18.04.2 librte-cfgfile17.11 - 17.11.9-0ubuntu18.04.2 librte-efd17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-cxgbe17.11 - 17.11.9-0ubuntu18.04.2 dpdk - 17.11.9-0ubuntu18.04.2 librte-pipeline17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-qede17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-failsafe17.11 - 17.11.9-0ubuntu18.04.2 librte-reorder17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-kni17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-ena17.11 - 17.11.9-0ubuntu18.04.2 librte-mempool-ring17.11 - 17.11.9-0ubuntu18.04.2 librte-ethdev17.11 - 17.11.9-0ubuntu18.04.2 librte-pmd-ring17.11 - 17.11.9-0ubuntu18.04.2 librte-acl17.11 - 17.11.9-0ubuntu18.04.2 libdpdk-dev - 17.11.9-0ubuntu18.04.2 No subscription required Medium CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 Ubuntu 18.04 LTS It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) David Gibson discovered that the Linux kernel on Power9 CPUs did not properly save and restore Authority Mask registers state in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2020-11669) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657) Update Instructions: Run `sudo pro fix USN-4363-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-101-lowlatency - 4.15.0-101.102 linux-image-4.15.0-101-generic - 4.15.0-101.102 linux-image-4.15.0-101-generic-lpae - 4.15.0-101.102 No subscription required linux-image-4.15.0-1039-oracle - 4.15.0-1039.43 No subscription required linux-image-4.15.0-1059-gke - 4.15.0-1059.62 No subscription required linux-image-4.15.0-1060-kvm - 4.15.0-1060.61 No subscription required linux-image-4.15.0-1062-raspi2 - 4.15.0-1062.66 No subscription required linux-image-4.15.0-1067-aws - 4.15.0-1067.71 No subscription required linux-image-4.15.0-1079-snapdragon - 4.15.0-1079.86 No subscription required linux-image-4.15.0-1081-oem - 4.15.0-1081.91 No subscription required linux-image-4.15.0-1083-azure - 4.15.0-1083.93 No subscription required linux-image-virtual - 4.15.0.101.91 linux-image-virtual-hwe-16.04-edge - 4.15.0.101.91 linux-image-generic-hwe-16.04 - 4.15.0.101.91 linux-image-generic-hwe-16.04-edge - 4.15.0.101.91 linux-image-generic-lpae-hwe-16.04 - 4.15.0.101.91 linux-image-virtual-hwe-16.04 - 4.15.0.101.91 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.101.91 linux-image-generic - 4.15.0.101.91 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.101.91 linux-image-generic-lpae - 4.15.0.101.91 linux-image-lowlatency-hwe-16.04 - 4.15.0.101.91 linux-image-lowlatency - 4.15.0.101.91 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1039.48 No subscription required linux-image-gke-4.15 - 4.15.0.1059.63 linux-image-gke - 4.15.0.1059.63 No subscription required linux-image-kvm - 4.15.0.1060.60 No subscription required linux-image-raspi2 - 4.15.0.1062.60 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1067.70 No subscription required linux-image-snapdragon - 4.15.0.1079.82 No subscription required linux-image-oem - 4.15.0.1081.85 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1083.54 No subscription required Medium CVE-2020-11494 CVE-2020-11565 CVE-2020-11669 CVE-2020-12657 Ubuntu 18.04 LTS Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update Instructions: Run `sudo pro fix USN-4365-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.12 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.12 libisc169 - 1:9.11.3+dfsg-1ubuntu1.12 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.12 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.12 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.12 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.12 bind9 - 1:9.11.3+dfsg-1ubuntu1.12 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.12 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.12 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.12 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.12 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.12 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.12 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.12 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.12 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.12 bind9-host - 1:9.11.3+dfsg-1ubuntu1.12 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.12 dnsutils - 1:9.11.3+dfsg-1ubuntu1.12 bind9utils - 1:9.11.3+dfsg-1ubuntu1.12 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.12 libirs160 - 1:9.11.3+dfsg-1ubuntu1.12 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.12 No subscription required Medium CVE-2020-8616 CVE-2020-8617 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain inputs. An remote attacker could possibly use this issue to access sensitive information or authentication bypass. Update Instructions: Run `sudo pro fix USN-4366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.5 eximon4 - 4.90.1-1ubuntu1.5 exim4 - 4.90.1-1ubuntu1.5 exim4-daemon-light - 4.90.1-1ubuntu1.5 exim4-config - 4.90.1-1ubuntu1.5 exim4-daemon-heavy - 4.90.1-1ubuntu1.5 exim4-base - 4.90.1-1ubuntu1.5 No subscription required Medium CVE-2020-12783 Ubuntu 18.04 LTS Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. (CVE-2019-19769) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) David Gibson discovered that the Linux kernel on Power9 CPUs did not properly save and restore Authority Mask registers state in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2020-11669) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657) Update Instructions: Run `sudo pro fix USN-4368-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1037-gke - 5.0.0-1037.38 No subscription required linux-image-5.0.0-1052-oem-osp1 - 5.0.0-1052.57 No subscription required linux-image-gke-5.0 - 5.0.0.1037.25 No subscription required linux-image-oem-osp1 - 5.0.0.1052.55 No subscription required Medium CVE-2019-19769 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-11669 CVE-2020-12657 Ubuntu 18.04 LTS It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. (CVE-2019-19769) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657) Update Instructions: Run `sudo pro fix USN-4369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1018-oracle - 5.3.0-1018.20~18.04.1 No subscription required linux-image-5.3.0-1019-aws - 5.3.0-1019.21~18.04.1 No subscription required linux-image-5.3.0-1020-gcp - 5.3.0-1020.22~18.04.1 linux-image-5.3.0-1020-gke - 5.3.0-1020.22~18.04.1 No subscription required linux-image-5.3.0-1022-azure - 5.3.0-1022.23~18.04.1 No subscription required linux-image-5.3.0-53-generic - 5.3.0-53.47~18.04.1 linux-image-5.3.0-53-lowlatency - 5.3.0-53.47~18.04.1 linux-image-5.3.0-53-generic-lpae - 5.3.0-53.47~18.04.1 No subscription required linux-image-oracle - 5.3.0.1018.19 linux-image-oracle-edge - 5.3.0.1018.19 No subscription required linux-image-aws-edge - 5.3.0.1019.20 linux-image-aws - 5.3.0.1019.20 No subscription required linux-image-gke-5.3 - 5.3.0.1020.10 No subscription required linux-image-gcp-edge - 5.3.0.1020.19 linux-image-gcp - 5.3.0.1020.19 No subscription required linux-image-azure - 5.3.0.1022.22 linux-image-azure-edge - 5.3.0.1022.22 No subscription required linux-image-gkeop-5.3 - 5.3.0.53.109 linux-image-generic-hwe-18.04 - 5.3.0.53.109 linux-image-snapdragon-hwe-18.04 - 5.3.0.53.109 linux-image-generic-lpae-hwe-18.04 - 5.3.0.53.109 linux-image-generic-lpae-hwe-18.04-edge - 5.3.0.53.109 linux-image-virtual-hwe-18.04 - 5.3.0.53.109 linux-image-lowlatency-hwe-18.04 - 5.3.0.53.109 linux-image-lowlatency-hwe-18.04-edge - 5.3.0.53.109 linux-image-generic-hwe-18.04-edge - 5.3.0.53.109 linux-image-snapdragon-hwe-18.04-edge - 5.3.0.53.109 linux-image-virtual-hwe-18.04-edge - 5.3.0.53.109 No subscription required Medium CVE-2019-19377 CVE-2019-19769 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12657 CVE-2020-12826 Ubuntu 18.04 LTS USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. (CVE-2019-19769) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-11494) It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). (CVE-2020-11565) It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11608) It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11609) It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-11668) It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-12657) Update Instructions: Run `sudo pro fix USN-4369-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1026-raspi2 - 5.3.0-1026.28~18.04.1 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1026.15 No subscription required None https://launchpad.net/bugs/1879690 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled parsing PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3341) Update Instructions: Run `sudo pro fix USN-4370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-base - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.102.3+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.102.3+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.102.3+dfsg-0ubuntu0.18.04.1 clamdscan - 0.102.3+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-3327 CVE-2020-3341 Ubuntu 18.04 LTS It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2020-10703) It was discovered that libvirt incorrectly handled memory when retrieving certain domain statistics. A remote attacker could possibly use this issue to cause libvirt to consume resources, resulting in a denial of service. This issue only affected Ubuntu 19.10. (CVE-2020-12430) Update Instructions: Run `sudo pro fix USN-4371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.17 libvirt-dev - 4.0.0-1ubuntu8.17 libnss-libvirt - 4.0.0-1ubuntu8.17 libvirt-daemon - 4.0.0-1ubuntu8.17 libvirt-sanlock - 4.0.0-1ubuntu8.17 libvirt-wireshark - 4.0.0-1ubuntu8.17 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.17 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.17 libvirt-doc - 4.0.0-1ubuntu8.17 libvirt-daemon-system - 4.0.0-1ubuntu8.17 libvirt-clients - 4.0.0-1ubuntu8.17 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.17 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.17 libvirt-bin - 4.0.0-1ubuntu8.17 No subscription required Medium CVE-2020-10703 CVE-2020-12430 Ubuntu 18.04 LTS It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. (CVE-2019-15034) It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-20382) It was discovered that QEMU incorrectly generated QEMU Pointer Authentication signatures on ARM. A local attacker could possibly use this issue to bypass PAuth. This issue only affected Ubuntu 19.10. (CVE-2020-10702) Ziming Zhang discovered that QEMU incorrectly handled ATI VGA emulation. A local attacker in a guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11869) Aviv Sasson discovered that QEMU incorrectly handled Slirp networking. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2020-1983) Update Instructions: Run `sudo pro fix USN-4372-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.26 qemu-user-static - 1:2.11+dfsg-1ubuntu7.26 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.26 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.26 qemu-kvm - 1:2.11+dfsg-1ubuntu7.26 qemu-user - 1:2.11+dfsg-1ubuntu7.26 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.26 qemu-system - 1:2.11+dfsg-1ubuntu7.26 qemu-utils - 1:2.11+dfsg-1ubuntu7.26 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.26 qemu - 1:2.11+dfsg-1ubuntu7.26 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.26 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.26 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.26 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.26 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.26 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.26 No subscription required Medium CVE-2019-15034 CVE-2019-20382 CVE-2020-10702 CVE-2020-11869 CVE-2020-1983 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not properly escape the HTTP POST data of a request. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392) It was discovered that Thunderbird did not correctly handle Unicode whitespace characters within the From email header. An attacker could potentially exploit this to spoof the sender email address that Thunderbird displays. (CVE-2020-12397) Update Instructions: Run `sudo pro fix USN-4373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-br - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-bn - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-be - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-bg - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ja - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sl - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sk - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-si - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-gnome-support - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sv - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sr - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sq - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-hsb - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-cy - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-cs - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-en - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ca - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pt-br - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pa - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ka - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ko - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-kk - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-kab - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pl - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-zh-tw - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pt - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-nn-no - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-nb-no - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-bn-bd - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-lt - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-en-gb - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-uz - 1:68.8.0+build2-0ubuntu0.18.04.2 xul-ext-calendar-timezones - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-de - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-da - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-uk - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-dev - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-el - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-en-us - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-rm - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ms - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ro - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-eu - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-et - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-zh-hant - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-zh-hans - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ru - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-es - 1:68.8.0+build2-0ubuntu0.18.04.2 xul-ext-gdata-provider - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-fr - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-es-es - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ta-lk - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-fy - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-fi - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ast - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-nl - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-nn - 1:68.8.0+build2-0ubuntu0.18.04.2 xul-ext-lightning - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ga-ie - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-fy-nl - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-nb - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-mozsymbols - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-zh-cn - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-gl - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ga - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-tr - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-gd - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ta - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-dsb - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-vi - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-hy - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-sv-se - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-hr - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-hu - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pa-in - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-he - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-ar - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-af - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-pt-pt - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-cak - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-is - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-it - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-mk - 1:68.8.0+build2-0ubuntu0.18.04.2 thunderbird-locale-id - 1:68.8.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 Ubuntu 18.04 LTS Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target. (CVE-2020-12662) It was discovered that Unbound incorrectly handled certain malformed answers. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2020-12663) Update Instructions: Run `sudo pro fix USN-4374-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.6.7-1ubuntu2.3 unbound - 1.6.7-1ubuntu2.3 python3-unbound - 1.6.7-1ubuntu2.3 python-unbound - 1.6.7-1ubuntu2.3 unbound-anchor - 1.6.7-1ubuntu2.3 unbound-host - 1.6.7-1ubuntu2.3 libunbound-dev - 1.6.7-1ubuntu2.3 No subscription required Medium CVE-2020-12662 CVE-2020-12663 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.6 php7.2-enchant - 7.2.24-0ubuntu0.18.04.6 php7.2-ldap - 7.2.24-0ubuntu0.18.04.6 php7.2-fpm - 7.2.24-0ubuntu0.18.04.6 php7.2-recode - 7.2.24-0ubuntu0.18.04.6 php7.2-cli - 7.2.24-0ubuntu0.18.04.6 php7.2-json - 7.2.24-0ubuntu0.18.04.6 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.6 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.6 php7.2 - 7.2.24-0ubuntu0.18.04.6 php7.2-pspell - 7.2.24-0ubuntu0.18.04.6 php7.2-dev - 7.2.24-0ubuntu0.18.04.6 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.6 php7.2-gmp - 7.2.24-0ubuntu0.18.04.6 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.6 php7.2-opcache - 7.2.24-0ubuntu0.18.04.6 php7.2-gd - 7.2.24-0ubuntu0.18.04.6 php7.2-soap - 7.2.24-0ubuntu0.18.04.6 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.6 php7.2-intl - 7.2.24-0ubuntu0.18.04.6 php7.2-odbc - 7.2.24-0ubuntu0.18.04.6 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.6 php7.2-tidy - 7.2.24-0ubuntu0.18.04.6 php7.2-imap - 7.2.24-0ubuntu0.18.04.6 php7.2-readline - 7.2.24-0ubuntu0.18.04.6 php7.2-mysql - 7.2.24-0ubuntu0.18.04.6 php7.2-dba - 7.2.24-0ubuntu0.18.04.6 php7.2-xml - 7.2.24-0ubuntu0.18.04.6 php7.2-interbase - 7.2.24-0ubuntu0.18.04.6 php7.2-xsl - 7.2.24-0ubuntu0.18.04.6 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.6 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.6 php7.2-sybase - 7.2.24-0ubuntu0.18.04.6 php7.2-curl - 7.2.24-0ubuntu0.18.04.6 php7.2-common - 7.2.24-0ubuntu0.18.04.6 php7.2-cgi - 7.2.24-0ubuntu0.18.04.6 php7.2-snmp - 7.2.24-0ubuntu0.18.04.6 php7.2-zip - 7.2.24-0ubuntu0.18.04.6 No subscription required Medium CVE-2019-11048 Ubuntu 18.04 LTS Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2019-1563) Update Instructions: Run `sudo pro fix USN-4376-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcrypto1.1-udeb - 1.1.1-1ubuntu2.1~18.04.6 libssl-dev - 1.1.1-1ubuntu2.1~18.04.6 openssl - 1.1.1-1ubuntu2.1~18.04.6 libssl-doc - 1.1.1-1ubuntu2.1~18.04.6 libssl1.1-udeb - 1.1.1-1ubuntu2.1~18.04.6 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.6 No subscription required Low CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 Ubuntu 18.04 LTS The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package. Update Instructions: Run `sudo pro fix USN-4377-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20190110~18.04.1 ca-certificates - 20190110~18.04.1 No subscription required None https://launchpad.net/bugs/1881533 Ubuntu 18.04 LTS It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4378-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-flask-doc - 0.12.2-3ubuntu0.1 python-flask - 0.12.2-3ubuntu0.1 python3-flask - 0.12.2-3ubuntu0.1 No subscription required Low CVE-2018-1000656 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Update Instructions: Run `sudo pro fix USN-4379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 freerdp2-shadow-x11 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 freerdp2-dev - 2.1.1+dfsg1-0ubuntu0.18.04.1 freerdp2-wayland - 2.1.1+dfsg1-0ubuntu0.18.04.1 libwinpr2-dev - 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp-shadow2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libuwac0-0 - 2.1.1+dfsg1-0ubuntu0.18.04.1 freerdp2-x11 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libwinpr2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libwinpr-tools2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libuwac0-dev - 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp-shadow-subsystem2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp-client2-2 - 2.1.1+dfsg1-0ubuntu0.18.04.1 winpr-utils - 2.1.1+dfsg1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-1000852 CVE-2019-17177 CVE-2020-11042 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 Ubuntu 18.04 LTS Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. (CVE-2020-13254) Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks. (CVE-2020-13596) Update Instructions: Run `sudo pro fix USN-4381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.9 python-django-doc - 1:1.11.11-1ubuntu1.9 python-django-common - 1:1.11.11-1ubuntu1.9 python-django - 1:1.11.11-1ubuntu1.9 No subscription required Medium CVE-2020-13254 CVE-2020-13596 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4382-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-common1.1.0 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-dev - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-crt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-primitives1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-pool0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-library0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-io0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-core1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-locale1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-gdi1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-winhttp0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-synch0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-sysinfo0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-codec1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-rpc0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-dev - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-environment0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-cache1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-crypto0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-sspi0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-utils1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-credui0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 freerdp-x11 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-heap0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-rail1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-thread0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-asn1-0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-bcrypt0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libxfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-file0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-handle0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-interlocked0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-sspicli0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-utils0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-path0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-error0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-dsparse0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-plugins-standard - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-timezone0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libfreerdp-crypto1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-winsock0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-pipe0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-credentials0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-registry0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 libwinpr-input0.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 No subscription required Medium CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) Update Instructions: Run `sudo pro fix USN-4383-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 77.0.1+build1-0ubuntu0.18.04.1 firefox - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 77.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 77.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 77.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 77.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 77.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12407 CVE-2020-12408 CVE-2020-12409 CVE-2020-12410 CVE-2020-12411 Ubuntu 18.04 LTS It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.18.04.0 No subscription required Medium CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 18.04 LTS USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549) Update Instructions: Run `sudo pro fix USN-4385-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20200609.0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1882890 https://launchpad.net/bugs/1883002 Ubuntu 18.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information. Update Instructions: Run `sudo pro fix USN-4386-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libturbojpeg0-dev - 1.5.2-0ubuntu5.18.04.4 libjpeg-turbo8-dev - 1.5.2-0ubuntu5.18.04.4 libjpeg-turbo-progs - 1.5.2-0ubuntu5.18.04.4 libturbojpeg - 1.5.2-0ubuntu5.18.04.4 libjpeg-turbo8 - 1.5.2-0ubuntu5.18.04.4 libjpeg-turbo-test - 1.5.2-0ubuntu5.18.04.4 No subscription required Medium CVE-2020-13790 Ubuntu 18.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) Bui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12659) Update Instructions: Run `sudo pro fix USN-4387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1023-aws - 5.3.0-1023.25~18.04.1 No subscription required linux-image-5.3.0-1024-oracle - 5.3.0-1024.26~18.04.1 No subscription required linux-image-5.3.0-1026-gke - 5.3.0-1026.28~18.04.1 linux-image-5.3.0-1026-raspi2 - 5.3.0-1026.28~18.04.1 linux-image-5.3.0-1026-gcp - 5.3.0-1026.28~18.04.1 No subscription required linux-image-5.3.0-1028-azure - 5.3.0-1028.29~18.04.1 No subscription required linux-image-5.3.0-59-generic - 5.3.0-59.53~18.04.1 linux-image-5.3.0-59-generic-lpae - 5.3.0-59.53~18.04.1 linux-image-5.3.0-59-lowlatency - 5.3.0-59.53~18.04.1 No subscription required linux-image-aws-edge - 5.3.0.1023.23 linux-image-aws - 5.3.0.1023.23 No subscription required linux-image-oracle - 5.3.0.1024.22 linux-image-oracle-edge - 5.3.0.1024.22 No subscription required linux-image-gke-5.3 - 5.3.0.1026.13 No subscription required linux-image-gcp-edge - 5.3.0.1026.21 linux-image-gcp - 5.3.0.1026.21 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1027.16 No subscription required linux-image-azure - 5.3.0.1028.25 linux-image-azure-edge - 5.3.0.1028.25 No subscription required linux-image-gkeop-5.3 - 5.3.0.59.113 linux-image-generic-hwe-18.04 - 5.3.0.59.113 linux-image-snapdragon-hwe-18.04 - 5.3.0.59.113 linux-image-generic-lpae-hwe-18.04 - 5.3.0.59.113 linux-image-virtual-hwe-18.04 - 5.3.0.59.113 linux-image-lowlatency-hwe-18.04 - 5.3.0.59.113 No subscription required Medium CVE-2020-0067 CVE-2020-0543 CVE-2020-12114 CVE-2020-12464 CVE-2020-12659 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 18.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) Bui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12659) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Update Instructions: Run `sudo pro fix USN-4388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1042-gke - 5.0.0-1042.43 No subscription required linux-image-5.0.0-1059-oem-osp1 - 5.0.0-1059.64 No subscription required linux-image-gke-5.0 - 5.0.0.1042.27 No subscription required linux-image-oem-osp1 - 5.0.0.1059.58 No subscription required Medium CVE-2020-0067 CVE-2020-0543 CVE-2020-12114 CVE-2020-12464 CVE-2020-12659 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 18.04 LTS It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12464) Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. (CVE-2020-1749) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) Update Instructions: Run `sudo pro fix USN-4390-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1045-oracle - 4.15.0-1045.49 No subscription required linux-image-4.15.0-106-lowlatency - 4.15.0-106.107 linux-image-4.15.0-106-generic - 4.15.0-106.107 linux-image-4.15.0-106-generic-lpae - 4.15.0-106.107 No subscription required linux-image-4.15.0-1063-gke - 4.15.0-1063.66 No subscription required linux-image-4.15.0-1063-raspi2 - 4.15.0-1063.67 No subscription required linux-image-4.15.0-1067-kvm - 4.15.0-1067.68 No subscription required linux-image-4.15.0-1073-aws - 4.15.0-1073.77 No subscription required linux-image-4.15.0-1080-snapdragon - 4.15.0-1080.87 No subscription required linux-image-4.15.0-1087-oem - 4.15.0-1087.97 No subscription required linux-image-4.15.0-1089-azure - 4.15.0-1089.99 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1045.54 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.106.94 linux-image-generic-hwe-16.04 - 4.15.0.106.94 linux-image-generic-hwe-16.04-edge - 4.15.0.106.94 linux-image-generic-lpae-hwe-16.04 - 4.15.0.106.94 linux-image-virtual - 4.15.0.106.94 linux-image-virtual-hwe-16.04 - 4.15.0.106.94 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.106.94 linux-image-generic - 4.15.0.106.94 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.106.94 linux-image-generic-lpae - 4.15.0.106.94 linux-image-lowlatency-hwe-16.04 - 4.15.0.106.94 linux-image-lowlatency - 4.15.0.106.94 No subscription required linux-image-raspi2 - 4.15.0.1063.61 No subscription required linux-image-gke-4.15 - 4.15.0.1063.65 linux-image-gke - 4.15.0.1063.65 No subscription required linux-image-kvm - 4.15.0.1067.63 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1073.76 No subscription required linux-image-snapdragon - 4.15.0.1080.83 No subscription required linux-image-oem - 4.15.0.1087.91 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1089.60 No subscription required Medium CVE-2020-0067 CVE-2020-0543 CVE-2020-10751 CVE-2020-12114 CVE-2020-12464 CVE-2020-1749 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19603) It was discovered that SQLite incorrectly handled certain self-referential views. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10. (CVE-2019-19645) Henry Liu discovered that SQLite incorrectly handled certain malformed window-function queries. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-11655) It was discovered that SQLite incorrectly handled certain string operations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13434) It was discovered that SQLite incorrectly handled certain expressions. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13435) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13630) It was discovered that SQLite incorrectly handled certain virtual table names. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-13631) It was discovered that SQLite incorrectly handled certain fts3 queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-13632) Update Instructions: Run `sudo pro fix USN-4394-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.4 sqlite3-doc - 3.22.0-1ubuntu0.4 libsqlite3-0 - 3.22.0-1ubuntu0.4 libsqlite3-tcl - 3.22.0-1ubuntu0.4 sqlite3 - 3.22.0-1ubuntu0.4 libsqlite3-dev - 3.22.0-1ubuntu0.4 No subscription required Medium CVE-2018-8740 CVE-2019-19603 CVE-2019-19645 CVE-2020-11655 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 Ubuntu 18.04 LTS Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware. Update Instructions: Run `sudo pro fix USN-4395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fwupd-amd64-signed-template - 1.2.10-1ubuntu2~ubuntu18.04.5 libfwupd-dev - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd-armhf-signed-template - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd-i386-signed-template - 1.2.10-1ubuntu2~ubuntu18.04.5 gir1.2-fwupd-2.0 - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd-tests - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd-doc - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd-arm64-signed-template - 1.2.10-1ubuntu2~ubuntu18.04.5 fwupd - 1.2.10-1ubuntu2~ubuntu18.04.5 libfwupd2 - 1.2.10-1ubuntu2~ubuntu18.04.5 No subscription required Medium CVE-2020-10759 Ubuntu 18.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-0093, CVE-2020-0182) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote denial of service. (CVE-2020-0198) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2020-13112) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-13113) It was discovered libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-13114) Update Instructions: Run `sudo pro fix USN-4396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-doc - 0.6.21-4ubuntu0.5 libexif-dev - 0.6.21-4ubuntu0.5 libexif12 - 0.6.21-4ubuntu0.5 No subscription required Medium CVE-2020-0093 CVE-2020-0182 CVE-2020-0198 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023) Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399) Update Instructions: Run `sudo pro fix USN-4397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.8 libnss3 - 2:3.35-2ubuntu2.8 libnss3-tools - 2:3.35-2ubuntu2.8 No subscription required Medium CVE-2019-17023 CVE-2020-12399 Ubuntu 18.04 LTS Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.12.2-1ubuntu1.2 dbus - 1.12.2-1ubuntu1.2 libdbus-1-dev - 1.12.2-1ubuntu1.2 dbus-udeb - 1.12.2-1ubuntu1.2 dbus-user-session - 1.12.2-1ubuntu1.2 libdbus-1-3-udeb - 1.12.2-1ubuntu1.2 dbus-x11 - 1.12.2-1ubuntu1.2 dbus-tests - 1.12.2-1ubuntu1.2 libdbus-1-3 - 1.12.2-1ubuntu1.2 No subscription required Medium CVE-2020-12049 Ubuntu 18.04 LTS It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nfs-kernel-server - 1:1.3.4-2.1ubuntu5.3 nfs-common - 1:1.3.4-2.1ubuntu5.3 No subscription required Low CVE-2019-3689 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14093) It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the user rejects an expired intermediate certificate. (CVE-2020-14154) Update Instructions: Run `sudo pro fix USN-4401-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.2 No subscription required Medium CVE-2020-14093 CVE-2020-14154 Ubuntu 18.04 LTS Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169) It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177) Update Instructions: Run `sudo pro fix USN-4402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.9 libcurl4-openssl-dev - 7.58.0-2ubuntu3.9 libcurl3-gnutls - 7.58.0-2ubuntu3.9 libcurl4-doc - 7.58.0-2ubuntu3.9 libcurl3-nss - 7.58.0-2ubuntu3.9 libcurl4-nss-dev - 7.58.0-2ubuntu3.9 libcurl4 - 7.58.0-2ubuntu3.9 curl - 7.58.0-2ubuntu3.9 No subscription required Medium CVE-2020-8169 CVE-2020-8177 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. (CVE-2020-14954) This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. Update Instructions: Run `sudo pro fix USN-4403-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.3 No subscription required Medium CVE-2020-14954 https://launchpad.net/bugs/1884588 Ubuntu 18.04 LTS Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-5963) It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. (CVE-2020-5967) It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An attacker could use this to cause a denial of service. (CVE-2020-5973) Update Instructions: Run `sudo pro fix USN-4404-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnvidia-common-390 - 390.138-0ubuntu0.18.04.1 nvidia-384 - 390.138-0ubuntu0.18.04.1 nvidia-compute-utils-390 - 390.138-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.138-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.138-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.138-0ubuntu0.18.04.1 nvidia-driver-390 - 390.138-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.138-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.138-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.138-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.138-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.138-0ubuntu0.18.04.1 nvidia-384-dev - 390.138-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.138-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.138-0ubuntu0.18.04.1 nvidia-headless-390 - 390.138-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.138-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.138-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.138-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.138-0ubuntu0.18.04.1 libcuda1-384 - 390.138-0ubuntu0.18.04.1 nvidia-utils-390 - 390.138-0ubuntu0.18.04.1 No subscription required xserver-xorg-video-nvidia-440 - 440.100-0ubuntu0.18.04.1 nvidia-kernel-common-440 - 440.100-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440 - 440.100-0ubuntu0.18.04.1 libnvidia-decode-440 - 440.100-0ubuntu0.18.04.1 libnvidia-gl-430 - 440.100-0ubuntu0.18.04.1 libnvidia-common-440 - 440.100-0ubuntu0.18.04.1 nvidia-kernel-source-430 - 440.100-0ubuntu0.18.04.1 libnvidia-encode-440 - 440.100-0ubuntu0.18.04.1 nvidia-dkms-440 - 440.100-0ubuntu0.18.04.1 libnvidia-cfg1-430 - 440.100-0ubuntu0.18.04.1 nvidia-compute-utils-430 - 440.100-0ubuntu0.18.04.1 nvidia-utils-430 - 440.100-0ubuntu0.18.04.1 libnvidia-encode-430 - 440.100-0ubuntu0.18.04.1 nvidia-headless-440 - 440.100-0ubuntu0.18.04.1 libnvidia-extra-440 - 440.100-0ubuntu0.18.04.1 libnvidia-compute-440 - 440.100-0ubuntu0.18.04.1 nvidia-kernel-common-430 - 440.100-0ubuntu0.18.04.1 nvidia-utils-440 - 440.100-0ubuntu0.18.04.1 nvidia-driver-440 - 440.100-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-430 - 440.100-0ubuntu0.18.04.1 nvidia-driver-430 - 440.100-0ubuntu0.18.04.1 libnvidia-common-430 - 440.100-0ubuntu0.18.04.1 libnvidia-decode-430 - 440.100-0ubuntu0.18.04.1 libnvidia-ifr1-440 - 440.100-0ubuntu0.18.04.1 libnvidia-fbc1-430 - 440.100-0ubuntu0.18.04.1 libnvidia-cfg1-440 - 440.100-0ubuntu0.18.04.1 nvidia-headless-no-dkms-430 - 440.100-0ubuntu0.18.04.1 libnvidia-fbc1-440 - 440.100-0ubuntu0.18.04.1 libnvidia-compute-430 - 440.100-0ubuntu0.18.04.1 nvidia-dkms-430 - 440.100-0ubuntu0.18.04.1 nvidia-compute-utils-440 - 440.100-0ubuntu0.18.04.1 libnvidia-ifr1-430 - 440.100-0ubuntu0.18.04.1 nvidia-kernel-source-440 - 440.100-0ubuntu0.18.04.1 libnvidia-gl-440 - 440.100-0ubuntu0.18.04.1 nvidia-headless-430 - 440.100-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-5963 CVE-2020-5967 CVE-2020-5973 Ubuntu 18.04 LTS USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-5963) It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. (CVE-2020-5967) It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An attacker could use this to cause a denial of service. (CVE-2020-5973) Update Instructions: Run `sudo pro fix USN-4404-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1047-oracle - 4.15.0-1047.51 No subscription required linux-image-4.15.0-1076-aws - 4.15.0-1076.80 No subscription required linux-image-4.15.0-108-generic-lpae - 4.15.0-108.109 linux-image-4.15.0-108-generic - 4.15.0-108.109 linux-image-4.15.0-108-lowlatency - 4.15.0-108.109 No subscription required linux-image-4.15.0-1090-oem - 4.15.0-1090.100 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1047.56 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1076.78 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.108.96 linux-image-generic-hwe-16.04-edge - 4.15.0.108.96 linux-image-generic-lpae-hwe-16.04 - 4.15.0.108.96 linux-image-virtual - 4.15.0.108.96 linux-image-virtual-hwe-16.04-edge - 4.15.0.108.96 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.108.96 linux-image-generic - 4.15.0.108.96 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.108.96 linux-image-virtual-hwe-16.04 - 4.15.0.108.96 linux-image-lowlatency-hwe-16.04 - 4.15.0.108.96 linux-image-generic-lpae - 4.15.0.108.96 linux-image-lowlatency - 4.15.0.108.96 No subscription required linux-image-oem - 4.15.0.1090.93 No subscription required linux-image-5.0.0-1062-oem-osp1 - 5.0.0-1062.67 No subscription required linux-image-oem-osp1 - 5.0.0.1062.60 No subscription required linux-image-5.3.0-1027-oracle - 5.3.0-1027.29~18.04.1 No subscription required linux-image-5.3.0-1028-aws - 5.3.0-1028.30~18.04.1 No subscription required linux-image-5.3.0-1029-gcp - 5.3.0-1029.31~18.04.1 No subscription required linux-image-5.3.0-1031-azure - 5.3.0-1031.32~18.04.1 No subscription required linux-image-5.3.0-61-generic - 5.3.0-61.55~18.04.1 linux-image-5.3.0-61-generic-lpae - 5.3.0-61.55~18.04.1 linux-image-5.3.0-61-lowlatency - 5.3.0-61.55~18.04.1 No subscription required linux-image-oracle - 5.3.0.1027.24 linux-image-oracle-edge - 5.3.0.1027.24 No subscription required linux-image-aws-edge - 5.3.0.1028.26 linux-image-aws - 5.3.0.1028.26 No subscription required linux-image-gcp-edge - 5.3.0.1029.23 linux-image-gcp - 5.3.0.1029.23 No subscription required linux-image-azure - 5.3.0.1031.27 linux-image-azure-edge - 5.3.0.1031.27 No subscription required linux-image-gkeop-5.3 - 5.3.0.61.114 linux-image-generic-hwe-18.04 - 5.3.0.61.114 linux-image-snapdragon-hwe-18.04 - 5.3.0.61.114 linux-image-generic-lpae-hwe-18.04 - 5.3.0.61.114 linux-image-lowlatency-hwe-18.04 - 5.3.0.61.114 linux-image-virtual-hwe-18.04 - 5.3.0.61.114 No subscription required Medium CVE-2020-5963 CVE-2020-5967 CVE-2020-5973 Ubuntu 18.04 LTS It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. Update Instructions: Run `sudo pro fix USN-4405-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glib-networking - 2.56.0-1ubuntu0.1 glib-networking-services - 2.56.0-1ubuntu0.1 glib-networking-tests - 2.56.0-1ubuntu0.1 glib-networking-common - 2.56.0-1ubuntu0.1 No subscription required Medium CVE-2020-13645 Ubuntu 18.04 LTS It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. Update Instructions: Run `sudo pro fix USN-4406-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.3 No subscription required Medium CVE-2020-15011 Ubuntu 18.04 LTS It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update Instructions: Run `sudo pro fix USN-4407-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.11+dfsg-1ubuntu1.2 libvncserver-dev - 0.9.11+dfsg-1ubuntu1.2 libvncserver1 - 0.9.11+dfsg-1ubuntu1.2 libvncclient1 - 0.9.11+dfsg-1ubuntu1.2 No subscription required Medium CVE-2017-18922 CVE-2019-15680 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. (CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421) Update Instructions: Run `sudo pro fix USN-4408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 78.0.1+build1-0ubuntu0.18.04.1 firefox - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 78.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 78.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 78.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 78.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 78.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Ubuntu 18.04 LTS Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10730) Douglas Bagnall discovered that Samba incorrectly handled certain queries. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-10745) Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10760) Update Instructions: Run `sudo pro fix USN-4409-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 No subscription required Medium CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 Ubuntu 18.04 LTS Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) It was discovered that the KVM implementation in the Linux kernel did not properly deallocate memory on initialization for some processors. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12768) Update Instructions: Run `sudo pro fix USN-4412-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1028-oracle - 5.3.0-1028.30~18.04.1 No subscription required linux-image-5.3.0-1028-raspi2 - 5.3.0-1028.30~18.04.2 No subscription required linux-image-5.3.0-1030-gke - 5.3.0-1030.32~18.04.1 linux-image-5.3.0-1030-gcp - 5.3.0-1030.32~18.04.1 linux-image-5.3.0-1030-aws - 5.3.0-1030.32~18.04.1 No subscription required linux-image-5.3.0-1032-azure - 5.3.0-1032.33~18.04.1 No subscription required linux-image-5.3.0-62-lowlatency - 5.3.0-62.56~18.04.1 linux-image-5.3.0-62-generic - 5.3.0-62.56~18.04.1 linux-image-5.3.0-62-generic-lpae - 5.3.0-62.56~18.04.1 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1028.17 No subscription required linux-image-oracle - 5.3.0.1028.25 No subscription required linux-image-gke-5.3 - 5.3.0.1030.15 No subscription required linux-image-gcp - 5.3.0.1030.24 No subscription required linux-image-aws - 5.3.0.1030.28 No subscription required linux-image-azure - 5.3.0.1032.28 No subscription required linux-image-gkeop-5.3 - 5.3.0.62.115 linux-image-lowlatency-hwe-18.04 - 5.3.0.62.115 linux-image-generic-lpae-hwe-18.04 - 5.3.0.62.115 linux-image-generic-hwe-18.04 - 5.3.0.62.115 linux-image-virtual-hwe-18.04 - 5.3.0.62.115 linux-image-snapdragon-hwe-18.04 - 5.3.0.62.115 No subscription required Low CVE-2020-10711 CVE-2020-10751 CVE-2020-12768 CVE-2020-12770 CVE-2020-13143 Ubuntu 18.04 LTS Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. (CVE-2020-10751) It was discovered that the KVM implementation in the Linux kernel did not properly deallocate memory on initialization for some processors. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12768) Update Instructions: Run `sudo pro fix USN-4413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1043-gke - 5.0.0-1043.44 No subscription required linux-image-5.0.0-1063-oem-osp1 - 5.0.0-1063.68 No subscription required linux-image-gke-5.0 - 5.0.0.1043.28 No subscription required linux-image-oem-osp1 - 5.0.0.1063.61 No subscription required Low CVE-2020-10711 CVE-2020-10751 CVE-2020-12768 CVE-2020-12770 CVE-2020-13143 Ubuntu 18.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). (CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2019-19039) Update Instructions: Run `sudo pro fix USN-4414-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1048-oracle - 4.15.0-1048.52 No subscription required linux-image-4.15.0-1064-gke - 4.15.0-1064.67 No subscription required linux-image-4.15.0-1065-raspi2 - 4.15.0-1065.69 No subscription required linux-image-4.15.0-1069-kvm - 4.15.0-1069.70 No subscription required linux-image-4.15.0-1077-aws - 4.15.0-1077.81 No subscription required linux-image-4.15.0-1078-gcp - 4.15.0-1078.88 No subscription required linux-image-4.15.0-1081-snapdragon - 4.15.0-1081.88 No subscription required linux-image-4.15.0-109-lowlatency - 4.15.0-109.110 linux-image-4.15.0-109-generic - 4.15.0-109.110 linux-image-4.15.0-109-generic-lpae - 4.15.0-109.110 No subscription required linux-image-4.15.0-1091-azure - 4.15.0-1091.101 linux-image-4.15.0-1091-oem - 4.15.0-1091.101 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1048.57 No subscription required linux-image-gke-4.15 - 4.15.0.1064.66 linux-image-gke - 4.15.0.1064.66 No subscription required linux-image-raspi2 - 4.15.0.1065.63 No subscription required linux-image-kvm - 4.15.0.1069.65 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1077.79 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1078.94 No subscription required linux-image-snapdragon - 4.15.0.1081.84 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.109.97 linux-image-generic-hwe-16.04 - 4.15.0.109.97 linux-image-generic-hwe-16.04-edge - 4.15.0.109.97 linux-image-virtual - 4.15.0.109.97 linux-image-generic-lpae-hwe-16.04 - 4.15.0.109.97 linux-image-virtual-hwe-16.04 - 4.15.0.109.97 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.109.97 linux-image-generic - 4.15.0.109.97 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.109.97 linux-image-generic-lpae - 4.15.0.109.97 linux-image-lowlatency-hwe-16.04 - 4.15.0.109.97 linux-image-lowlatency - 4.15.0.109.97 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1091.62 No subscription required linux-image-oem - 4.15.0.1091.94 No subscription required Medium CVE-2019-12380 CVE-2019-16089 CVE-2019-19036 CVE-2019-19039 CVE-2019-19318 CVE-2019-19377 CVE-2019-19462 CVE-2019-19813 CVE-2019-19816 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143 Ubuntu 18.04 LTS Felix Dörre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-4067) It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. (CVE-2020-6061, CVE-2020-6062) Update Instructions: Run `sudo pro fix USN-4415-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: coturn - 4.5.0.7-1ubuntu2.18.04.2 No subscription required Medium CVE-2020-4067 CVE-2020-6061 CVE-2020-6062 Ubuntu 18.04 LTS Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752) Update Instructions: Run `sudo pro fix USN-4416-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.27-3ubuntu1.2 libc6-dev-s390 - 2.27-3ubuntu1.2 glibc-source - 2.27-3ubuntu1.2 libc-bin - 2.27-3ubuntu1.2 libc6-x32 - 2.27-3ubuntu1.2 libc6-s390 - 2.27-3ubuntu1.2 libc6-armel - 2.27-3ubuntu1.2 libc6-pic - 2.27-3ubuntu1.2 libc6-dev-armel - 2.27-3ubuntu1.2 glibc-doc - 2.27-3ubuntu1.2 multiarch-support - 2.27-3ubuntu1.2 libc6-dev - 2.27-3ubuntu1.2 libc6-amd64 - 2.27-3ubuntu1.2 libc6-dev-amd64 - 2.27-3ubuntu1.2 libc6 - 2.27-3ubuntu1.2 locales-all - 2.27-3ubuntu1.2 libc6-dev-x32 - 2.27-3ubuntu1.2 locales - 2.27-3ubuntu1.2 libc6-udeb - 2.27-3ubuntu1.2 libc6-dev-i386 - 2.27-3ubuntu1.2 libc-dev-bin - 2.27-3ubuntu1.2 nscd - 2.27-3ubuntu1.2 No subscription required Medium CVE-2017-12133 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 CVE-2018-19591 CVE-2018-6485 CVE-2019-19126 CVE-2019-9169 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 Ubuntu 18.04 LTS Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Update Instructions: Run `sudo pro fix USN-4417-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.9 libnss3 - 2:3.35-2ubuntu2.9 libnss3-tools - 2:3.35-2ubuntu2.9 No subscription required Medium CVE-2020-12402 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.3 openexr - 2.2.0-11.1ubuntu1.3 libopenexr22 - 2.2.0-11.1ubuntu1.3 openexr-doc - 2.2.0-11.1ubuntu1.3 No subscription required Medium CVE-2020-15305 CVE-2020-15306 Ubuntu 18.04 LTS David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-os-brick - 2.3.0-0ubuntu1.2 os-brick-common - 2.3.0-0ubuntu1.2 python-os-brick-doc - 2.3.0-0ubuntu1.2 python3-os-brick - 2.3.0-0ubuntu1.2 No subscription required python-cinder - 2:12.0.9-0ubuntu1.2 cinder-backup - 2:12.0.9-0ubuntu1.2 cinder-api - 2:12.0.9-0ubuntu1.2 cinder-volume - 2:12.0.9-0ubuntu1.2 cinder-common - 2:12.0.9-0ubuntu1.2 cinder-scheduler - 2:12.0.9-0ubuntu1.2 No subscription required Low CVE-2020-10755 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420) It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. (CVE-2020-12398) It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. (CVE-2020-12399) It was discovered that when performing add-on updates, certificate chains not terminating with built-in roots were silently rejected. This could result in add-ons becoming outdated. (CVE-2020-12421) Update Instructions: Run `sudo pro fix USN-4421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:68.10.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:68.10.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:68.10.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:68.10.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:68.10.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.28.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.28.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.28.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.28.3-0ubuntu0.18.04.1 webkit2gtk-driver - 2.28.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.28.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.28.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.28.3-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.28.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.28.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Ubuntu 18.04 LTS It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks. Update Instructions: Run `sudo pro fix USN-4423-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nn - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ne - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nb - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fa - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fi - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fr - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-fy - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-or - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kab - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-oc - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cs - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ga - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gd - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gn - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gl - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-gu - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pa - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pl - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cy - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-pt - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hi - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-uk - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-he - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hy - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hr - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hu - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-as - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ar - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ia - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-az - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-id - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mai - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-af - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-is - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-it - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-an - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bs - 78.0.2+build2-0ubuntu0.18.04.1 firefox - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ro - 78.0.2+build2-0ubuntu0.18.04.1 firefox-geckodriver - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ja - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ru - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-br - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bn - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-be - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-bg - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sl - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sk - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-si - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sw - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sv - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sr - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-sq - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ko - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kn - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-km - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-kk - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ka - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-xh - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ca - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ku - 78.0.2+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lv - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lt - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-th - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 78.0.2+build2-0ubuntu0.18.04.1 firefox-dev - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-te - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-cak - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ta - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-lg - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-tr - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-nso - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-de - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-da - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ms - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mr - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-my - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-uz - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ml - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mn - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-mk - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ur - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-vi - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-eu - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-et - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-es - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-csb - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-el - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-eo - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-en - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-zu - 78.0.2+build2-0ubuntu0.18.04.1 firefox-locale-ast - 78.0.2+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1887576 Ubuntu 18.04 LTS It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. (CVE-2020-11933) It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS environment variable when calling the system xdg-open. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL. This issue did not affect Ubuntu Core systems. (CVE-2020-11934) Update Instructions: Run `sudo pro fix USN-4424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.45.1+18.04.2 ubuntu-core-launcher - 2.45.1+18.04.2 snap-confine - 2.45.1+18.04.2 ubuntu-snappy-cli - 2.45.1+18.04.2 golang-github-snapcore-snapd-dev - 2.45.1+18.04.2 snapd-xdg-open - 2.45.1+18.04.2 snapd - 2.45.1+18.04.2 golang-github-ubuntu-core-snappy-dev - 2.45.1+18.04.2 ubuntu-snappy - 2.45.1+18.04.2 No subscription required Medium CVE-2020-11933 CVE-2020-11934 Ubuntu 18.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780) Update Instructions: Run `sudo pro fix USN-4425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1015-raspi - 5.4.0-1015.15~18.04.1 No subscription required linux-image-5.4.0-1022-azure - 5.4.0-1022.22~18.04.1 No subscription required linux-image-5.4.0-42-generic - 5.4.0-42.46~18.04.1 linux-image-5.4.0-42-lowlatency - 5.4.0-42.46~18.04.1 linux-image-5.4.0-42-generic-lpae - 5.4.0-42.46~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1015.19 linux-image-raspi-hwe-18.04 - 5.4.0.1015.19 No subscription required linux-image-azure-edge - 5.4.0.1022.6 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.4.0.42.46~18.04.35 linux-image-gkeop-5.4 - 5.4.0.42.46~18.04.35 linux-image-snapdragon-hwe-18.04 - 5.4.0.42.46~18.04.35 linux-image-lowlatency-hwe-18.04 - 5.4.0.42.46~18.04.35 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.42.46~18.04.35 linux-image-generic-lpae-hwe-18.04 - 5.4.0.42.46~18.04.35 linux-image-virtual-hwe-18.04 - 5.4.0.42.46~18.04.35 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.42.46~18.04.35 linux-image-generic-hwe-18.04-edge - 5.4.0.42.46~18.04.35 linux-image-generic-hwe-18.04 - 5.4.0.42.46~18.04.35 linux-image-virtual-hwe-18.04-edge - 5.4.0.42.46~18.04.35 No subscription required Medium CVE-2019-16089 CVE-2019-19462 CVE-2020-11935 CVE-2020-15780 Ubuntu 18.04 LTS Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780) Update Instructions: Run `sudo pro fix USN-4426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1050-oracle - 4.15.0-1050.54 No subscription required linux-image-4.15.0-1066-gke - 4.15.0-1066.69 No subscription required linux-image-4.15.0-1067-raspi2 - 4.15.0-1067.71 No subscription required linux-image-4.15.0-1071-kvm - 4.15.0-1071.72 No subscription required linux-image-4.15.0-1079-aws - 4.15.0-1079.83 No subscription required linux-image-4.15.0-1080-gcp - 4.15.0-1080.90 No subscription required linux-image-4.15.0-1092-azure - 4.15.0-1092.102 No subscription required linux-image-4.15.0-1093-oem - 4.15.0-1093.103 No subscription required linux-image-4.15.0-112-generic - 4.15.0-112.113 linux-image-4.15.0-112-generic-lpae - 4.15.0-112.113 linux-image-4.15.0-112-lowlatency - 4.15.0-112.113 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1050.59 No subscription required linux-image-gke-4.15 - 4.15.0.1066.68 linux-image-gke - 4.15.0.1066.68 No subscription required linux-image-raspi2 - 4.15.0.1067.65 No subscription required linux-image-kvm - 4.15.0.1071.67 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1079.81 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1080.96 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1092.63 No subscription required linux-image-oem - 4.15.0.1093.96 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.112.100 linux-image-generic-hwe-16.04 - 4.15.0.112.100 linux-image-generic-hwe-16.04-edge - 4.15.0.112.100 linux-image-virtual - 4.15.0.112.100 linux-image-generic-lpae-hwe-16.04 - 4.15.0.112.100 linux-image-virtual-hwe-16.04 - 4.15.0.112.100 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.112.100 linux-image-generic - 4.15.0.112.100 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.112.100 linux-image-generic-lpae - 4.15.0.112.100 linux-image-lowlatency-hwe-16.04 - 4.15.0.112.100 linux-image-lowlatency - 4.15.0.112.100 No subscription required Medium CVE-2019-20908 CVE-2020-10757 CVE-2020-11935 CVE-2020-15780 Ubuntu 18.04 LTS It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17514) It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-20907) It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain IP values. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14422) Update Instructions: Run `sudo pro fix USN-4428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.1 python2.7-doc - 2.7.17-1~18.04ubuntu1.1 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.1 libpython2.7 - 2.7.17-1~18.04ubuntu1.1 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.1 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.1 python2.7 - 2.7.17-1~18.04ubuntu1.1 idle-python2.7 - 2.7.17-1~18.04ubuntu1.1 python2.7-examples - 2.7.17-1~18.04ubuntu1.1 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.1 python2.7-minimal - 2.7.17-1~18.04ubuntu1.1 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.1 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.1 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.1 python3.6-examples - 3.6.9-1~18.04ubuntu1.1 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.1 python3.6-venv - 3.6.9-1~18.04ubuntu1.1 python3.6-minimal - 3.6.9-1~18.04ubuntu1.1 python3.6 - 3.6.9-1~18.04ubuntu1.1 idle-python3.6 - 3.6.9-1~18.04ubuntu1.1 python3.6-doc - 3.6.9-1~18.04ubuntu1.1 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.1 libpython3.6 - 3.6.9-1~18.04ubuntu1.1 No subscription required Medium CVE-2019-17514 CVE-2019-20907 CVE-2019-9674 CVE-2020-14422 Ubuntu 18.04 LTS It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. Update Instructions: Run `sudo pro fix USN-4429-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecal1.2-dev - 3.28.5-0ubuntu0.18.04.3 libedataserver-1.2-23 - 3.28.5-0ubuntu0.18.04.3 libebackend-1.2-10 - 3.28.5-0ubuntu0.18.04.3 libebook1.2-dev - 3.28.5-0ubuntu0.18.04.3 libedata-cal1.2-dev - 3.28.5-0ubuntu0.18.04.3 evolution-data-server-tests - 3.28.5-0ubuntu0.18.04.3 gir1.2-camel-1.2 - 3.28.5-0ubuntu0.18.04.3 libebook-contacts-1.2-2 - 3.28.5-0ubuntu0.18.04.3 libedata-book1.2-dev - 3.28.5-0ubuntu0.18.04.3 libecal-1.2-19 - 3.28.5-0ubuntu0.18.04.3 evolution-data-server-online-accounts - 3.28.5-0ubuntu0.18.04.3 libebackend1.2-dev - 3.28.5-0ubuntu0.18.04.3 libcamel1.2-dev - 3.28.5-0ubuntu0.18.04.3 libedataserverui-1.2-2 - 3.28.5-0ubuntu0.18.04.3 libedata-book-1.2-25 - 3.28.5-0ubuntu0.18.04.3 gir1.2-edataserver-1.2 - 3.28.5-0ubuntu0.18.04.3 libedataserver1.2-dev - 3.28.5-0ubuntu0.18.04.3 libebook-contacts1.2-dev - 3.28.5-0ubuntu0.18.04.3 gir1.2-ebookcontacts-1.2 - 3.28.5-0ubuntu0.18.04.3 libcamel-1.2-61 - 3.28.5-0ubuntu0.18.04.3 evolution-data-server - 3.28.5-0ubuntu0.18.04.3 evolution-data-server-common - 3.28.5-0ubuntu0.18.04.3 gir1.2-edataserverui-1.2 - 3.28.5-0ubuntu0.18.04.3 libedataserverui1.2-dev - 3.28.5-0ubuntu0.18.04.3 libebook-1.2-19 - 3.28.5-0ubuntu0.18.04.3 evolution-data-server-doc - 3.28.5-0ubuntu0.18.04.3 evolution-data-server-dev - 3.28.5-0ubuntu0.18.04.3 gir1.2-ebook-1.2 - 3.28.5-0ubuntu0.18.04.3 libedata-cal-1.2-28 - 3.28.5-0ubuntu0.18.04.3 No subscription required Medium CVE-2020-14928 Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.3 python-pil-doc - 5.1.0-1ubuntu0.3 python3-pil - 5.1.0-1ubuntu0.3 python-pil - 5.1.0-1ubuntu0.3 python-pil.imagetk - 5.1.0-1ubuntu0.3 No subscription required Low CVE-2020-10177 CVE-2020-10378 CVE-2020-10994 CVE-2020-11538 Ubuntu 18.04 LTS It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see: https://usn.ubuntu.com/usn/usn-3967-1 (CVE-2018-15822, CVE-2019-11338) It was discovered that FFmpeg incorrectly handled sscanf failures. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-12730) It was discovered that FFmpeg incorrectly handled certain WEBM files. An attacker could possibly use this issue to obtain sensitive data or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-13312) It was discovered that FFmpeg incorrectly handled certain AVI files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-13390) It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17539) It was discovered that FFmpeg incorrectly handled certain input during decoding of VQA files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17542) It was discovered that FFmpeg incorrectly handled certain JPEG files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12284) It was discovered that FFmpeg incorrectly handled certain M3U8 files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. (CVE-2020-13904) Update Instructions: Run `sudo pro fix USN-4431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavresample-dev - 7:3.4.8-0ubuntu0.2 libavcodec-extra - 7:3.4.8-0ubuntu0.2 libavfilter-extra6 - 7:3.4.8-0ubuntu0.2 libavresample3 - 7:3.4.8-0ubuntu0.2 libavcodec-dev - 7:3.4.8-0ubuntu0.2 libavutil-dev - 7:3.4.8-0ubuntu0.2 libavfilter-extra - 7:3.4.8-0ubuntu0.2 libswscale-dev - 7:3.4.8-0ubuntu0.2 libswresample-dev - 7:3.4.8-0ubuntu0.2 libswresample2 - 7:3.4.8-0ubuntu0.2 libavdevice-dev - 7:3.4.8-0ubuntu0.2 libswscale4 - 7:3.4.8-0ubuntu0.2 libavfilter-dev - 7:3.4.8-0ubuntu0.2 libpostproc54 - 7:3.4.8-0ubuntu0.2 libpostproc-dev - 7:3.4.8-0ubuntu0.2 libavdevice57 - 7:3.4.8-0ubuntu0.2 libavformat57 - 7:3.4.8-0ubuntu0.2 libavformat-dev - 7:3.4.8-0ubuntu0.2 libavutil55 - 7:3.4.8-0ubuntu0.2 libavfilter6 - 7:3.4.8-0ubuntu0.2 libavcodec-extra57 - 7:3.4.8-0ubuntu0.2 libavcodec57 - 7:3.4.8-0ubuntu0.2 ffmpeg - 7:3.4.8-0ubuntu0.2 ffmpeg-doc - 7:3.4.8-0ubuntu0.2 No subscription required Medium CVE-2018-15822 CVE-2019-11338 CVE-2019-12730 CVE-2019-13312 CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 Ubuntu 18.04 LTS Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.93.18+2.02-2ubuntu8.16 grub-efi-arm64-signed - 1.93.18+2.02-2ubuntu8.16 No subscription required grub-firmware-qemu - 2.02-2ubuntu8.16 grub-ieee1275 - 2.02-2ubuntu8.16 grub-efi-amd64 - 2.02-2ubuntu8.16 grub2-common - 2.02-2ubuntu8.16 grub-uboot-bin - 2.02-2ubuntu8.16 grub-common - 2.02-2ubuntu8.16 grub-efi-amd64-bin - 2.02-2ubuntu8.16 grub-pc-bin - 2.02-2ubuntu8.16 grub-theme-starfield - 2.02-2ubuntu8.16 grub-efi-arm - 2.02-2ubuntu8.16 grub2 - 2.02-2ubuntu8.16 grub-xen-host - 2.02-2ubuntu8.16 grub-efi-arm64-bin - 2.02-2ubuntu8.16 grub-pc - 2.02-2ubuntu8.16 grub-emu - 2.02-2ubuntu8.16 grub-efi-arm-bin - 2.02-2ubuntu8.16 grub-linuxbios - 2.02-2ubuntu8.16 grub-xen - 2.02-2ubuntu8.16 grub-uboot - 2.02-2ubuntu8.16 grub-efi-ia32 - 2.02-2ubuntu8.16 grub-coreboot - 2.02-2ubuntu8.16 grub-efi-ia32-bin - 2.02-2ubuntu8.16 grub-ieee1275-bin - 2.02-2ubuntu8.16 grub-xen-bin - 2.02-2ubuntu8.16 grub-rescue-pc - 2.02-2ubuntu8.16 grub-mount-udeb - 2.02-2ubuntu8.16 grub-coreboot-bin - 2.02-2ubuntu8.16 grub-efi-arm64 - 2.02-2ubuntu8.16 grub-efi - 2.02-2ubuntu8.16 No subscription required High CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 18.04 LTS USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience. Original advisory details: Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. (CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707) Update Instructions: Run `sudo pro fix USN-4432-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-amd64-signed - 1.93.19+2.02-2ubuntu8.17 grub-efi-arm64-signed - 1.93.19+2.02-2ubuntu8.17 No subscription required grub-firmware-qemu - 2.02-2ubuntu8.17 grub-ieee1275 - 2.02-2ubuntu8.17 grub-efi-amd64 - 2.02-2ubuntu8.17 grub2-common - 2.02-2ubuntu8.17 grub-uboot-bin - 2.02-2ubuntu8.17 grub-common - 2.02-2ubuntu8.17 grub-efi-amd64-bin - 2.02-2ubuntu8.17 grub-pc-bin - 2.02-2ubuntu8.17 grub-theme-starfield - 2.02-2ubuntu8.17 grub-efi-arm - 2.02-2ubuntu8.17 grub2 - 2.02-2ubuntu8.17 grub-xen-host - 2.02-2ubuntu8.17 grub-efi-arm64-bin - 2.02-2ubuntu8.17 grub-pc - 2.02-2ubuntu8.17 grub-emu - 2.02-2ubuntu8.17 grub-efi-arm-bin - 2.02-2ubuntu8.17 grub-linuxbios - 2.02-2ubuntu8.17 grub-xen - 2.02-2ubuntu8.17 grub-uboot - 2.02-2ubuntu8.17 grub-efi-ia32 - 2.02-2ubuntu8.17 grub-coreboot - 2.02-2ubuntu8.17 grub-efi-ia32-bin - 2.02-2ubuntu8.17 grub-ieee1275-bin - 2.02-2ubuntu8.17 grub-xen-bin - 2.02-2ubuntu8.17 grub-rescue-pc - 2.02-2ubuntu8.17 grub-mount-udeb - 2.02-2ubuntu8.17 grub-coreboot-bin - 2.02-2ubuntu8.17 grub-efi-arm64 - 2.02-2ubuntu8.17 grub-efi - 2.02-2ubuntu8.17 No subscription required None https://launchpad.net/bugs/1889556 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Ubuntu 18.04 LTS Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556) It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14562) It was discovered that OpenJDK incorrectly handled input data. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14573) Philippe Arteau discovered that OpenJDK incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14577) It was discovered that OpenJDK incorrectly handled image files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14581) Markus Loewe discovered that OpenJDK incorrectly handled concurrent access in java.nio.Buffer class. An attacker could use this issue to bypass the sandbox restrictions and cause unspecified impact. (CVE-2020-14583) It was discovered that OpenJDK incorrectly handled transformation of images. An attacker could possibly use this issue to bypass sandbox restrictions and insert, edit or obtain sensitive information. (CVE-2020-14593) Roman Shemyakin discovered that OpenJDK incorrectly handled XML files. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14621) Update Instructions: Run `sudo pro fix USN-4433-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre-zero - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-doc - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre-headless - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jdk - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jdk-headless - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-jre - 11.0.8+10-0ubuntu1~18.04.1 openjdk-11-demo - 11.0.8+10-0ubuntu1~18.04.1 No subscription required Medium CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Ubuntu 18.04 LTS Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that LibVNCServer did not properly reset incorrectly terminated TCP connections. A remote attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2020-14398) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer incorrectly handled screen scaling on the server side. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14401) It was discovered that LibVNCServer incorrectly handled encodings. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) It was discovered that LibVNCServer incorrectly handled TextChat messages. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14405) Update Instructions: Run `sudo pro fix USN-4434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.11+dfsg-1ubuntu1.3 libvncserver-dev - 0.9.11+dfsg-1ubuntu1.3 libvncserver1 - 0.9.11+dfsg-1ubuntu1.3 libvncclient1 - 0.9.11+dfsg-1ubuntu1.3 No subscription required Medium CVE-2019-20839 CVE-2019-20840 CVE-2020-14396 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Update Instructions: Run `sudo pro fix USN-4435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-base - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.102.4+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.102.4+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.102.4+dfsg-0ubuntu0.18.04.1 clamdscan - 0.102.4+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 Ubuntu 18.04 LTS It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Update Instructions: Run `sudo pro fix USN-4436-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librsvg2-common - 2.40.20-2ubuntu0.1 gir1.2-rsvg-2.0 - 2.40.20-2ubuntu0.1 librsvg2-doc - 2.40.20-2ubuntu0.1 librsvg2-bin - 2.40.20-2ubuntu0.1 librsvg2-2 - 2.40.20-2ubuntu0.1 librsvg2-dev - 2.40.20-2ubuntu0.1 No subscription required Low CVE-2017-11464 CVE-2019-20446 Ubuntu 18.04 LTS USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Update Instructions: Run `sudo pro fix USN-4436-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librsvg2-common - 2.40.20-2ubuntu0.2 gir1.2-rsvg-2.0 - 2.40.20-2ubuntu0.2 librsvg2-doc - 2.40.20-2ubuntu0.2 librsvg2-bin - 2.40.20-2ubuntu0.2 librsvg2-2 - 2.40.20-2ubuntu0.2 librsvg2-dev - 2.40.20-2ubuntu0.2 No subscription required None https://launchpad.net/bugs/1889206 Ubuntu 18.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780) Update Instructions: Run `sudo pro fix USN-4439-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1045-gke - 5.0.0-1045.46 No subscription required linux-image-5.0.0-1065-oem-osp1 - 5.0.0-1065.70 No subscription required linux-image-gke-5.0 - 5.0.0.1045.30 No subscription required linux-image-oem-osp1 - 5.0.0.1065.63 No subscription required Medium CVE-2019-12380 CVE-2019-16089 CVE-2019-19036 CVE-2019-19462 CVE-2019-20810 CVE-2020-10732 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-11935 CVE-2020-13974 CVE-2020-15780 CVE-2019-20908 Ubuntu 18.04 LTS It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780) Update Instructions: Run `sudo pro fix USN-4440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1030-oracle - 5.3.0-1030.32~18.04.1 No subscription required linux-image-5.3.0-1030-raspi2 - 5.3.0-1030.32~18.04.2 No subscription required linux-image-5.3.0-1032-gke - 5.3.0-1032.34~18.04.1 linux-image-5.3.0-1032-gcp - 5.3.0-1032.34~18.04.1 No subscription required linux-image-5.3.0-1032-aws - 5.3.0-1032.34~18.04.2 No subscription required linux-image-5.3.0-1034-azure - 5.3.0-1034.35~18.04.1 No subscription required linux-image-5.3.0-64-generic - 5.3.0-64.58~18.04.1 linux-image-5.3.0-64-generic-lpae - 5.3.0-64.58~18.04.1 linux-image-5.3.0-64-lowlatency - 5.3.0-64.58~18.04.1 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1030.20 No subscription required linux-image-oracle - 5.3.0.1030.27 No subscription required linux-image-gke-5.3 - 5.3.0.1032.17 No subscription required linux-image-gcp - 5.3.0.1032.26 No subscription required linux-image-aws - 5.3.0.1032.31 No subscription required linux-image-azure - 5.3.0.1034.30 No subscription required linux-image-gkeop-5.3 - 5.3.0.64.120 No subscription required Medium CVE-2019-16089 CVE-2019-19462 CVE-2019-20810 CVE-2019-20908 CVE-2020-10732 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-11935 CVE-2020-13974 CVE-2020-15780 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-21.html https://www.oracle.com/security-alerts/cpujul2020.html Update Instructions: Run `sudo pro fix USN-4441-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.31-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.31-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.31-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.31-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.31-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.31-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.31-0ubuntu0.18.04.1 mysql-server - 5.7.31-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.31-0ubuntu0.18.04.1 mysql-testsuite - 5.7.31-0ubuntu0.18.04.1 libmysqld-dev - 5.7.31-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.31-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14591 CVE-2020-14597 CVE-2020-14619 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 CVE-2020-14702 Ubuntu 18.04 LTS USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550) It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000671) Update Instructions: Run `sudo pro fix USN-4442-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sympa - 6.2.24~dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-1000550 CVE-2018-1000671 CVE-2020-10936 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, CVE-2020-15659) It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. (CVE-2020-15655) Update Instructions: Run `sudo pro fix USN-4443-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 79.0+build1-0ubuntu0.18.04.1 firefox - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 79.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 79.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 79.0+build1-0ubuntu0.18.04.1 firefox-dev - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 79.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 79.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4444-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.28.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.28.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.28.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.28.4-0ubuntu0.18.04.1 webkit2gtk-driver - 2.28.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.28.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.28.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.28.4-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.28.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.28.4-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 Ubuntu 18.04 LTS Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676) Update Instructions: Run `sudo pro fix USN-4446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.7 squid - 3.5.27-1ubuntu1.7 squid-cgi - 3.5.27-1ubuntu1.7 squid-purge - 3.5.27-1ubuntu1.7 squidclient - 3.5.27-1ubuntu1.7 squid3 - 3.5.27-1ubuntu1.7 No subscription required Medium CVE-2019-12520 CVE-2019-12523 CVE-2019-12524 CVE-2019-18676 Ubuntu 18.04 LTS USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-18676) Update Instructions: Run `sudo pro fix USN-4446-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.8 squid - 3.5.27-1ubuntu1.8 squid-cgi - 3.5.27-1ubuntu1.8 squid-purge - 3.5.27-1ubuntu1.8 squidclient - 3.5.27-1ubuntu1.8 squid3 - 3.5.27-1ubuntu1.8 No subscription required None https://launchpad.net/bugs/1890265 Ubuntu 18.04 LTS It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.7 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.7 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.7 libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.7 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.7 No subscription required Medium CVE-2020-16135 Ubuntu 18.04 LTS Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702) Update Instructions: Run `sudo pro fix USN-4449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.16 python3-problem-report - 2.20.9-0ubuntu7.16 apport-kde - 2.20.9-0ubuntu7.16 apport-retrace - 2.20.9-0ubuntu7.16 apport-valgrind - 2.20.9-0ubuntu7.16 python3-apport - 2.20.9-0ubuntu7.16 dh-apport - 2.20.9-0ubuntu7.16 apport-gtk - 2.20.9-0ubuntu7.16 apport - 2.20.9-0ubuntu7.16 python-problem-report - 2.20.9-0ubuntu7.16 apport-noui - 2.20.9-0ubuntu7.16 No subscription required Medium CVE-2020-11936 CVE-2020-15701 CVE-2020-15702 Ubuntu 18.04 LTS Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-11937) Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12135) Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. (CVE-2020-15570) Update Instructions: Run `sudo pro fix USN-4450-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: whoopsie - 0.2.62ubuntu0.5 libwhoopsie0 - 0.2.62ubuntu0.5 libwhoopsie-dev - 0.2.62ubuntu0.5 No subscription required Medium CVE-2020-11937 CVE-2020-12135 CVE-2020-15570 Ubuntu 18.04 LTS Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ppp-udeb - 2.4.7-2+2ubuntu1.3 ppp - 2.4.7-2+2ubuntu1.3 ppp-dev - 2.4.7-2+2ubuntu1.3 No subscription required Medium CVE-2020-15704 Ubuntu 18.04 LTS Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-14556) Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14577) It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals() method. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-14578, CVE-2020-14579) It was discovered that OpenJDK 8 incorrectly handled image files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14581) Markus Loewe discovered that OpenJDK 8 incorrectly handled concurrent access in java.nio.Buffer class. An attacker could use this issue to bypass sandbox restrictions. (CVE-2020-14583) It was discovered that OpenJDK 8 incorrectly handled transformation of images. An attacker could possibly use this issue to bypass sandbox restrictions and insert, edit or obtain sensitive information. (CVE-2020-14593) Roman Shemyakin discovered that OpenJDK 8 incorrectly handled XML files. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-14621) Update Instructions: Run `sudo pro fix USN-4453-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u265-b01-0ubuntu2~18.04 openjdk-8-jdk - 8u265-b01-0ubuntu2~18.04 openjdk-8-jre-headless - 8u265-b01-0ubuntu2~18.04 openjdk-8-jre - 8u265-b01-0ubuntu2~18.04 openjdk-8-jdk-headless - 8u265-b01-0ubuntu2~18.04 openjdk-8-source - 8u265-b01-0ubuntu2~18.04 openjdk-8-jre-zero - 8u265-b01-0ubuntu2~18.04 openjdk-8-demo - 8u265-b01-0ubuntu2~18.04 No subscription required Medium CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Ubuntu 18.04 LTS Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 No subscription required Medium CVE-2020-14303 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) Update Instructions: Run `sudo pro fix USN-4455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.11 libnss3 - 2:3.35-2ubuntu2.11 libnss3-tools - 2:3.35-2ubuntu2.11 No subscription required Medium CVE-2020-12400 CVE-2020-12401 CVE-2020-6829 Ubuntu 18.04 LTS It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. (CVE-2020-12100) It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12673) It was discovered that the Dovecot RPA mechanism incorrectly handled zero-length messages. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-12674) Update Instructions: Run `sudo pro fix USN-4456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.6 dovecot-mysql - 1:2.2.33.2-1ubuntu4.6 dovecot-sieve - 1:2.2.33.2-1ubuntu4.6 dovecot-core - 1:2.2.33.2-1ubuntu4.6 dovecot-ldap - 1:2.2.33.2-1ubuntu4.6 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.6 dovecot-dev - 1:2.2.33.2-1ubuntu4.6 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.6 dovecot-imapd - 1:2.2.33.2-1ubuntu4.6 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.6 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.6 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.6 dovecot-solr - 1:2.2.33.2-1ubuntu4.6 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.6 No subscription required Medium CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 Ubuntu 18.04 LTS Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Update Instructions: Run `sudo pro fix USN-4457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: software-properties-common - 0.96.24.32.14 software-properties-kde - 0.96.24.32.14 python3-software-properties - 0.96.24.32.14 software-properties-gtk - 0.96.24.32.14 No subscription required Medium CVE-2020-15709 Ubuntu 18.04 LTS Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927) Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490) Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993) Update Instructions: Run `sudo pro fix USN-4458-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.14 apache2-utils - 2.4.29-1ubuntu4.14 apache2-dev - 2.4.29-1ubuntu4.14 apache2-suexec-pristine - 2.4.29-1ubuntu4.14 apache2-suexec-custom - 2.4.29-1ubuntu4.14 apache2 - 2.4.29-1ubuntu4.14 apache2-doc - 2.4.29-1ubuntu4.14 apache2-ssl-dev - 2.4.29-1ubuntu4.14 apache2-bin - 2.4.29-1ubuntu4.14 No subscription required Medium CVE-2020-11984 CVE-2020-11993 CVE-2020-1927 CVE-2020-1934 CVE-2020-9490 Ubuntu 18.04 LTS It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. (CVE-2018-15750) It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute abritrary code or crash the server. (CVE-2018-15751) It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. (CVE-2019-17361) It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651, CVE-2020-11652) Update Instructions: Run `sudo pro fix USN-4459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: salt-doc - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-minion - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-proxy - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-api - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-syndic - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-ssh - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-common - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-master - 2017.7.4+dfsg1-1ubuntu18.04.2 salt-cloud - 2017.7.4+dfsg1-1ubuntu18.04.2 No subscription required Medium CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2020-11651 CVE-2020-11652 Ubuntu 18.04 LTS Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory. Update Instructions: Run `sudo pro fix USN-4461-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ark - 4:17.12.3-0ubuntu1.1 No subscription required Medium CVE-2020-16116 Ubuntu 18.04 LTS It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4462-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1046-gke - 5.0.0-1046.47 No subscription required linux-image-5.0.0-1067-oem-osp1 - 5.0.0-1067.72 No subscription required linux-image-gke-5.0 - 5.0.0.1046.31 No subscription required linux-image-oem-osp1 - 5.0.0.1067.65 No subscription required Low CVE-2020-12771 Ubuntu 18.04 LTS It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) Update Instructions: Run `sudo pro fix USN-4465-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1033-gke - 5.3.0-1033.35 linux-image-5.3.0-1033-aws - 5.3.0-1033.35 No subscription required linux-image-5.3.0-1035-azure - 5.3.0-1035.36 No subscription required linux-image-5.3.0-65-lowlatency - 5.3.0-65.59 linux-image-5.3.0-65-generic - 5.3.0-65.59 No subscription required linux-image-gke-5.3 - 5.3.0.1033.18 No subscription required linux-image-aws - 5.3.0.1033.32 No subscription required linux-image-azure - 5.3.0.1035.31 No subscription required linux-image-gkeop-5.3 - 5.3.0.65.121 No subscription required Medium CVE-2020-12655 CVE-2020-12771 CVE-2020-15393 CVE-2020-24394 Ubuntu 18.04 LTS Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Update Instructions: Run `sudo pro fix USN-4466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.10 libcurl4-openssl-dev - 7.58.0-2ubuntu3.10 libcurl3-gnutls - 7.58.0-2ubuntu3.10 libcurl4-doc - 7.58.0-2ubuntu3.10 libcurl3-nss - 7.58.0-2ubuntu3.10 libcurl4-nss-dev - 7.58.0-2ubuntu3.10 libcurl4 - 7.58.0-2ubuntu3.10 curl - 7.58.0-2ubuntu3.10 No subscription required Low CVE-2020-8231 Ubuntu 18.04 LTS Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-10756) Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761) Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly handled certain operations. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12829) It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253) Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361) Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362) Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659) Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-13765) Ren Ding, Hanqing Zhao, and Yi Ren discovered that the QEMU ATI video driver incorrectly handled certain index values. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-13800) Ziming Zhang discovered that the QEMU OSS audio driver incorrectly handled certain operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14415) Ziming Zhang discovered that the QEMU XGMAC Ethernet controller incorrectly handled packet transmission. An attacker inside a guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-15863) Ziming Zhang discovered that the QEMU e1000e Ethernet controller incorrectly handled packet processing. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-16092) Update Instructions: Run `sudo pro fix USN-4467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.31 qemu-user-static - 1:2.11+dfsg-1ubuntu7.31 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.31 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.31 qemu-kvm - 1:2.11+dfsg-1ubuntu7.31 qemu-user - 1:2.11+dfsg-1ubuntu7.31 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.31 qemu-system - 1:2.11+dfsg-1ubuntu7.31 qemu-utils - 1:2.11+dfsg-1ubuntu7.31 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.31 qemu - 1:2.11+dfsg-1ubuntu7.31 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.31 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.31 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.31 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.31 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.31 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.31 No subscription required Medium CVE-2020-10756 CVE-2020-10761 CVE-2020-12829 CVE-2020-13253 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-13800 CVE-2020-14415 CVE-2020-15863 CVE-2020-16092 Ubuntu 18.04 LTS USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754) Update Instructions: Run `sudo pro fix USN-4467-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.36 qemu-user-static - 1:2.11+dfsg-1ubuntu7.36 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.36 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.36 qemu-kvm - 1:2.11+dfsg-1ubuntu7.36 qemu-user - 1:2.11+dfsg-1ubuntu7.36 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.36 qemu-system - 1:2.11+dfsg-1ubuntu7.36 qemu-utils - 1:2.11+dfsg-1ubuntu7.36 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.36 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.36 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.36 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.36 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.36 qemu - 1:2.11+dfsg-1ubuntu7.36 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.36 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.36 No subscription required None https://launchpad.net/bugs/1914883 Ubuntu 18.04 LTS Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8620) Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621) Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8622) Lyu Chiy discovered that Bind incorrectly handled certain queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8623) Joop Boonen discovered that Bind incorrectly handled certain subdomain update-policy rules. A remote attacker granted privileges to change certain parts of a zone could use this issue to change other contents of the zone, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8624) Update Instructions: Run `sudo pro fix USN-4468-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.13 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.13 libisc169 - 1:9.11.3+dfsg-1ubuntu1.13 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.13 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.13 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.13 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.13 bind9 - 1:9.11.3+dfsg-1ubuntu1.13 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.13 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.13 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.13 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.13 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.13 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.13 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.13 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.13 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.13 bind9-host - 1:9.11.3+dfsg-1ubuntu1.13 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.13 dnsutils - 1:9.11.3+dfsg-1ubuntu1.13 bind9utils - 1:9.11.3+dfsg-1ubuntu1.13 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.13 libirs160 - 1:9.11.3+dfsg-1ubuntu1.13 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.13 No subscription required Medium CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.13 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.13 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.13 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.13 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.13 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.13 No subscription required Medium CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538 Ubuntu 18.04 LTS Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12861) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-12862, CVE-2020-12863) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12864) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12865) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-12866) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-12867) Update Instructions: Run `sudo pro fix USN-4470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsane-common - 1.0.27-1~experimental3ubuntu2.3 libsane1 - 1.0.27-1~experimental3ubuntu2.3 sane-utils - 1.0.27-1~experimental3ubuntu2.3 libsane-dev - 1.0.27-1~experimental3ubuntu2.3 No subscription required Medium CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 Ubuntu 18.04 LTS Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1.8ubuntu3.5 libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.5 libsnmp-dev - 5.7.3+dfsg-1.8ubuntu3.5 libsnmp-base - 5.7.3+dfsg-1.8ubuntu3.5 snmp - 5.7.3+dfsg-1.8ubuntu3.5 libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.5 tkmib - 5.7.3+dfsg-1.8ubuntu3.5 snmpd - 5.7.3+dfsg-1.8ubuntu3.5 python-netsnmp - 5.7.3+dfsg-1.8ubuntu3.5 No subscription required Medium CVE-2020-15861 CVE-2020-15862 Ubuntu 18.04 LTS USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Update Instructions: Run `sudo pro fix USN-4471-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1.8ubuntu3.6 libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.6 libsnmp-dev - 5.7.3+dfsg-1.8ubuntu3.6 libsnmp-base - 5.7.3+dfsg-1.8ubuntu3.6 snmp - 5.7.3+dfsg-1.8ubuntu3.6 libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.6 tkmib - 5.7.3+dfsg-1.8ubuntu3.6 snmpd - 5.7.3+dfsg-1.8ubuntu3.6 python-netsnmp - 5.7.3+dfsg-1.8ubuntu3.6 No subscription required None https://launchpad.net/bugs/1892980 Ubuntu 18.04 LTS Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349) Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. (CVE-2020-14350) Update Instructions: Run `sudo pro fix USN-4472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.14-0ubuntu0.18.04.1 postgresql-10 - 10.14-0ubuntu0.18.04.1 libecpg6 - 10.14-0ubuntu0.18.04.1 libpq5 - 10.14-0ubuntu0.18.04.1 libpgtypes3 - 10.14-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.14-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.14-0ubuntu0.18.04.1 libecpg-dev - 10.14-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.14-0ubuntu0.18.04.1 libpq-dev - 10.14-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.14-0ubuntu0.18.04.1 postgresql-doc-10 - 10.14-0ubuntu0.18.04.1 postgresql-client-10 - 10.14-0ubuntu0.18.04.1 libecpg-compat3 - 10.14-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-14349 CVE-2020-14350 Ubuntu 18.04 LTS It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-16091, CVE-2019-16092, CVE-2019-16093, CVE-2019-16094, CVE-2019-16095) Update Instructions: Run `sudo pro fix USN-4473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysofa-utils - 0.6~dfsg0-3+deb10u1build1 libmysofa0 - 0.6~dfsg0-3+deb10u1build1 libmysofa-dev - 0.6~dfsg0-3+deb10u1build1 No subscription required Medium CVE-2019-16091 CVE-2019-16092 CVE-2019-16093 CVE-2019-16094 CVE-2019-16095 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Update Instructions: Run `sudo pro fix USN-4474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 80.0+build2-0ubuntu0.18.04.1 firefox - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 80.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 80.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 80.0+build2-0ubuntu0.18.04.1 firefox-dev - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 80.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 80.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-12400 CVE-2020-12401 CVE-2020-15664 CVE-2020-15665 CVE-2020-15666 CVE-2020-15668 CVE-2020-15670 CVE-2020-6829 Ubuntu 18.04 LTS USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Update Instructions: Run `sudo pro fix USN-4474-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 80.0.1+build1-0ubuntu0.18.04.1 firefox - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 80.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 80.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 80.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 80.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 80.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1893021 Ubuntu 18.04 LTS It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chrony - 3.2-4ubuntu4.5 No subscription required Medium CVE-2020-14367 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.12 libnss3 - 2:3.35-2ubuntu2.12 libnss3-tools - 2:3.35-2ubuntu2.12 No subscription required Medium CVE-2020-12403 Ubuntu 18.04 LTS USN-4478-1 fixed a vulnerability in Python-RSA. This update provides the corresponding update for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4478-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rsa - 3.4.2-1ubuntu0.1~esm1 python3-rsa - 3.4.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13757 Ubuntu 18.04 LTS It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. (CVE-2020-12689, CVE-2020-12691) It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. (CVE-2020-12690) It was discovered that OpenStack Keystone incorrectly handled EC2 signature TTL checks. A remote attacker could possibly use this issue to reuse Authorization headers. (CVE-2020-12692) Update Instructions: Run `sudo pro fix USN-4480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-keystone - 2:13.0.4-0ubuntu1 keystone-doc - 2:13.0.4-0ubuntu1 keystone - 2:13.0.4-0ubuntu1 No subscription required Medium CVE-2020-12689 CVE-2020-12690 CVE-2020-12691 CVE-2020-12692 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.1 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.1 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.1 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.1 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.1 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.1 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-15103 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Ubuntu 18.04 LTS Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory. Update Instructions: Run `sudo pro fix USN-4482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ark - 4:17.12.3-0ubuntu1.2 No subscription required Medium CVE-2020-24654 Ubuntu 18.04 LTS Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. (CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2020-12656) Update Instructions: Run `sudo pro fix USN-4483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1016-raspi - 5.4.0-1016.17~18.04.1 No subscription required linux-image-5.4.0-1022-oracle - 5.4.0-1022.22~18.04.1 linux-image-5.4.0-1022-aws - 5.4.0-1022.22~18.04.1 linux-image-5.4.0-1022-gcp - 5.4.0-1022.22~18.04.1 No subscription required linux-image-5.4.0-1023-azure - 5.4.0-1023.23~18.04.1 No subscription required linux-image-5.4.0-45-generic - 5.4.0-45.49~18.04.2 linux-image-5.4.0-45-lowlatency - 5.4.0-45.49~18.04.2 linux-image-5.4.0-45-generic-lpae - 5.4.0-45.49~18.04.2 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1016.20 linux-image-raspi-hwe-18.04 - 5.4.0.1016.20 No subscription required linux-image-oracle - 5.4.0.1022.7 linux-image-oracle-edge - 5.4.0.1022.7 No subscription required linux-image-aws-edge - 5.4.0.1022.8 No subscription required linux-image-gke-5.4 - 5.4.0.1022.9 linux-image-gcp-edge - 5.4.0.1022.9 linux-image-gcp - 5.4.0.1022.9 No subscription required linux-image-azure - 5.4.0.1023.7 linux-image-azure-edge - 5.4.0.1023.7 No subscription required linux-image-gkeop-5.4 - 5.4.0.45.49~18.04.38 linux-image-generic-hwe-18.04 - 5.4.0.45.49~18.04.38 linux-image-snapdragon-hwe-18.04 - 5.4.0.45.49~18.04.38 linux-image-generic-lpae-hwe-18.04 - 5.4.0.45.49~18.04.38 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.45.49~18.04.38 linux-image-lowlatency-hwe-18.04 - 5.4.0.45.49~18.04.38 linux-image-virtual-hwe-18.04 - 5.4.0.45.49~18.04.38 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.45.49~18.04.38 linux-image-generic-hwe-18.04-edge - 5.4.0.45.49~18.04.38 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.45.49~18.04.38 linux-image-virtual-hwe-18.04-edge - 5.4.0.45.49~18.04.38 No subscription required Medium CVE-2019-20810 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10781 CVE-2020-12655 CVE-2020-12656 CVE-2020-12771 CVE-2020-13974 CVE-2020-14356 CVE-2020-15393 CVE-2020-24394 Ubuntu 18.04 LTS It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Update Instructions: Run `sudo pro fix USN-4484-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1032-raspi2 - 5.3.0-1032.34 No subscription required linux-image-5.3.0-1034-gke - 5.3.0-1034.36 linux-image-5.3.0-1034-aws - 5.3.0-1034.36 No subscription required linux-image-5.3.0-66-generic - 5.3.0-66.60 linux-image-5.3.0-66-lowlatency - 5.3.0-66.60 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1032.22 No subscription required linux-image-gke-5.3 - 5.3.0.1034.19 No subscription required linux-image-aws - 5.3.0.1034.33 No subscription required linux-image-gkeop-5.3 - 5.3.0.66.123 No subscription required Medium CVE-2020-14356 Ubuntu 18.04 LTS Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2018-20669) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2020-12656) Update Instructions: Run `sudo pro fix USN-4485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1051-oracle - 4.15.0-1051.55 No subscription required linux-image-4.15.0-1067-gke - 4.15.0-1067.70 No subscription required linux-image-4.15.0-1068-raspi2 - 4.15.0-1068.72 No subscription required linux-image-4.15.0-1072-kvm - 4.15.0-1072.73 No subscription required linux-image-4.15.0-1080-aws - 4.15.0-1080.84 No subscription required linux-image-4.15.0-1081-gcp - 4.15.0-1081.92 No subscription required linux-image-4.15.0-1084-snapdragon - 4.15.0-1084.92 No subscription required linux-image-4.15.0-1093-azure - 4.15.0-1093.103 No subscription required linux-image-4.15.0-1094-oem - 4.15.0-1094.104 No subscription required linux-image-4.15.0-115-generic - 4.15.0-115.116 linux-image-4.15.0-115-generic-lpae - 4.15.0-115.116 linux-image-4.15.0-115-lowlatency - 4.15.0-115.116 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1051.62 No subscription required linux-image-gke-4.15 - 4.15.0.1067.71 linux-image-gke - 4.15.0.1067.71 No subscription required linux-image-raspi2 - 4.15.0.1068.66 No subscription required linux-image-kvm - 4.15.0.1072.68 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1080.82 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1081.99 No subscription required linux-image-snapdragon - 4.15.0.1084.87 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1093.67 No subscription required linux-image-oem - 4.15.0.1094.98 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.115.103 linux-image-generic-hwe-16.04 - 4.15.0.115.103 linux-image-generic-hwe-16.04-edge - 4.15.0.115.103 linux-image-virtual - 4.15.0.115.103 linux-image-generic-lpae-hwe-16.04 - 4.15.0.115.103 linux-image-virtual-hwe-16.04 - 4.15.0.115.103 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.115.103 linux-image-generic - 4.15.0.115.103 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.115.103 linux-image-generic-lpae - 4.15.0.115.103 linux-image-lowlatency-hwe-16.04 - 4.15.0.115.103 linux-image-lowlatency - 4.15.0.115.103 No subscription required Medium CVE-2018-20669 CVE-2019-19947 CVE-2019-20810 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10781 CVE-2020-12655 CVE-2020-12656 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 CVE-2020-24394 Ubuntu 18.04 LTS Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14344) Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14363) Update Instructions: Run `sudo pro fix USN-4487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.4-3ubuntu0.3 libx11-data - 2:1.6.4-3ubuntu0.3 libx11-xcb-dev - 2:1.6.4-3ubuntu0.3 libx11-xcb1 - 2:1.6.4-3ubuntu0.3 libx11-doc - 2:1.6.4-3ubuntu0.3 libx11-6-udeb - 2:1.6.4-3ubuntu0.3 libx11-dev - 2:1.6.4-3ubuntu0.3 No subscription required Medium CVE-2020-14344 CVE-2020-14363 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14346) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2020-14347) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14361) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges. (CVE-2020-14362) Update Instructions: Run `sudo pro fix USN-4488-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.5 xmir - 2:1.19.6-1ubuntu4.5 xwayland - 2:1.19.6-1ubuntu4.5 xorg-server-source - 2:1.19.6-1ubuntu4.5 xserver-xephyr - 2:1.19.6-1ubuntu4.5 xdmx - 2:1.19.6-1ubuntu4.5 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.5 xserver-xorg-dev - 2:1.19.6-1ubuntu4.5 xvfb - 2:1.19.6-1ubuntu4.5 xnest - 2:1.19.6-1ubuntu4.5 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.5 xdmx-tools - 2:1.19.6-1ubuntu4.5 xserver-xorg-core-udeb - 2:1.19.6-1ubuntu4.5 xserver-common - 2:1.19.6-1ubuntu4.5 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.2 No subscription required Medium CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362 Ubuntu 18.04 LTS Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1053-oracle - 4.15.0-1053.57 No subscription required linux-image-4.15.0-1069-gke - 4.15.0-1069.72 No subscription required linux-image-4.15.0-1070-raspi2 - 4.15.0-1070.74 No subscription required linux-image-4.15.0-1074-kvm - 4.15.0-1074.75 No subscription required linux-image-4.15.0-1082-aws - 4.15.0-1082.86 No subscription required linux-image-4.15.0-1083-gcp - 4.15.0-1083.94 No subscription required linux-image-4.15.0-1086-snapdragon - 4.15.0-1086.94 No subscription required linux-image-4.15.0-1095-azure - 4.15.0-1095.105 No subscription required linux-image-4.15.0-1096-oem - 4.15.0-1096.106 No subscription required linux-image-4.15.0-117-lowlatency - 4.15.0-117.118 linux-image-4.15.0-117-generic - 4.15.0-117.118 linux-image-4.15.0-117-generic-lpae - 4.15.0-117.118 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1053.63 No subscription required linux-image-gke - 4.15.0.1069.73 linux-image-gke-4.15 - 4.15.0.1069.73 No subscription required linux-image-raspi2 - 4.15.0.1070.67 No subscription required linux-image-kvm - 4.15.0.1074.70 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1082.84 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1083.101 No subscription required linux-image-snapdragon - 4.15.0.1086.89 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1095.68 No subscription required linux-image-oem - 4.15.0.1096.100 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.117.104 linux-image-generic-hwe-16.04 - 4.15.0.117.104 linux-image-generic-hwe-16.04-edge - 4.15.0.117.104 linux-image-generic-lpae-hwe-16.04 - 4.15.0.117.104 linux-image-generic - 4.15.0.117.104 linux-image-virtual - 4.15.0.117.104 linux-image-virtual-hwe-16.04 - 4.15.0.117.104 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.117.104 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.117.104 linux-image-generic-lpae - 4.15.0.117.104 linux-image-lowlatency-hwe-16.04 - 4.15.0.117.104 linux-image-lowlatency - 4.15.0.117.104 No subscription required linux-image-5.0.0-1047-gke - 5.0.0-1047.48 No subscription required linux-image-5.0.0-1068-oem-osp1 - 5.0.0-1068.73 No subscription required linux-image-gke-5.0 - 5.0.0.1047.32 No subscription required linux-image-oem-osp1 - 5.0.0.1068.66 No subscription required linux-image-5.3.0-1033-raspi2 - 5.3.0-1033.35 No subscription required linux-image-5.3.0-1035-aws - 5.3.0-1035.37 No subscription required linux-image-5.3.0-1036-gke - 5.3.0-1036.38 No subscription required linux-image-5.3.0-67-lowlatency - 5.3.0-67.61 linux-image-5.3.0-67-generic - 5.3.0-67.61 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1033.23 No subscription required linux-image-aws - 5.3.0.1035.34 No subscription required linux-image-gke-5.3 - 5.3.0.1036.20 No subscription required linux-image-gkeop-5.3 - 5.3.0.67.124 No subscription required linux-image-5.4.0-1018-raspi - 5.4.0-1018.20~18.04.1 No subscription required linux-image-5.4.0-1024-gcp - 5.4.0-1024.24~18.04.1 linux-image-5.4.0-1024-aws - 5.4.0-1024.24~18.04.1 linux-image-5.4.0-1024-oracle - 5.4.0-1024.24~18.04.1 No subscription required linux-image-5.4.0-1025-azure - 5.4.0-1025.25~18.04.1 No subscription required linux-image-5.4.0-47-generic - 5.4.0-47.51~18.04.1 linux-image-5.4.0-47-generic-lpae - 5.4.0-47.51~18.04.1 linux-image-5.4.0-47-lowlatency - 5.4.0-47.51~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1018.22 linux-image-raspi-hwe-18.04 - 5.4.0.1018.22 No subscription required linux-image-gcp-edge - 5.4.0.1024.11 linux-image-gke-5.4 - 5.4.0.1024.11 linux-image-gcp - 5.4.0.1024.11 No subscription required linux-image-oracle - 5.4.0.1024.8 linux-image-oracle-edge - 5.4.0.1024.8 No subscription required linux-image-aws-edge - 5.4.0.1024.9 No subscription required linux-image-azure-edge - 5.4.0.1025.8 linux-image-azure - 5.4.0.1025.8 No subscription required linux-image-gkeop-5.4 - 5.4.0.47.51~18.04.40 linux-image-generic-hwe-18.04 - 5.4.0.47.51~18.04.40 linux-image-generic-lpae-hwe-18.04 - 5.4.0.47.51~18.04.40 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.47.51~18.04.40 linux-image-lowlatency-hwe-18.04 - 5.4.0.47.51~18.04.40 linux-image-virtual-hwe-18.04 - 5.4.0.47.51~18.04.40 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.47.51~18.04.40 linux-image-snapdragon-hwe-18.04 - 5.4.0.47.51~18.04.40 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.47.51~18.04.40 linux-image-generic-hwe-18.04-edge - 5.4.0.47.51~18.04.40 linux-image-virtual-hwe-18.04-edge - 5.4.0.47.51~18.04.40 No subscription required High CVE-2020-14386 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.6 xmir - 2:1.19.6-1ubuntu4.6 xwayland - 2:1.19.6-1ubuntu4.6 xorg-server-source - 2:1.19.6-1ubuntu4.6 xdmx - 2:1.19.6-1ubuntu4.6 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.6 xserver-xorg-dev - 2:1.19.6-1ubuntu4.6 xvfb - 2:1.19.6-1ubuntu4.6 xnest - 2:1.19.6-1ubuntu4.6 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.6 xserver-common - 2:1.19.6-1ubuntu4.6 xserver-xephyr - 2:1.19.6-1ubuntu4.6 xserver-xorg-core-udeb - 2:1.19.6-1ubuntu4.6 xdmx-tools - 2:1.19.6-1ubuntu4.6 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.3 No subscription required Medium CVE-2020-14345 Ubuntu 18.04 LTS It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. (CVE-2019-17571) Update Instructions: Run `sudo pro fix USN-4495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j1.2-java-doc - 1.2.17-8+deb10u1build0.18.04.1 liblog4j1.2-java - 1.2.17-8+deb10u1build0.18.04.1 No subscription required Medium CVE-2019-17571 Ubuntu 18.04 LTS It was discovered that Apache XML-RPC (aka ws-xmlrpc) does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-17570) Update Instructions: Run `sudo pro fix USN-4496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmlrpc3-common-java - 3.1.3-9+deb10u1build0.18.04.1 libxmlrpc3-server-java - 3.1.3-9+deb10u1build0.18.04.1 libxmlrpc3-java-doc - 3.1.3-9+deb10u1build0.18.04.1 libxmlrpc3-client-java - 3.1.3-9+deb10u1build0.18.04.1 No subscription required Medium CVE-2019-17570 Ubuntu 18.04 LTS It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. (CVE-2020-7663) Update Instructions: Run `sudo pro fix USN-4502-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-websocket-extensions - 0.1.2-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2020-7663 Ubuntu 18.04 LTS It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.640-1ubuntu0.1 No subscription required Medium CVE-2020-14392 Ubuntu 18.04 LTS Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. (CVE-2020-1968) Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1547) Guido Vranken discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1551) Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. In certain scenarios, a remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1563) Update Instructions: Run `sudo pro fix USN-4504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0-dev - 1.0.2n-1ubuntu5.4 libssl1.0.0 - 1.0.2n-1ubuntu5.4 openssl1.0 - 1.0.2n-1ubuntu5.4 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.4 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.4 No subscription required Low CVE-2019-1547 CVE-2019-1551 CVE-2019-1563 CVE-2020-1968 Ubuntu 18.04 LTS Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. (CVE-2020-13625) Update Instructions: Run `sudo pro fix USN-4505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-phpmailer - 5.2.14+dfsg-2.3+deb9u2build0.18.04.1 No subscription required Medium CVE-2020-13625 Ubuntu 18.04 LTS It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040) Update Instructions: Run `sudo pro fix USN-4508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: storebackup - 3.2.1-1+deb8u1build0.18.04.1 No subscription required Medium CVE-2020-7040 Ubuntu 18.04 LTS Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Update Instructions: Run `sudo pro fix USN-4510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 No subscription required Medium CVE-2020-1472 Ubuntu 18.04 LTS Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Update Instructions: Run `sudo pro fix USN-4511-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.32 qemu-user-static - 1:2.11+dfsg-1ubuntu7.32 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.32 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.32 qemu-kvm - 1:2.11+dfsg-1ubuntu7.32 qemu-user - 1:2.11+dfsg-1ubuntu7.32 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.32 qemu-system - 1:2.11+dfsg-1ubuntu7.32 qemu-utils - 1:2.11+dfsg-1ubuntu7.32 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.32 qemu - 1:2.11+dfsg-1ubuntu7.32 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.32 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.32 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.32 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.32 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.32 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.32 No subscription required Medium CVE-2020-14364 Ubuntu 18.04 LTS It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion. Update Instructions: Run `sudo pro fix USN-4512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bsdutils - 1:2.31.1-0.4ubuntu3.7 No subscription required util-linux-locales - 2.31.1-0.4ubuntu3.7 libmount1-udeb - 2.31.1-0.4ubuntu3.7 libsmartcols1-udeb - 2.31.1-0.4ubuntu3.7 uuid-dev - 2.31.1-0.4ubuntu3.7 setpriv - 2.31.1-0.4ubuntu3.7 libfdisk1 - 2.31.1-0.4ubuntu3.7 libfdisk-dev - 2.31.1-0.4ubuntu3.7 libfdisk1-udeb - 2.31.1-0.4ubuntu3.7 libsmartcols1 - 2.31.1-0.4ubuntu3.7 fdisk - 2.31.1-0.4ubuntu3.7 rfkill - 2.31.1-0.4ubuntu3.7 libblkid-dev - 2.31.1-0.4ubuntu3.7 libmount1 - 2.31.1-0.4ubuntu3.7 libsmartcols-dev - 2.31.1-0.4ubuntu3.7 libmount-dev - 2.31.1-0.4ubuntu3.7 uuid-runtime - 2.31.1-0.4ubuntu3.7 util-linux - 2.31.1-0.4ubuntu3.7 libblkid1-udeb - 2.31.1-0.4ubuntu3.7 fdisk-udeb - 2.31.1-0.4ubuntu3.7 libuuid1-udeb - 2.31.1-0.4ubuntu3.7 mount - 2.31.1-0.4ubuntu3.7 util-linux-udeb - 2.31.1-0.4ubuntu3.7 libblkid1 - 2.31.1-0.4ubuntu3.7 libuuid1 - 2.31.1-0.4ubuntu3.7 No subscription required Negligible CVE-2018-7738 Ubuntu 18.04 LTS It was discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4514-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libproxy-cil-dev - 0.4.15-1ubuntu0.1 python-libproxy - 0.4.15-1ubuntu0.1 libproxy1v5 - 0.4.15-1ubuntu0.1 libproxy0.4-cil - 0.4.15-1ubuntu0.1 libproxy1-plugin-gsettings - 0.4.15-1ubuntu0.1 libproxy-dev - 0.4.15-1ubuntu0.1 python3-libproxy - 0.4.15-1ubuntu0.1 libproxy1-plugin-webkit - 0.4.15-1ubuntu0.1 libproxy1-plugin-kconfig - 0.4.15-1ubuntu0.1 libproxy1-plugin-networkmanager - 0.4.15-1ubuntu0.1 libproxy-tools - 0.4.15-1ubuntu0.1 No subscription required Medium CVE-2020-25219 Ubuntu 18.04 LTS It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to revert this behaviour. Update Instructions: Run `sudo pro fix USN-4516-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.4-1ubuntu1.3 gpgv-static - 2.2.4-1ubuntu1.3 gpgv-win32 - 2.2.4-1ubuntu1.3 scdaemon - 2.2.4-1ubuntu1.3 gpgsm - 2.2.4-1ubuntu1.3 gpgv - 2.2.4-1ubuntu1.3 gpg - 2.2.4-1ubuntu1.3 gnupg-agent - 2.2.4-1ubuntu1.3 gnupg2 - 2.2.4-1ubuntu1.3 gpgconf - 2.2.4-1ubuntu1.3 gpgv-udeb - 2.2.4-1ubuntu1.3 gpg-wks-client - 2.2.4-1ubuntu1.3 gpg-wks-server - 2.2.4-1ubuntu1.3 gpg-agent - 2.2.4-1ubuntu1.3 gnupg - 2.2.4-1ubuntu1.3 gnupg-utils - 2.2.4-1ubuntu1.3 gnupg-l10n - 2.2.4-1ubuntu1.3 gpgv2 - 2.2.4-1ubuntu1.3 No subscription required Low CVE-2019-14855 Ubuntu 18.04 LTS It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. (CVE-2018-18898) Update Instructions: Run `sudo pro fix USN-4517-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libemail-address-list-perl - 0.05-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2018-18898 Ubuntu 18.04 LTS It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4521-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-tacplus - 1.3.8-2+deb8u1build0.18.04.1 No subscription required Low CVE-2020-13881 Ubuntu 18.04 LTS It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808) It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) Update Instructions: Run `sudo pro fix USN-4525-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1019-raspi - 5.4.0-1019.21~18.04.1 No subscription required linux-image-5.4.0-1025-oracle - 5.4.0-1025.25~18.04.1 linux-image-5.4.0-1025-gcp - 5.4.0-1025.25~18.04.1 linux-image-5.4.0-1025-aws - 5.4.0-1025.25~18.04.1 No subscription required linux-image-5.4.0-1026-azure - 5.4.0-1026.26~18.04.1 No subscription required linux-image-5.4.0-48-generic-lpae - 5.4.0-48.52~18.04.1 linux-image-5.4.0-48-generic - 5.4.0-48.52~18.04.1 linux-image-5.4.0-48-lowlatency - 5.4.0-48.52~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1019.23 linux-image-raspi-hwe-18.04 - 5.4.0.1019.23 No subscription required linux-image-aws-edge - 5.4.0.1025.10 linux-image-aws - 5.4.0.1025.10 No subscription required linux-image-gcp-edge - 5.4.0.1025.13 linux-image-gcp - 5.4.0.1025.13 No subscription required linux-image-oracle - 5.4.0.1025.9 linux-image-oracle-edge - 5.4.0.1025.9 No subscription required linux-image-azure - 5.4.0.1026.9 linux-image-azure-edge - 5.4.0.1026.9 No subscription required linux-image-generic-hwe-18.04 - 5.4.0.48.52~18.04.42 linux-image-snapdragon-hwe-18.04 - 5.4.0.48.52~18.04.42 linux-image-generic-lpae-hwe-18.04 - 5.4.0.48.52~18.04.42 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.48.52~18.04.42 linux-image-lowlatency-hwe-18.04 - 5.4.0.48.52~18.04.42 linux-image-virtual-hwe-18.04 - 5.4.0.48.52~18.04.42 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.48.52~18.04.42 linux-image-generic-hwe-18.04-edge - 5.4.0.48.52~18.04.42 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.48.52~18.04.42 linux-image-virtual-hwe-18.04-edge - 5.4.0.48.52~18.04.42 No subscription required Medium CVE-2019-18808 CVE-2019-19054 CVE-2020-12888 CVE-2020-16166 CVE-2020-25212 Ubuntu 18.04 LTS It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808) It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061) It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067) It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074) It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445) It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166) Update Instructions: Run `sudo pro fix USN-4526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1054-oracle - 4.15.0-1054.58 No subscription required linux-image-4.15.0-1070-gke - 4.15.0-1070.73 No subscription required linux-image-4.15.0-1071-raspi2 - 4.15.0-1071.75 No subscription required linux-image-4.15.0-1075-kvm - 4.15.0-1075.76 No subscription required linux-image-4.15.0-1083-aws - 4.15.0-1083.87 No subscription required linux-image-4.15.0-1084-gcp - 4.15.0-1084.95 No subscription required linux-image-4.15.0-1087-snapdragon - 4.15.0-1087.95 No subscription required linux-image-4.15.0-1096-azure - 4.15.0-1096.106 No subscription required linux-image-4.15.0-1097-oem - 4.15.0-1097.107 No subscription required linux-image-4.15.0-118-generic-lpae - 4.15.0-118.119 linux-image-4.15.0-118-lowlatency - 4.15.0-118.119 linux-image-4.15.0-118-generic - 4.15.0-118.119 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1054.64 No subscription required linux-image-gke-4.15 - 4.15.0.1070.74 linux-image-gke - 4.15.0.1070.74 No subscription required linux-image-raspi2 - 4.15.0.1071.68 No subscription required linux-image-kvm - 4.15.0.1075.71 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1083.85 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1084.102 No subscription required linux-image-snapdragon - 4.15.0.1087.90 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1096.69 No subscription required linux-image-oem - 4.15.0.1097.101 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.118.105 linux-image-generic-hwe-16.04 - 4.15.0.118.105 linux-image-generic-hwe-16.04-edge - 4.15.0.118.105 linux-image-generic-lpae-hwe-16.04 - 4.15.0.118.105 linux-image-virtual - 4.15.0.118.105 linux-image-virtual-hwe-16.04 - 4.15.0.118.105 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.118.105 linux-image-generic - 4.15.0.118.105 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.118.105 linux-image-generic-lpae - 4.15.0.118.105 linux-image-lowlatency-hwe-16.04 - 4.15.0.118.105 linux-image-lowlatency - 4.15.0.118.105 No subscription required Medium CVE-2019-18808 CVE-2019-19054 CVE-2019-19061 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-9445 CVE-2020-12888 CVE-2020-14356 CVE-2020-16166 Ubuntu 18.04 LTS Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. (CVE-2020-10753) Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12059) Robin H. Johnson discovered that Ceph incorrectly handled certain S3 requests. A remote attacker could possibly use this issue to perform a XSS attack. (CVE-2020-1760) Update Instructions: Run `sudo pro fix USN-4528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph-fuse - 12.2.13-0ubuntu0.18.04.4 python3-rbd - 12.2.13-0ubuntu0.18.04.4 python-rados - 12.2.13-0ubuntu0.18.04.4 ceph-mgr - 12.2.13-0ubuntu0.18.04.4 ceph - 12.2.13-0ubuntu0.18.04.4 ceph-test - 12.2.13-0ubuntu0.18.04.4 rbd-mirror - 12.2.13-0ubuntu0.18.04.4 rbd-nbd - 12.2.13-0ubuntu0.18.04.4 librbd-dev - 12.2.13-0ubuntu0.18.04.4 libradosstriper1 - 12.2.13-0ubuntu0.18.04.4 rbd-fuse - 12.2.13-0ubuntu0.18.04.4 librados-dev - 12.2.13-0ubuntu0.18.04.4 libcephfs-jni - 12.2.13-0ubuntu0.18.04.4 radosgw - 12.2.13-0ubuntu0.18.04.4 librados2 - 12.2.13-0ubuntu0.18.04.4 ceph-mon - 12.2.13-0ubuntu0.18.04.4 libcephfs2 - 12.2.13-0ubuntu0.18.04.4 librgw2 - 12.2.13-0ubuntu0.18.04.4 ceph-mds - 12.2.13-0ubuntu0.18.04.4 libradosstriper-dev - 12.2.13-0ubuntu0.18.04.4 librbd1 - 12.2.13-0ubuntu0.18.04.4 python3-rgw - 12.2.13-0ubuntu0.18.04.4 python-rgw - 12.2.13-0ubuntu0.18.04.4 python-ceph - 12.2.13-0ubuntu0.18.04.4 libcephfs-dev - 12.2.13-0ubuntu0.18.04.4 rados-objclass-dev - 12.2.13-0ubuntu0.18.04.4 ceph-osd - 12.2.13-0ubuntu0.18.04.4 python3-ceph-argparse - 12.2.13-0ubuntu0.18.04.4 librgw-dev - 12.2.13-0ubuntu0.18.04.4 python3-rados - 12.2.13-0ubuntu0.18.04.4 ceph-base - 12.2.13-0ubuntu0.18.04.4 python-cephfs - 12.2.13-0ubuntu0.18.04.4 python3-cephfs - 12.2.13-0ubuntu0.18.04.4 python-rbd - 12.2.13-0ubuntu0.18.04.4 ceph-common - 12.2.13-0ubuntu0.18.04.4 libcephfs-java - 12.2.13-0ubuntu0.18.04.4 ceph-resource-agents - 12.2.13-0ubuntu0.18.04.4 No subscription required Medium CVE-2020-10753 CVE-2020-12059 CVE-2020-1760 Ubuntu 18.04 LTS It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. (CVE-2019-12211) It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. (CVE-2019-12213) Update Instructions: Run `sudo pro fix USN-4529-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimageplus-dev - 3.17.0+ds1-5+deb9u1build0.18.04.1 libfreeimage-dev - 3.17.0+ds1-5+deb9u1build0.18.04.1 libfreeimageplus3 - 3.17.0+ds1-5+deb9u1build0.18.04.1 libfreeimage3 - 3.17.0+ds1-5+deb9u1build0.18.04.1 libfreeimageplus-doc - 3.17.0+ds1-5+deb9u1build0.18.04.1 No subscription required Medium CVE-2019-12211 CVE-2019-12213 Ubuntu 18.04 LTS Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. (CVE-2019-3467) Update Instructions: Run `sudo pro fix USN-4530-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: debian-lan-config - 0.23+deb9u1build0.18.04.1 No subscription required Medium CVE-2019-3467 Ubuntu 18.04 LTS It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications. Update Instructions: Run `sudo pro fix USN-4531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.27.2-2ubuntu3.3 udhcpc - 1:1.27.2-2ubuntu3.3 busybox-syslogd - 1:1.27.2-2ubuntu3.3 udhcpd - 1:1.27.2-2ubuntu3.3 busybox-initramfs - 1:1.27.2-2ubuntu3.3 busybox-udeb - 1:1.27.2-2ubuntu3.3 busybox-static - 1:1.27.2-2ubuntu3.3 No subscription required Medium CVE-2018-1000500 Ubuntu 18.04 LTS It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-16869) It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20444) It was discovered that Netty incorrectly handled certain HTTP headers. By sending a Content-Length header accompanied by a second Content-Length header, or by a Transfer-Encoding header, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2019-20445) Update Instructions: Run `sudo pro fix USN-4532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-3.9-java - 3.9.9.Final-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 Ubuntu 18.04 LTS It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. Update Instructions: Run `sudo pro fix USN-4534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.640-1ubuntu0.2 No subscription required Medium CVE-2019-20919 Ubuntu 18.04 LTS Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-16392) Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. (CVE-2019-16394) Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. (CVE-2019-11071) Sylvain Lefevre discovered that SPIP incorrectly handled user authorization. A remote attacker could possibly use this issue to modify and publish content and modify the database. (CVE-2019-16391) It was discovered that SPIP did not properly sanitize input. A remote attacker could, through cross-site scripting (XSS) and PHP injection, exploit this to inject arbitrary web script or HTML. (CVE-2017-15736) Alexis Zucca discovered that SPIP incorrectly handled the media plugin. A remote authenticated attacker could possibly use this issue to write to the database. (CVE-2019-19830) Christophe Laffont discovered that SPIP incorrectly handled redirect URLs. An attacker could use this issue to cause SPIP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-16393) Update Instructions: Run `sudo pro fix USN-4536-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spip - 3.1.4-4~deb9u3build0.18.04.1 No subscription required Medium CVE-2019-16392 CVE-2019-16394 CVE-2019-11071 CVE-2019-16391 CVE-2017-15736 CVE-2019-19830 CVE-2019-16393 Ubuntu 18.04 LTS Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files. Update Instructions: Run `sudo pro fix USN-4537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu19.4 python-aptdaemon - 1.1.1+bzr982-0ubuntu19.4 aptdaemon-data - 1.1.1+bzr982-0ubuntu19.4 python3-aptdaemon.test - 1.1.1+bzr982-0ubuntu19.4 aptdaemon - 1.1.1+bzr982-0ubuntu19.4 python-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu19.4 python3-aptdaemon - 1.1.1+bzr982-0ubuntu19.4 No subscription required Medium CVE-2020-15703 Ubuntu 18.04 LTS Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. (CVE-2020-16121) Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations. (CVE-2020-16122) Update Instructions: Run `sudo pro fix USN-4538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: packagekit-docs - 1.1.9-1ubuntu2.18.04.6 libpackagekit-glib2-dev - 1.1.9-1ubuntu2.18.04.6 packagekit - 1.1.9-1ubuntu2.18.04.6 packagekit-tools - 1.1.9-1ubuntu2.18.04.6 libpackagekit-glib2-18 - 1.1.9-1ubuntu2.18.04.6 packagekit-command-not-found - 1.1.9-1ubuntu2.18.04.6 packagekit-gtk3-module - 1.1.9-1ubuntu2.18.04.6 gir1.2-packagekitglib-1.0 - 1.1.9-1ubuntu2.18.04.6 gstreamer1.0-packagekit - 1.1.9-1ubuntu2.18.04.6 No subscription required Medium CVE-2020-16121 CVE-2020-16122 Ubuntu 18.04 LTS Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11365) Denis Andzakovic discovered that atftpd did not properly lock the thread list mutex. An attacker could send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11366) Update Instructions: Run `sudo pro fix USN-4540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: atftp - 0.7.git20120829-3.1~0.18.04.1 atftpd - 0.7.git20120829-3.1~0.18.04.1 No subscription required Medium CVE-2019-11365 CVE-2019-11366 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, spoof the site displayed in the download dialog, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4546-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 81.0+build2-0ubuntu0.18.04.1 firefox - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 81.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 81.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 81.0+build2-0ubuntu0.18.04.1 firefox-dev - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 81.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 81.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-15673 CVE-2020-15674 CVE-2020-15675 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Ubuntu 18.04 LTS USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, spoof the site displayed in the download dialog, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4546-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 81.0.2+build1-0ubuntu0.18.04.1 firefox - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 81.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 81.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 81.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 81.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 81.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1900032 Ubuntu 18.04 LTS It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update Instructions: Run `sudo pro fix USN-4547-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: italc-master - 1:3.0.3+dfsg1-3ubuntu0.1 italc-client - 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore - 1:3.0.3+dfsg1-3ubuntu0.1 No subscription required Medium CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-7225 CVE-2019-15681 Ubuntu 18.04 LTS Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049) Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810) Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811) Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606) Update Instructions: Run `sudo pro fix USN-4551-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.9 squid - 3.5.27-1ubuntu1.9 squid-cgi - 3.5.27-1ubuntu1.9 squid-purge - 3.5.27-1ubuntu1.9 squidclient - 3.5.27-1ubuntu1.9 squid3 - 3.5.27-1ubuntu1.9 No subscription required Medium CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Ubuntu 18.04 LTS Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update Instructions: Run `sudo pro fix USN-4552-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-python - 1.0.6-1.1+deb10u1build0.18.04.1 No subscription required Medium CVE-2019-16729 Ubuntu 18.04 LTS USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. We apologize for the inconvenience. Original advisory details: Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Update Instructions: Run `sudo pro fix USN-4552-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-python - 1.0.6-1.1+deb10u1ubuntu0.1 libpam-python-doc - 1.0.6-1.1+deb10u1ubuntu0.1 No subscription required Medium CVE-2019-16729 Ubuntu 18.04 LTS It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash. Update Instructions: Run `sudo pro fix USN-4558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapreq2-doc - 2.13-7~deb10u1build0.18.04.1 libapache2-mod-apreq2 - 2.13-7~deb10u1build0.18.04.1 libapreq2-dev - 2.13-7~deb10u1build0.18.04.1 libapache2-request-perl - 2.13-7~deb10u1build0.18.04.1 libapreq2-3 - 2.13-7~deb10u1build0.18.04.1 No subscription required Medium CVE-2019-12412 Ubuntu 18.04 LTS Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. For compatibility reasons with older devices, Samba now allows specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html In addition, this update adds additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. Update Instructions: Run `sudo pro fix USN-4559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 No subscription required Medium CVE-2020-1472 Ubuntu 18.04 LTS It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack. Update Instructions: Run `sudo pro fix USN-4560-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-gon - 6.1.0-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2020-25739 Ubuntu 18.04 LTS It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-8161) It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184) Update Instructions: Run `sudo pro fix USN-4561-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-4ubuntu0.2 No subscription required Medium CVE-2020-8161 CVE-2020-8184 Ubuntu 18.04 LTS It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). Update Instructions: Run `sudo pro fix USN-4563-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntp - 1:4.2.8p10+dfsg-5ubuntu7.3 sntp - 1:4.2.8p10+dfsg-5ubuntu7.3 ntp-doc - 1:4.2.8p10+dfsg-5ubuntu7.3 ntpdate - 1:4.2.8p10+dfsg-5ubuntu7.3 No subscription required Medium CVE-2019-8936 Ubuntu 18.04 LTS It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service (crash). Update Instructions: Run `sudo pro fix USN-4565-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openconnect - 7.08-3ubuntu0.18.04.2 libopenconnect-dev - 7.08-3ubuntu0.18.04.2 libopenconnect5 - 7.08-3ubuntu0.18.04.2 No subscription required Medium CVE-2019-16239 Ubuntu 18.04 LTS It was dicovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. (CVE-2019-11356) It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. (CVE-2019-19783) Update Instructions: Run `sudo pro fix USN-4566-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cyrus-doc - 2.5.10-3ubuntu1.1 cyrus-caldav - 2.5.10-3ubuntu1.1 cyrus-dev - 2.5.10-3ubuntu1.1 cyrus-pop3d - 2.5.10-3ubuntu1.1 cyrus-common - 2.5.10-3ubuntu1.1 cyrus-nntpd - 2.5.10-3ubuntu1.1 cyrus-admin - 2.5.10-3ubuntu1.1 libcyrus-imap-perl - 2.5.10-3ubuntu1.1 cyrus-murder - 2.5.10-3ubuntu1.1 cyrus-imapd - 2.5.10-3ubuntu1.1 cyrus-clients - 2.5.10-3ubuntu1.1 cyrus-replication - 2.5.10-3ubuntu1.1 No subscription required Medium CVE-2019-11356 CVE-2019-19783 Ubuntu 18.04 LTS It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters. Update Instructions: Run `sudo pro fix USN-4567-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopendmarc-dev - 1.3.2-3ubuntu0.1 rddmarc - 1.3.2-3ubuntu0.1 opendmarc - 1.3.2-3ubuntu0.1 libopendmarc2 - 1.3.2-3ubuntu0.1 No subscription required Medium CVE-2019-16378 Ubuntu 18.04 LTS It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-4568-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbrotli1 - 1.0.3-1ubuntu1.3 python-brotli - 1.0.3-1ubuntu1.3 python3-brotli - 1.0.3-1ubuntu1.3 brotli - 1.0.3-1ubuntu1.3 libbrotli-dev - 1.0.3-1ubuntu1.3 No subscription required Medium CVE-2020-8927 Ubuntu 18.04 LTS It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2020-24379) It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands. (CVE-2020-24916) Update Instructions: Run `sudo pro fix USN-4569-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: yaws-mail - 2.0.4+dfsg-2ubuntu0.1 yaws-chat - 2.0.4+dfsg-2ubuntu0.1 yaws-wiki - 2.0.4+dfsg-2ubuntu0.1 erlang-yaws - 2.0.4+dfsg-2ubuntu0.1 yaws - 2.0.4+dfsg-2ubuntu0.1 yaws-yapp - 2.0.4+dfsg-2ubuntu0.1 erlang-yapp - 2.0.4+dfsg-2ubuntu0.1 yaws-doc - 2.0.4+dfsg-2ubuntu0.1 No subscription required Medium CVE-2020-24379 CVE-2020-24916 Ubuntu 18.04 LTS It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Update Instructions: Run `sudo pro fix USN-4570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.22-1ubuntu0.18.04.2 python3-urllib3 - 1.22-1ubuntu0.18.04.2 No subscription required Medium CVE-2020-26137 Ubuntu 18.04 LTS Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4572-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libspice-server1 - 0.14.0-1ubuntu2.5 libspice-server-dev - 0.14.0-1ubuntu2.5 No subscription required Medium CVE-2020-14355 Ubuntu 18.04 LTS Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053) It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-7225) Pavel Cheremushkin discovered that an information disclosure vulnerability existed in Vino when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that Vino incorrectly handled region clipping. A remote attacker could possibly use this issue to cause Vino to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that Vino incorrectly handled encodings. A remote attacker could use this issue to cause Vino to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) Update Instructions: Run `sudo pro fix USN-4573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vino - 3.22.0-3ubuntu1.1 No subscription required Medium CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 CVE-2020-14397 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 Ubuntu 18.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) David Alan Gilbert discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation in some circumstances. A local attacker could use this to cause a denial of service. (CVE-2020-14385) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) Update Instructions: Run `sudo pro fix USN-4576-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1021-raspi - 5.4.0-1021.24~18.04.1 No subscription required linux-image-5.4.0-1028-oracle - 5.4.0-1028.29~18.04.1 linux-image-5.4.0-1028-aws - 5.4.0-1028.29~18.04.1 linux-image-5.4.0-1028-gcp - 5.4.0-1028.29~18.04.1 No subscription required linux-image-5.4.0-1031-azure - 5.4.0-1031.32~18.04.1 No subscription required linux-image-5.4.0-51-generic-lpae - 5.4.0-51.56~18.04.1 linux-image-5.4.0-51-lowlatency - 5.4.0-51.56~18.04.1 linux-image-5.4.0-51-generic - 5.4.0-51.56~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1021.25 linux-image-raspi-hwe-18.04 - 5.4.0.1021.25 No subscription required linux-image-oracle - 5.4.0.1028.12 linux-image-oracle-edge - 5.4.0.1028.12 No subscription required linux-image-aws-edge - 5.4.0.1028.13 linux-image-aws - 5.4.0.1028.13 No subscription required linux-image-gcp-edge - 5.4.0.1028.16 linux-image-gcp - 5.4.0.1028.16 No subscription required linux-image-azure - 5.4.0.1031.13 linux-image-azure-edge - 5.4.0.1031.13 No subscription required linux-image-generic-hwe-18.04 - 5.4.0.51.56~18.04.45 linux-image-snapdragon-hwe-18.04 - 5.4.0.51.56~18.04.45 linux-image-generic-lpae-hwe-18.04 - 5.4.0.51.56~18.04.45 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.51.56~18.04.45 linux-image-lowlatency-hwe-18.04 - 5.4.0.51.56~18.04.45 linux-image-virtual-hwe-18.04 - 5.4.0.51.56~18.04.45 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.51.56~18.04.45 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.51.56~18.04.45 linux-image-generic-hwe-18.04-edge - 5.4.0.51.56~18.04.45 linux-image-virtual-hwe-18.04-edge - 5.4.0.51.56~18.04.45 No subscription required High CVE-2020-14314 CVE-2020-14385 CVE-2020-16119 CVE-2020-16120 CVE-2020-25285 CVE-2020-25641 Ubuntu 18.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) Update Instructions: Run `sudo pro fix USN-4577-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1049-gke - 5.0.0-1049.50 No subscription required linux-image-5.0.0-1069-oem-osp1 - 5.0.0-1069.75 No subscription required linux-image-gke-5.0 - 5.0.0.1049.33 No subscription required linux-image-oem-osp1 - 5.0.0.1069.67 No subscription required linux-image-5.3.0-1035-raspi2 - 5.3.0-1035.37 No subscription required linux-image-5.3.0-1038-gke - 5.3.0-1038.40 No subscription required linux-image-5.3.0-68-lowlatency - 5.3.0-68.63 linux-image-5.3.0-68-generic - 5.3.0-68.63 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1035.24 No subscription required linux-image-gke-5.3 - 5.3.0.1038.21 No subscription required linux-image-gkeop-5.3 - 5.3.0.68.125 No subscription required High CVE-2020-16119 CVE-2020-16120 Ubuntu 18.04 LTS Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10322) It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2019-19448) Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314) Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. (CVE-2020-16120) It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212) It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic. (CVE-2020-26088) Update Instructions: Run `sudo pro fix USN-4578-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1057-oracle - 4.15.0-1057.62 No subscription required linux-image-4.15.0-1072-gke - 4.15.0-1072.76 No subscription required linux-image-4.15.0-1073-raspi2 - 4.15.0-1073.78 No subscription required linux-image-4.15.0-1077-kvm - 4.15.0-1077.79 No subscription required linux-image-4.15.0-1086-aws - 4.15.0-1086.91 No subscription required linux-image-4.15.0-1086-gcp - 4.15.0-1086.98 No subscription required linux-image-4.15.0-1089-snapdragon - 4.15.0-1089.98 No subscription required linux-image-4.15.0-1099-oem - 4.15.0-1099.109 No subscription required linux-image-4.15.0-1099-azure - 4.15.0-1099.110 No subscription required linux-image-4.15.0-121-generic - 4.15.0-121.123 linux-image-4.15.0-121-generic-lpae - 4.15.0-121.123 linux-image-4.15.0-121-lowlatency - 4.15.0-121.123 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1057.67 No subscription required linux-image-gke-4.15 - 4.15.0.1072.76 linux-image-gke - 4.15.0.1072.76 No subscription required linux-image-raspi2 - 4.15.0.1073.70 No subscription required linux-image-kvm - 4.15.0.1077.73 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1086.104 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1086.88 No subscription required linux-image-snapdragon - 4.15.0.1089.92 No subscription required linux-image-oem - 4.15.0.1099.103 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1099.72 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.121.108 linux-image-generic-hwe-16.04 - 4.15.0.121.108 linux-image-generic-hwe-16.04-edge - 4.15.0.121.108 linux-image-generic-lpae-hwe-16.04 - 4.15.0.121.108 linux-image-virtual - 4.15.0.121.108 linux-image-virtual-hwe-16.04 - 4.15.0.121.108 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.121.108 linux-image-generic - 4.15.0.121.108 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.121.108 linux-image-generic-lpae - 4.15.0.121.108 linux-image-lowlatency-hwe-16.04 - 4.15.0.121.108 linux-image-lowlatency - 4.15.0.121.108 No subscription required High CVE-2018-10322 CVE-2019-19448 CVE-2020-14314 CVE-2020-16119 CVE-2020-16120 CVE-2020-25212 CVE-2020-26088 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Update Instructions: Run `sudo pro fix USN-4581-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.2 python2.7-doc - 2.7.17-1~18.04ubuntu1.2 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.2 libpython2.7 - 2.7.17-1~18.04ubuntu1.2 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.2 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.2 python2.7 - 2.7.17-1~18.04ubuntu1.2 idle-python2.7 - 2.7.17-1~18.04ubuntu1.2 python2.7-examples - 2.7.17-1~18.04ubuntu1.2 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.2 python2.7-minimal - 2.7.17-1~18.04ubuntu1.2 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.3 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.3 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.3 python3.6-examples - 3.6.9-1~18.04ubuntu1.3 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.3 python3.6-venv - 3.6.9-1~18.04ubuntu1.3 python3.6-minimal - 3.6.9-1~18.04ubuntu1.3 python3.6 - 3.6.9-1~18.04ubuntu1.3 idle-python3.6 - 3.6.9-1~18.04ubuntu1.3 python3.6-doc - 3.6.9-1~18.04ubuntu1.3 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.3 libpython3.6 - 3.6.9-1~18.04ubuntu1.3 No subscription required Medium CVE-2020-26116 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. (CVE-2019-20807) Update Instructions: Run `sudo pro fix USN-4582-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.4 vim-gnome - 2:8.0.1453-1ubuntu1.4 vim-athena - 2:8.0.1453-1ubuntu1.4 xxd - 2:8.0.1453-1ubuntu1.4 vim-gtk - 2:8.0.1453-1ubuntu1.4 vim-gui-common - 2:8.0.1453-1ubuntu1.4 vim - 2:8.0.1453-1ubuntu1.4 vim-doc - 2:8.0.1453-1ubuntu1.4 vim-tiny - 2:8.0.1453-1ubuntu1.4 vim-runtime - 2:8.0.1453-1ubuntu1.4 vim-gtk3 - 2:8.0.1453-1ubuntu1.4 vim-nox - 2:8.0.1453-1ubuntu1.4 No subscription required Low CVE-2017-17087 CVE-2019-20807 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070) Update Instructions: Run `sudo pro fix USN-4583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.7 php7.2-enchant - 7.2.24-0ubuntu0.18.04.7 php7.2-ldap - 7.2.24-0ubuntu0.18.04.7 php7.2-fpm - 7.2.24-0ubuntu0.18.04.7 php7.2-recode - 7.2.24-0ubuntu0.18.04.7 php7.2-cli - 7.2.24-0ubuntu0.18.04.7 php7.2-json - 7.2.24-0ubuntu0.18.04.7 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.7 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.7 php7.2 - 7.2.24-0ubuntu0.18.04.7 php7.2-pspell - 7.2.24-0ubuntu0.18.04.7 php7.2-dev - 7.2.24-0ubuntu0.18.04.7 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.7 php7.2-gmp - 7.2.24-0ubuntu0.18.04.7 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.7 php7.2-opcache - 7.2.24-0ubuntu0.18.04.7 php7.2-gd - 7.2.24-0ubuntu0.18.04.7 php7.2-soap - 7.2.24-0ubuntu0.18.04.7 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.7 php7.2-intl - 7.2.24-0ubuntu0.18.04.7 php7.2-odbc - 7.2.24-0ubuntu0.18.04.7 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.7 php7.2-tidy - 7.2.24-0ubuntu0.18.04.7 php7.2-imap - 7.2.24-0ubuntu0.18.04.7 php7.2-readline - 7.2.24-0ubuntu0.18.04.7 php7.2-mysql - 7.2.24-0ubuntu0.18.04.7 php7.2-dba - 7.2.24-0ubuntu0.18.04.7 php7.2-xml - 7.2.24-0ubuntu0.18.04.7 php7.2-interbase - 7.2.24-0ubuntu0.18.04.7 php7.2-xsl - 7.2.24-0ubuntu0.18.04.7 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.7 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.7 php7.2-sybase - 7.2.24-0ubuntu0.18.04.7 php7.2-curl - 7.2.24-0ubuntu0.18.04.7 php7.2-common - 7.2.24-0ubuntu0.18.04.7 php7.2-cgi - 7.2.24-0ubuntu0.18.04.7 php7.2-snmp - 7.2.24-0ubuntu0.18.04.7 php7.2-zip - 7.2.24-0ubuntu0.18.04.7 No subscription required Medium CVE-2020-7069 CVE-2020-7070 Ubuntu 18.04 LTS It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-imagick - 3.4.3~rc2-2ubuntu4.1 No subscription required Medium CVE-2019-11037 Ubuntu 18.04 LTS USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Original advisory details: It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials. Update Instructions: Run `sudo pro fix USN-4589-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 19.03.6-0ubuntu1~18.04.2 docker.io - 19.03.6-0ubuntu1~18.04.2 golang-docker-dev - 19.03.6-0ubuntu1~18.04.2 vim-syntax-docker - 19.03.6-0ubuntu1~18.04.2 docker-doc - 19.03.6-0ubuntu1~18.04.2 No subscription required Medium CVE-2020-15157 Ubuntu 18.04 LTS Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) Update Instructions: Run `sudo pro fix USN-4591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1090-snapdragon - 4.15.0-1090.99 No subscription required linux-image-4.15.0-1100-oem - 4.15.0-1100.110 No subscription required linux-image-4.15.0-122-generic - 4.15.0-122.124 linux-image-4.15.0-122-lowlatency - 4.15.0-122.124 linux-image-4.15.0-122-generic-lpae - 4.15.0-122.124 No subscription required linux-image-snapdragon - 4.15.0.1090.93 No subscription required linux-image-oem - 4.15.0.1100.104 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.122.109 linux-image-lowlatency-hwe-16.04 - 4.15.0.122.109 linux-image-generic-lpae-hwe-16.04 - 4.15.0.122.109 linux-image-virtual - 4.15.0.122.109 linux-image-virtual-hwe-16.04 - 4.15.0.122.109 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.122.109 linux-image-generic - 4.15.0.122.109 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.122.109 linux-image-generic-lpae - 4.15.0.122.109 linux-image-generic-hwe-16.04 - 4.15.0.122.109 linux-image-lowlatency - 4.15.0.122.109 linux-image-generic-hwe-16.04-edge - 4.15.0.122.109 No subscription required linux-image-5.4.0-1022-raspi - 5.4.0-1022.25~18.04.1 No subscription required linux-image-5.4.0-52-lowlatency - 5.4.0-52.57~18.04.1 linux-image-5.4.0-52-generic-lpae - 5.4.0-52.57~18.04.1 linux-image-5.4.0-52-generic - 5.4.0-52.57~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1022.26 linux-image-raspi-hwe-18.04 - 5.4.0.1022.26 No subscription required linux-image-generic-hwe-18.04 - 5.4.0.52.57~18.04.46 linux-image-snapdragon-hwe-18.04 - 5.4.0.52.57~18.04.46 linux-image-generic-lpae-hwe-18.04 - 5.4.0.52.57~18.04.46 linux-image-lowlatency-hwe-18.04 - 5.4.0.52.57~18.04.46 linux-image-virtual-hwe-18.04 - 5.4.0.52.57~18.04.46 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.52.57~18.04.46 linux-image-generic-hwe-18.04-edge - 5.4.0.52.57~18.04.46 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.52.57~18.04.46 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.52.57~18.04.46 linux-image-virtual-hwe-18.04-edge - 5.4.0.52.57~18.04.46 No subscription required High CVE-2020-12351 CVE-2020-12352 Ubuntu 18.04 LTS Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490) Update Instructions: Run `sudo pro fix USN-4592-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1070-oem-osp1 - 5.0.0-1070.76 No subscription required linux-image-oem-osp1 - 5.0.0.1070.68 No subscription required linux-image-5.3.0-1036-raspi2 - 5.3.0-1036.38 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1036.25 No subscription required High CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 Ubuntu 18.04 LTS Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4593-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.8.1-2ubuntu2.1 libfreetype6-udeb - 2.8.1-2ubuntu2.1 freetype2-demos - 2.8.1-2ubuntu2.1 libfreetype6 - 2.8.1-2ubuntu2.1 No subscription required High CVE-2020-15999 Ubuntu 18.04 LTS It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000178) It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000179) Update Instructions: Run `sudo pro fix USN-4594-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quassel-client - 1:0.12.4-3ubuntu1.18.04.3 quassel-core - 1:0.12.4-3ubuntu1.18.04.3 quassel - 1:0.12.4-3ubuntu1.18.04.3 quassel-data - 1:0.12.4-3ubuntu1.18.04.3 No subscription required Medium CVE-2018-1000178 CVE-2018-1000179 Ubuntu 18.04 LTS It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. (CVE-2020-7729) Update Instructions: Run `sudo pro fix USN-4595-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grunt - 1.0.1-8ubuntu0.1 No subscription required Medium CVE-2020-7729 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 82.0+build2-0ubuntu0.18.04.1 firefox - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 82.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 82.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 82.0+build2-0ubuntu0.18.04.1 firefox-dev - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 82.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 82.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Ubuntu 18.04 LTS USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4599-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 82.0.2+build1-0ubuntu0.18.04.1 firefox - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 82.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 82.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 82.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 82.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 82.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1903197 https://usn.ubuntu.com/4599-2 Ubuntu 18.04 LTS USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash (denial of service). (CVE-2020-11612) Original advisory details: It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238) Update Instructions: Run `sudo pro fix USN-4600-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-java - 1:4.1.7-4ubuntu0.1 No subscription required Medium CVE-2019-20444 CVE-2019-20445 CVE-2020-11612 Ubuntu 18.04 LTS It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916) Update Instructions: Run `sudo pro fix USN-4601-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 9.0.1-2.3~ubuntu1.18.04.4 python-pip-whl - 9.0.1-2.3~ubuntu1.18.04.4 python3-pip - 9.0.1-2.3~ubuntu1.18.04.4 No subscription required Medium CVE-2019-20916 Ubuntu 18.04 LTS ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update Instructions: Run `sudo pro fix USN-4602-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.26.1-6ubuntu0.5 perl-modules-5.26 - 5.26.1-6ubuntu0.5 perl-doc - 5.26.1-6ubuntu0.5 perl - 5.26.1-6ubuntu0.5 perl-base - 5.26.1-6ubuntu0.5 libperl5.26 - 5.26.1-6ubuntu0.5 perl-debug - 5.26.1-6ubuntu0.5 No subscription required Low CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Ubuntu 18.04 LTS It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. (CVE-2020-13249) It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash (denial of service). (CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run `sudo pro fix USN-4603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.47-0ubuntu0.18.04.1 mariadb-server - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.47-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.47-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.47-0ubuntu0.18.04.1 mariadb-client - 1:10.1.47-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.47-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.47-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.47-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.47-0ubuntu0.18.04.1 mariadb-test - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.47-0ubuntu0.18.04.1 mariadb-common - 1:10.1.47-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.47-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.47-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-13249 CVE-2020-15180 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-32.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-22.html https://www.oracle.com/security-alerts/cpuoct2020.html Update Instructions: Run `sudo pro fix USN-4604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.32-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.32-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.32-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.32-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.32-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.32-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.32-0ubuntu0.18.04.1 mysql-server - 5.7.32-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.32-0ubuntu0.18.04.1 mysql-testsuite - 5.7.32-0ubuntu0.18.04.1 libmysqld-dev - 5.7.32-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.32-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-14672 CVE-2020-14760 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771 CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777 CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790 CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812 CVE-2020-14814 CVE-2020-14821 CVE-2020-14827 CVE-2020-14828 CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837 CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845 CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14853 CVE-2020-14860 CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868 CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14878 CVE-2020-14888 CVE-2020-14891 CVE-2020-14893 Ubuntu 18.04 LTS Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. (CVE-2020-15238) Update Instructions: Run `sudo pro fix USN-4605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: blueman - 2.0.5-1ubuntu1.1 No subscription required Medium CVE-2020-15238 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781) It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782) Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14792) Markus Loewe discovered that OpenJDK incorrectly checked permissions when converting a file system path to an URI. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796) Markus Loewe discovered that OpenJDK incorrectly checked for invalid characters when converting an URI to a path. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14797) Markus Loewe discovered that OpenJDK incorrectly checked the length of input strings. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14798) It was discovered that OpenJDK incorrectly handled boundary checks. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14803) Update Instructions: Run `sudo pro fix USN-4607-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre-zero - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-doc - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre-headless - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jdk - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jdk-headless - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-jre - 11.0.9+11-0ubuntu1~18.04.1 openjdk-11-demo - 11.0.9+11-0ubuntu1~18.04.1 No subscription required openjdk-8-source - 8u272-b10-0ubuntu1~18.04 openjdk-8-doc - 8u272-b10-0ubuntu1~18.04 openjdk-8-jdk - 8u272-b10-0ubuntu1~18.04 openjdk-8-jre-headless - 8u272-b10-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u272-b10-0ubuntu1~18.04 openjdk-8-jre - 8u272-b10-0ubuntu1~18.04 openjdk-8-jre-zero - 8u272-b10-0ubuntu1~18.04 openjdk-8-demo - 8u272-b10-0ubuntu1~18.04 No subscription required Medium CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Ubuntu 18.04 LTS USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. (CVE-2020-14781) It was discovered that OpenJDK incorrectly handled untrusted certificates. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14782) Zhiqiang Zang discovered that OpenJDK incorrectly checked for integer overflows. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14792) Markus Loewe discovered that OpenJDK incorrectly checked permissions when converting a file system path to an URI. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14796) Markus Loewe discovered that OpenJDK incorrectly checked for invalid characters when converting an URI to a path. An attacker could possibly use this issue to read or write sensitive information. (CVE-2020-14797) Markus Loewe discovered that OpenJDK incorrectly checked the length of input strings. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14798) It was discovered that OpenJDK incorrectly handled boundary checks. An attacker could possibly use this issue to bypass certain Java sandbox restrictions. (CVE-2020-14803) Update Instructions: Run `sudo pro fix USN-4607-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-doc - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-jdk - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-jre - 11.0.9.1+1-0ubuntu1~18.04 openjdk-11-demo - 11.0.9.1+1-0ubuntu1~18.04 No subscription required openjdk-8-source - 8u275-b01-0ubuntu1~18.04 openjdk-8-doc - 8u275-b01-0ubuntu1~18.04 openjdk-8-jdk - 8u275-b01-0ubuntu1~18.04 openjdk-8-jre-headless - 8u275-b01-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u275-b01-0ubuntu1~18.04 openjdk-8-jre - 8u275-b01-0ubuntu1~18.04 openjdk-8-jre-zero - 8u275-b01-0ubuntu1~18.04 openjdk-8-demo - 8u275-b01-0ubuntu1~18.04 No subscription required Medium CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Ubuntu 18.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-4608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20201027ubuntu0.18.04.1 ca-certificates - 20201027ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1900727 Ubuntu 18.04 LTS Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. (CVE-2020-14318) Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. (CVE-2020-14323) Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. (CVE-2020-14383) Update Instructions: Run `sudo pro fix USN-4611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 No subscription required Medium CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Ubuntu 18.04 LTS Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-cryptography - 2.1.4-1ubuntu1.4 python-cryptography - 2.1.4-1ubuntu1.4 python-cryptography-doc - 2.1.4-1ubuntu1.4 No subscription required Medium CVE-2020-25659 Ubuntu 18.04 LTS Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user. Update Instructions: Run `sudo pro fix USN-4614-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-gdm-1.0 - 3.28.3-0ubuntu18.04.6 libgdm-dev - 3.28.3-0ubuntu18.04.6 gdm3 - 3.28.3-0ubuntu18.04.6 libgdm1 - 3.28.3-0ubuntu18.04.6 No subscription required Medium CVE-2020-16125 Ubuntu 18.04 LTS Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Update Instructions: Run `sudo pro fix USN-4616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: accountsservice - 0.6.45-1ubuntu1.3 gir1.2-accountsservice-1.0 - 0.6.45-1ubuntu1.3 libaccountsservice-doc - 0.6.45-1ubuntu1.3 libaccountsservice-dev - 0.6.45-1ubuntu1.3 libaccountsservice0 - 0.6.45-1ubuntu1.3 No subscription required Medium CVE-2018-14036 CVE-2020-16126 CVE-2020-16127 Ubuntu 18.04 LTS Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. (CVE-2020-25650) Matthias Gerstner discovered that SPICE vdagent incorrectly handled the active_xfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service, or obtain sensitive file contents. (CVE-2020-25651) Matthias Gerstner discovered that SPICE vdagent incorrectly handled a large number of client connections. A local attacker could possibly use this issue to cause SPICE vdagent to consume resources, resulting in a denial of service. (CVE-2020-25652) Matthias Gerstner discovered that SPICE vdagent incorrectly handled client connections. A local attacker could possibly use this issue to obtain sensitive information, paste clipboard contents, and transfer files into the active session. (CVE-2020-25653) Update Instructions: Run `sudo pro fix USN-4617-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spice-vdagent - 0.17.0-1ubuntu2.2 No subscription required Low CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 Ubuntu 18.04 LTS It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code. Update Instructions: Run `sudo pro fix USN-4620-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpldapadmin - 1.2.2-6ubuntu1.1 No subscription required Low CVE-2017-11107 Ubuntu 18.04 LTS It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Update Instructions: Run `sudo pro fix USN-4621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qmail - 1.06-6.2~deb10u1build0.18.04.1 qmail-uids-gids - 1.06-6.2~deb10u1build0.18.04.1 No subscription required Medium CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.7 libldap-common - 2.4.45+dfsg-1ubuntu1.7 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.7 ldap-utils - 2.4.45+dfsg-1ubuntu1.7 libldap2-dev - 2.4.45+dfsg-1ubuntu1.7 slapd - 2.4.45+dfsg-1ubuntu1.7 No subscription required Medium CVE-2020-25692 Ubuntu 18.04 LTS Ken Gaillot discovered that Pacemaker incorrectly handled IPC communications permissions. A local attacker could possibly use this issue to bypass ACL restrictions and execute arbitrary code as root. Update Instructions: Run `sudo pro fix USN-4623-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pacemaker-remote - 1.1.18-0ubuntu1.3 libcrmcommon-dev - 1.1.18-0ubuntu1.3 pacemaker-resource-agents - 1.1.18-0ubuntu1.3 pacemaker-cli-utils - 1.1.18-0ubuntu1.3 pacemaker-common - 1.1.18-0ubuntu1.3 liblrmd1 - 1.1.18-0ubuntu1.3 libcrmcluster-dev - 1.1.18-0ubuntu1.3 libstonithd-dev - 1.1.18-0ubuntu1.3 libpe-status10 - 1.1.18-0ubuntu1.3 libtransitioner2 - 1.1.18-0ubuntu1.3 libstonithd2 - 1.1.18-0ubuntu1.3 libcrmservice3 - 1.1.18-0ubuntu1.3 libcrmcommon3 - 1.1.18-0ubuntu1.3 libcib-dev - 1.1.18-0ubuntu1.3 pacemaker - 1.1.18-0ubuntu1.3 libcrmservice-dev - 1.1.18-0ubuntu1.3 libpe-rules2 - 1.1.18-0ubuntu1.3 liblrmd-dev - 1.1.18-0ubuntu1.3 libpengine10 - 1.1.18-0ubuntu1.3 libpengine-dev - 1.1.18-0ubuntu1.3 pacemaker-doc - 1.1.18-0ubuntu1.3 libcrmcluster4 - 1.1.18-0ubuntu1.3 libcib4 - 1.1.18-0ubuntu1.3 No subscription required Medium CVE-2020-25654 Ubuntu 18.04 LTS It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4624-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexif-doc - 0.6.21-4ubuntu0.6 libexif-dev - 0.6.21-4ubuntu0.6 libexif12 - 0.6.21-4ubuntu0.6 No subscription required Medium CVE-2020-0452 Ubuntu 18.04 LTS A use-after-free was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nn - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ne - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nb - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fa - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fi - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fr - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-fy - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-or - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kab - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-oc - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cs - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ga - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gd - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gn - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gl - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-gu - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pa - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pl - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cy - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-pt - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hi - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uk - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-he - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hy - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hr - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hu - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-as - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ar - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ia - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-az - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-id - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mai - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-af - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-is - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-it - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-an - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bs - 82.0.3+build1-0ubuntu0.18.04.1 firefox - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ro - 82.0.3+build1-0ubuntu0.18.04.1 firefox-geckodriver - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ja - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ru - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-br - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bn - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-be - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-bg - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sl - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sk - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-si - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sw - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sv - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sr - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-sq - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ko - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kn - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-km - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-kk - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ka - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-xh - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ca - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ku - 82.0.3+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lv - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lt - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-th - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 82.0.3+build1-0ubuntu0.18.04.1 firefox-dev - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-te - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-cak - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ta - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-lg - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-tr - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-nso - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-de - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-da - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ms - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mr - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-my - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-uz - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ml - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mn - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-mk - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ur - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-vi - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eu - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-et - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-es - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-csb - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-el - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-eo - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-en - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-zu - 82.0.3+build1-0ubuntu0.18.04.1 firefox-locale-ast - 82.0.3+build1-0ubuntu0.18.04.1 No subscription required High CVE-2020-26950 Ubuntu 18.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1058-oracle - 4.15.0-1058.64 No subscription required linux-image-4.15.0-1073-gke - 4.15.0-1073.78 No subscription required linux-image-4.15.0-1087-gcp - 4.15.0-1087.100 No subscription required linux-image-4.15.0-1101-oem - 4.15.0-1101.112 No subscription required linux-image-4.15.0-123-generic - 4.15.0-123.126 linux-image-4.15.0-123-lowlatency - 4.15.0-123.126 linux-image-4.15.0-123-generic-lpae - 4.15.0-123.126 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1058.68 No subscription required linux-image-gke-4.15 - 4.15.0.1073.77 linux-image-gke - 4.15.0.1073.77 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1087.105 No subscription required linux-image-oem - 4.15.0.1101.105 No subscription required linux-image-generic-hwe-16.04-edge - 4.15.0.123.110 linux-image-generic-lpae-hwe-16.04 - 4.15.0.123.110 linux-image-virtual - 4.15.0.123.110 linux-image-virtual-hwe-16.04-edge - 4.15.0.123.110 linux-image-virtual-hwe-16.04 - 4.15.0.123.110 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.123.110 linux-image-generic - 4.15.0.123.110 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.123.110 linux-image-generic-lpae - 4.15.0.123.110 linux-image-lowlatency-hwe-16.04 - 4.15.0.123.110 linux-image-lowlatency - 4.15.0.123.110 linux-image-generic-hwe-16.04 - 4.15.0.123.110 No subscription required linux-image-5.0.0-1071-oem-osp1 - 5.0.0-1071.77 No subscription required linux-image-oem-osp1 - 5.0.0.1071.69 No subscription required linux-image-5.3.0-1039-gke - 5.3.0-1039.42 No subscription required linux-image-5.3.0-69-lowlatency - 5.3.0-69.65 linux-image-5.3.0-69-generic - 5.3.0-69.65 No subscription required linux-image-gke-5.3 - 5.3.0.1039.22 No subscription required linux-image-gkeop-5.3 - 5.3.0.69.126 No subscription required linux-image-5.4.0-1029-oracle - 5.4.0-1029.31~18.04.1 linux-image-5.4.0-1029-gcp - 5.4.0-1029.31~18.04.1 No subscription required linux-image-5.4.0-53-lowlatency - 5.4.0-53.59~18.04.1 linux-image-5.4.0-53-generic - 5.4.0-53.59~18.04.1 linux-image-5.4.0-53-generic-lpae - 5.4.0-53.59~18.04.1 No subscription required linux-image-oracle - 5.4.0.1029.13 linux-image-oracle-edge - 5.4.0.1029.13 No subscription required linux-image-gcp-edge - 5.4.0.1029.17 linux-image-gcp - 5.4.0.1029.17 No subscription required linux-image-generic-hwe-18.04 - 5.4.0.53.59~18.04.47 linux-image-snapdragon-hwe-18.04 - 5.4.0.53.59~18.04.47 linux-image-generic-lpae-hwe-18.04 - 5.4.0.53.59~18.04.47 linux-image-lowlatency-hwe-18.04 - 5.4.0.53.59~18.04.47 linux-image-virtual-hwe-18.04 - 5.4.0.53.59~18.04.47 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.53.59~18.04.47 linux-image-generic-hwe-18.04-edge - 5.4.0.53.59~18.04.47 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.53.59~18.04.47 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.53.59~18.04.47 linux-image-virtual-hwe-18.04-edge - 5.4.0.53.59~18.04.47 No subscription required Medium CVE-2020-8694 Ubuntu 18.04 LTS Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.18.04.1 No subscription required Medium CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Ubuntu 18.04 LTS USN-4628-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family. Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery. We apologize for the inconvenience. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20201110.0ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1903883 Ubuntu 18.04 LTS USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696) Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698) Update Instructions: Run `sudo pro fix USN-4628-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20210216.0ubuntu0.18.04.1 No subscription required Medium CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 Ubuntu 18.04 LTS Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-25074) Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-15275) Update Instructions: Run `sudo pro fix USN-4629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-moinmoin - 1.9.9-1ubuntu1.2 No subscription required High CVE-2020-15275 CVE-2020-25074 Ubuntu 18.04 LTS Hanno Böck discovered that Raptor incorrectly handled certain memory operations. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4630-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraptor2-doc - 2.0.14-1ubuntu0.18.04.1 raptor2-utils - 2.0.14-1ubuntu0.18.04.1 libraptor2-dev - 2.0.14-1ubuntu0.18.04.1 libraptor2-0 - 2.0.14-1ubuntu0.18.04.1 No subscription required Medium CVE-2017-18926 Ubuntu 18.04 LTS It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-7039) It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code. (CVE-2020-8608) Update Instructions: Run `sudo pro fix USN-4632-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: slirp - 1:1.0.17-8ubuntu18.04.1 No subscription required Medium CVE-2020-7039 CVE-2020-8608 Ubuntu 18.04 LTS Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. (CVE-2020-25694) Etienne Stalmans discovered that PostgreSQL incorrectly handled the security restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. (CVE-2020-25695) Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset meta-command. A remote attacker with a compromised server could possibly use this issue to execute arbitrary code. (CVE-2020-25696) Update Instructions: Run `sudo pro fix USN-4633-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.15-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.15-0ubuntu0.18.04.1 libecpg6 - 10.15-0ubuntu0.18.04.1 libpq-dev - 10.15-0ubuntu0.18.04.1 libpgtypes3 - 10.15-0ubuntu0.18.04.1 postgresql-10 - 10.15-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.15-0ubuntu0.18.04.1 libecpg-dev - 10.15-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.15-0ubuntu0.18.04.1 libpq5 - 10.15-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.15-0ubuntu0.18.04.1 postgresql-doc-10 - 10.15-0ubuntu0.18.04.1 postgresql-client-10 - 10.15-0ubuntu0.18.04.1 libecpg-compat3 - 10.15-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4634-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.8 libldap-common - 2.4.45+dfsg-1ubuntu1.8 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.8 ldap-utils - 2.4.45+dfsg-1ubuntu1.8 libldap2-dev - 2.4.45+dfsg-1ubuntu1.8 slapd - 2.4.45+dfsg-1ubuntu1.8 No subscription required Medium CVE-2020-25709 CVE-2020-25710 Ubuntu 18.04 LTS Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4635-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libk5crypto3 - 1.16-2ubuntu0.2 krb5-kpropd - 1.16-2ubuntu0.2 libkdb5-9 - 1.16-2ubuntu0.2 krb5-user - 1.16-2ubuntu0.2 libgssrpc4 - 1.16-2ubuntu0.2 libkrb5support0 - 1.16-2ubuntu0.2 krb5-doc - 1.16-2ubuntu0.2 libkrb5-dev - 1.16-2ubuntu0.2 krb5-pkinit - 1.16-2ubuntu0.2 libkrb5-3 - 1.16-2ubuntu0.2 krb5-kdc-ldap - 1.16-2ubuntu0.2 krb5-otp - 1.16-2ubuntu0.2 krb5-gss-samples - 1.16-2ubuntu0.2 libkrad-dev - 1.16-2ubuntu0.2 krb5-locales - 1.16-2ubuntu0.2 libgssapi-krb5-2 - 1.16-2ubuntu0.2 krb5-kdc - 1.16-2ubuntu0.2 krb5-multidev - 1.16-2ubuntu0.2 krb5-k5tls - 1.16-2ubuntu0.2 libkrad0 - 1.16-2ubuntu0.2 libkadm5srv-mit11 - 1.16-2ubuntu0.2 libkadm5clnt-mit11 - 1.16-2ubuntu0.2 krb5-admin-server - 1.16-2ubuntu0.2 No subscription required Medium CVE-2020-28196 Ubuntu 18.04 LTS It was discovered that LibVNCServer incorrectly handled certain internals. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Vino package ships with a LibVNCServer source and all listed releases were affected for this package. Update Instructions: Run `sudo pro fix USN-4636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvncserver-config - 0.9.11+dfsg-1ubuntu1.4 libvncserver-dev - 0.9.11+dfsg-1ubuntu1.4 libvncserver1 - 0.9.11+dfsg-1ubuntu1.4 libvncclient1 - 0.9.11+dfsg-1ubuntu1.4 No subscription required vino - 3.22.0-3ubuntu1.2 No subscription required Medium CVE-2020-25708 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting (XSS) attacks, bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4637-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-nn - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ne - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-nb - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-fa - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-fi - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-fr - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-fy - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-or - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-kab - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-oc - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-cs - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ga - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-gd - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-gn - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-gl - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-gu - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-pa - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-pl - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-cy - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-pt - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-hi - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-uk - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-he - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-hy - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-hr - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-hu - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-as - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ar - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ia - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-az - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-id - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-mai - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-af - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-is - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-it - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-an - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-bs - 83.0+build2-0ubuntu0.18.04.2 firefox - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ro - 83.0+build2-0ubuntu0.18.04.2 firefox-geckodriver - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ja - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ru - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-br - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hant - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hans - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-bn - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-be - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-bg - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sl - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sk - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-si - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sw - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sv - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sr - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-sq - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ko - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-kn - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-km - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-kk - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ka - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-xh - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ca - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ku - 83.0+build2-0ubuntu0.18.04.2 firefox-mozsymbols - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-lv - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-lt - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-th - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-hsb - 83.0+build2-0ubuntu0.18.04.2 firefox-dev - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-te - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-cak - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ta - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-lg - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-tr - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-nso - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-de - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-da - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ms - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-mr - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-my - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-uz - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ml - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-mn - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-mk - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ur - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-vi - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-eu - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-et - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-es - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-csb - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-el - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-eo - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-en - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-zu - 83.0+build2-0ubuntu0.18.04.2 firefox-locale-ast - 83.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2020-16012 CVE-2020-26951 CVE-2020-26952 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26962 CVE-2020-26963 CVE-2020-26965 CVE-2020-26967 CVE-2020-26968 CVE-2020-26969 Ubuntu 18.04 LTS It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. (CVE-2018-19970) It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. (CVE-2018-7260) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. (CVE-2019-11768) It was discovered that phpmyadmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. (CVE-2019-12616) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. (CVE-2019-6798, CVE-2020-10804, CVE-2020-5504) It was discovered that phpMyAdmin would allow sensitive files to be leaked if certain configuration options were set. An attacker could use this vulnerability to access confidential information. (CVE-2019-6799) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database or table name. (CVE-2020-10802) It was discovered that phpMyAdmin did not properly handle data from the database when displaying it. If an attacker were to insert specially- crafted data into certain database tables, the attacker could execute a cross-site scripting (XSS) attack. (CVE-2020-10803) It was discovered that phpMyAdmin was vulnerable to an XSS attack. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. (CVE-2020-26934) It was discovered that phpMyAdmin did not properly handler certain SQL statements in the search feature. An attacker could use this vulnerability to inject malicious SQL into a query. (CVE-2020-26935) It was discovered that phpMyAdmin did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection or a cross-site scripting (XSS) attack. (CVE-2019-19617) Update Instructions: Run `sudo pro fix USN-4639-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpmyadmin - 4:4.6.6-5ubuntu0.5 No subscription required Medium CVE-2018-19968 CVE-2018-19970 CVE-2018-7260 CVE-2019-11768 CVE-2019-12616 CVE-2019-6798 CVE-2019-6799 CVE-2019-19617 CVE-2020-10802 CVE-2020-10803 CVE-2020-10804 CVE-2020-26934 CVE-2020-26935 CVE-2020-5504 Ubuntu 18.04 LTS James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpulse0 - 1:11.1-1ubuntu7.11 pulseaudio-module-zeroconf - 1:11.1-1ubuntu7.11 pulseaudio-module-bluetooth - 1:11.1-1ubuntu7.11 libpulse-dev - 1:11.1-1ubuntu7.11 pulseaudio-utils - 1:11.1-1ubuntu7.11 pulseaudio-module-raop - 1:11.1-1ubuntu7.11 pulseaudio - 1:11.1-1ubuntu7.11 libpulsedsp - 1:11.1-1ubuntu7.11 pulseaudio-esound-compat - 1:11.1-1ubuntu7.11 pulseaudio-equalizer - 1:11.1-1ubuntu7.11 pulseaudio-module-gconf - 1:11.1-1ubuntu7.11 libpulse-mainloop-glib0 - 1:11.1-1ubuntu7.11 pulseaudio-module-lirc - 1:11.1-1ubuntu7.11 pulseaudio-module-jack - 1:11.1-1ubuntu7.11 No subscription required Medium CVE-2020-16123 Ubuntu 18.04 LTS It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service (crash). Update Instructions: Run `sudo pro fix USN-4644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libigraph0v5 - 0.7.1-2.1+deb9u1build0.18.04.1 libigraph0-dev - 0.7.1-2.1+deb9u1build0.18.04.1 No subscription required Medium CVE-2018-20349 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4645-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.4 No subscription required Medium CVE-2020-28896 Ubuntu 18.04 LTS It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-4646-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.11 libpoppler-cpp-dev - 0.62.0-2ubuntu2.11 libpoppler-glib-doc - 0.62.0-2ubuntu2.11 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.11 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.11 libpoppler-glib8 - 0.62.0-2ubuntu2.11 libpoppler-private-dev - 0.62.0-2ubuntu2.11 libpoppler-glib-dev - 0.62.0-2ubuntu2.11 libpoppler-dev - 0.62.0-2ubuntu2.11 libpoppler-qt5-dev - 0.62.0-2ubuntu2.11 libpoppler-qt5-1 - 0.62.0-2ubuntu2.11 poppler-utils - 0.62.0-2ubuntu2.11 No subscription required Medium CVE-2018-21009 CVE-2019-10871 CVE-2019-13283 CVE-2019-9959 CVE-2020-27778 Ubuntu 18.04 LTS USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Update Instructions: Run `sudo pro fix USN-4646-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.12 libpoppler-cpp-dev - 0.62.0-2ubuntu2.12 libpoppler-glib-doc - 0.62.0-2ubuntu2.12 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.12 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.12 libpoppler-glib8 - 0.62.0-2ubuntu2.12 libpoppler-private-dev - 0.62.0-2ubuntu2.12 libpoppler-glib-dev - 0.62.0-2ubuntu2.12 libpoppler-dev - 0.62.0-2ubuntu2.12 libpoppler-qt5-dev - 0.62.0-2ubuntu2.12 libpoppler-qt5-1 - 0.62.0-2ubuntu2.12 poppler-utils - 0.62.0-2ubuntu2.12 No subscription required None https://launchpad.net/bugs/1905741 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.30.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.30.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.30.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.30.3-0ubuntu0.18.04.1 webkit2gtk-driver - 2.30.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.30.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.30.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.30.3-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.30.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.30.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-13753 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2020-9983 Ubuntu 18.04 LTS Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.2-1ubuntu2.4 No subscription required Low CVE-2020-27748 Ubuntu 18.04 LTS USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4649-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdg-utils - 1.1.2-1ubuntu2.5 No subscription required None https://launchpad.net/bugs/1909941 Ubuntu 18.04 LTS Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2020-17380) Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25084) Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25085) Gaoning Pan, Yongkang Jia, and Yi Ren discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25624) It was discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2020-25625) Cheolwoo Myung discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-25723) Gaoning Pan discovered that QEMU incorrectly handled ATI graphics device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-27616) Gaoning Pan discovered that QEMU incorrectly handled networking. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-27617) Update Instructions: Run `sudo pro fix USN-4650-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.34 qemu-user-static - 1:2.11+dfsg-1ubuntu7.34 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.34 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.34 qemu-kvm - 1:2.11+dfsg-1ubuntu7.34 qemu-user - 1:2.11+dfsg-1ubuntu7.34 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.34 qemu-system - 1:2.11+dfsg-1ubuntu7.34 qemu-utils - 1:2.11+dfsg-1ubuntu7.34 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.34 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.34 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.34 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.34 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.34 qemu - 1:2.11+dfsg-1ubuntu7.34 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.34 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.34 No subscription required Medium CVE-2020-17380 CVE-2020-25084 CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27616 CVE-2020-27617 Ubuntu 18.04 LTS It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges. Update Instructions: Run `sudo pro fix USN-4653-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.3.3-0ubuntu1~18.04.3 golang-github-docker-containerd-dev - 1.3.3-0ubuntu1~18.04.3 No subscription required Medium CVE-2020-15257 Ubuntu 18.04 LTS USN-4653-1 fixed a vulnerability in containerd. Unfortunately, those containerd packages introduced a regression in docker.io and the update was reverted. This update addresses the docker.io issue and reintroduces the fixes from USN-4653-1. We apologize for the inconvenience. Update Instructions: Run `sudo pro fix USN-4653-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.3.3-0ubuntu1~18.04.4 golang-github-docker-containerd-dev - 1.3.3-0ubuntu1~18.04.4 No subscription required Medium CVE-2020-15257 https://launchpad.net/bugs/1870514 Ubuntu 18.04 LTS It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2 No subscription required Medium CVE-2020-28948 CVE-2020-28949 Ubuntu 18.04 LTS It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-14806) It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause pishing attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2020-28724) Update Instructions: Run `sudo pro fix USN-4655-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.14.1+dfsg1-1ubuntu0.1 python-werkzeug - 0.14.1+dfsg1-1ubuntu0.1 python-werkzeug-doc - 0.14.1+dfsg1-1ubuntu0.1 No subscription required Medium CVE-2019-14806 CVE-2020-28724 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-4656-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.8 xmir - 2:1.19.6-1ubuntu4.8 xwayland - 2:1.19.6-1ubuntu4.8 xorg-server-source - 2:1.19.6-1ubuntu4.8 xdmx - 2:1.19.6-1ubuntu4.8 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.8 xserver-xorg-dev - 2:1.19.6-1ubuntu4.8 xvfb - 2:1.19.6-1ubuntu4.8 xnest - 2:1.19.6-1ubuntu4.8 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.8 xserver-common - 2:1.19.6-1ubuntu4.8 xserver-xephyr - 2:1.19.6-1ubuntu4.8 xserver-xorg-core-udeb - 2:1.19.6-1ubuntu4.8 xdmx-tools - 2:1.19.6-1ubuntu4.8 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.4 No subscription required Medium CVE-2020-14360 CVE-2020-25712 Ubuntu 18.04 LTS It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1023-raspi - 5.4.0-1023.26~18.04.1 No subscription required linux-image-5.4.0-1030-aws - 5.4.0-1030.31~18.04.1 No subscription required linux-image-5.4.0-1030-gcp - 5.4.0-1030.32~18.04.1 linux-image-5.4.0-1030-oracle - 5.4.0-1030.32~18.04.1 No subscription required linux-image-5.4.0-1032-azure - 5.4.0-1032.33~18.04.1 No subscription required linux-image-5.4.0-56-generic-lpae - 5.4.0-56.62~18.04.1 linux-image-5.4.0-56-lowlatency - 5.4.0-56.62~18.04.1 linux-image-5.4.0-56-generic - 5.4.0-56.62~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1023.27 linux-image-raspi-hwe-18.04 - 5.4.0.1023.27 No subscription required linux-image-oracle - 5.4.0.1030.14 linux-image-oracle-edge - 5.4.0.1030.14 No subscription required linux-image-aws-edge - 5.4.0.1030.15 linux-image-aws - 5.4.0.1030.15 No subscription required linux-image-gcp - 5.4.0.1030.18 linux-image-gcp-edge - 5.4.0.1030.18 No subscription required linux-image-azure - 5.4.0.1032.14 linux-image-azure-edge - 5.4.0.1032.14 No subscription required linux-image-oem-osp1 - 5.4.0.56.62~18.04.50 linux-image-generic-hwe-18.04 - 5.4.0.56.62~18.04.50 linux-image-snapdragon-hwe-18.04 - 5.4.0.56.62~18.04.50 linux-image-generic-lpae-hwe-18.04 - 5.4.0.56.62~18.04.50 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.56.62~18.04.50 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.56.62~18.04.50 linux-image-lowlatency-hwe-18.04 - 5.4.0.56.62~18.04.50 linux-image-virtual-hwe-18.04 - 5.4.0.56.62~18.04.50 linux-image-generic-hwe-18.04-edge - 5.4.0.56.62~18.04.50 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.56.62~18.04.50 linux-image-virtual-hwe-18.04-edge - 5.4.0.56.62~18.04.50 No subscription required Medium CVE-2020-0423 CVE-2020-10135 CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25705 CVE-2020-28915 CVE-2020-4788 Ubuntu 18.04 LTS USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4658-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1025-raspi - 5.4.0-1025.28~18.04.1 No subscription required linux-image-5.4.0-1032-aws - 5.4.0-1032.33~18.04.1 No subscription required linux-image-5.4.0-1032-gcp - 5.4.0-1032.34~18.04.1 No subscription required linux-image-5.4.0-1033-oracle - 5.4.0-1033.35 No subscription required linux-image-5.4.0-1034-azure - 5.4.0-1034.35~18.04.1 No subscription required linux-image-5.4.0-58-lowlatency - 5.4.0-58.64~18.04.1 linux-image-5.4.0-58-generic - 5.4.0-58.64~18.04.1 linux-image-5.4.0-58-generic-lpae - 5.4.0-58.64~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1025.29 linux-image-raspi-hwe-18.04 - 5.4.0.1025.29 No subscription required linux-image-aws-edge - 5.4.0.1032.17 linux-image-aws - 5.4.0.1032.17 No subscription required linux-image-gcp-edge - 5.4.0.1032.20 linux-image-gcp - 5.4.0.1032.20 No subscription required linux-image-oracle - 5.4.0.1033.16 linux-image-oracle-edge - 5.4.0.1033.16 No subscription required linux-image-azure - 5.4.0.1034.16 linux-image-azure-edge - 5.4.0.1034.16 No subscription required linux-image-oem-osp1 - 5.4.0.58.64~18.04.53 linux-image-generic-hwe-18.04 - 5.4.0.58.64~18.04.53 linux-image-generic-lpae-hwe-18.04 - 5.4.0.58.64~18.04.53 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.58.64~18.04.53 linux-image-lowlatency-hwe-18.04 - 5.4.0.58.64~18.04.53 linux-image-virtual-hwe-18.04 - 5.4.0.58.64~18.04.53 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.58.64~18.04.53 linux-image-oem - 5.4.0.58.64~18.04.53 linux-image-generic-hwe-18.04-edge - 5.4.0.58.64~18.04.53 linux-image-snapdragon-hwe-18.04 - 5.4.0.58.64~18.04.53 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.58.64~18.04.53 linux-image-virtual-hwe-18.04-edge - 5.4.0.58.64~18.04.53 No subscription required None https://launchpad.net/bugs/1907262 Ubuntu 18.04 LTS It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1059-oracle - 4.15.0-1059.65 No subscription required linux-image-4.15.0-1074-raspi2 - 4.15.0-1074.79 linux-image-4.15.0-1074-gke - 4.15.0-1074.79 No subscription required linux-image-4.15.0-1079-kvm - 4.15.0-1079.81 No subscription required linux-image-4.15.0-1088-gcp - 4.15.0-1088.101 No subscription required linux-image-4.15.0-1088-aws - 4.15.0-1088.93 No subscription required linux-image-4.15.0-1091-snapdragon - 4.15.0-1091.100 No subscription required linux-image-4.15.0-1100-azure - 4.15.0-1100.111 No subscription required linux-image-4.15.0-1103-oem - 4.15.0-1103.114 No subscription required linux-image-4.15.0-126-generic-lpae - 4.15.0-126.129 linux-image-4.15.0-126-lowlatency - 4.15.0-126.129 linux-image-4.15.0-126-generic - 4.15.0-126.129 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1059.69 No subscription required linux-image-raspi2 - 4.15.0.1074.71 No subscription required linux-image-gke-4.15 - 4.15.0.1074.78 linux-image-gke - 4.15.0.1074.78 No subscription required linux-image-kvm - 4.15.0.1079.75 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1088.106 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1088.90 No subscription required linux-image-snapdragon - 4.15.0.1091.94 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1100.73 No subscription required linux-image-oem - 4.15.0.1103.107 No subscription required linux-image-virtual - 4.15.0.126.113 linux-image-virtual-hwe-16.04-edge - 4.15.0.126.113 linux-image-generic-hwe-16.04 - 4.15.0.126.113 linux-image-generic-hwe-16.04-edge - 4.15.0.126.113 linux-image-generic-lpae-hwe-16.04 - 4.15.0.126.113 linux-image-virtual-hwe-16.04 - 4.15.0.126.113 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.126.113 linux-image-generic - 4.15.0.126.113 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.126.113 linux-image-generic-lpae - 4.15.0.126.113 linux-image-lowlatency-hwe-16.04 - 4.15.0.126.113 linux-image-lowlatency - 4.15.0.126.113 No subscription required Medium CVE-2020-14351 CVE-2020-14390 CVE-2020-25211 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-28915 CVE-2020-4788 Ubuntu 18.04 LTS USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351) It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211) It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284) It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285) It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641) It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643) It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645) It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update Instructions: Run `sudo pro fix USN-4660-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1061-oracle - 4.15.0-1061.67 No subscription required linux-image-4.15.0-1076-gke - 4.15.0-1076.81 No subscription required linux-image-4.15.0-1081-kvm - 4.15.0-1081.83 No subscription required linux-image-4.15.0-1090-gcp - 4.15.0-1090.103 No subscription required linux-image-4.15.0-1090-aws - 4.15.0-1090.95 No subscription required linux-image-4.15.0-1093-snapdragon - 4.15.0-1093.102 No subscription required linux-image-4.15.0-1102-azure - 4.15.0-1102.113 No subscription required linux-image-4.15.0-128-generic-lpae - 4.15.0-128.131 linux-image-4.15.0-128-lowlatency - 4.15.0-128.131 linux-image-4.15.0-128-generic - 4.15.0-128.131 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1061.71 No subscription required linux-image-gke-4.15 - 4.15.0.1076.80 linux-image-gke - 4.15.0.1076.80 No subscription required linux-image-kvm - 4.15.0.1081.77 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1090.108 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1090.92 No subscription required linux-image-snapdragon - 4.15.0.1093.96 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1102.75 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.128.115 linux-image-generic-hwe-16.04 - 4.15.0.128.115 linux-image-generic-hwe-16.04-edge - 4.15.0.128.115 linux-image-generic-lpae-hwe-16.04 - 4.15.0.128.115 linux-image-virtual - 4.15.0.128.115 linux-image-virtual-hwe-16.04 - 4.15.0.128.115 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.128.115 linux-image-generic - 4.15.0.128.115 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.128.115 linux-image-generic-lpae - 4.15.0.128.115 linux-image-lowlatency-hwe-16.04 - 4.15.0.128.115 linux-image-lowlatency - 4.15.0.128.115 No subscription required None https://launchpad.net/bugs/1907262 Ubuntu 18.04 LTS It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library. Update Instructions: Run `sudo pro fix USN-4661-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snapcraft-parser - 2.43.1+18.04.1 snapcraft - 2.43.1+18.04.1 snapcraft-examples - 2.43.1+18.04.1 No subscription required Medium CVE-2020-27348 https://launchpad.net/bugs/1901572 Ubuntu 18.04 LTS David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.5 libssl1.0-dev - 1.0.2n-1ubuntu5.5 openssl1.0 - 1.0.2n-1ubuntu5.5 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.5 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.5 No subscription required libcrypto1.1-udeb - 1.1.1-1ubuntu2.1~18.04.7 libssl-dev - 1.1.1-1ubuntu2.1~18.04.7 openssl - 1.1.1-1ubuntu2.1~18.04.7 libssl-doc - 1.1.1-1ubuntu2.1~18.04.7 libssl1.1-udeb - 1.1.1-1ubuntu2.1~18.04.7 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.7 No subscription required High CVE-2020-1971 Ubuntu 18.04 LTS Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. (CVE-2020-16128) Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service. (CVE-2020-27349) Update Instructions: Run `sudo pro fix USN-4664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu19.5 aptdaemon-data - 1.1.1+bzr982-0ubuntu19.5 python3-aptdaemon.test - 1.1.1+bzr982-0ubuntu19.5 python-aptdaemon - 1.1.1+bzr982-0ubuntu19.5 aptdaemon - 1.1.1+bzr982-0ubuntu19.5 python-aptdaemon.gtk3widgets - 1.1.1+bzr982-0ubuntu19.5 python3-aptdaemon - 1.1.1+bzr982-0ubuntu19.5 No subscription required Medium CVE-2020-16128 CVE-2020-27349 Ubuntu 18.04 LTS Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) It was discovered that curl incorrectly handled OCSP response verification. A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286) Update Instructions: Run `sudo pro fix USN-4665-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.12 libcurl4-openssl-dev - 7.58.0-2ubuntu3.12 libcurl3-gnutls - 7.58.0-2ubuntu3.12 libcurl4-doc - 7.58.0-2ubuntu3.12 libcurl3-nss - 7.58.0-2ubuntu3.12 libcurl4-nss-dev - 7.58.0-2ubuntu3.12 libcurl4 - 7.58.0-2ubuntu3.12 curl - 7.58.0-2ubuntu3.12 No subscription required Medium CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Ubuntu 18.04 LTS It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 4.2.1-1ubuntu0.2 python-lxml - 4.2.1-1ubuntu0.2 python-lxml-doc - 4.2.1-1ubuntu0.2 No subscription required Medium CVE-2020-27783 Ubuntu 18.04 LTS USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4666-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 4.2.1-1ubuntu0.3 python-lxml - 4.2.1-1ubuntu0.3 python-lxml-doc - 4.2.1-1ubuntu0.3 No subscription required Medium CVE-2020-27783 Ubuntu 18.04 LTS Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4667-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apt-doc - 1.6.12ubuntu0.2 apt-transport-https - 1.6.12ubuntu0.2 libapt-pkg5.0 - 1.6.12ubuntu0.2 libapt-pkg-doc - 1.6.12ubuntu0.2 apt - 1.6.12ubuntu0.2 apt-utils - 1.6.12ubuntu0.2 libapt-inst2.0 - 1.6.12ubuntu0.2 libapt-pkg-dev - 1.6.12ubuntu0.2 No subscription required Medium CVE-2020-27350 Ubuntu 18.04 LTS Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4668-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.6.5ubuntu0.4 python-apt - 1.6.5ubuntu0.4 python-apt-common - 1.6.5ubuntu0.4 python-apt-dev - 1.6.5ubuntu0.4 python-apt-doc - 1.6.5ubuntu0.4 No subscription required Medium CVE-2020-27351 Ubuntu 18.04 LTS USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4668-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-apt - 1.6.5ubuntu0.5 python-apt - 1.6.5ubuntu0.5 python-apt-common - 1.6.5ubuntu0.5 python-apt-dev - 1.6.5ubuntu0.5 python-apt-doc - 1.6.5ubuntu0.5 No subscription required None https://launchpad.net/bugs/1907676 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10. (CVE-2019-19948, CVE-2019-19949) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-27560) Update Instructions: Run `sudo pro fix USN-4670-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.9 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.9 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.9 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.9 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.9 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.9 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.9 No subscription required Low CVE-2019-19948 CVE-2019-19949 CVE-2020-27560 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26793, CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-26979, CVE-2020-35113, CVE-2020-35114) It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-35111) Update Instructions: Run `sudo pro fix USN-4671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 84.0+build3-0ubuntu0.18.04.1 firefox - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 84.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 84.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 84.0+build3-0ubuntu0.18.04.1 firefox-dev - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 84.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 84.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-16042 CVE-2020-26971 CVE-2020-26972 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-26979 CVE-2020-35111 CVE-2020-35113 CVE-2020-35114 Ubuntu 18.04 LTS Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. (CVE-2018-1000035) Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2018-18384) It was discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause resource consumption, resulting in a denial of service. (CVE-2019-13232) Martin Carpenter discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2014-9913) Alexis Vanden Eijnde discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-9844) Update Instructions: Run `sudo pro fix USN-4672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-21ubuntu1.1 No subscription required Low CVE-2014-9913 CVE-2016-9844 CVE-2018-1000035 CVE-2018-18384 CVE-2019-13232 Ubuntu 18.04 LTS Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libproxy-cil-dev - 0.4.15-1ubuntu0.2 python-libproxy - 0.4.15-1ubuntu0.2 libproxy1v5 - 0.4.15-1ubuntu0.2 libproxy0.4-cil - 0.4.15-1ubuntu0.2 libproxy1-plugin-gsettings - 0.4.15-1ubuntu0.2 libproxy-dev - 0.4.15-1ubuntu0.2 python3-libproxy - 0.4.15-1ubuntu0.2 libproxy1-plugin-webkit - 0.4.15-1ubuntu0.2 libproxy1-plugin-kconfig - 0.4.15-1ubuntu0.2 libproxy1-plugin-networkmanager - 0.4.15-1ubuntu0.2 libproxy-tools - 0.4.15-1ubuntu0.2 No subscription required Medium CVE-2020-26154 Ubuntu 18.04 LTS It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-24386) Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. (CVE-2020-25275) Update Instructions: Run `sudo pro fix USN-4674-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.7 dovecot-mysql - 1:2.2.33.2-1ubuntu4.7 dovecot-sieve - 1:2.2.33.2-1ubuntu4.7 dovecot-core - 1:2.2.33.2-1ubuntu4.7 dovecot-ldap - 1:2.2.33.2-1ubuntu4.7 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.7 dovecot-dev - 1:2.2.33.2-1ubuntu4.7 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.7 dovecot-imapd - 1:2.2.33.2-1ubuntu4.7 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.7 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.7 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.7 dovecot-solr - 1:2.2.33.2-1ubuntu4.7 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.7 No subscription required Medium CVE-2020-24386 CVE-2020-25275 Ubuntu 18.04 LTS Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL. Update Instructions: Run `sudo pro fix USN-4675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openstack-dashboard - 3:13.0.3-0ubuntu2 python-django-horizon - 3:13.0.3-0ubuntu2 openstack-dashboard-ubuntu-theme - 3:13.0.3-0ubuntu2 python3-django-openstack-auth - 3:13.0.3-0ubuntu2 python-django-openstack-auth - 3:13.0.3-0ubuntu2 No subscription required Medium CVE-2020-29565 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.4 openexr - 2.2.0-11.1ubuntu1.4 libopenexr22 - 2.2.0-11.1ubuntu1.4 openexr-doc - 2.2.0-11.1ubuntu1.4 No subscription required Medium CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 Ubuntu 18.04 LTS David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libp11-kit0 - 0.23.9-2ubuntu0.1 libp11-kit-dev - 0.23.9-2ubuntu0.1 p11-kit-modules - 0.23.9-2ubuntu0.1 p11-kit - 0.23.9-2ubuntu0.1 No subscription required Medium CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 Ubuntu 18.04 LTS It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Update Instructions: Run `sudo pro fix USN-4679-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1026-raspi - 5.4.0-1026.29~18.04.1 No subscription required linux-image-5.4.0-1033-gcp - 5.4.0-1033.35~18.04.1 linux-image-5.4.0-1033-gke - 5.4.0-1033.35~18.04.1 No subscription required linux-image-5.4.0-1034-aws - 5.4.0-1034.35~18.04.1 No subscription required linux-image-5.4.0-1034-oracle - 5.4.0-1034.36~18.04.1 No subscription required linux-image-5.4.0-1035-azure - 5.4.0-1035.36~18.04.1 No subscription required linux-image-5.4.0-59-lowlatency - 5.4.0-59.65~18.04.1 linux-image-5.4.0-59-generic-lpae - 5.4.0-59.65~18.04.1 linux-image-5.4.0-59-generic - 5.4.0-59.65~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1026.30 linux-image-raspi-hwe-18.04 - 5.4.0.1026.30 No subscription required linux-image-gcp-edge - 5.4.0.1033.21 linux-image-gcp - 5.4.0.1033.21 No subscription required linux-image-gke-5.4 - 5.4.0.1033.35~18.04.2 No subscription required linux-image-aws-edge - 5.4.0.1034.19 linux-image-aws - 5.4.0.1034.19 No subscription required linux-image-oracle - 5.4.0.1034.36~18.04.18 linux-image-oracle-edge - 5.4.0.1034.36~18.04.18 No subscription required linux-image-azure - 5.4.0.1035.17 linux-image-azure-edge - 5.4.0.1035.17 No subscription required linux-image-oem-osp1 - 5.4.0.59.65~18.04.54 linux-image-generic-hwe-18.04 - 5.4.0.59.65~18.04.54 linux-image-snapdragon-hwe-18.04 - 5.4.0.59.65~18.04.54 linux-image-generic-lpae-hwe-18.04 - 5.4.0.59.65~18.04.54 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.59.65~18.04.54 linux-image-lowlatency-hwe-18.04 - 5.4.0.59.65~18.04.54 linux-image-virtual-hwe-18.04 - 5.4.0.59.65~18.04.54 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.59.65~18.04.54 linux-image-oem - 5.4.0.59.65~18.04.54 linux-image-generic-hwe-18.04-edge - 5.4.0.59.65~18.04.54 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.59.65~18.04.54 linux-image-virtual-hwe-18.04-edge - 5.4.0.59.65~18.04.54 No subscription required Medium CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-27675 CVE-2020-27777 CVE-2020-28974 Ubuntu 18.04 LTS It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2020-25705) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). (CVE-2020-27675) Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-28974) Update Instructions: Run `sudo pro fix USN-4680-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1062-oracle - 4.15.0-1062.68 No subscription required linux-image-4.15.0-1077-raspi2 - 4.15.0-1077.82 linux-image-4.15.0-1077-gke - 4.15.0-1077.82 No subscription required linux-image-4.15.0-1082-kvm - 4.15.0-1082.84 No subscription required linux-image-4.15.0-1091-gcp - 4.15.0-1091.104 No subscription required linux-image-4.15.0-1091-aws - 4.15.0-1091.96 No subscription required linux-image-4.15.0-1094-snapdragon - 4.15.0-1094.103 No subscription required linux-image-4.15.0-1103-azure - 4.15.0-1103.114 No subscription required linux-image-4.15.0-129-generic - 4.15.0-129.132 linux-image-4.15.0-129-lowlatency - 4.15.0-129.132 linux-image-4.15.0-129-generic-lpae - 4.15.0-129.132 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1062.72 No subscription required linux-image-raspi2 - 4.15.0.1077.74 No subscription required linux-image-gke-4.15 - 4.15.0.1077.81 linux-image-gke - 4.15.0.1077.81 No subscription required linux-image-kvm - 4.15.0.1082.78 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1091.109 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1091.93 No subscription required linux-image-snapdragon - 4.15.0.1094.97 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1103.76 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.129.116 linux-image-generic-hwe-16.04 - 4.15.0.129.116 linux-image-generic-hwe-16.04-edge - 4.15.0.129.116 linux-image-generic-lpae-hwe-16.04 - 4.15.0.129.116 linux-image-virtual - 4.15.0.129.116 linux-image-virtual-hwe-16.04 - 4.15.0.129.116 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.129.116 linux-image-generic - 4.15.0.129.116 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.129.116 linux-image-generic-lpae - 4.15.0.129.116 linux-image-lowlatency-hwe-16.04 - 4.15.0.129.116 linux-image-lowlatency - 4.15.0.129.116 No subscription required Medium CVE-2019-19770 CVE-2020-0423 CVE-2020-10135 CVE-2020-25656 CVE-2020-25668 CVE-2020-25705 CVE-2020-27675 CVE-2020-27777 CVE-2020-28974 Ubuntu 18.04 LTS It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-4682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwavpack1 - 5.1.0-2ubuntu1.5 libwavpack-dev - 5.1.0-2ubuntu1.5 wavpack - 5.1.0-2ubuntu1.5 No subscription required Medium CVE-2020-35738 Ubuntu 18.04 LTS Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14562) It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-14584) Update Instructions: Run `sudo pro fix USN-4684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-efi-arm - 0~20180205.c0d9813c-2ubuntu0.3 qemu-efi - 0~20180205.c0d9813c-2ubuntu0.3 qemu-efi-aarch64 - 0~20180205.c0d9813c-2ubuntu0.3 ovmf - 0~20180205.c0d9813c-2ubuntu0.3 No subscription required Low CVE-2019-14562 CVE-2019-14584 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.14 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.14 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.14 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.14 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.14 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.14 No subscription required Medium CVE-2018-5727 CVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-6851 CVE-2020-8112 Ubuntu 18.04 LTS A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4687-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 84.0.2+build1-0ubuntu0.18.04.1 firefox - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 84.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 84.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 84.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 84.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 84.0.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-16044 Ubuntu 18.04 LTS It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. (CVE-2021-1052) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1053) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1056) Update Instructions: Run `sudo pro fix USN-4689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-compute-utils-390 - 390.141-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.141-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.141-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.141-0ubuntu0.18.04.1 nvidia-utils-390 - 390.141-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.141-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.141-0ubuntu0.18.04.1 nvidia-driver-390 - 390.141-0ubuntu0.18.04.1 nvidia-384-dev - 390.141-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.141-0ubuntu0.18.04.1 libcuda1-384 - 390.141-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.141-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.141-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.141-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.141-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.141-0ubuntu0.18.04.1 nvidia-headless-390 - 390.141-0ubuntu0.18.04.1 libnvidia-common-390 - 390.141-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.141-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.141-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.141-0ubuntu0.18.04.1 nvidia-384 - 390.141-0ubuntu0.18.04.1 No subscription required libnvidia-encode-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-fbc1-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-compute-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-common-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-encode-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-common-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-cfg1-450 - 450.102.04-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-driver-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-cfg1-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-compute-utils-440 - 450.102.04-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-common-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-decode-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-driver-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-utils-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-compute-utils-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-common-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-decode-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-ifr1-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-fbc1-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-source-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-source-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-ifr1-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-440 - 450.102.04-0ubuntu0.18.04.1 nvidia-dkms-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-extra-440 - 450.102.04-0ubuntu0.18.04.1 libnvidia-gl-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-utils-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-dkms-450 - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-compute-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-extra-450 - 450.102.04-0ubuntu0.18.04.1 libnvidia-gl-440 - 450.102.04-0ubuntu0.18.04.1 No subscription required libnvidia-common-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-fbc1-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-headless-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-gl-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-common-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-cfg1-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-encode-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-compute-utils-460 - 460.32.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-kernel-common-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-cfg1-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-utils-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-compute-460 - 460.32.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-driver-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-kernel-source-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-dkms-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-extra-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-compute-utils-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-kernel-common-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-decode-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-driver-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-fbc1-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-kernel-source-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-ifr1-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-decode-460 - 460.32.03-0ubuntu0.18.04.1 libnvidia-encode-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-utils-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-gl-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-ifr1-460 - 460.32.03-0ubuntu0.18.04.1 nvidia-dkms-455 - 460.32.03-0ubuntu0.18.04.1 nvidia-headless-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-extra-455 - 460.32.03-0ubuntu0.18.04.1 libnvidia-compute-455 - 460.32.03-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-1052 CVE-2021-1053 CVE-2021-1056 Ubuntu 18.04 LTS USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. (CVE-2021-1052) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1053) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1056) Update Instructions: Run `sudo pro fix USN-4689-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1063-oracle - 4.15.0-1063.70 No subscription required linux-image-4.15.0-1092-aws - 4.15.0-1092.98 No subscription required linux-image-4.15.0-1104-azure - 4.15.0-1104.116 No subscription required linux-image-4.15.0-130-lowlatency - 4.15.0-130.134 linux-image-4.15.0-130-generic-lpae - 4.15.0-130.134 linux-image-4.15.0-130-generic - 4.15.0-130.134 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1063.73 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1092.94 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1104.77 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.130.117 linux-image-generic-hwe-16.04 - 4.15.0.130.117 linux-image-generic-hwe-16.04-edge - 4.15.0.130.117 linux-image-generic-lpae-hwe-16.04 - 4.15.0.130.117 linux-image-virtual - 4.15.0.130.117 linux-image-virtual-hwe-16.04 - 4.15.0.130.117 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.130.117 linux-image-generic - 4.15.0.130.117 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.130.117 linux-image-generic-lpae - 4.15.0.130.117 linux-image-lowlatency-hwe-16.04 - 4.15.0.130.117 linux-image-lowlatency - 4.15.0.130.117 No subscription required linux-image-5.4.0-1034-gcp - 5.4.0-1034.37~18.04.1 No subscription required linux-image-5.4.0-1035-aws - 5.4.0-1035.37~18.04.1 No subscription required linux-image-5.4.0-1035-oracle - 5.4.0-1035.38~18.04.1 No subscription required linux-image-5.4.0-1036-azure - 5.4.0-1036.38~18.04.1 No subscription required linux-image-5.4.0-60-lowlatency - 5.4.0-60.67~18.04.1 linux-image-5.4.0-60-generic-lpae - 5.4.0-60.67~18.04.1 linux-image-5.4.0-60-generic - 5.4.0-60.67~18.04.1 No subscription required linux-image-gcp-edge - 5.4.0.1034.22 linux-image-gcp - 5.4.0.1034.22 No subscription required linux-image-aws-edge - 5.4.0.1035.20 linux-image-aws - 5.4.0.1035.20 No subscription required linux-image-oracle - 5.4.0.1035.38~18.04.19 linux-image-oracle-edge - 5.4.0.1035.38~18.04.19 No subscription required linux-image-azure-edge - 5.4.0.1036.18 linux-image-azure - 5.4.0.1036.18 No subscription required linux-image-oem-osp1 - 5.4.0.60.67~18.04.55 linux-image-generic-hwe-18.04 - 5.4.0.60.67~18.04.55 linux-image-snapdragon-hwe-18.04 - 5.4.0.60.67~18.04.55 linux-image-generic-lpae-hwe-18.04 - 5.4.0.60.67~18.04.55 linux-image-lowlatency-hwe-18.04 - 5.4.0.60.67~18.04.55 linux-image-virtual-hwe-18.04 - 5.4.0.60.67~18.04.55 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.60.67~18.04.55 linux-image-oem - 5.4.0.60.67~18.04.55 linux-image-generic-hwe-18.04-edge - 5.4.0.60.67~18.04.55 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.60.67~18.04.55 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.60.67~18.04.55 linux-image-virtual-hwe-18.04-edge - 5.4.0.60.67~18.04.55 No subscription required Medium CVE-2021-1052 CVE-2021-1053 CVE-2021-1056 Ubuntu 18.04 LTS It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. (CVE-2021-1052) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1053) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1056) Update Instructions: Run `sudo pro fix USN-4689-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-headless-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-decode-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-ifr1-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-encode-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-compute-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-utils-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-gl-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-common-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-dkms-418-server - 418.181.07-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-fbc1-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-driver-418-server - 418.181.07-0ubuntu0.18.04.1 libnvidia-cfg1-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-compute-utils-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.18.04.1 nvidia-headless-no-dkms-418-server - 418.181.07-0ubuntu0.18.04.1 No subscription required nvidia-headless-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-cfg1-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-fbc1-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-compute-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-encode-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-ifr1-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-driver-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-decode-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-dkms-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-gl-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-compute-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-decode-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-encode-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-fbc1-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-extra-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-cfg1-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-common-450-server - 450.102.04-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-dkms-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-extra-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-compute-utils-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-utils-450-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-common-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-gl-440-server - 450.102.04-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-utils-440-server - 450.102.04-0ubuntu0.18.04.1 libnvidia-ifr1-440-server - 450.102.04-0ubuntu0.18.04.1 nvidia-compute-utils-450-server - 450.102.04-0ubuntu0.18.04.1 nvidia-driver-440-server - 450.102.04-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-1052 CVE-2021-1053 Ubuntu 18.04 LTS USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. (CVE-2021-1052) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1053) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1056) Update Instructions: Run `sudo pro fix USN-4689-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-134-generic - 4.15.0-134.138 linux-image-4.15.0-134-lowlatency - 4.15.0-134.138 linux-image-4.15.0-134-generic-lpae - 4.15.0-134.138 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.134.121 linux-image-lowlatency-hwe-16.04 - 4.15.0.134.121 linux-image-generic-hwe-16.04-edge - 4.15.0.134.121 linux-image-generic-lpae-hwe-16.04 - 4.15.0.134.121 linux-image-virtual - 4.15.0.134.121 linux-image-virtual-hwe-16.04 - 4.15.0.134.121 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.134.121 linux-image-generic - 4.15.0.134.121 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.134.121 linux-image-generic-lpae - 4.15.0.134.121 linux-image-generic-hwe-16.04 - 4.15.0.134.121 linux-image-lowlatency - 4.15.0.134.121 No subscription required linux-image-5.4.0-64-generic-lpae - 5.4.0-64.72~18.04.1 linux-image-5.4.0-64-generic - 5.4.0-64.72~18.04.1 linux-image-5.4.0-64-lowlatency - 5.4.0-64.72~18.04.1 No subscription required linux-image-oem-osp1 - 5.4.0.64.72~18.04.59 linux-image-generic-hwe-18.04 - 5.4.0.64.72~18.04.59 linux-image-snapdragon-hwe-18.04 - 5.4.0.64.72~18.04.59 linux-image-generic-lpae-hwe-18.04 - 5.4.0.64.72~18.04.59 linux-image-lowlatency-hwe-18.04 - 5.4.0.64.72~18.04.59 linux-image-virtual-hwe-18.04 - 5.4.0.64.72~18.04.59 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.64.72~18.04.59 linux-image-oem - 5.4.0.64.72~18.04.59 linux-image-generic-hwe-18.04-edge - 5.4.0.64.72~18.04.59 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.64.72~18.04.59 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.64.72~18.04.59 linux-image-virtual-hwe-18.04-edge - 5.4.0.64.72~18.04.59 No subscription required Medium CVE-2021-1052 CVE-2021-1053 Ubuntu 18.04 LTS It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface. Update Instructions: Run `sudo pro fix USN-4690-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: coturn - 4.5.0.7-1ubuntu2.18.04.3 No subscription required Medium CVE-2020-26262 Ubuntu 18.04 LTS Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4691-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.7-0ubuntu0.18.04.2 openvswitch-switch - 2.9.7-0ubuntu0.18.04.2 openvswitch-pki - 2.9.7-0ubuntu0.18.04.2 ovn-docker - 2.9.7-0ubuntu0.18.04.2 openvswitch-common - 2.9.7-0ubuntu0.18.04.2 openvswitch-testcontroller - 2.9.7-0ubuntu0.18.04.2 openvswitch-vtep - 2.9.7-0ubuntu0.18.04.2 python-openvswitch - 2.9.7-0ubuntu0.18.04.2 python3-openvswitch - 2.9.7-0ubuntu0.18.04.2 ovn-host - 2.9.7-0ubuntu0.18.04.2 ovn-common - 2.9.7-0ubuntu0.18.04.2 ovn-central - 2.9.7-0ubuntu0.18.04.2 ovn-controller-vtep - 2.9.7-0ubuntu0.18.04.2 openvswitch-switch-dpdk - 2.9.7-0ubuntu0.18.04.2 openvswitch-test - 2.9.7-0ubuntu0.18.04.2 No subscription required Medium CVE-2015-8011 CVE-2020-27827 Ubuntu 18.04 LTS Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20482) Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. (CVE-2019-9923) Update Instructions: Run `sudo pro fix USN-4692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.29b-2ubuntu0.2 tar - 1.29b-2ubuntu0.2 No subscription required Low CVE-2018-20482 CVE-2019-9923 Ubuntu 18.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-132-generic - 4.15.0-132.136 linux-image-4.15.0-132-lowlatency - 4.15.0-132.136 linux-image-4.15.0-132-generic-lpae - 4.15.0-132.136 No subscription required linux-image-virtual - 4.15.0.132.119 linux-image-virtual-hwe-16.04-edge - 4.15.0.132.119 linux-image-lowlatency-hwe-16.04 - 4.15.0.132.119 linux-image-generic-hwe-16.04-edge - 4.15.0.132.119 linux-image-generic-lpae-hwe-16.04 - 4.15.0.132.119 linux-image-virtual-hwe-16.04 - 4.15.0.132.119 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.132.119 linux-image-generic - 4.15.0.132.119 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.132.119 linux-image-generic-lpae - 4.15.0.132.119 linux-image-generic-hwe-16.04 - 4.15.0.132.119 linux-image-lowlatency - 4.15.0.132.119 No subscription required linux-image-5.4.0-62-generic-lpae - 5.4.0-62.70~18.04.1 linux-image-5.4.0-62-generic - 5.4.0-62.70~18.04.1 linux-image-5.4.0-62-lowlatency - 5.4.0-62.70~18.04.1 No subscription required linux-image-oem-osp1 - 5.4.0.62.70~18.04.57 linux-image-generic-hwe-18.04 - 5.4.0.62.70~18.04.57 linux-image-snapdragon-hwe-18.04 - 5.4.0.62.70~18.04.57 linux-image-generic-lpae-hwe-18.04 - 5.4.0.62.70~18.04.57 linux-image-lowlatency-hwe-18.04 - 5.4.0.62.70~18.04.57 linux-image-virtual-hwe-18.04 - 5.4.0.62.70~18.04.57 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.62.70~18.04.57 linux-image-oem - 5.4.0.62.70~18.04.57 linux-image-generic-hwe-18.04-edge - 5.4.0.62.70~18.04.57 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.62.70~18.04.57 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.62.70~18.04.57 linux-image-virtual-hwe-18.04-edge - 5.4.0.62.70~18.04.57 No subscription required High CVE-2020-28374 Ubuntu 18.04 LTS It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: htmldoc - 1.9.2-1ubuntu0.1 htmldoc-common - 1.9.2-1ubuntu0.1 No subscription required Medium CVE-2019-19630 Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. (CVE-2020-35653) It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654) It was discovered that Pillow incorrectly handled certain SGI image files. If a user or automated system were tricked into opening a specially-crafted SGI file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655) Update Instructions: Run `sudo pro fix USN-4697-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.4 python-pil-doc - 5.1.0-1ubuntu0.4 python3-pil - 5.1.0-1ubuntu0.4 python-pil - 5.1.0-1ubuntu0.4 python-pil.imagetk - 5.1.0-1ubuntu0.4 No subscription required Medium CVE-2020-35653 CVE-2020-35654 CVE-2020-35655 Ubuntu 18.04 LTS Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25684) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25685) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25686) It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834) Update Instructions: Run `sudo pro fix USN-4698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.2 dnsmasq-base-lua - 2.79-1ubuntu0.2 dnsmasq-utils - 2.79-1ubuntu0.2 dnsmasq-base - 2.79-1ubuntu0.2 No subscription required Medium CVE-2019-14834 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Ubuntu 18.04 LTS USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory details: Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25684) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25685) Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. A remote attacker could use this issue to perform a cache poisoning attack. (CVE-2020-25686) It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834) Update Instructions: Run `sudo pro fix USN-4698-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.3 dnsmasq-utils - 2.79-1ubuntu0.3 dnsmasq-base-lua - 2.79-1ubuntu0.3 dnsmasq-base - 2.79-1ubuntu0.3 No subscription required None https://launchpad.net/bugs/1916462 Ubuntu 18.04 LTS It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4699-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4net1.2-cil - 1.2.10+dfsg-7ubuntu0.18.04.1 liblog4net-cil-dev - 1.2.10+dfsg-7ubuntu0.18.04.1 No subscription required Medium CVE-2018-1285 Ubuntu 18.04 LTS Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4700-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-xdg - 0.25-4ubuntu1.1 python-xdg - 0.25-4ubuntu1.1 No subscription required Low CVE-2019-12761 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4703-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.5 No subscription required Medium CVE-2021-3181 Ubuntu 18.04 LTS It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. (CVE-2021-23239) Update Instructions: Run `sudo pro fix USN-4705-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.21p2-3ubuntu1.4 sudo - 1.8.21p2-3ubuntu1.4 No subscription required High CVE-2021-23239 CVE-2021-3156 Ubuntu 18.04 LTS Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). Update Instructions: Run `sudo pro fix USN-4710-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-135-lowlatency - 4.15.0-135.139 linux-image-4.15.0-135-generic-lpae - 4.15.0-135.139 linux-image-4.15.0-135-generic - 4.15.0-135.139 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.135.122 linux-image-virtual-hwe-16.04 - 4.15.0.135.122 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.135.122 linux-image-generic - 4.15.0.135.122 linux-image-virtual-hwe-16.04-edge - 4.15.0.135.122 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.135.122 linux-image-lowlatency-hwe-16.04 - 4.15.0.135.122 linux-image-virtual - 4.15.0.135.122 linux-image-generic-hwe-16.04-edge - 4.15.0.135.122 linux-image-generic-lpae - 4.15.0.135.122 linux-image-lowlatency - 4.15.0.135.122 linux-image-generic-lpae-hwe-16.04 - 4.15.0.135.122 No subscription required Medium CVE-2020-25704 Ubuntu 18.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2020-25704) Update Instructions: Run `sudo pro fix USN-4711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1064-oracle - 4.15.0-1064.71 No subscription required linux-image-4.15.0-1078-raspi2 - 4.15.0-1078.83 linux-image-4.15.0-1078-gke - 4.15.0-1078.83 No subscription required linux-image-4.15.0-1084-kvm - 4.15.0-1084.86 No subscription required linux-image-4.15.0-1092-gcp - 4.15.0-1092.105 No subscription required linux-image-4.15.0-1093-aws - 4.15.0-1093.99 No subscription required linux-image-4.15.0-1095-snapdragon - 4.15.0-1095.104 No subscription required linux-image-4.15.0-1106-azure - 4.15.0-1106.118 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1064.74 No subscription required linux-image-raspi2 - 4.15.0.1078.75 No subscription required linux-image-gke - 4.15.0.1078.82 linux-image-gke-4.15 - 4.15.0.1078.82 No subscription required linux-image-kvm - 4.15.0.1084.80 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1092.110 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1093.96 No subscription required linux-image-snapdragon - 4.15.0.1095.98 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1106.79 No subscription required High CVE-2020-25704 CVE-2020-28374 Ubuntu 18.04 LTS USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem. We apologize for the inconvenience. Original vulnerability details: Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Update Instructions: Run `sudo pro fix USN-4712-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-65-generic - 5.4.0-65.73~18.04.1 linux-image-5.4.0-65-generic-lpae - 5.4.0-65.73~18.04.1 linux-image-5.4.0-65-lowlatency - 5.4.0-65.73~18.04.1 No subscription required linux-image-snapdragon-hwe-18.04-edge - 5.4.0.65.73~18.04.60 linux-image-snapdragon-hwe-18.04 - 5.4.0.65.73~18.04.60 linux-image-lowlatency-hwe-18.04 - 5.4.0.65.73~18.04.60 linux-image-virtual-hwe-18.04 - 5.4.0.65.73~18.04.60 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.65.73~18.04.60 linux-image-generic-lpae-hwe-18.04 - 5.4.0.65.73~18.04.60 linux-image-oem - 5.4.0.65.73~18.04.60 linux-image-generic-hwe-18.04-edge - 5.4.0.65.73~18.04.60 linux-image-oem-osp1 - 5.4.0.65.73~18.04.60 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.65.73~18.04.60 linux-image-generic-hwe-18.04 - 5.4.0.65.73~18.04.60 linux-image-virtual-hwe-18.04-edge - 5.4.0.65.73~18.04.60 No subscription required None https://bugs.launchpad.net/bugs/1900141 https://usn.ubuntu.com/usn/usn-4576-1 Ubuntu 18.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4713-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1009-gkeop - 5.4.0-1009.10~18.04.1 No subscription required linux-image-5.4.0-1028-raspi - 5.4.0-1028.31~18.04.1 No subscription required linux-image-5.4.0-1035-gke - 5.4.0-1035.37~18.04.1 No subscription required linux-image-5.4.0-1036-gcp - 5.4.0-1036.39~18.04.1 No subscription required linux-image-5.4.0-1037-aws - 5.4.0-1037.39~18.04.1 No subscription required linux-image-5.4.0-1037-oracle - 5.4.0-1037.40~18.04.1 No subscription required linux-image-5.4.0-1039-azure - 5.4.0-1039.41~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1009.10~18.04.10 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1028.31 linux-image-raspi-hwe-18.04 - 5.4.0.1028.31 No subscription required linux-image-gke-5.4 - 5.4.0.1035.37~18.04.3 No subscription required linux-image-gcp - 5.4.0.1036.23 linux-image-gcp-edge - 5.4.0.1036.23 No subscription required linux-image-aws-edge - 5.4.0.1037.21 linux-image-aws - 5.4.0.1037.21 No subscription required linux-image-oracle-edge - 5.4.0.1037.40~18.04.20 linux-image-oracle - 5.4.0.1037.40~18.04.20 No subscription required linux-image-azure-edge - 5.4.0.1039.19 linux-image-azure - 5.4.0.1039.19 No subscription required High CVE-2020-28374 Ubuntu 18.04 LTS It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Update Instructions: Run `sudo pro fix USN-4713-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.0.0-1051-gke - 5.0.0-1051.53 No subscription required linux-image-gke-5.0 - 5.0.0.1051.35 No subscription required linux-image-5.3.0-1037-raspi2 - 5.3.0-1037.39 No subscription required linux-image-5.3.0-1040-gke - 5.3.0-1040.43 No subscription required linux-image-5.3.0-70-generic - 5.3.0-70.66 linux-image-5.3.0-70-lowlatency - 5.3.0-70.66 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1037.26 No subscription required linux-image-gke-5.3 - 5.3.0.1040.23 No subscription required linux-image-gkeop-5.3 - 5.3.0.70.127 No subscription required High CVE-2020-28374 Ubuntu 18.04 LTS Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. (CVE-2020-26217) It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. (CVE-2020-26258) It was discovered that XStream was vulnerable to arbitrary file deletion on the local host. A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. (CVE-2020-26259) Update Instructions: Run `sudo pro fix USN-4714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxstream-java - 1.4.11.1-1~18.04.1 No subscription required Medium CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 Ubuntu 18.04 LTS Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Update Instructions: Run `sudo pro fix USN-4715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.10 python-django-doc - 1:1.11.11-1ubuntu1.10 python-django-common - 1:1.11.11-1ubuntu1.10 python-django - 1:1.11.11-1ubuntu1.10 No subscription required Medium CVE-2021-3281 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-23.html https://www.oracle.com/security-alerts/cpujan2021.html Update Instructions: Run `sudo pro fix USN-4716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.33-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.33-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.33-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.33-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.33-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.33-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.33-0ubuntu0.18.04.1 mysql-server - 5.7.33-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.33-0ubuntu0.18.04.1 mysql-testsuite - 5.7.33-0ubuntu0.18.04.1 libmysqld-dev - 5.7.33-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.33-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-2002 CVE-2021-2010 CVE-2021-2011 CVE-2021-2014 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024 CVE-2021-2031 CVE-2021-2032 CVE-2021-2036 CVE-2021-2038 CVE-2021-2046 CVE-2021-2048 CVE-2021-2056 CVE-2021-2058 CVE-2021-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070 CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2087 CVE-2021-2088 CVE-2021-2122 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 85.0+build1-0ubuntu0.18.04.1 firefox - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 85.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 85.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 85.0+build1-0ubuntu0.18.04.1 firefox-dev - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 85.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 85.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-23953 CVE-2021-23954 CVE-2021-23955 CVE-2021-23956 CVE-2021-23958 CVE-2021-23960 CVE-2021-23961 CVE-2021-23962 CVE-2021-23963 CVE-2021-23964 CVE-2021-23965 Ubuntu 18.04 LTS USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4717-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 85.0.1+build1-0ubuntu0.18.04.1 firefox - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 85.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 85.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 85.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 85.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 85.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1914147 Ubuntu 18.04 LTS It was discovered that fastd incorrectly handled certain packets. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4718-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fastd - 18-3ubuntu0.18.04.1 No subscription required Medium CVE-2020-27638 Ubuntu 18.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-4719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates-udeb - 20210119~18.04.1 ca-certificates - 20210119~18.04.1 No subscription required None https://launchpad.net/bugs/1914064 Ubuntu 18.04 LTS Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Update Instructions: Run `sudo pro fix USN-4720-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.23 python3-problem-report - 2.20.9-0ubuntu7.23 apport-kde - 2.20.9-0ubuntu7.23 apport-retrace - 2.20.9-0ubuntu7.23 apport-valgrind - 2.20.9-0ubuntu7.23 python3-apport - 2.20.9-0ubuntu7.23 dh-apport - 2.20.9-0ubuntu7.23 apport-gtk - 2.20.9-0ubuntu7.23 apport - 2.20.9-0ubuntu7.23 python-problem-report - 2.20.9-0ubuntu7.23 apport-noui - 2.20.9-0ubuntu7.23 No subscription required Medium CVE-2021-25682 CVE-2021-25683 CVE-2021-25684 Ubuntu 18.04 LTS Simon McVittie discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system (a sandbox escape). A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox. Update Instructions: Run `sudo pro fix USN-4721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflatpak0 - 1.0.9-0ubuntu0.2 libflatpak-dev - 1.0.9-0ubuntu0.2 gir1.2-flatpak-1.0 - 1.0.9-0ubuntu0.2 libflatpak-doc - 1.0.9-0ubuntu0.2 flatpak - 1.0.9-0ubuntu0.2 flatpak-tests - 1.0.9-0ubuntu0.2 No subscription required Medium CVE-2021-21261 Ubuntu 18.04 LTS It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. (CVE-2020-12695) It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926) Update Instructions: Run `sudo pro fix USN-4722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: minidlna - 1.2.1+dfsg-1ubuntu0.18.04.1 No subscription required Medium CVE-2020-12695 CVE-2020-28926 Ubuntu 18.04 LTS It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.5+submodules+notgz-1ubuntu1.18.04.3 No subscription required Medium CVE-2020-36193 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221) It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226) It was discovered that OpenLDAP incorrectly handled Return Filter control handling. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36223) It was discovered that OpenLDAP incorrectly handled certain cancel operations. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227) It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36228) It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230) Update Instructions: Run `sudo pro fix USN-4724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.9 libldap-common - 2.4.45+dfsg-1ubuntu1.9 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.9 ldap-utils - 2.4.45+dfsg-1ubuntu1.9 libldap2-dev - 2.4.45+dfsg-1ubuntu1.9 slapd - 2.4.45+dfsg-1ubuntu1.9 No subscription required Medium CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 Ubuntu 18.04 LTS It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-11947) Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-15859) Alexander Bulekov discovered that QEMU incorrectly handled memory region cache. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-27821) Cheol-woo Myung discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-28916) Wenxiang Qian discovered that QEMU incorrectly handled ATAPI emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-29443) It was discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20181) Update Instructions: Run `sudo pro fix USN-4725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.35 qemu-user-static - 1:2.11+dfsg-1ubuntu7.35 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.35 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.35 qemu-kvm - 1:2.11+dfsg-1ubuntu7.35 qemu-user - 1:2.11+dfsg-1ubuntu7.35 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.35 qemu-system - 1:2.11+dfsg-1ubuntu7.35 qemu-utils - 1:2.11+dfsg-1ubuntu7.35 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.35 qemu - 1:2.11+dfsg-1ubuntu7.35 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.35 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.35 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.35 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.35 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.35 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.35 No subscription required Medium CVE-2020-11947 CVE-2020-15859 CVE-2020-27821 CVE-2020-28916 CVE-2020-29443 CVE-2021-20181 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled the direct buffering of characters. An attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or cause other unspecified impact. Update Instructions: Run `sudo pro fix USN-4726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.10+9-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.10+9-0ubuntu1~18.04 openjdk-11-doc - 11.0.10+9-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.10+9-0ubuntu1~18.04 openjdk-11-jdk - 11.0.10+9-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.10+9-0ubuntu1~18.04 openjdk-11-jre - 11.0.10+9-0ubuntu1~18.04 openjdk-11-demo - 11.0.10+9-0ubuntu1~18.04 No subscription required openjdk-8-source - 8u282-b08-0ubuntu1~18.04 openjdk-8-doc - 8u282-b08-0ubuntu1~18.04 openjdk-8-jdk - 8u282-b08-0ubuntu1~18.04 openjdk-8-jre-headless - 8u282-b08-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u282-b08-0ubuntu1~18.04 openjdk-8-jre - 8u282-b08-0ubuntu1~18.04 openjdk-8-jre-zero - 8u282-b08-0ubuntu1~18.04 openjdk-8-demo - 8u282-b08-0ubuntu1~18.04 No subscription required None https://launchpad.net/bugs/1914824 Ubuntu 18.04 LTS Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container. Update Instructions: Run `sudo pro fix USN-4728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.48.3+18.04 ubuntu-core-launcher - 2.48.3+18.04 snap-confine - 2.48.3+18.04 ubuntu-snappy-cli - 2.48.3+18.04 golang-github-snapcore-snapd-dev - 2.48.3+18.04 snapd-xdg-open - 2.48.3+18.04 snapd - 2.48.3+18.04 golang-github-ubuntu-core-snappy-dev - 2.48.3+18.04 ubuntu-snappy - 2.48.3+18.04 No subscription required High CVE-2020-27352 Ubuntu 18.04 LTS Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification. Update Instructions: Run `sudo pro fix USN-4729-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.8-0ubuntu0.18.04.2 openvswitch-switch - 2.9.8-0ubuntu0.18.04.2 openvswitch-pki - 2.9.8-0ubuntu0.18.04.2 ovn-docker - 2.9.8-0ubuntu0.18.04.2 openvswitch-common - 2.9.8-0ubuntu0.18.04.2 openvswitch-testcontroller - 2.9.8-0ubuntu0.18.04.2 openvswitch-vtep - 2.9.8-0ubuntu0.18.04.2 python-openvswitch - 2.9.8-0ubuntu0.18.04.2 python3-openvswitch - 2.9.8-0ubuntu0.18.04.2 ovn-host - 2.9.8-0ubuntu0.18.04.2 ovn-common - 2.9.8-0ubuntu0.18.04.2 ovn-central - 2.9.8-0ubuntu0.18.04.2 ovn-controller-vtep - 2.9.8-0ubuntu0.18.04.2 openvswitch-switch-dpdk - 2.9.8-0ubuntu0.18.04.2 openvswitch-test - 2.9.8-0ubuntu0.18.04.2 No subscription required Medium CVE-2020-35498 Ubuntu 18.04 LTS It was discovered that PostSRSd mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service via a long timestamp tag in an SRS address. Update Instructions: Run `sudo pro fix USN-4730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postsrsd - 1.4-1ubuntu0.1 No subscription required Medium CVE-2020-35573 Ubuntu 18.04 LTS It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: junit4 - 4.12-8~18.04.1 junit4-doc - 4.12-8~18.04.1 No subscription required Medium CVE-2020-15250 Ubuntu 18.04 LTS Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Update Instructions: Run `sudo pro fix USN-4733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnome-autoar-0-dev - 0.2.3-1ubuntu0.1 libgnome-autoar-gtk-0-0 - 0.2.3-1ubuntu0.1 gir1.2-gnomeautoar-0.1 - 0.2.3-1ubuntu0.1 libgnome-autoar-gtk-0-dev - 0.2.3-1ubuntu0.1 gir1.2-gnomeautoargtk-0.1 - 0.2.3-1ubuntu0.1 libgnome-autoar-doc - 0.2.3-1ubuntu0.1 libgnome-autoar-0-0 - 0.2.3-1ubuntu0.1 No subscription required Medium CVE-2020-36241 Ubuntu 18.04 LTS USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Original advisory details: Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Update Instructions: Run `sudo pro fix USN-4733-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnome-autoar-0-dev - 0.2.3-1ubuntu0.2 libgnome-autoar-gtk-0-0 - 0.2.3-1ubuntu0.2 gir1.2-gnomeautoar-0.1 - 0.2.3-1ubuntu0.2 libgnome-autoar-gtk-0-dev - 0.2.3-1ubuntu0.2 gir1.2-gnomeautoargtk-0.1 - 0.2.3-1ubuntu0.2 libgnome-autoar-doc - 0.2.3-1ubuntu0.2 libgnome-autoar-0-0 - 0.2.3-1ubuntu0.2 No subscription required None https://launchpad.net/bugs/1917812 Ubuntu 18.04 LTS It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695) Update Instructions: Run `sudo pro fix USN-4734-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.7 wpagui - 2:2.6-15ubuntu2.7 wpasupplicant - 2:2.6-15ubuntu2.7 wpasupplicant-udeb - 2:2.6-15ubuntu2.7 No subscription required High CVE-2020-12695 CVE-2021-0326 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Update Instructions: Run `sudo pro fix USN-4737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.14 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.14 libisc169 - 1:9.11.3+dfsg-1ubuntu1.14 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.14 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.14 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.14 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.14 bind9 - 1:9.11.3+dfsg-1ubuntu1.14 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.14 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.14 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.14 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.14 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.14 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.14 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.14 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.14 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.14 bind9-host - 1:9.11.3+dfsg-1ubuntu1.14 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.14 dnsutils - 1:9.11.3+dfsg-1ubuntu1.14 bind9utils - 1:9.11.3+dfsg-1ubuntu1.14 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.14 libirs160 - 1:9.11.3+dfsg-1ubuntu1.14 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.14 No subscription required Medium CVE-2020-8625 Ubuntu 18.04 LTS Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841) Update Instructions: Run `sudo pro fix USN-4738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.6 libssl1.0-dev - 1.0.2n-1ubuntu5.6 openssl1.0 - 1.0.2n-1ubuntu5.6 libssl1.0.0-udeb - 1.0.2n-1ubuntu5.6 libcrypto1.0.0-udeb - 1.0.2n-1ubuntu5.6 No subscription required libcrypto1.1-udeb - 1.1.1-1ubuntu2.1~18.04.8 libssl-dev - 1.1.1-1ubuntu2.1~18.04.8 openssl - 1.1.1-1ubuntu2.1~18.04.8 libssl-doc - 1.1.1-1ubuntu2.1~18.04.8 libssl1.1-udeb - 1.1.1-1ubuntu2.1~18.04.8 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.8 No subscription required Medium CVE-2021-23840 CVE-2021-23841 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4739-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.30.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.30.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.30.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.30.5-0ubuntu0.18.04.1 webkit2gtk-driver - 2.30.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.30.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.30.5-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.30.5-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.30.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.30.5-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-13558 Ubuntu 18.04 LTS It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms. Update Instructions: Run `sudo pro fix USN-4740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libshiro-java - 1.3.2-3~18.04.1 No subscription required Medium CVE-2020-11989 CVE-2020-1957 Ubuntu 18.04 LTS It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack. Update Instructions: Run `sudo pro fix USN-4742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.11 python-django-doc - 1:1.11.11-1ubuntu1.11 python-django-common - 1:1.11.11-1ubuntu1.11 python-django - 1:1.11.11-1ubuntu1.11 No subscription required Low CVE-2021-23336 Ubuntu 18.04 LTS Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short timestamps. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.10 libldap-common - 2.4.45+dfsg-1ubuntu1.10 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.10 ldap-utils - 2.4.45+dfsg-1ubuntu1.10 libldap2-dev - 2.4.45+dfsg-1ubuntu1.10 slapd - 2.4.45+dfsg-1ubuntu1.10 No subscription required Medium CVE-2021-27212 Ubuntu 18.04 LTS Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4746-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xterm - 330-1ubuntu2.2 No subscription required Medium CVE-2021-27135 Ubuntu 18.04 LTS Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4747-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.6.2-1ubuntu1.1 screen-udeb - 4.6.2-1ubuntu1.1 No subscription required Medium CVE-2021-26937 Ubuntu 18.04 LTS Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) Update Instructions: Run `sudo pro fix USN-4749-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1012-dell300x - 4.15.0-1012.16 No subscription required linux-image-4.15.0-1065-oracle - 4.15.0-1065.73 No subscription required linux-image-4.15.0-1079-gke - 4.15.0-1079.84 linux-image-4.15.0-1079-raspi2 - 4.15.0-1079.84 No subscription required linux-image-4.15.0-1085-kvm - 4.15.0-1085.87 No subscription required linux-image-4.15.0-1093-gcp - 4.15.0-1093.106 No subscription required linux-image-4.15.0-1094-aws - 4.15.0-1094.101 No subscription required linux-image-4.15.0-1096-snapdragon - 4.15.0-1096.105 No subscription required linux-image-4.15.0-1108-azure - 4.15.0-1108.120 No subscription required linux-image-4.15.0-136-generic-lpae - 4.15.0-136.140 linux-image-4.15.0-136-lowlatency - 4.15.0-136.140 linux-image-4.15.0-136-generic - 4.15.0-136.140 No subscription required linux-image-dell300x - 4.15.0.1012.14 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1065.75 No subscription required linux-image-raspi2 - 4.15.0.1079.76 No subscription required linux-image-gke - 4.15.0.1079.83 linux-image-gke-4.15 - 4.15.0.1079.83 No subscription required linux-image-kvm - 4.15.0.1085.81 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1093.111 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1094.97 No subscription required linux-image-snapdragon - 4.15.0.1096.99 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1108.81 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.136.123 linux-image-generic-hwe-16.04 - 4.15.0.136.123 linux-image-generic-hwe-16.04-edge - 4.15.0.136.123 linux-image-generic-lpae-hwe-16.04 - 4.15.0.136.123 linux-image-virtual - 4.15.0.136.123 linux-image-virtual-hwe-16.04 - 4.15.0.136.123 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.136.123 linux-image-generic - 4.15.0.136.123 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.136.123 linux-image-generic-lpae - 4.15.0.136.123 linux-image-lowlatency-hwe-16.04 - 4.15.0.136.123 linux-image-lowlatency - 4.15.0.136.123 No subscription required High CVE-2020-25669 CVE-2020-27815 CVE-2020-27830 CVE-2020-28941 CVE-2020-29374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 Ubuntu 18.04 LTS Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669) It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815) Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941) It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588) Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568) Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569) Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660) Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle filter rules in some situations. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. (CVE-2021-20177) Update Instructions: Run `sudo pro fix USN-4750-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1010-gkeop - 5.4.0-1010.11~18.04.1 No subscription required linux-image-5.4.0-1029-raspi - 5.4.0-1029.32~18.04.1 No subscription required linux-image-5.4.0-1036-gke - 5.4.0-1036.38~18.04.1 No subscription required linux-image-5.4.0-1037-gcp - 5.4.0-1037.40~18.04.1 No subscription required linux-image-5.4.0-1038-aws - 5.4.0-1038.40~18.04.1 No subscription required linux-image-5.4.0-1038-oracle - 5.4.0-1038.41~18.04.1 No subscription required linux-image-5.4.0-1040-azure - 5.4.0-1040.42~18.04.1 No subscription required linux-image-5.4.0-66-lowlatency - 5.4.0-66.74~18.04.2 linux-image-5.4.0-66-generic-lpae - 5.4.0-66.74~18.04.2 linux-image-5.4.0-66-generic - 5.4.0-66.74~18.04.2 No subscription required linux-image-gkeop-5.4 - 5.4.0.1010.11~18.04.11 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1029.32 linux-image-raspi-hwe-18.04 - 5.4.0.1029.32 No subscription required linux-image-gke-5.4 - 5.4.0.1036.38~18.04.4 No subscription required linux-image-gcp-edge - 5.4.0.1037.24 linux-image-gcp - 5.4.0.1037.24 No subscription required linux-image-aws-edge - 5.4.0.1038.22 linux-image-aws - 5.4.0.1038.22 No subscription required linux-image-oracle - 5.4.0.1038.41~18.04.21 linux-image-oracle-edge - 5.4.0.1038.41~18.04.21 No subscription required linux-image-azure - 5.4.0.1040.20 linux-image-azure-edge - 5.4.0.1040.20 No subscription required linux-image-oem-osp1 - 5.4.0.66.74~18.04.61 linux-image-generic-hwe-18.04 - 5.4.0.66.74~18.04.61 linux-image-snapdragon-hwe-18.04 - 5.4.0.66.74~18.04.61 linux-image-generic-lpae-hwe-18.04 - 5.4.0.66.74~18.04.61 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.66.74~18.04.61 linux-image-lowlatency-hwe-18.04 - 5.4.0.66.74~18.04.61 linux-image-virtual-hwe-18.04 - 5.4.0.66.74~18.04.61 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.66.74~18.04.61 linux-image-oem - 5.4.0.66.74~18.04.61 linux-image-generic-hwe-18.04-edge - 5.4.0.66.74~18.04.61 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.66.74~18.04.61 linux-image-virtual-hwe-18.04-edge - 5.4.0.66.74~18.04.61 No subscription required High CVE-2020-25669 CVE-2020-27815 CVE-2020-27830 CVE-2020-28588 CVE-2020-28941 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2021-20177 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.3 python2.7-doc - 2.7.17-1~18.04ubuntu1.3 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.3 libpython2.7 - 2.7.17-1~18.04ubuntu1.3 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.3 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.3 python2.7 - 2.7.17-1~18.04ubuntu1.3 idle-python2.7 - 2.7.17-1~18.04ubuntu1.3 python2.7-examples - 2.7.17-1~18.04ubuntu1.3 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.3 python2.7-minimal - 2.7.17-1~18.04ubuntu1.3 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.4 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.4 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.4 python3.6-examples - 3.6.9-1~18.04ubuntu1.4 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.4 python3.6-venv - 3.6.9-1~18.04ubuntu1.4 python3.6-minimal - 3.6.9-1~18.04ubuntu1.4 python3.6 - 3.6.9-1~18.04ubuntu1.4 idle-python3.6 - 3.6.9-1~18.04ubuntu1.4 python3.6-doc - 3.6.9-1~18.04ubuntu1.4 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.4 libpython3.6 - 3.6.9-1~18.04ubuntu1.4 No subscription required Medium CVE-2020-27619 CVE-2021-3177 Ubuntu 18.04 LTS USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.5 libpython2.7 - 2.7.17-1~18.04ubuntu1.5 python2.7 - 2.7.17-1~18.04ubuntu1.5 idle-python2.7 - 2.7.17-1~18.04ubuntu1.5 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.5 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.5 python2.7-minimal - 2.7.17-1~18.04ubuntu1.5 python2.7-doc - 2.7.17-1~18.04ubuntu1.5 python2.7-dev - 2.7.17-1~18.04ubuntu1.5 python2.7-examples - 2.7.17-1~18.04ubuntu1.5 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.5 No subscription required None https://launchpad.net/bugs/1916893 Ubuntu 18.04 LTS USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. (CVE-2019-9674) It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. (CVE-2019-17514) It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-20907) It was discovered that Python allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492) It was discovered that Python allowed CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. (CVE-2020-26116) Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.7-doc - 3.7.5-2~18.04.4 libpython3.7-minimal - 3.7.5-2~18.04.4 python3.7-minimal - 3.7.5-2~18.04.4 libpython3.7-dev - 3.7.5-2~18.04.4 python3.7-dev - 3.7.5-2~18.04.4 libpython3.7-testsuite - 3.7.5-2~18.04.4 libpython3.7-stdlib - 3.7.5-2~18.04.4 python3.7 - 3.7.5-2~18.04.4 python3.7-venv - 3.7.5-2~18.04.4 python3.7-examples - 3.7.5-2~18.04.4 idle-python3.7 - 3.7.5-2~18.04.4 libpython3.7 - 3.7.5-2~18.04.4 No subscription required libpython3.8-minimal - 3.8.0-3~18.04.1 python3.8-venv - 3.8.0-3~18.04.1 libpython3.8-dev - 3.8.0-3~18.04.1 libpython3.8-stdlib - 3.8.0-3~18.04.1 idle-python3.8 - 3.8.0-3~18.04.1 libpython3.8-testsuite - 3.8.0-3~18.04.1 python3.8 - 3.8.0-3~18.04.1 python3.8-minimal - 3.8.0-3~18.04.1 python3.8-examples - 3.8.0-3~18.04.1 python3.8-dev - 3.8.0-3~18.04.1 libpython3.8 - 3.8.0-3~18.04.1 No subscription required Medium CVE-2019-17514 CVE-2019-20907 CVE-2019-9674 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 CVE-2021-3177 Ubuntu 18.04 LTS USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Update Instructions: Run `sudo pro fix USN-4754-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.6 libpython2.7 - 2.7.17-1~18.04ubuntu1.6 python2.7 - 2.7.17-1~18.04ubuntu1.6 python2.7-minimal - 2.7.17-1~18.04ubuntu1.6 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.6 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.6 idle-python2.7 - 2.7.17-1~18.04ubuntu1.6 python2.7-doc - 2.7.17-1~18.04ubuntu1.6 python2.7-dev - 2.7.17-1~18.04ubuntu1.6 python2.7-examples - 2.7.17-1~18.04ubuntu1.6 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.6 No subscription required Medium CVE-2021-3177 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-4755-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.4 libtiffxx5 - 4.0.9-5ubuntu0.4 libtiff5-dev - 4.0.9-5ubuntu0.4 libtiff-dev - 4.0.9-5ubuntu0.4 libtiff5 - 4.0.9-5ubuntu0.4 libtiff-tools - 4.0.9-5ubuntu0.4 libtiff-doc - 4.0.9-5ubuntu0.4 No subscription required Medium CVE-2020-35523 CVE-2020-35524 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct cross-site scripting (XSS) attacks, bypass HTTP auth phishing warnings, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 86.0+build3-0ubuntu0.18.04.1 firefox - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 86.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 86.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 86.0+build3-0ubuntu0.18.04.1 firefox-dev - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 86.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 86.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-23968 CVE-2021-23969 CVE-2021-23970 CVE-2021-23971 CVE-2021-23972 CVE-2021-23973 CVE-2021-23974 CVE-2021-23975 CVE-2021-23978 CVE-2021-23979 Ubuntu 18.04 LTS It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hostapd - 2:2.6-15ubuntu2.8 wpagui - 2:2.6-15ubuntu2.8 wpasupplicant - 2:2.6-15ubuntu2.8 wpasupplicant-udeb - 2:2.6-15ubuntu2.8 No subscription required Medium CVE-2021-27803 Ubuntu 18.04 LTS It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.10-go - 1.10.4-2ubuntu1~18.04.2 golang-1.10-src - 1.10.4-2ubuntu1~18.04.2 golang-1.10 - 1.10.4-2ubuntu1~18.04.2 golang-1.10-doc - 1.10.4-2ubuntu1~18.04.2 No subscription required Low CVE-2020-24553 Ubuntu 18.04 LTS Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218) Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219) Update Instructions: Run `sudo pro fix USN-4759-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.7 libglib2.0-data - 2.56.4-0ubuntu0.18.04.7 libglib2.0-udeb - 2.56.4-0ubuntu0.18.04.7 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.7 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.7 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.7 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.7 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.7 No subscription required Medium CVE-2021-27218 CVE-2021-27219 Ubuntu 18.04 LTS It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations. Update Instructions: Run `sudo pro fix USN-4760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zstd - 1.3.3+dfsg-2ubuntu1.2 libzstd1-dev - 1.3.3+dfsg-2ubuntu1.2 libzstd-dev - 1.3.3+dfsg-2ubuntu1.2 libzstd1 - 1.3.3+dfsg-2ubuntu1.2 libzstd1-udeb - 1.3.3+dfsg-2ubuntu1.2 No subscription required Medium CVE-2021-24031 CVE-2021-24032 Ubuntu 18.04 LTS Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.8 gitweb - 1:2.17.1-1ubuntu0.8 git-gui - 1:2.17.1-1ubuntu0.8 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.8 git-el - 1:2.17.1-1ubuntu0.8 gitk - 1:2.17.1-1ubuntu0.8 git-all - 1:2.17.1-1ubuntu0.8 git-mediawiki - 1:2.17.1-1ubuntu0.8 git-daemon-run - 1:2.17.1-1ubuntu0.8 git-man - 1:2.17.1-1ubuntu0.8 git-doc - 1:2.17.1-1ubuntu0.8 git-svn - 1:2.17.1-1ubuntu0.8 git-cvs - 1:2.17.1-1ubuntu0.8 git-email - 1:2.17.1-1ubuntu0.8 No subscription required Medium CVE-2021-21300 Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-25289, CVE-2021-25291) It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25290) It was discovered that Pillow incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially-crafted PDF file, a remote attacker could cause Pillow to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25292) It was discovered that Pillow incorrectly handled certain SGI image files. If a user or automated system were tricked into opening a specially-crafted SGI file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-25293) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain BLP files. If a user or automated system were tricked into opening a specially-crafted BLP file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-27921) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain ICNS files. If a user or automated system were tricked into opening a specially-crafted ICNS file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. (CVE-2021-27922) Jiayi Lin, Luke Shaffer, Xinran Xie, and Akshay Ajayan discovered that Pillow incorrectly handled certain ICO files. If a user or automated system were tricked into opening a specially-crafted ICO file, a remote attacker could possibly cause Pillow to consume resources, resulting in a denial of service. (CVE-2021-27922) Update Instructions: Run `sudo pro fix USN-4763-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.5 python-pil-doc - 5.1.0-1ubuntu0.5 python3-pil - 5.1.0-1ubuntu0.5 python-pil - 5.1.0-1ubuntu0.5 python-pil.imagetk - 5.1.0-1ubuntu0.5 No subscription required Medium CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 Ubuntu 18.04 LTS It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory. Update Instructions: Run `sudo pro fix USN-4764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.8 libglib2.0-data - 2.56.4-0ubuntu0.18.04.8 libglib2.0-udeb - 2.56.4-0ubuntu0.18.04.8 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.8 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.8 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.8 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.8 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.8 No subscription required Medium CVE-2021-28153 Ubuntu 18.04 LTS It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-beanutils-java - 1.9.3-1ubuntu0.1~esm1 libcommons-beanutils-java-doc - 1.9.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-0114 CVE-2019-10086 Ubuntu 18.04 LTS Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-11800) It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-2824, CVE-2017-2825) It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3005) It was discovered that Zabbix incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338) It was discovered that Zabbix incorrectly handled the request parameter. A remote attacker could possibly use this issue to redirect requests to external links. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2016-10742) It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. (CVE-2019-15132) It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15803) Update Instructions: Run `sudo pro fix USN-4767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-java-gateway - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-frontend-php - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-mysql - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-server-pgsql - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-server-mysql - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-pgsql - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-sqlite3 - 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-agent - 1:3.0.12+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2014-3005 CVE-2016-10134 CVE-2016-10742 CVE-2016-4338 CVE-2017-2824 CVE-2017-2825 CVE-2019-15132 CVE-2020-11800 CVE-2020-15803 Ubuntu 18.04 LTS It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3619) It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker could possibly use this to add himself to a trusted storage pool and perform privileged operations on volumes. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10841) It was discovered that GlusterFS incorrectly handled mounting gluster volumes. An attacker could possibly use this issue to also mount shared gluster volumes and escalate privileges through malicious cronjobs. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1088) It was discovered that GlusterFS incorrectly handled file paths. An attacker could possibly use this issue to create arbitrary files and execute arbitrary code. (CVE-2018-10904) It was discovered that GlusterFS incorrectly handled mounting volumes. An attacker could possibly use this issue to cause a denial of service or run arbitrary code. (CVE-2018-10907) It was discovered that GlusterFS incorrectly handled negative key length values. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-10911) It was discovered that GlusterFS incorrectly handled FUSE requests. An attacker could use this issue to obtain sensitive information. (CVE-2018-10913, CVE-2018-10914) It was discovered that GlusterFS incorrectly handled the file creation process. An authenticated attacker could possibly use this issue to create arbitrary files and obtain sensitive information. (CVE-2018-10923) It was discovered that GlusterFS incorrectly handled certain inputs. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-10924) It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write files to an arbitrary location and execute arbitrary code. (CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930) It was discovered that the fix for CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 was incomplete. A remote authenticated attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2018-14651) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14652) It was discovered that GlusterFS incorrectly handled RPC requests. A remote authenticated attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-14653) It was discovered that GlusterFS incorrectly handled mount volumes operation. A remote attacker could possibly use this issue to create arbitrary files. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14654) It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to create arbitrary files. (CVE-2018-14659) It was discovered that GlusterFS incorrectly handled certain inputs. A remote authenticated attacker could possibly use this is issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-14660) It was discovered that GlusterFS incorrectly handled strings. A remote authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2018-14661) Update Instructions: Run `sudo pro fix USN-4770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glusterfs-client - 3.13.2-1ubuntu1+esm1 glusterfs-server - 3.13.2-1ubuntu1+esm1 glusterfs-common - 3.13.2-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-3619 CVE-2018-10841 CVE-2018-1088 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Ubuntu 18.04 LTS It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-3200) It was discovered that Lighttpd did not properly sanitized the string used in alias. A remote attacker could use this to access the content of the directory above the alias and obtain sensitive information. (CVE-2018-19052) Update Instructions: Run `sudo pro fix USN-4775-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lighttpd-mod-mysql-vhost - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-doc - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-magnet - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-dev - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-authn-ldap - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-cml - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-authn-mysql - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-geoip - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-authn-gssapi - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-webdav - 1.4.45-1ubuntu3.18.04.1+esm1 lighttpd-mod-trigger-b4-dl - 1.4.45-1ubuntu3.18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2015-3200 CVE-2018-19052 Ubuntu 18.04 LTS It was discovered that OCaml mishandled sign extensions. A remote attacker could use this vulnerability to steal sensitive information, cause a denial of service (crash), or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2015-8869) It was discovered that OCaml mishandled crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. (CVE-2018-9838) Update Instructions: Run `sudo pro fix USN-4778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ocaml-mode - 4.05.0-10ubuntu1+esm1 ocaml-base-nox - 4.05.0-10ubuntu1+esm1 ocaml-nox - 4.05.0-10ubuntu1+esm1 ocaml - 4.05.0-10ubuntu1+esm1 ocaml-source - 4.05.0-10ubuntu1+esm1 ocaml-compiler-libs - 4.05.0-10ubuntu1+esm1 ocaml-interp - 4.05.0-10ubuntu1+esm1 ocaml-base - 4.05.0-10ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8869 CVE-2018-9838 Ubuntu 18.04 LTS It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10030) It was discovered that Slurm mishandled SPANK environment variables. An attacker could possibly use this issue to gain elevated privileges. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-15566) It was discovered that Slurm mishandled certain SQL queries. A local attacker could use this issue to gain elevated privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-7033) It was discovered that Slurm mishandled user names and group ids. A local attacker could use this issue to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-10995) It was discovered that Slurm mishandled 23-bit systems. A local attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-6438) It was discovered that Slurm incorrectly handled certain inputs when Message Aggregation is enabled. An attacker could possibly use this issue to launch a process as an arbitrary user. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12693) It was discovered that Slurm incorrectly handled certain RPC inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27745) Jonas Stare discovered that Slurm exposes sensitive information related to the X protocol. An attacker could possibly use this issue to obtain a graphical session from an arbitrary user. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-27746) It was discovered that Slurm incorrectly handled environment parameters. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31215) Update Instructions: Run `sudo pro fix USN-4781-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpmi0-dev - 17.11.2-1ubuntu0.1~esm4 libslurmdb32 - 17.11.2-1ubuntu0.1~esm4 slurmctld - 17.11.2-1ubuntu0.1~esm4 slurm-wlm-basic-plugins-dev - 17.11.2-1ubuntu0.1~esm4 libslurm-perl - 17.11.2-1ubuntu0.1~esm4 libpmi0 - 17.11.2-1ubuntu0.1~esm4 slurm-wlm - 17.11.2-1ubuntu0.1~esm4 libslurm-dev - 17.11.2-1ubuntu0.1~esm4 slurm-client - 17.11.2-1ubuntu0.1~esm4 libpam-slurm - 17.11.2-1ubuntu0.1~esm4 slurmd - 17.11.2-1ubuntu0.1~esm4 slurm-wlm-torque - 17.11.2-1ubuntu0.1~esm4 slurm-client-emulator - 17.11.2-1ubuntu0.1~esm4 slurm-wlm-emulator - 17.11.2-1ubuntu0.1~esm4 libpmi2-0 - 17.11.2-1ubuntu0.1~esm4 slurm-wlm-doc - 17.11.2-1ubuntu0.1~esm4 libpmi2-0-dev - 17.11.2-1ubuntu0.1~esm4 libslurmdb-perl - 17.11.2-1ubuntu0.1~esm4 libslurmdb-dev - 17.11.2-1ubuntu0.1~esm4 sview - 17.11.2-1ubuntu0.1~esm4 libslurm32 - 17.11.2-1ubuntu0.1~esm4 slurm-wlm-basic-plugins - 17.11.2-1ubuntu0.1~esm4 slurmdbd - 17.11.2-1ubuntu0.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2016-10030 CVE-2017-15566 CVE-2018-7033 CVE-2018-10995 CVE-2019-6438 CVE-2020-12693 CVE-2020-27745 CVE-2020-27746 CVE-2021-31215 Ubuntu 18.04 LTS It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM. CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only Ubuntu 18.04 ESM. Update Instructions: Run `sudo pro fix USN-4782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.3.0-2ubuntu0.1~esm1 libopenjpip-server - 2.3.0-2ubuntu0.1~esm1 libopenjpip-viewer - 2.3.0-2ubuntu0.1~esm1 libopenjp3d-tools - 2.3.0-2ubuntu0.1~esm1 libopenjpip7 - 2.3.0-2ubuntu0.1~esm1 libopenjp2-7 - 2.3.0-2ubuntu0.1~esm1 libopenjp2-7-dev - 2.3.0-2ubuntu0.1~esm1 libopenjp3d7 - 2.3.0-2ubuntu0.1~esm1 libopenjpip-dec-server - 2.3.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-12982 CVE-2018-16375 CVE-2018-20845 CVE-2018-5727 CVE-2019-12973 CVE-2016-10506 Ubuntu 18.04 LTS It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-2099) It was discovered that Xerces-C++ XML Parser fails to successfully parse a DTD that is too deeply nested. An unauthenticated attacker could use this vulnerability to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-4463) It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service. (CVE-2017-12627) Update Instructions: Run `sudo pro fix USN-4784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.2.0+debian-2ubuntu0.1~esm1 libxerces-c3.2 - 3.2.0+debian-2ubuntu0.1~esm1 libxerces-c-samples - 3.2.0+debian-2ubuntu0.1~esm1 libxerces-c-doc - 3.2.0+debian-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-2099 CVE-2016-4463 CVE-2017-12627 Ubuntu 18.04 LTS It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users. Update Instructions: Run `sudo pro fix USN-4785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: npm - 3.5.2-0ubuntu4.1.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-3956 Ubuntu 18.04 LTS Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. (CVE-2016-7099) It was discovered that Node.js incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using Node.js to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000381) Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12115) Arkadiy Tetelman discovered that Node.js improperly handled certain malformed HTTP requests. An attacker could use this vulnerability to inject unexpected HTTP requests. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12116) Jan Maybach discovered that Node.js did not time out if incomplete HTTP/HTTPS headers were received. An attacker could use this vulnerability to cause a denial of service by keeping HTTP/HTTPS connections alive for a long period of time. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12122) Martin Bajanik discovered that the url.parse() method would return incorrect results if it received specially crafted input. An attacker could use this vulnerability to spoof the hostname and bypass hostname-specific security controls. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12123) It was discovered that Node.js is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser with network access to the system running the Node.js process. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7160) It was discovered that the Buffer.fill() and Buffer.alloc() methods improperly handled certain inputs. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7167) Marco Pracucci discovered that Node.js mishandled HTTP and HTTPS connections. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-5737) Update Instructions: Run `sudo pro fix USN-4796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm1 nodejs-doc - 8.10.0~dfsg-2ubuntu0.4+esm1 nodejs - 8.10.0~dfsg-2ubuntu0.4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-7099 CVE-2017-1000381 CVE-2018-12115 CVE-2018-12116 CVE-2018-12122 CVE-2018-12123 CVE-2018-7160 CVE-2018-7167 CVE-2019-5737 Ubuntu 18.04 LTS It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-9179) It was discovered that Lynx incorrectly handled certain HTML files. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000211) Thorsten Glaser discovered that Lynx mishandles the userinfo subcomponents of a URI. An attacker monitoring the network could discover cleartext credentials because they may appear in SNI data. (CVE-2021-38165) Update Instructions: Run `sudo pro fix USN-4800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lynx-common - 2.8.9dev16-3ubuntu0.1~esm1 lynx - 2.8.9dev16-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-9179 CVE-2017-1000211 CVE-2021-38165 Ubuntu 18.04 LTS It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2017-1000206) It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13845) Update Instructions: Run `sudo pro fix USN-4802-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhts-dev - 1.7-2ubuntu0.1~esm1 libhts-private-dev - 1.7-2ubuntu0.1~esm1 libhts2 - 1.7-2ubuntu0.1~esm1 htslib-test - 1.7-2ubuntu0.1~esm1 tabix - 1.7-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-1000206 CVE-2018-13845 Ubuntu 18.04 LTS It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tinyproxy-bin - 1.8.4-5ubuntu0.1~esm1 tinyproxy - 1.8.4-5ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-11747 Ubuntu 18.04 LTS It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzip-dev - 1.1.2-1.1ubuntu0.1~esm1 zipmerge - 1.1.2-1.1ubuntu0.1~esm1 ziptool - 1.1.2-1.1ubuntu0.1~esm1 libzip4 - 1.1.2-1.1ubuntu0.1~esm1 zipcmp - 1.1.2-1.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-14107 Ubuntu 18.04 LTS It was discovered that libbson incorrectly validated input length. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. (CVE-2017-14227) It was discovered that libbson incorrectly handled certain specially crafted bson buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16790) Update Instructions: Run `sudo pro fix USN-4812-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbson-doc - 1.9.2-1ubuntu0.1~esm2 libbson-1.0-0 - 1.9.2-1ubuntu0.1~esm2 libbson-dev - 1.9.2-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14227 CVE-2018-16790 Ubuntu 18.04 LTS It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.10.0-patch1+docs-4ubuntu0.1~esm1 hdf5-helpers - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-cpp-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-mpich-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-openmpi-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-openmpi-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-mpich-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-jni - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-java - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-mpi-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm1 libhdf5-serial-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm1 hdf5-tools - 1.10.0-patch1+docs-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-17505 CVE-2017-17506 CVE-2017-17508 Ubuntu 18.04 LTS It was discovered that OpenCV did not properly manage certain objects, leading to a divide-by-zero. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15939) It was discovered that OpenCV did not properly manage certain files, leading to an out of bounds read. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 18.04 ESM. (CVE-2019-14491, CVE-2019-14492) It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to make OpenCV crash, resulting in a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-14493) It was discovered that OpenCV did not properly manage certain files, leading to a heap-based buffer overflow. If a user were tricked into loading a specially crafted file, a remote attacker could potentially use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2017-18009) Update Instructions: Run `sudo pro fix USN-4818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopencv-imgcodecs3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-features2d-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-videoio-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-photo-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-videostab-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-flann-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-ts-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-flann3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-stitching3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-ml-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-imgproc3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-videoio3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-viz3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv3.2-java - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-objdetect-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-imgcodecs-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-stitching-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-imgproc-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 python-opencv - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv3.2-jni - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-superres3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-viz-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-calib3d-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-objdetect3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 opencv-data - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-ml3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 opencv-doc - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-shape-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-video3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-calib3d3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-contrib-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-shape3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-video-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-highgui3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-photo3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-highgui-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-features2d3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-core3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-contrib3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-superres-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 python3-opencv - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-core-dev - 3.2.0+dfsg-4ubuntu0.1+esm3 libopencv-videostab3.2 - 3.2.0+dfsg-4ubuntu0.1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15939 CVE-2019-14491 CVE-2017-18009 CVE-2019-14492 CVE-2019-14493 Ubuntu 18.04 LTS It was discovered that Mosquitto incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-4823-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mosquitto-dev - 1.4.15-2ubuntu0.18.04.3+esm1 libmosquitto-dev - 1.4.15-2ubuntu0.18.04.3+esm1 libmosquitto1 - 1.4.15-2ubuntu0.18.04.3+esm1 mosquitto - 1.4.15-2ubuntu0.18.04.3+esm1 libmosquittopp1 - 1.4.15-2ubuntu0.18.04.3+esm1 libmosquittopp-dev - 1.4.15-2ubuntu0.18.04.3+esm1 mosquitto-clients - 1.4.15-2ubuntu0.18.04.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-7655 Ubuntu 18.04 LTS It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-9258, CVE-2017-9259, CVE-2017-9260) It was discovered that SoundTouch incorrectly handled ccertain WAV files. A remote attacker could possibly use this issue to cause arbitrary code execution. (CVE-2018-1000223) It was discovered that SoundTouch incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-17096) It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2018-17097, CVE-2018-17098) Update Instructions: Run `sudo pro fix USN-4826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsoundtouch-dev - 1.9.2-3ubuntu0.1~esm1 soundstretch - 1.9.2-3ubuntu0.1~esm1 libsoundtouch1 - 1.9.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-9258 CVE-2017-9259 CVE-2017-9260 CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 Ubuntu 18.04 LTS It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librelp0 - 1.2.14-3ubuntu0.1~esm1 librelp-dev - 1.2.14-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1000140 Ubuntu 18.04 LTS It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-4830-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libokular5core8 - 4:17.12.3-0ubuntu1+esm1 okular-extra-backends - 4:17.12.3-0ubuntu1+esm1 okular - 4:17.12.3-0ubuntu1+esm1 okular-mobile - 4:17.12.3-0ubuntu1+esm1 okular-dev - 4:17.12.3-0ubuntu1+esm1 qml-module-org-kde-okular - 4:17.12.3-0ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2018-1000801 Ubuntu 18.04 LTS It was discovered that OpenMPT incorrectly handled certain files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4831-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenmpt0 - 0.3.6-1ubuntu0.1~esm1 libopenmpt-dev - 0.3.6-1ubuntu0.1~esm1 libopenmpt-modplug-dev - 0.3.6-1ubuntu0.1~esm1 libopenmpt-modplug1 - 0.3.6-1ubuntu0.1~esm1 openmpt123 - 0.3.6-1ubuntu0.1~esm1 libopenmpt-doc - 0.3.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-10017 CVE-2018-11710 Ubuntu 18.04 LTS It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack. Update Instructions: Run `sudo pro fix USN-4832-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libplexus-archiver-java - 3.5-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1002200 Ubuntu 18.04 LTS It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issue to gain unintended access to resources. Update Instructions: Run `sudo pro fix USN-4834-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: prosody - 0.10.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2018-10847 Ubuntu 18.04 LTS It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to crash or possibly cause other unspecified impact. (CVE-2018-11099, CVE-2018-11129, CVE-2018-11130) It was discovered that VCFtools improperly handled memory allocation/deallocation, resulting in a use-after-free vulnerability. If a victim were tricked into opening a specially crafted VCF File, an attacker could cause VCFtools to leak sensitive information or possibly execute arbitrary code. (CVE-2019-1010127) Update Instructions: Run `sudo pro fix USN-4835-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vcftools - 0.1.15-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-11099 CVE-2018-11129 CVE-2018-11130 CVE-2019-1010127 Ubuntu 18.04 LTS It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access. Update Instructions: Run `sudo pro fix USN-4836-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-symfony-framework-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security-core - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-ldap - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-browser-kit - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-filesystem - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-twig-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-web-profiler-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-asset - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security-http - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-phpunit-bridge - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-yaml - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-web-server-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-http-kernel - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-templating - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-property-access - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-doctrine-bridge - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-intl - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-twig-bridge - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security-guard - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-process - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-serializer - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-class-loader - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-debug-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-css-selector - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-expression-language - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-var-dumper - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-property-info - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-routing - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security-bundle - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-finder - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-lock - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-validator - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-debug - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-inflector - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-form - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-cache - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-monolog-bridge - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-workflow - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-dependency-injection - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-security-csrf - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-proxy-manager-bridge - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-http-foundation - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-event-dispatcher - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-options-resolver - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-dotenv - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-web-link - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-translation - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-dom-crawler - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-stopwatch - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-config - 3.4.6+dfsg-1ubuntu0.1+esm1 php-symfony-console - 3.4.6+dfsg-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-11407 Ubuntu 18.04 LTS It was discovered that LibSass incorrectly handled certain specially crafted sass file. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-4837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsass0 - 3.4.8-1ubuntu0.1~esm1 libsass-dev - 3.4.8-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-11499 CVE-2018-11693 CVE-2018-11695 CVE-2018-11696 CVE-2018-11697 CVE-2018-11698 CVE-2018-19797 CVE-2018-19827 CVE-2018-19839 CVE-2018-20190 CVE-2019-6283 CVE-2019-6284 CVE-2019-6286 Ubuntu 18.04 LTS It was discovered that Singularity incorrectly handled certain inputs. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-19295) It was discovered that Singularity incorrectly handled access control. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-12021) Update Instructions: Run `sudo pro fix USN-4840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: singularity-container - 2.4.2-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-12021 CVE-2018-19295 Ubuntu 18.04 LTS It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session. Update Instructions: Run `sudo pro fix USN-4842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntopng - 3.2+dfsg1-1ubuntu0.1~esm2 ntopng-data - 3.2+dfsg1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-12520 Ubuntu 18.04 LTS Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM. (CVE-2014-9218) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of database names in the PHP Array export feature. An authenticated attacker could use this vulnerability to run arbitrary PHP commands. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6609) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6619) Emanuel Bronshtein discovered that phpMyadmin failed to properly sanitize input. An authenticated attacker could use this vulnerability to cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-6630) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to bypass AllowRoot restrictions and deny rules for usernames. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9849) Emanuel Bronshtein discovered that phpMyAdmin would allow sensitive information to be leaked when the argument separator in a URL was not the default & value. An attacker could use this vulnerability to obtain the CSRF token of a user. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2016-9866) Isaac Bennetch discovered that phpMyAdmin was incorrectly restricting user access due to the behavior of the substr function on some PHP versions. An attacker could use this vulnerability to bypass login restrictions established for users that have no password set. This issue only affected Ubuntu 14.04 ESM. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-18264) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input in the form of parameters sent during a table editing operation. An attacker could use this vulnerability to trigger an endless recursion and cause a denial-of-service (DoS). This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000014) Emanuel Bronshtein discovered that phpMyAdmin failed to properly sanitize input used to generate a web page. An authenticated attacker could use this vulnerability to execute CSS injection attacks. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-1000015) It was discovered that phpMyAdmin incorrectly handled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-7260) It was discovered phpMyAdmin incorrectly handled database names. An attacker could possibly use this to trigger a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-12581) Daniel Le Gall discovered that phpMyAdmin would expose sensitive information to unauthorized actors due to an error in its transformation feature. An authenticated attacker could use this vulnerability to leak the contents of a local file. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this to perform a cross-site scripting attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19970) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-11768) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-12616) It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a cross site request forgery attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-12922) It was discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-6798) It was discovered that phpMyAdmin did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection or a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-19617) CSW Research Labs discovered that phpMyAdmin failed to properly sanitize input. An attacker could use this vulnerability to execute SQL injection attacks. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-5504) Giwan Go and Yelang Lee discovered that phpMyAdmin was vulnerable to an XSS attack in the transformation feature. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26934) Andre Sá discovered that phpMyAdmin incorrectly handled certain SQL statements in the search feature. A remote, authenticated attacker could use this to inject malicious SQL into a query. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-26935) Update Instructions: Run `sudo pro fix USN-4843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpmyadmin - 4:4.6.6-5ubuntu0.5+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-9218 CVE-2016-6609 CVE-2016-6619 CVE-2016-6630 CVE-2016-9849 CVE-2016-9866 CVE-2017-18264 CVE-2017-1000014 CVE-2017-1000015 CVE-2018-7260 CVE-2018-12581 CVE-2018-19968 CVE-2018-19970 CVE-2019-6798 CVE-2019-11768 CVE-2019-12616 CVE-2019-12922 CVE-2019-19617 CVE-2020-5504 CVE-2020-26934 CVE-2020-26935 Ubuntu 18.04 LTS Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root. Update Instructions: Run `sudo pro fix USN-4844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cinnamon-common - 3.6.7-8ubuntu1+esm1 cinnamon-doc - 3.6.7-8ubuntu1+esm1 cinnamon - 3.6.7-8ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-13054 Ubuntu 18.04 LTS It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcgroup-dev - 0.41-8ubuntu2+esm1 libpam-cgroup - 0.41-8ubuntu2+esm1 libcgroup1 - 0.41-8ubuntu2+esm1 cgroup-tools - 0.41-8ubuntu2+esm1 cgroup-bin - 0.41-8ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-14348 Ubuntu 18.04 LTS It was discovered that ACME mini_httpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files. Update Instructions: Run `sudo pro fix USN-4848-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mini-httpd - 1.23-1.2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-18778 Ubuntu 18.04 LTS It was discovered that Libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause Libsolv to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4851-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-solv - 0.6.30-1ubuntu0.1~esm1 libsolvext0-dev - 0.6.30-1ubuntu0.1~esm1 libsolvext0 - 0.6.30-1ubuntu0.1~esm1 libsolv-doc - 0.6.30-1ubuntu0.1~esm1 libsolv-tools - 0.6.30-1ubuntu0.1~esm1 python-solv - 0.6.30-1ubuntu0.1~esm1 libsolv-perl - 0.6.30-1ubuntu0.1~esm1 libsolv0 - 0.6.30-1ubuntu0.1~esm1 libsolv0-dev - 0.6.30-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Ubuntu 18.04 LTS It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-4013) It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-6256) It was discovered that liveMedia incorrectly handled certain RTSP streamings. An attacker could possiby use this issue to cause a denial of service or other unspecified impact. (CVE-2019-7314) It was discovered that liveMedia incorrectly handled certain requests. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9215) Update Instructions: Run `sudo pro fix USN-4853-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblivemedia62 - 2018.02.18-1ubuntu0.1~esm1 liblivemedia-dev - 2018.02.18-1ubuntu0.1~esm1 libusageenvironment3 - 2018.02.18-1ubuntu0.1~esm1 livemedia-utils - 2018.02.18-1ubuntu0.1~esm1 libgroupsock8 - 2018.02.18-1ubuntu0.1~esm1 libbasicusageenvironment1 - 2018.02.18-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-4013 CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 Ubuntu 18.04 LTS Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions. Update Instructions: Run `sudo pro fix USN-4854-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-asyncssh-doc - 1.11.1-1ubuntu0.1~esm1 python3-asyncssh - 1.11.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2018-7749 Ubuntu 18.04 LTS Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4856-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-credential-helpers-dev - 0.5.0-2ubuntu0.1+esm1 golang-docker-credential-helpers - 0.5.0-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2019-1020014 Ubuntu 18.04 LTS It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. (CVE-2019-11065) It was discovered that the PGP signing plugin in Gradle relied on the insecure SHA-1 algorithm. An attacker could possibly use this issue to conduct spoofing attacks. (CVE-2019-16370) Update Instructions: Run `sudo pro fix USN-4858-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgradle-core-java - 4.4.1-5ubuntu2~18.04+esm1 libgradle-plugins-java - 4.4.1-5ubuntu2~18.04+esm1 gradle-doc - 4.4.1-5ubuntu2~18.04+esm1 gradle - 4.4.1-5ubuntu2~18.04+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-11065 CVE-2019-16370 Ubuntu 18.04 LTS Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to potentially leak sensitive information. (CVE-2019-11455) Update Instructions: Run `sudo pro fix USN-4860-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.25.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-11454 CVE-2019-11455 Ubuntu 18.04 LTS It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neovim - 0.2.2-3ubuntu0.1~esm1 neovim-runtime - 0.2.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12735 Ubuntu 18.04 LTS It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518) Update Instructions: Run `sudo pro fix USN-4866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-java - 1:4.1.7-4ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 Ubuntu 18.04 LTS It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information. Update Instructions: Run `sudo pro fix USN-4868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtomcrypt-dev - 1.18.1-1ubuntu0.1+esm1 libtomcrypt1 - 1.18.1-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17362 Ubuntu 18.04 LTS It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information. Update Instructions: Run `sudo pro fix USN-4869-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aria2 - 1.33.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-3500 Ubuntu 18.04 LTS It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution. Update Instructions: Run `sudo pro fix USN-4870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-bundler - 1.16.1-1ubuntu0.1~esm1 bundler - 1.16.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-3881 Ubuntu 18.04 LTS It was discovered that Axel did not properly verify the certificates for hostnames. An attacker could use this vulnerability to impersonate another server and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-4872-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: axel - 2.16.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13614 Ubuntu 18.04 LTS It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant. Update Instructions: Run `sudo pro fix USN-4874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ant - 1.10.5-3~18.04.1~esm1 ant-doc - 1.10.5-3~18.04.1~esm1 ant-optional - 1.10.5-3~18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-1945 Ubuntu 18.04 LTS It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4877-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1013-dell300x - 4.15.0-1013.17 No subscription required linux-image-4.15.0-1066-oracle - 4.15.0-1066.74 No subscription required linux-image-4.15.0-1080-raspi2 - 4.15.0-1080.85 No subscription required linux-image-4.15.0-1086-kvm - 4.15.0-1086.88 No subscription required linux-image-4.15.0-1094-gcp - 4.15.0-1094.107 No subscription required linux-image-4.15.0-1095-aws - 4.15.0-1095.102 No subscription required linux-image-4.15.0-1097-snapdragon - 4.15.0-1097.106 No subscription required linux-image-4.15.0-1109-azure - 4.15.0-1109.121 No subscription required linux-image-4.15.0-137-lowlatency - 4.15.0-137.141 linux-image-4.15.0-137-generic - 4.15.0-137.141 linux-image-4.15.0-137-generic-lpae - 4.15.0-137.141 No subscription required linux-image-dell300x - 4.15.0.1013.15 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1066.76 No subscription required linux-image-raspi2 - 4.15.0.1080.77 No subscription required linux-image-kvm - 4.15.0.1086.82 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1094.112 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1095.98 No subscription required linux-image-snapdragon - 4.15.0.1097.100 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1109.82 No subscription required linux-image-generic-hwe-16.04 - 4.15.0.137.124 linux-image-generic-hwe-16.04-edge - 4.15.0.137.124 linux-image-generic-lpae-hwe-16.04 - 4.15.0.137.124 linux-image-virtual - 4.15.0.137.124 linux-image-virtual-hwe-16.04-edge - 4.15.0.137.124 linux-image-virtual-hwe-16.04 - 4.15.0.137.124 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.137.124 linux-image-generic - 4.15.0.137.124 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.137.124 linux-image-generic-lpae - 4.15.0.137.124 linux-image-lowlatency-hwe-16.04 - 4.15.0.137.124 linux-image-lowlatency - 4.15.0.137.124 No subscription required Medium CVE-2020-36158 CVE-2021-3178 Ubuntu 18.04 LTS It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-36158) Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. (CVE-2021-20239) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. (CVE-2021-3178) Update Instructions: Run `sudo pro fix USN-4878-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1011-gkeop - 5.4.0-1011.12~18.04.2 No subscription required linux-image-5.4.0-1030-raspi - 5.4.0-1030.33~18.04.1 No subscription required linux-image-5.4.0-1037-gke - 5.4.0-1037.39~18.04.1 No subscription required linux-image-5.4.0-1038-gcp - 5.4.0-1038.41~18.04.1 No subscription required linux-image-5.4.0-1039-aws - 5.4.0-1039.41~18.04.1 No subscription required linux-image-5.4.0-1039-oracle - 5.4.0-1039.42~18.04.1 No subscription required linux-image-5.4.0-1041-azure - 5.4.0-1041.43~18.04.1 No subscription required linux-image-5.4.0-67-lowlatency - 5.4.0-67.75~18.04.1 linux-image-5.4.0-67-generic - 5.4.0-67.75~18.04.1 linux-image-5.4.0-67-generic-lpae - 5.4.0-67.75~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1011.12~18.04.12 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1030.33 linux-image-raspi-hwe-18.04 - 5.4.0.1030.33 No subscription required linux-image-gke-5.4 - 5.4.0.1037.39~18.04.5 No subscription required linux-image-gcp-edge - 5.4.0.1038.25 linux-image-gcp - 5.4.0.1038.25 No subscription required linux-image-aws - 5.4.0.1039.23 linux-image-aws-edge - 5.4.0.1039.23 No subscription required linux-image-oracle - 5.4.0.1039.42~18.04.22 linux-image-oracle-edge - 5.4.0.1039.42~18.04.22 No subscription required linux-image-azure - 5.4.0.1041.21 linux-image-azure-edge - 5.4.0.1041.21 No subscription required linux-image-oem-osp1 - 5.4.0.67.75~18.04.62 linux-image-generic-hwe-18.04 - 5.4.0.67.75~18.04.62 linux-image-snapdragon-hwe-18.04 - 5.4.0.67.75~18.04.62 linux-image-generic-lpae-hwe-18.04 - 5.4.0.67.75~18.04.62 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.67.75~18.04.62 linux-image-virtual-hwe-18.04 - 5.4.0.67.75~18.04.62 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.67.75~18.04.62 linux-image-oem - 5.4.0.67.75~18.04.62 linux-image-generic-hwe-18.04-edge - 5.4.0.67.75~18.04.62 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.67.75~18.04.62 linux-image-lowlatency-hwe-18.04 - 5.4.0.67.75~18.04.62 linux-image-virtual-hwe-18.04-edge - 5.4.0.67.75~18.04.62 No subscription required Medium CVE-2020-36158 CVE-2021-20239 CVE-2021-3178 CVE-2021-3347 Ubuntu 18.04 LTS It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10663) It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-10933) It was discovered that Ruby incorrectly handled certain transfer-encoding headers when using Webrick. A remote attacker could possibly use this issue to bypass a reverse proxy. (CVE-2020-25613) Update Instructions: Run `sudo pro fix USN-4882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.8 ruby2.5 - 2.5.1-1ubuntu1.8 ruby2.5-doc - 2.5.1-1ubuntu1.8 libruby2.5 - 2.5.1-1ubuntu1.8 No subscription required Medium CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 Ubuntu 18.04 LTS Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update Instructions: Run `sudo pro fix USN-4883-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1067-oracle - 4.15.0-1067.75 No subscription required linux-image-4.15.0-1081-raspi2 - 4.15.0-1081.86 No subscription required linux-image-4.15.0-1087-kvm - 4.15.0-1087.89 No subscription required linux-image-4.15.0-1095-gcp - 4.15.0-1095.108 No subscription required linux-image-4.15.0-1096-aws - 4.15.0-1096.103 No subscription required linux-image-4.15.0-1098-snapdragon - 4.15.0-1098.107 No subscription required linux-image-4.15.0-1110-azure - 4.15.0-1110.122 No subscription required linux-image-4.15.0-139-lowlatency - 4.15.0-139.143 linux-image-4.15.0-139-generic - 4.15.0-139.143 linux-image-4.15.0-139-generic-lpae - 4.15.0-139.143 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1067.77 No subscription required linux-image-raspi2 - 4.15.0.1081.78 No subscription required linux-image-kvm - 4.15.0.1087.83 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1095.113 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1096.99 No subscription required linux-image-snapdragon - 4.15.0.1098.101 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1110.83 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.139.126 linux-image-lowlatency-hwe-16.04 - 4.15.0.139.126 linux-image-virtual - 4.15.0.139.126 linux-image-generic-lpae-hwe-16.04 - 4.15.0.139.126 linux-image-virtual-hwe-16.04 - 4.15.0.139.126 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.139.126 linux-image-generic - 4.15.0.139.126 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.139.126 linux-image-generic-lpae - 4.15.0.139.126 linux-image-generic-hwe-16.04 - 4.15.0.139.126 linux-image-lowlatency - 4.15.0.139.126 linux-image-generic-hwe-16.04-edge - 4.15.0.139.126 No subscription required High CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 Ubuntu 18.04 LTS It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially crafted SML file, a remote attacker could cause Pygments to hang, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4885-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pygments-doc - 2.2.0+dfsg-1ubuntu0.1 python3-pygments - 2.2.0+dfsg-1ubuntu0.1 python-pygments - 2.2.0+dfsg-1ubuntu0.1 No subscription required Medium CVE-2021-20270 Ubuntu 18.04 LTS It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275) It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-20212, CVE-2021-20276) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20211) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20214) Update Instructions: Run `sudo pro fix USN-4886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: privoxy - 3.0.26-5ubuntu0.1 No subscription required Medium CVE-2020-35502 CVE-2021-20209 CVE-2021-20210 CVE-2021-20211 CVE-2021-20212 CVE-2021-20213 CVE-2021-20214 CVE-2021-20215 CVE-2021-20216 CVE-2021-20217 CVE-2021-20272 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276 Ubuntu 18.04 LTS De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444) Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update Instructions: Run `sudo pro fix USN-4887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1038-raspi2 - 5.3.0-1038.40 No subscription required linux-image-5.3.0-1041-gke - 5.3.0-1041.44 No subscription required linux-image-5.3.0-72-lowlatency - 5.3.0-72.68 linux-image-5.3.0-72-generic - 5.3.0-72.68 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1038.27 No subscription required linux-image-gke-5.3 - 5.3.0.1041.24 No subscription required linux-image-gkeop-5.3 - 5.3.0.72.129 No subscription required linux-image-5.4.0-1012-gkeop - 5.4.0-1012.13~18.04.1 No subscription required linux-image-5.4.0-1032-raspi - 5.4.0-1032.35~18.04.1 No subscription required linux-image-5.4.0-1039-gke - 5.4.0-1039.41~18.04.1 No subscription required linux-image-5.4.0-1040-gcp - 5.4.0-1040.43~18.04.1 No subscription required linux-image-5.4.0-1041-aws - 5.4.0-1041.43~18.04.1 No subscription required linux-image-5.4.0-1041-oracle - 5.4.0-1041.44~18.04.1 No subscription required linux-image-5.4.0-1043-azure - 5.4.0-1043.45~18.04.1 No subscription required linux-image-5.4.0-70-generic - 5.4.0-70.78~18.04.1 linux-image-5.4.0-70-generic-lpae - 5.4.0-70.78~18.04.1 linux-image-5.4.0-70-lowlatency - 5.4.0-70.78~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1012.13~18.04.13 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1032.34 linux-image-raspi-hwe-18.04 - 5.4.0.1032.34 No subscription required linux-image-gke-5.4 - 5.4.0.1039.41~18.04.6 No subscription required linux-image-gcp-edge - 5.4.0.1040.27 linux-image-gcp - 5.4.0.1040.27 No subscription required linux-image-aws - 5.4.0.1041.24 linux-image-aws-edge - 5.4.0.1041.24 No subscription required linux-image-oracle - 5.4.0.1041.44~18.04.23 linux-image-oracle-edge - 5.4.0.1041.44~18.04.23 No subscription required linux-image-azure - 5.4.0.1043.23 linux-image-azure-edge - 5.4.0.1043.23 No subscription required linux-image-oem-osp1 - 5.4.0.70.78~18.04.63 linux-image-generic-hwe-18.04 - 5.4.0.70.78~18.04.63 linux-image-snapdragon-hwe-18.04 - 5.4.0.70.78~18.04.63 linux-image-generic-lpae-hwe-18.04 - 5.4.0.70.78~18.04.63 linux-image-virtual-hwe-18.04 - 5.4.0.70.78~18.04.63 linux-image-lowlatency-hwe-18.04 - 5.4.0.70.78~18.04.63 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.70.78~18.04.63 linux-image-oem - 5.4.0.70.78~18.04.63 linux-image-generic-hwe-18.04-edge - 5.4.0.70.78~18.04.63 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.70.78~18.04.63 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.70.78~18.04.63 linux-image-virtual-hwe-18.04-edge - 5.4.0.70.78~18.04.63 No subscription required High CVE-2020-27170 CVE-2020-27171 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-3444 Ubuntu 18.04 LTS Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. (CVE-2021-20277) Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-27840) Update Instructions: Run `sudo pro fix USN-4888-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldb-tools - 2:1.2.3-1ubuntu0.2 python-ldb-dev - 2:1.2.3-1ubuntu0.2 python-ldb - 2:1.2.3-1ubuntu0.2 libldb1 - 2:1.2.3-1ubuntu0.2 libldb-dev - 2:1.2.3-1ubuntu0.2 No subscription required High CVE-2020-27840 CVE-2021-20277 Ubuntu 18.04 LTS Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Update Instructions: Run `sudo pro fix USN-4890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1015-dell300x - 4.15.0-1015.19 No subscription required linux-image-4.15.0-1068-oracle - 4.15.0-1068.76 No subscription required linux-image-4.15.0-1082-raspi2 - 4.15.0-1082.87 No subscription required linux-image-4.15.0-1088-kvm - 4.15.0-1088.90 No subscription required linux-image-4.15.0-1096-gcp - 4.15.0-1096.109 No subscription required linux-image-4.15.0-1097-aws - 4.15.0-1097.104 No subscription required linux-image-4.15.0-1099-snapdragon - 4.15.0-1099.108 No subscription required linux-image-4.15.0-1111-azure - 4.15.0-1111.123 No subscription required linux-image-4.15.0-140-generic - 4.15.0-140.144 linux-image-4.15.0-140-generic-lpae - 4.15.0-140.144 linux-image-4.15.0-140-lowlatency - 4.15.0-140.144 No subscription required linux-image-dell300x - 4.15.0.1015.17 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1068.78 No subscription required linux-image-raspi2 - 4.15.0.1082.79 No subscription required linux-image-kvm - 4.15.0.1088.84 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1096.114 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1097.100 No subscription required linux-image-snapdragon - 4.15.0.1099.102 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1111.84 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.140.127 linux-image-generic-hwe-16.04 - 4.15.0.140.127 linux-image-generic-hwe-16.04-edge - 4.15.0.140.127 linux-image-generic-lpae-hwe-16.04 - 4.15.0.140.127 linux-image-virtual - 4.15.0.140.127 linux-image-virtual-hwe-16.04 - 4.15.0.140.127 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.140.127 linux-image-generic - 4.15.0.140.127 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.140.127 linux-image-generic-lpae - 4.15.0.140.127 linux-image-lowlatency-hwe-16.04 - 4.15.0.140.127 linux-image-lowlatency - 4.15.0.140.127 No subscription required High CVE-2020-27170 CVE-2020-27171 Ubuntu 18.04 LTS It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4891-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcrypto1.1-udeb - 1.1.1-1ubuntu2.1~18.04.9 libssl-dev - 1.1.1-1ubuntu2.1~18.04.9 openssl - 1.1.1-1ubuntu2.1~18.04.9 libssl-doc - 1.1.1-1ubuntu2.1~18.04.9 libssl1.1-udeb - 1.1.1-1ubuntu2.1~18.04.9 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.9 No subscription required High CVE-2021-3449 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly verified Jar signatures. An attacker could possibly use this issue to bypass intended security restrictions when using Jar files signed with a disabled algorithm. Update Instructions: Run `sudo pro fix USN-4892-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.11+9-0ubuntu2~18.04 openjdk-11-jre-zero - 11.0.11+9-0ubuntu2~18.04 openjdk-11-doc - 11.0.11+9-0ubuntu2~18.04 openjdk-11-jre-headless - 11.0.11+9-0ubuntu2~18.04 openjdk-11-jdk - 11.0.11+9-0ubuntu2~18.04 openjdk-11-jdk-headless - 11.0.11+9-0ubuntu2~18.04 openjdk-11-jre - 11.0.11+9-0ubuntu2~18.04 openjdk-11-demo - 11.0.11+9-0ubuntu2~18.04 No subscription required openjdk-8-source - 8u292-b10-0ubuntu1~18.04 openjdk-8-doc - 8u292-b10-0ubuntu1~18.04 openjdk-8-jdk - 8u292-b10-0ubuntu1~18.04 openjdk-8-jre-headless - 8u292-b10-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u292-b10-0ubuntu1~18.04 openjdk-8-jre - 8u292-b10-0ubuntu1~18.04 openjdk-8-jre-zero - 8u292-b10-0ubuntu1~18.04 openjdk-8-demo - 8u292-b10-0ubuntu1~18.04 No subscription required Medium CVE-2021-2163 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23987, CVE-2021-23988) It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. (CVE-2021-23984) It was discovered that the DevTools remote debugging feature could be enabled without an indication to the user. If a local attacker could modify the browser configuration, a remote attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23985) It was discovered that extensions could read the response of cross origin requests in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2021-23986) Update Instructions: Run `sudo pro fix USN-4893-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-nn - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ne - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-nb - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-fa - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-fi - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-fr - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-fy - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-or - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-kab - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-oc - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-cs - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ga - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-gd - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-gn - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-gl - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-gu - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-pa - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-pl - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-cy - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-pt - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-szl - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-hi - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-uk - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-he - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-hy - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-hr - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-hu - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-as - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ar - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ia - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-az - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-id - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-mai - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-af - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-is - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-it - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-an - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-bs - 87.0+build3-0ubuntu0.18.04.2 firefox - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ro - 87.0+build3-0ubuntu0.18.04.2 firefox-geckodriver - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ja - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ru - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-br - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-zh-hant - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-zh-hans - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-bn - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-be - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-bg - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sl - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sk - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-si - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sw - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sv - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sr - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-sq - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ko - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-kn - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-km - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-kk - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ka - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-xh - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ca - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ku - 87.0+build3-0ubuntu0.18.04.2 firefox-mozsymbols - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-lv - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-lt - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-th - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-hsb - 87.0+build3-0ubuntu0.18.04.2 firefox-dev - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-te - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-cak - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ta - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-lg - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-csb - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-tr - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-nso - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-de - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-da - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ms - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-mr - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-my - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-uz - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ml - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-mn - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-mk - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ur - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-eu - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-et - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-es - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-vi - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-el - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-eo - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-en - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-zu - 87.0+build3-0ubuntu0.18.04.2 firefox-locale-ast - 87.0+build3-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-23981 CVE-2021-23982 CVE-2021-23983 CVE-2021-23984 CVE-2021-23985 CVE-2021-23986 CVE-2021-23987 CVE-2021-23988 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4894-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.30.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.30.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.30.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.30.6-0ubuntu0.18.04.1 webkit2gtk-driver - 2.30.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.30.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.30.6-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.30.6-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.30.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.30.6-0ubuntu0.18.04.1 No subscription required Medium CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 Ubuntu 18.04 LTS Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15049) Jianjun Chen discovered that Squid incorrectly validated certain input. A remote attacker could use this issue to perform HTTP Request Smuggling and possibly access services forbidden by the security controls. (CVE-2020-25097) Update Instructions: Run `sudo pro fix USN-4895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.10 squid - 3.5.27-1ubuntu1.10 squid-cgi - 3.5.27-1ubuntu1.10 squid-purge - 3.5.27-1ubuntu1.10 squidclient - 3.5.27-1ubuntu1.10 squid3 - 3.5.27-1ubuntu1.10 No subscription required Medium CVE-2020-15049 CVE-2020-25097 Ubuntu 18.04 LTS It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-4896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 4.2.1-1ubuntu0.4 python-lxml - 4.2.1-1ubuntu0.4 python-lxml-doc - 4.2.1-1ubuntu0.4 No subscription required Medium CVE-2021-28957 Ubuntu 18.04 LTS Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pygments-doc - 2.2.0+dfsg-1ubuntu0.2 python3-pygments - 2.2.0+dfsg-1ubuntu0.2 python-pygments - 2.2.0+dfsg-1ubuntu0.2 No subscription required Medium CVE-2021-27291 Ubuntu 18.04 LTS Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876) Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890) Update Instructions: Run `sudo pro fix USN-4898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.13 libcurl4-openssl-dev - 7.58.0-2ubuntu3.13 libcurl3-gnutls - 7.58.0-2ubuntu3.13 libcurl4-doc - 7.58.0-2ubuntu3.13 libcurl3-nss - 7.58.0-2ubuntu3.13 libcurl4-nss-dev - 7.58.0-2ubuntu3.13 libcurl4 - 7.58.0-2ubuntu3.13 curl - 7.58.0-2ubuntu3.13 No subscription required Medium CVE-2021-22876 CVE-2021-22890 Ubuntu 18.04 LTS Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Update Instructions: Run `sudo pro fix USN-4899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spamassassin - 3.4.2-0ubuntu0.18.04.5 sa-compile - 3.4.2-0ubuntu0.18.04.5 spamc - 3.4.2-0ubuntu0.18.04.5 No subscription required Medium CVE-2020-1946 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.6 openexr - 2.2.0-11.1ubuntu1.6 libopenexr22 - 2.2.0-11.1ubuntu1.6 openexr-doc - 2.2.0-11.1ubuntu1.6 No subscription required Medium CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 Ubuntu 18.04 LTS Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Update Instructions: Run `sudo pro fix USN-4902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.12 python-django-doc - 1:1.11.11-1ubuntu1.12 python-django-common - 1:1.11.11-1ubuntu1.12 python-django - 1:1.11.11-1ubuntu1.12 No subscription required Low CVE-2021-28658 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4905-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.9 xmir - 2:1.19.6-1ubuntu4.9 xwayland - 2:1.19.6-1ubuntu4.9 xorg-server-source - 2:1.19.6-1ubuntu4.9 xdmx - 2:1.19.6-1ubuntu4.9 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.9 xserver-xorg-dev - 2:1.19.6-1ubuntu4.9 xvfb - 2:1.19.6-1ubuntu4.9 xnest - 2:1.19.6-1ubuntu4.9 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.9 xserver-common - 2:1.19.6-1ubuntu4.9 xserver-xephyr - 2:1.19.6-1ubuntu4.9 xserver-xorg-core-udeb - 2:1.19.6-1ubuntu4.9 xdmx-tools - 2:1.19.6-1ubuntu4.9 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.5 No subscription required Medium CVE-2021-3472 Ubuntu 18.04 LTS It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures. Update Instructions: Run `sudo pro fix USN-4906-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 3.4-1ubuntu0.1 libnettle6 - 3.4-1ubuntu0.1 libhogweed4 - 3.4-1ubuntu0.1 nettle-dev - 3.4-1ubuntu0.1 No subscription required Medium CVE-2021-20305 Ubuntu 18.04 LTS Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3347) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348) Update Instructions: Run `sudo pro fix USN-4907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1016-dell300x - 4.15.0-1016.20 No subscription required linux-image-4.15.0-1069-oracle - 4.15.0-1069.77 No subscription required linux-image-4.15.0-1083-raspi2 - 4.15.0-1083.88 No subscription required linux-image-4.15.0-1089-kvm - 4.15.0-1089.91 No subscription required linux-image-4.15.0-1097-gcp - 4.15.0-1097.110 No subscription required linux-image-4.15.0-1098-aws - 4.15.0-1098.105 No subscription required linux-image-4.15.0-1100-snapdragon - 4.15.0-1100.109 No subscription required linux-image-4.15.0-1112-azure - 4.15.0-1112.125 No subscription required linux-image-4.15.0-141-lowlatency - 4.15.0-141.145 linux-image-4.15.0-141-generic-lpae - 4.15.0-141.145 linux-image-4.15.0-141-generic - 4.15.0-141.145 No subscription required linux-image-dell300x - 4.15.0.1016.18 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1069.79 No subscription required linux-image-raspi2 - 4.15.0.1083.80 No subscription required linux-image-kvm - 4.15.0.1089.85 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1097.115 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1098.101 No subscription required linux-image-snapdragon - 4.15.0.1100.103 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1112.85 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.141.128 linux-image-generic-hwe-16.04 - 4.15.0.141.128 linux-image-generic-hwe-16.04-edge - 4.15.0.141.128 linux-image-generic-lpae-hwe-16.04 - 4.15.0.141.128 linux-image-virtual - 4.15.0.141.128 linux-image-virtual-hwe-16.04 - 4.15.0.141.128 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.141.128 linux-image-generic - 4.15.0.141.128 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.141.128 linux-image-generic-lpae - 4.15.0.141.128 linux-image-lowlatency-hwe-16.04 - 4.15.0.141.128 linux-image-lowlatency - 4.15.0.141.128 No subscription required Medium CVE-2018-13095 CVE-2021-3347 CVE-2021-3348 Ubuntu 18.04 LTS Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-20194) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3348) Update Instructions: Run `sudo pro fix USN-4909-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1013-gkeop - 5.4.0-1013.14~18.04.1 No subscription required linux-image-5.4.0-1033-raspi - 5.4.0-1033.36~18.04.1 No subscription required linux-image-5.4.0-1040-gke - 5.4.0-1040.42~18.04.1 No subscription required linux-image-5.4.0-1041-gcp - 5.4.0-1041.44~18.04.1 No subscription required linux-image-5.4.0-1042-oracle - 5.4.0-1042.45~18.04.1 No subscription required linux-image-5.4.0-1043-aws - 5.4.0-1043.45~18.04.1 No subscription required linux-image-5.4.0-1044-azure - 5.4.0-1044.46~18.04.1 No subscription required linux-image-5.4.0-71-generic - 5.4.0-71.79~18.04.1 linux-image-5.4.0-71-lowlatency - 5.4.0-71.79~18.04.1 linux-image-5.4.0-71-generic-lpae - 5.4.0-71.79~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1013.14~18.04.14 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1033.35 linux-image-raspi-hwe-18.04 - 5.4.0.1033.35 No subscription required linux-image-gke-5.4 - 5.4.0.1040.42~18.04.7 No subscription required linux-image-gcp-edge - 5.4.0.1041.28 linux-image-gcp - 5.4.0.1041.28 No subscription required linux-image-oracle - 5.4.0.1042.45~18.04.24 linux-image-oracle-edge - 5.4.0.1042.45~18.04.24 No subscription required linux-image-aws-edge - 5.4.0.1043.26 linux-image-aws - 5.4.0.1043.26 No subscription required linux-image-azure - 5.4.0.1044.24 linux-image-azure-edge - 5.4.0.1044.24 No subscription required linux-image-oem-osp1 - 5.4.0.71.79~18.04.64 linux-image-generic-hwe-18.04 - 5.4.0.71.79~18.04.64 linux-image-snapdragon-hwe-18.04 - 5.4.0.71.79~18.04.64 linux-image-generic-lpae-hwe-18.04 - 5.4.0.71.79~18.04.64 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.71.79~18.04.64 linux-image-lowlatency-hwe-18.04 - 5.4.0.71.79~18.04.64 linux-image-virtual-hwe-18.04 - 5.4.0.71.79~18.04.64 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.71.79~18.04.64 linux-image-oem - 5.4.0.71.79~18.04.64 linux-image-generic-hwe-18.04-edge - 5.4.0.71.79~18.04.64 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.71.79~18.04.64 linux-image-virtual-hwe-18.04-edge - 5.4.0.71.79~18.04.64 No subscription required Medium CVE-2021-20194 CVE-2021-26930 CVE-2021-26931 CVE-2021-3348 Ubuntu 18.04 LTS It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. Update Instructions: Run `sudo pro fix USN-4913-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-underscore - 1.8.3~dfsg-1ubuntu0.1 node-underscore - 1.8.3~dfsg-1ubuntu0.1 No subscription required Medium CVE-2021-23358 Ubuntu 18.04 LTS It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1017-dell300x - 4.15.0-1017.21 No subscription required linux-image-4.15.0-1070-oracle - 4.15.0-1070.78 No subscription required linux-image-4.15.0-1084-raspi2 - 4.15.0-1084.89 No subscription required linux-image-4.15.0-1090-kvm - 4.15.0-1090.92 No subscription required linux-image-4.15.0-1098-gcp - 4.15.0-1098.111 No subscription required linux-image-4.15.0-1099-aws - 4.15.0-1099.106 No subscription required linux-image-4.15.0-1101-snapdragon - 4.15.0-1101.110 No subscription required linux-image-4.15.0-1113-azure - 4.15.0-1113.126 No subscription required linux-image-4.15.0-142-generic - 4.15.0-142.146 linux-image-4.15.0-142-generic-lpae - 4.15.0-142.146 linux-image-4.15.0-142-lowlatency - 4.15.0-142.146 No subscription required linux-image-dell300x - 4.15.0.1017.19 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1070.80 No subscription required linux-image-raspi2 - 4.15.0.1084.81 No subscription required linux-image-kvm - 4.15.0.1090.86 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1098.116 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1099.102 No subscription required linux-image-snapdragon - 4.15.0.1101.104 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1113.86 No subscription required linux-image-virtual - 4.15.0.142.129 linux-image-virtual-hwe-16.04-edge - 4.15.0.142.129 linux-image-generic-hwe-16.04 - 4.15.0.142.129 linux-image-generic-hwe-16.04-edge - 4.15.0.142.129 linux-image-generic-lpae-hwe-16.04 - 4.15.0.142.129 linux-image-virtual-hwe-16.04 - 4.15.0.142.129 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.142.129 linux-image-generic - 4.15.0.142.129 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.142.129 linux-image-generic-lpae - 4.15.0.142.129 linux-image-lowlatency-hwe-16.04 - 4.15.0.142.129 linux-image-lowlatency - 4.15.0.142.129 No subscription required High CVE-2021-29154 CVE-2021-3493 Ubuntu 18.04 LTS USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4916-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1040-raspi2 - 5.3.0-1040.42 No subscription required linux-image-5.3.0-1043-gke - 5.3.0-1043.46 No subscription required linux-image-5.3.0-74-lowlatency - 5.3.0-74.70 linux-image-5.3.0-74-generic - 5.3.0-74.70 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1040.29 No subscription required linux-image-gke-5.3 - 5.3.0.1043.26 No subscription required linux-image-gkeop-5.3 - 5.3.0.74.131 No subscription required None https://launchpad.net/bugs/1924611 Ubuntu 18.04 LTS It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. (CVE-2021-3493) Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. (CVE-2021-3492) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29154) Update Instructions: Run `sudo pro fix USN-4917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1039-raspi2 - 5.3.0-1039.41 No subscription required linux-image-5.3.0-1042-gke - 5.3.0-1042.45 No subscription required linux-image-5.3.0-73-generic - 5.3.0-73.69 linux-image-5.3.0-73-lowlatency - 5.3.0-73.69 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1039.28 No subscription required linux-image-gke-5.3 - 5.3.0.1042.25 No subscription required linux-image-gkeop-5.3 - 5.3.0.73.130 No subscription required linux-image-5.4.0-1014-gkeop - 5.4.0-1014.15~18.04.1 No subscription required linux-image-5.4.0-1034-raspi - 5.4.0-1034.37~18.04.1 No subscription required linux-image-5.4.0-1042-gke - 5.4.0-1042.44~18.04.1 No subscription required linux-image-5.4.0-1042-gcp - 5.4.0-1042.45~18.04.1 No subscription required linux-image-5.4.0-1043-oracle - 5.4.0-1043.46~18.04.1 No subscription required linux-image-5.4.0-1045-aws - 5.4.0-1045.47~18.04.1 No subscription required linux-image-5.4.0-1046-azure - 5.4.0-1046.48~18.04.1 No subscription required linux-image-5.4.0-72-generic - 5.4.0-72.80~18.04.1 linux-image-5.4.0-72-generic-lpae - 5.4.0-72.80~18.04.1 linux-image-5.4.0-72-lowlatency - 5.4.0-72.80~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1014.15~18.04.15 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1034.36 linux-image-raspi-hwe-18.04 - 5.4.0.1034.36 No subscription required linux-image-gcp-edge - 5.4.0.1042.29 linux-image-gcp - 5.4.0.1042.29 No subscription required linux-image-gke-5.4 - 5.4.0.1042.44~18.04.8 No subscription required linux-image-oracle - 5.4.0.1043.46~18.04.25 linux-image-oracle-edge - 5.4.0.1043.46~18.04.25 No subscription required linux-image-aws-edge - 5.4.0.1045.27 linux-image-aws - 5.4.0.1045.27 No subscription required linux-image-azure-edge - 5.4.0.1046.25 linux-image-azure - 5.4.0.1046.25 No subscription required linux-image-oem-osp1 - 5.4.0.72.80~18.04.65 linux-image-snapdragon-hwe-18.04 - 5.4.0.72.80~18.04.65 linux-image-generic-hwe-18.04 - 5.4.0.72.80~18.04.65 linux-image-generic-lpae-hwe-18.04 - 5.4.0.72.80~18.04.65 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.72.80~18.04.65 linux-image-lowlatency-hwe-18.04 - 5.4.0.72.80~18.04.65 linux-image-virtual-hwe-18.04 - 5.4.0.72.80~18.04.65 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.72.80~18.04.65 linux-image-oem - 5.4.0.72.80~18.04.65 linux-image-generic-hwe-18.04-edge - 5.4.0.72.80~18.04.65 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.72.80~18.04.65 linux-image-virtual-hwe-18.04-edge - 5.4.0.72.80~18.04.65 No subscription required High CVE-2021-29154 CVE-2021-3492 CVE-2021-3493 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-base - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.103.2+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.103.2+dfsg-0ubuntu0.18.04.1 clamdscan - 0.103.2+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 Ubuntu 18.04 LTS USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Update Instructions: Run `sudo pro fix USN-4918-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-testfiles - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-base - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-daemon - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-milter - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-docs - 0.103.2+dfsg-0ubuntu0.18.04.2 clamav-freshclam - 0.103.2+dfsg-0ubuntu0.18.04.2 libclamav9 - 0.103.2+dfsg-0ubuntu0.18.04.2 clamdscan - 0.103.2+dfsg-0ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/1926300 Ubuntu 18.04 LTS It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. (CVE-2019-13132) It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could use this vulnerability to cause a denial-of- service and prevent legitimate clients from communicating with ZeroMQ. (CVE-2020-15166) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. If a user or automated system were tricked into connecting to one or multiple compromised servers, a remote attacker could use this issue to cause a denial of service. (CVE-2021-20234) It was discovered that ZeroMQ incorrectly handled memory when processing messages with arbitrarily large sizes under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20235) It was discovered that ZeroMQ did not properly manage memory under certain circumstances. A remote unauthenticated attacker could use this issue to cause a ZeroMQ server to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20237) Update Instructions: Run `sudo pro fix USN-4920-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzmq5 - 4.2.5-1ubuntu0.2+esm2 libzmq3-dev - 4.2.5-1ubuntu0.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2019-13132 CVE-2020-15166 CVE-2021-20234 CVE-2021-20235 CVE-2021-20237 Ubuntu 18.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.18.04.2 libcaca-dev - 0.99.beta19-2ubuntu0.18.04.2 libcaca0 - 0.99.beta19-2ubuntu0.18.04.2 No subscription required Medium CVE-2021-3410 Ubuntu 18.04 LTS Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Update Instructions: Run `sudo pro fix USN-4922-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.5 - 2.5.1-1ubuntu1.9 ruby2.5 - 2.5.1-1ubuntu1.9 ruby2.5-doc - 2.5.1-1ubuntu1.9 ruby2.5-dev - 2.5.1-1ubuntu1.9 No subscription required Medium CVE-2021-28965 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, trick the user into disclosing confidential information, or execute arbitrary code. (CVE-2021-23994, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-29945, CVE-2021-29946, CVE-2021-29947) A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995) It was discovered that Firefox mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. (CVE-2021-24002) Update Instructions: Run `sudo pro fix USN-4926-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-nn - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ne - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-nb - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-fa - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-fi - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-fr - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-fy - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-or - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-kab - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-oc - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-cs - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ga - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-gd - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-gn - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-gl - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-gu - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-pa - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-pl - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-cy - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-pt - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-szl - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-hi - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-uk - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-he - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-hy - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-hr - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-hu - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-as - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ar - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ia - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-az - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-id - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-mai - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-af - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-is - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-it - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-an - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-bs - 88.0+build2-0ubuntu0.18.04.2 firefox - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ro - 88.0+build2-0ubuntu0.18.04.2 firefox-geckodriver - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ja - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ru - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-br - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hant - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hans - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-bn - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-be - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-bg - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sl - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sk - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-si - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sw - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sv - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sr - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-sq - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ko - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-kn - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-km - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-kk - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ka - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-xh - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ca - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ku - 88.0+build2-0ubuntu0.18.04.2 firefox-mozsymbols - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-lv - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-lt - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-th - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-hsb - 88.0+build2-0ubuntu0.18.04.2 firefox-dev - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-te - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-cak - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ta - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-lg - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-csb - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-tr - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-nso - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-de - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-da - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ms - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-mr - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-my - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-uz - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ml - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-mn - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-mk - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ur - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-eu - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-et - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-es - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-vi - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-el - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-eo - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-en - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-zu - 88.0+build2-0ubuntu0.18.04.2 firefox-locale-ast - 88.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-23994 CVE-2021-23995 CVE-2021-23996 CVE-2021-23997 CVE-2021-23998 CVE-2021-23999 CVE-2021-24000 CVE-2021-24001 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29947 Ubuntu 18.04 LTS It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: file-roller - 3.28.0-1ubuntu1.3 No subscription required Medium CVE-2020-36314 Ubuntu 18.04 LTS It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. (CVE-2021-3497) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3498) Update Instructions: Run `sudo pro fix USN-4928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-gtk3 - 1.14.5-0ubuntu1~18.04.2 gstreamer1.0-pulseaudio - 1.14.5-0ubuntu1~18.04.2 gstreamer1.0-plugins-good-doc - 1.14.5-0ubuntu1~18.04.2 libgstreamer-plugins-good1.0-dev - 1.14.5-0ubuntu1~18.04.2 libgstreamer-plugins-good1.0-0 - 1.14.5-0ubuntu1~18.04.2 gstreamer1.0-plugins-good - 1.14.5-0ubuntu1~18.04.2 gstreamer1.0-qt5 - 1.14.5-0ubuntu1~18.04.2 No subscription required Medium CVE-2021-3497 CVE-2021-3498 Ubuntu 18.04 LTS Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214) Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215) It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216) Update Instructions: Run `sudo pro fix USN-4929-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.15 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.15 libisc169 - 1:9.11.3+dfsg-1ubuntu1.15 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.15 libisc-export169-udeb - 1:9.11.3+dfsg-1ubuntu1.15 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.15 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.15 bind9 - 1:9.11.3+dfsg-1ubuntu1.15 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.15 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.15 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.15 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.15 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.15 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.15 libisccc-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.15 libirs-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.15 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.15 bind9-host - 1:9.11.3+dfsg-1ubuntu1.15 libisccfg-export160-udeb - 1:9.11.3+dfsg-1ubuntu1.15 dnsutils - 1:9.11.3+dfsg-1ubuntu1.15 bind9utils - 1:9.11.3+dfsg-1ubuntu1.15 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.15 libirs160 - 1:9.11.3+dfsg-1ubuntu1.15 libdns-export1100-udeb - 1:9.11.3+dfsg-1ubuntu1.15 No subscription required Medium CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 Ubuntu 18.04 LTS Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour. Update Instructions: Run `sudo pro fix USN-4930-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 No subscription required Medium CVE-2021-20254 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Update Instructions: Run `sudo pro fix USN-4932-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.13 python-django-doc - 1:1.11.11-1ubuntu1.13 python-django-common - 1:1.11.11-1ubuntu1.13 python-django - 1:1.11.11-1ubuntu1.13 No subscription required Medium CVE-2021-31542 Ubuntu 18.04 LTS It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11810) It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. (CVE-2020-15078) Update Instructions: Run `sudo pro fix USN-4933-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.4.4-2ubuntu1.5 No subscription required Medium CVE-2020-11810 CVE-2020-15078 Ubuntu 18.04 LTS It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges. Update Instructions: Run `sudo pro fix USN-4934-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.8 eximon4 - 4.90.1-1ubuntu1.8 exim4 - 4.90.1-1ubuntu1.8 exim4-daemon-light - 4.90.1-1ubuntu1.8 exim4-config - 4.90.1-1ubuntu1.8 exim4-daemon-heavy - 4.90.1-1ubuntu1.8 exim4-base - 4.90.1-1ubuntu1.8 No subscription required Medium CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28016 CVE-2020-28017 CVE-2020-28018 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026 CVE-2021-27216 Ubuntu 18.04 LTS It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. (CVE-2021-1076) It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. (CVE-2021-1077) Update Instructions: Run `sudo pro fix USN-4935-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-compute-utils-390 - 390.143-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.143-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.143-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.143-0ubuntu0.18.04.1 nvidia-utils-390 - 390.143-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.143-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.143-0ubuntu0.18.04.1 nvidia-driver-390 - 390.143-0ubuntu0.18.04.1 nvidia-384-dev - 390.143-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.143-0ubuntu0.18.04.1 libcuda1-384 - 390.143-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.143-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.143-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.143-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.143-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.143-0ubuntu0.18.04.1 nvidia-headless-390 - 390.143-0ubuntu0.18.04.1 libnvidia-common-390 - 390.143-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.143-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.143-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.143-0ubuntu0.18.04.1 nvidia-384 - 390.143-0ubuntu0.18.04.1 No subscription required xserver-xorg-video-nvidia-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-kernel-common-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-decode-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-ifr1-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-compute-utils-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-gl-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-fbc1-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-driver-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-utils-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-common-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-compute-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-headless-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-encode-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-kernel-source-418-server - 418.197.02-0ubuntu0.18.04.1 libnvidia-cfg1-418-server - 418.197.02-0ubuntu0.18.04.1 nvidia-dkms-418-server - 418.197.02-0ubuntu0.18.04.1 No subscription required libnvidia-compute-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-ifr1-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-encode-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-driver-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-fbc1-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-compute-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-decode-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-gl-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-common-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-common-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-common-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-encode-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-extra-450-server - 450.119.03-0ubuntu0.18.04.1 nvidia-utils-450-server - 450.119.03-0ubuntu0.18.04.1 nvidia-utils-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-cfg1-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-common-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-cfg1-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-common-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-encode-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-dkms-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-utils-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-source-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-encode-450-server - 450.119.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-driver-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-driver-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-cfg1-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-compute-utils-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-cfg1-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-compute-utils-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-fbc1-440-server - 450.119.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-common-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-decode-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-driver-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-source-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-common-450-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-compute-utils-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-common-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-decode-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-ifr1-440 - 450.119.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-dkms-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-ifr1-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-source-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-kernel-source-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-fbc1-450-server - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-ifr1-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-utils-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-headless-440 - 450.119.03-0ubuntu0.18.04.1 nvidia-dkms-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-extra-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-gl-450 - 450.119.03-0ubuntu0.18.04.1 nvidia-compute-utils-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-compute-440-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-decode-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-extra-440-server - 450.119.03-0ubuntu0.18.04.1 nvidia-dkms-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-fbc1-440 - 450.119.03-0ubuntu0.18.04.1 libnvidia-gl-440-server - 450.119.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450-server - 450.119.03-0ubuntu0.18.04.1 libnvidia-compute-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-extra-450 - 450.119.03-0ubuntu0.18.04.1 libnvidia-gl-440 - 450.119.03-0ubuntu0.18.04.1 No subscription required libnvidia-common-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-gl-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-utils-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-encode-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-fbc1-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-compute-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-gl-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-common-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-cfg1-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-gl-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-compute-utils-460 - 460.73.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460 - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-common-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-cfg1-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-utils-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-decode-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-compute-460 - 460.73.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-ifr1-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-driver-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-fbc1-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-source-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-encode-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-common-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-common-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-dkms-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-extra-460 - 460.73.01-0ubuntu0.18.04.1 nvidia-compute-utils-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-common-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-dkms-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-extra-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-driver-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-fbc1-460 - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-source-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-compute-utils-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-ifr1-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-decode-460 - 460.73.01-0ubuntu0.18.04.1 libnvidia-encode-460 - 460.73.01-0ubuntu0.18.04.1 nvidia-utils-455 - 460.73.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-kernel-source-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-cfg1-460-server - 460.73.01-0ubuntu0.18.04.1 libnvidia-decode-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-ifr1-460 - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460-server - 460.73.01-0ubuntu0.18.04.1 nvidia-dkms-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-headless-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-extra-455 - 460.73.01-0ubuntu0.18.04.1 libnvidia-compute-455 - 460.73.01-0ubuntu0.18.04.1 nvidia-driver-460-server - 460.73.01-0ubuntu0.18.04.1 No subscription required High CVE-2021-1076 CVE-2021-1077 Ubuntu 18.04 LTS Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Update Instructions: Run `sudo pro fix USN-4937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnome-autoar-0-dev - 0.2.3-1ubuntu0.3 libgnome-autoar-gtk-0-0 - 0.2.3-1ubuntu0.3 gir1.2-gnomeautoar-0.1 - 0.2.3-1ubuntu0.3 libgnome-autoar-gtk-0-dev - 0.2.3-1ubuntu0.3 gir1.2-gnomeautoargtk-0.1 - 0.2.3-1ubuntu0.3 libgnome-autoar-doc - 0.2.3-1ubuntu0.3 libgnome-autoar-0-0 - 0.2.3-1ubuntu0.3 No subscription required Medium CVE-2021-28650 Ubuntu 18.04 LTS USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Original advisory details: Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Update Instructions: Run `sudo pro fix USN-4937-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnome-autoar-0-dev - 0.2.3-1ubuntu0.4 libgnome-autoar-gtk-0-0 - 0.2.3-1ubuntu0.4 gir1.2-gnomeautoar-0.1 - 0.2.3-1ubuntu0.4 libgnome-autoar-gtk-0-dev - 0.2.3-1ubuntu0.4 gir1.2-gnomeautoargtk-0.1 - 0.2.3-1ubuntu0.4 libgnome-autoar-doc - 0.2.3-1ubuntu0.4 libgnome-autoar-0-0 - 0.2.3-1ubuntu0.4 No subscription required None https://launchpad.net/bugs/1929304 Ubuntu 18.04 LTS It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files. Update Instructions: Run `sudo pro fix USN-4938-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.6.7-1ubuntu2.4 unbound - 1.6.7-1ubuntu2.4 python3-unbound - 1.6.7-1ubuntu2.4 python-unbound - 1.6.7-1ubuntu2.4 unbound-anchor - 1.6.7-1ubuntu2.4 unbound-host - 1.6.7-1ubuntu2.4 libunbound-dev - 1.6.7-1ubuntu2.4 No subscription required Medium CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-4939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.32.0-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.32.0-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.32.0-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.32.0-0ubuntu0.18.04.1 webkit2gtk-driver - 2.32.0-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.32.0-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.32.0-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.32.0-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.32.0-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.32.0-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-29457) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29458, CVE-2021-29470) It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-3482) Update Instructions: Run `sudo pro fix USN-4941-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.7 libexiv2-14 - 0.25-3.1ubuntu0.18.04.7 libexiv2-doc - 0.25-3.1ubuntu0.18.04.7 libexiv2-dev - 0.25-3.1ubuntu0.18.04.7 No subscription required Medium CVE-2021-29457 CVE-2021-29458 CVE-2021-29470 CVE-2021-3482 Ubuntu 18.04 LTS A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4942-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nn - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ne - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nb - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fa - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fi - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fr - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fy - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-or - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kab - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-oc - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cs - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ga - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gd - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gn - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gl - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gu - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pa - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pl - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cy - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pt - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-szl - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hi - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-uk - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-he - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hy - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hr - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hu - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-as - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ar - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ia - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-az - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-id - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mai - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-af - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-is - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-it - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-an - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bs - 88.0.1+build1-0ubuntu0.18.04.2 firefox - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ro - 88.0.1+build1-0ubuntu0.18.04.2 firefox-geckodriver - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ja - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ru - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-br - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zh-hant - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zh-hans - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bn - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-be - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bg - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sl - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sk - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-si - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sw - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sv - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sr - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sq - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ko - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kn - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-km - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kk - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ka - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-xh - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ca - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ku - 88.0.1+build1-0ubuntu0.18.04.2 firefox-mozsymbols - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lv - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lt - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-th - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hsb - 88.0.1+build1-0ubuntu0.18.04.2 firefox-dev - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-te - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cak - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ta - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lg - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-tr - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nso - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-de - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-da - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ms - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mr - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-my - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-uz - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ml - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mn - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mk - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ur - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-vi - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-eu - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-et - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-es - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-csb - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-el - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-eo - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-en - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zu - 88.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ast - 88.0.1+build1-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-29952 Ubuntu 18.04 LTS Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. (CVE-2020-26217) It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26258) It was discovered that XStream was vulnerable to arbitrary file deletion on the local host. A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26259) It was discovered that XStream was vulnerable to denial of service, arbitrary code execution, arbitrary file deletion and server-side forgery attacks. A remote attacker could cause any of those issues by manipulating the processed input stream. (CVE-2021-21341, CVE-2021-21342, CVE-2021-21343 CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351) Update Instructions: Run `sudo pro fix USN-4943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxstream-java - 1.4.11.1-1~18.04.2 No subscription required Medium CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 Ubuntu 18.04 LTS This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10. Update Instructions: Run `sudo pro fix USN-4944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-connect - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-spider - 1:10.1.48-0ubuntu0.18.04.1 libmariadbclient-dev - 1:10.1.48-0ubuntu0.18.04.1 mariadb-client-10.1 - 1:10.1.48-0ubuntu0.18.04.1 libmariadbd18 - 1:10.1.48-0ubuntu0.18.04.1 mariadb-client-core-10.1 - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-tokudb - 1:10.1.48-0ubuntu0.18.04.1 mariadb-client - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-gssapi-client - 1:10.1.48-0ubuntu0.18.04.1 mariadb-server-10.1 - 1:10.1.48-0ubuntu0.18.04.1 mariadb-server-core-10.1 - 1:10.1.48-0ubuntu0.18.04.1 mariadb-test-data - 1:10.1.48-0ubuntu0.18.04.1 libmariadbclient-dev-compat - 1:10.1.48-0ubuntu0.18.04.1 mariadb-server - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-mroonga - 1:10.1.48-0ubuntu0.18.04.1 libmariadbd-dev - 1:10.1.48-0ubuntu0.18.04.1 mariadb-test - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-gssapi-server - 1:10.1.48-0ubuntu0.18.04.1 mariadb-common - 1:10.1.48-0ubuntu0.18.04.1 libmariadbclient18 - 1:10.1.48-0ubuntu0.18.04.1 mariadb-plugin-oqgraph - 1:10.1.48-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1926926 Ubuntu 18.04 LTS It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29265) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Update Instructions: Run `sudo pro fix USN-4945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1015-gkeop - 5.4.0-1015.16~18.04.1 No subscription required linux-image-5.4.0-1043-gke - 5.4.0-1043.45~18.04.1 No subscription required linux-image-5.4.0-1043-gcp - 5.4.0-1043.46~18.04.1 No subscription required linux-image-5.4.0-1044-oracle - 5.4.0-1044.47~18.04.1 No subscription required linux-image-5.4.0-1047-azure - 5.4.0-1047.49~18.04.1 No subscription required linux-image-5.4.0-1048-aws - 5.4.0-1048.50~18.04.1 No subscription required linux-image-5.4.0-73-lowlatency - 5.4.0-73.82~18.04.1 linux-image-5.4.0-73-generic-lpae - 5.4.0-73.82~18.04.1 linux-image-5.4.0-73-generic - 5.4.0-73.82~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1015.16~18.04.16 No subscription required linux-image-gcp-edge - 5.4.0.1043.30 linux-image-gcp - 5.4.0.1043.30 No subscription required linux-image-gke-5.4 - 5.4.0.1043.45~18.04.9 No subscription required linux-image-oracle - 5.4.0.1044.47~18.04.26 linux-image-oracle-edge - 5.4.0.1044.47~18.04.26 No subscription required linux-image-azure - 5.4.0.1047.26 linux-image-azure-edge - 5.4.0.1047.26 No subscription required linux-image-aws-edge - 5.4.0.1048.30 linux-image-aws - 5.4.0.1048.30 No subscription required linux-image-oem-osp1 - 5.4.0.73.82~18.04.66 linux-image-generic-hwe-18.04 - 5.4.0.73.82~18.04.66 linux-image-snapdragon-hwe-18.04 - 5.4.0.73.82~18.04.66 linux-image-generic-lpae-hwe-18.04 - 5.4.0.73.82~18.04.66 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.73.82~18.04.66 linux-image-lowlatency-hwe-18.04 - 5.4.0.73.82~18.04.66 linux-image-virtual-hwe-18.04 - 5.4.0.73.82~18.04.66 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.73.82~18.04.66 linux-image-generic-hwe-18.04-edge - 5.4.0.73.82~18.04.66 linux-image-oem - 5.4.0.73.82~18.04.66 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.73.82~18.04.66 linux-image-virtual-hwe-18.04-edge - 5.4.0.73.82~18.04.66 No subscription required Medium CVE-2020-25639 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 Ubuntu 18.04 LTS USN-4945-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. Original advisory details: It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29265) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Update Instructions: Run `sudo pro fix USN-4945-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1035-raspi - 5.4.0-1035.38~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1035.37 linux-image-raspi-hwe-18.04 - 5.4.0.1035.37 No subscription required Medium CVE-2020-25639 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 Ubuntu 18.04 LTS It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264) It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29265) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650) Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Update Instructions: Run `sudo pro fix USN-4946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1018-dell300x - 4.15.0-1018.22 No subscription required linux-image-4.15.0-1071-oracle - 4.15.0-1071.79 No subscription required linux-image-4.15.0-1085-raspi2 - 4.15.0-1085.90 No subscription required linux-image-4.15.0-1091-kvm - 4.15.0-1091.93 No subscription required linux-image-4.15.0-1099-gcp - 4.15.0-1099.112 No subscription required linux-image-4.15.0-1102-aws - 4.15.0-1102.109 No subscription required linux-image-4.15.0-1102-snapdragon - 4.15.0-1102.111 No subscription required linux-image-4.15.0-1114-azure - 4.15.0-1114.127 No subscription required linux-image-4.15.0-143-generic-lpae - 4.15.0-143.147 linux-image-4.15.0-143-generic - 4.15.0-143.147 linux-image-4.15.0-143-lowlatency - 4.15.0-143.147 No subscription required linux-image-dell300x - 4.15.0.1018.20 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1071.81 No subscription required linux-image-raspi2 - 4.15.0.1085.82 No subscription required linux-image-kvm - 4.15.0.1091.87 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1099.117 No subscription required linux-image-snapdragon - 4.15.0.1102.105 linux-image-aws-lts-18.04 - 4.15.0.1102.105 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1114.87 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.143.130 linux-image-generic-hwe-16.04 - 4.15.0.143.130 linux-image-generic-hwe-16.04-edge - 4.15.0.143.130 linux-image-generic-lpae-hwe-16.04 - 4.15.0.143.130 linux-image-virtual - 4.15.0.143.130 linux-image-virtual-hwe-16.04 - 4.15.0.143.130 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.143.130 linux-image-generic - 4.15.0.143.130 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.143.130 linux-image-generic-lpae - 4.15.0.143.130 linux-image-lowlatency-hwe-16.04 - 4.15.0.143.130 linux-image-lowlatency - 4.15.0.143.130 No subscription required Medium CVE-2021-20292 CVE-2021-26930 CVE-2021-26931 CVE-2021-28038 CVE-2021-28688 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 Ubuntu 18.04 LTS Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement. Update Instructions: Run `sudo pro fix USN-4951-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflatpak0 - 1.0.9-0ubuntu0.3 libflatpak-dev - 1.0.9-0ubuntu0.3 gir1.2-flatpak-1.0 - 1.0.9-0ubuntu0.3 libflatpak-doc - 1.0.9-0ubuntu0.3 flatpak - 1.0.9-0ubuntu0.3 flatpak-tests - 1.0.9-0ubuntu0.3 No subscription required Medium CVE-2021-21381 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-34.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-24.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-25.html https://www.oracle.com/security-alerts/cpuapr2021.html Update Instructions: Run `sudo pro fix USN-4952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.34-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.34-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.34-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.34-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.34-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.34-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.34-0ubuntu0.18.04.1 mysql-server - 5.7.34-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.34-0ubuntu0.18.04.1 mysql-testsuite - 5.7.34-0ubuntu0.18.04.1 libmysqld-dev - 5.7.34-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.34-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-2146 CVE-2021-2154 CVE-2021-2162 CVE-2021-2164 CVE-2021-2166 CVE-2021-2169 CVE-2021-2170 CVE-2021-2171 CVE-2021-2172 CVE-2021-2179 CVE-2021-2180 CVE-2021-2193 CVE-2021-2194 CVE-2021-2196 CVE-2021-2201 CVE-2021-2203 CVE-2021-2208 CVE-2021-2212 CVE-2021-2215 CVE-2021-2217 CVE-2021-2226 CVE-2021-2230 CVE-2021-2232 CVE-2021-2278 CVE-2021-2293 CVE-2021-2298 CVE-2021-2299 CVE-2021-2300 CVE-2021-2301 CVE-2021-2304 CVE-2021-2305 CVE-2021-2307 CVE-2021-2308 Ubuntu 18.04 LTS Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-29600) It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information. (CVE-2020-35176) Update Instructions: Run `sudo pro fix USN-4953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.6+dfsg-2ubuntu0.18.04.1 No subscription required Medium CVE-2017-1000501 CVE-2020-29600 CVE-2020-35176 Ubuntu 18.04 LTS It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-8ubuntu0.3 libdjvulibre-text - 3.5.27.1-8ubuntu0.3 djvulibre-desktop - 3.5.27.1-8ubuntu0.3 djview3 - 3.5.27.1-8ubuntu0.3 djvuserve - 3.5.27.1-8ubuntu0.3 libdjvulibre-dev - 3.5.27.1-8ubuntu0.3 djview - 3.5.27.1-8ubuntu0.3 djvulibre-bin - 3.5.27.1-8ubuntu0.3 No subscription required Medium CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500 Ubuntu 18.04 LTS It was discovered that GStreamer Base Plugins incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-4959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-plugins-base - 1.14.5-0ubuntu1~18.04.3 libgstreamer-plugins-base1.0-0 - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-x - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-plugins-base-doc - 1.14.5-0ubuntu1~18.04.3 libgstreamer-gl1.0-0 - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-gl - 1.14.5-0ubuntu1~18.04.3 libgstreamer-plugins-base1.0-dev - 1.14.5-0ubuntu1~18.04.3 gir1.2-gst-plugins-base-1.0 - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-alsa - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-plugins-base-apps - 1.14.5-0ubuntu1~18.04.3 No subscription required Medium CVE-2021-3522 Ubuntu 18.04 LTS Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges. Update Instructions: Run `sudo pro fix USN-4960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.0.0~rc93-0ubuntu1~18.04.2 runc - 1.0.0~rc93-0ubuntu1~18.04.2 No subscription required High CVE-2021-30465 Ubuntu 18.04 LTS USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. Update Instructions: Run `sudo pro fix USN-4961-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 9.0.1-2.3~ubuntu1.18.04.5+esm2 python-pip-whl - 9.0.1-2.3~ubuntu1.18.04.5+esm2 python3-pip - 9.0.1-2.3~ubuntu1.18.04.5+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2021-3572 Ubuntu 18.04 LTS It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4962-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-babel-localedata - 2.4.0+dfsg.1-2ubuntu1.1 python-babel-doc - 2.4.0+dfsg.1-2ubuntu1.1 python-babel - 2.4.0+dfsg.1-2ubuntu1.1 python3-babel - 2.4.0+dfsg.1-2ubuntu1.1 No subscription required None Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.6 python-pil-doc - 5.1.0-1ubuntu0.6 python3-pil - 5.1.0-1ubuntu0.6 python-pil - 5.1.0-1ubuntu0.6 python-pil.imagetk - 5.1.0-1ubuntu0.6 No subscription required Medium CVE-2021-25287 CVE-2021-25288 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29463) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29464) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-29473, CVE-2021-32617) It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-29623) Update Instructions: Run `sudo pro fix USN-4964-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.9 libexiv2-14 - 0.25-3.1ubuntu0.18.04.9 libexiv2-doc - 0.25-3.1ubuntu0.18.04.9 libexiv2-dev - 0.25-3.1ubuntu0.18.04.9 No subscription required Medium CVE-2021-29463 CVE-2021-29464 CVE-2021-29473 CVE-2021-29623 CVE-2021-32617 Ubuntu 18.04 LTS Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges. Update Instructions: Run `sudo pro fix USN-4965-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.20.9-0ubuntu7.24 python3-problem-report - 2.20.9-0ubuntu7.24 apport-kde - 2.20.9-0ubuntu7.24 apport-retrace - 2.20.9-0ubuntu7.24 apport-valgrind - 2.20.9-0ubuntu7.24 python3-apport - 2.20.9-0ubuntu7.24 dh-apport - 2.20.9-0ubuntu7.24 apport-gtk - 2.20.9-0ubuntu7.24 python-apport - 2.20.9-0ubuntu7.24 python-problem-report - 2.20.9-0ubuntu7.24 apport-noui - 2.20.9-0ubuntu7.24 No subscription required Medium CVE-2021-32547 CVE-2021-32548 CVE-2021-32549 CVE-2021-32550 CVE-2021-32551 CVE-2021-32552 CVE-2021-32553 CVE-2021-32554 CVE-2021-32555 CVE-2021-32556 CVE-2021-32557 Ubuntu 18.04 LTS It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests. Update Instructions: Run `sudo pro fix USN-4966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.4-3ubuntu0.4 libx11-data - 2:1.6.4-3ubuntu0.4 libx11-xcb-dev - 2:1.6.4-3ubuntu0.4 libx11-xcb1 - 2:1.6.4-3ubuntu0.4 libx11-doc - 2:1.6.4-3ubuntu0.4 libx11-6-udeb - 2:1.6.4-3ubuntu0.4 libx11-dev - 2:1.6.4-3ubuntu0.4 No subscription required Medium CVE-2021-31535 Ubuntu 18.04 LTS Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4967-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.9 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.9 nginx-doc - 1.14.0-0ubuntu1.9 libnginx-mod-mail - 1.14.0-0ubuntu1.9 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.9 libnginx-mod-http-echo - 1.14.0-0ubuntu1.9 libnginx-mod-rtmp - 1.14.0-0ubuntu1.9 libnginx-mod-nchan - 1.14.0-0ubuntu1.9 nginx-common - 1.14.0-0ubuntu1.9 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.9 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.9 nginx-light - 1.14.0-0ubuntu1.9 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.9 nginx-extras - 1.14.0-0ubuntu1.9 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.9 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.9 libnginx-mod-http-lua - 1.14.0-0ubuntu1.9 libnginx-mod-http-perl - 1.14.0-0ubuntu1.9 nginx-core - 1.14.0-0ubuntu1.9 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.9 nginx - 1.14.0-0ubuntu1.9 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.9 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.9 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.9 nginx-full - 1.14.0-0ubuntu1.9 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.9 No subscription required Medium CVE-2021-23017 Ubuntu 18.04 LTS It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblz4-tool - 0.0~r131-2ubuntu3.1 liblz4-dev - 0.0~r131-2ubuntu3.1 liblz4-1 - 0.0~r131-2ubuntu3.1 No subscription required Medium CVE-2021-3520 Ubuntu 18.04 LTS Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-4969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-relay - 4.3.5-3ubuntu7.3 isc-dhcp-client-ddns - 4.3.5-3ubuntu7.3 isc-dhcp-dev - 4.3.5-3ubuntu7.3 isc-dhcp-client - 4.3.5-3ubuntu7.3 isc-dhcp-common - 4.3.5-3ubuntu7.3 isc-dhcp-server - 4.3.5-3ubuntu7.3 isc-dhcp-client-udeb - 4.3.5-3ubuntu7.3 isc-dhcp-server-ldap - 4.3.5-3ubuntu7.3 No subscription required Medium CVE-2021-25217 Ubuntu 18.04 LTS It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4971-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: webp - 0.6.1-2ubuntu0.18.04.1 libwebp6 - 0.6.1-2ubuntu0.18.04.1 libwebpmux3 - 0.6.1-2ubuntu0.18.04.1 libwebp-dev - 0.6.1-2ubuntu0.18.04.1 libwebpdemux2 - 0.6.1-2ubuntu0.18.04.1 No subscription required Medium CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 Ubuntu 18.04 LTS Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027) Andres Freund discovered that PostgreSQL incorrect handled certain INSERT ... ON CONFLICT ... DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. (CVE-2021-32028) Tom Lane discovered that PostgreSQL incorrect handled certain UPDATE ... RETURNING commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32029) Update Instructions: Run `sudo pro fix USN-4972-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.17-0ubuntu0.18.04.1 postgresql-10 - 10.17-0ubuntu0.18.04.1 libecpg6 - 10.17-0ubuntu0.18.04.1 libpq5 - 10.17-0ubuntu0.18.04.1 libpgtypes3 - 10.17-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.17-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.17-0ubuntu0.18.04.1 libecpg-dev - 10.17-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.17-0ubuntu0.18.04.1 libpq-dev - 10.17-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.17-0ubuntu0.18.04.1 postgresql-doc-10 - 10.17-0ubuntu0.18.04.1 postgresql-client-10 - 10.17-0ubuntu0.18.04.1 libecpg-compat3 - 10.17-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 Ubuntu 18.04 LTS It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls. Update Instructions: Run `sudo pro fix USN-4974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblasso-perl - 2.5.1-0ubuntu1.2 liblasso3 - 2.5.1-0ubuntu1.2 liblasso3-dev - 2.5.1-0ubuntu1.2 python3-lasso - 2.5.1-0ubuntu1.2 python-lasso - 2.5.1-0ubuntu1.2 No subscription required Medium CVE-2021-28091 Ubuntu 18.04 LTS It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32052) Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. (CVE-2021-33203) It was discovered that Django incorrectly handled IPv4 addresses with leading zeros. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. (CVE-2021-33571) Update Instructions: Run `sudo pro fix USN-4975-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.14 python-django-doc - 1:1.11.11-1ubuntu1.14 python-django-common - 1:1.11.11-1ubuntu1.14 python-django - 1:1.11.11-1ubuntu1.14 No subscription required Medium CVE-2021-32052 CVE-2021-33203 CVE-2021-33571 Ubuntu 18.04 LTS Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks. Update Instructions: Run `sudo pro fix USN-4976-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.4 dnsmasq-base-lua - 2.79-1ubuntu0.4 dnsmasq-utils - 2.79-1ubuntu0.4 dnsmasq-base - 2.79-1ubuntu0.4 No subscription required Low CVE-2021-3448 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute arbitrary code. (CVE-2021-29959, CVE-2021-29961, CVE-2021-29966, CVE-2021-29967) It was discovered that filenames printed from private browsing mode were incorrectly retained in preferences. A local attacker could potentially exploit this to obtain sensitive information. (CVE-2021-29960) Update Instructions: Run `sudo pro fix USN-4978-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-nn - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ne - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-nb - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-fa - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-fi - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-fr - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-fy - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-or - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-kab - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-oc - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-cs - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ga - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-gd - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-gn - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-gl - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-gu - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-pa - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-pl - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-cy - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-pt - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-szl - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-hi - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-uk - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-he - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-hy - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-hr - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-hu - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-as - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ar - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ia - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-az - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-id - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-mai - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-af - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-is - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-it - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-an - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-bs - 89.0+build2-0ubuntu0.18.04.2 firefox - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ro - 89.0+build2-0ubuntu0.18.04.2 firefox-geckodriver - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ja - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ru - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-br - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hant - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hans - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-bn - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-be - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-bg - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sl - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sk - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-si - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sw - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sv - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sr - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-sq - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ko - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-kn - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-km - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-kk - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ka - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-xh - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ca - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ku - 89.0+build2-0ubuntu0.18.04.2 firefox-mozsymbols - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-lv - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-lt - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-th - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-hsb - 89.0+build2-0ubuntu0.18.04.2 firefox-dev - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-te - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-cak - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ta - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-lg - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-tr - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-nso - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-de - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-da - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ms - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-mr - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-my - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-uz - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ml - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-mn - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-mk - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ur - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-vi - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-eu - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-et - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-es - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-csb - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-el - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-eo - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-en - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-zu - 89.0+build2-0ubuntu0.18.04.2 firefox-locale-ast - 89.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-29959 CVE-2021-29960 CVE-2021-29961 CVE-2021-29966 CVE-2021-29967 Ubuntu 18.04 LTS Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-28660) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update Instructions: Run `sudo pro fix USN-4979-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1072-oracle - 4.15.0-1072.80 No subscription required linux-image-4.15.0-1086-raspi2 - 4.15.0-1086.91 No subscription required linux-image-4.15.0-1092-kvm - 4.15.0-1092.94 No subscription required linux-image-4.15.0-1100-gcp - 4.15.0-1100.113 No subscription required linux-image-4.15.0-1103-aws - 4.15.0-1103.110 No subscription required linux-image-4.15.0-1103-snapdragon - 4.15.0-1103.112 No subscription required linux-image-4.15.0-1115-azure - 4.15.0-1115.128 No subscription required linux-image-4.15.0-144-generic-lpae - 4.15.0-144.148 linux-image-4.15.0-144-generic - 4.15.0-144.148 linux-image-4.15.0-144-lowlatency - 4.15.0-144.148 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1072.82 No subscription required linux-image-raspi2 - 4.15.0.1086.83 No subscription required linux-image-kvm - 4.15.0.1092.88 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1100.118 No subscription required linux-image-snapdragon - 4.15.0.1103.106 linux-image-aws-lts-18.04 - 4.15.0.1103.106 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1115.88 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.144.131 linux-image-lowlatency-hwe-16.04 - 4.15.0.144.131 linux-image-generic-hwe-16.04-edge - 4.15.0.144.131 linux-image-generic-lpae-hwe-16.04 - 4.15.0.144.131 linux-image-virtual - 4.15.0.144.131 linux-image-virtual-hwe-16.04 - 4.15.0.144.131 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.144.131 linux-image-generic - 4.15.0.144.131 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.144.131 linux-image-generic-hwe-16.04 - 4.15.0.144.131 linux-image-lowlatency - 4.15.0.144.131 linux-image-generic-lpae - 4.15.0.144.131 No subscription required Medium CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-28660 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29647 CVE-2021-31916 CVE-2021-33033 CVE-2021-3428 CVE-2021-3483 Ubuntu 18.04 LTS Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. (CVE-2021-28651) Joshua Rogers discovered that Squid incorrectly handled requests to the Cache Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-28652) Joshua Rogers discovered that Squid incorrectly handled certain response headers. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue was only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-28662) Joshua Rogers discovered that Squid incorrectly handled range request processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2021-31806, CVE-2021-31807, CVE-2021-31808) Joshua Rogers discovered that Squid incorrectly handled certain HTTP responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2021-33620) Update Instructions: Run `sudo pro fix USN-4981-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.11 squid - 3.5.27-1ubuntu1.11 squid-cgi - 3.5.27-1ubuntu1.11 squid-purge - 3.5.27-1ubuntu1.11 squidclient - 3.5.27-1ubuntu1.11 squid3 - 3.5.27-1ubuntu1.11 No subscription required Medium CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 Ubuntu 18.04 LTS Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2021-28950) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update Instructions: Run `sudo pro fix USN-4982-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1016-gkeop - 5.4.0-1016.17~18.04.1 No subscription required linux-image-5.4.0-1036-raspi - 5.4.0-1036.39~18.04.1 No subscription required linux-image-5.4.0-1044-gke - 5.4.0-1044.46~18.04.1 No subscription required linux-image-5.4.0-1044-gcp - 5.4.0-1044.47~18.04.2 No subscription required linux-image-5.4.0-1046-oracle - 5.4.0-1046.50~18.04.2 No subscription required linux-image-5.4.0-1048-azure - 5.4.0-1048.50~18.04.1 No subscription required linux-image-5.4.0-1049-aws - 5.4.0-1049.51~18.04.1 No subscription required linux-image-5.4.0-74-lowlatency - 5.4.0-74.83~18.04.1 linux-image-5.4.0-74-generic-lpae - 5.4.0-74.83~18.04.1 linux-image-5.4.0-74-generic - 5.4.0-74.83~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1016.17~18.04.17 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1036.38 linux-image-raspi-hwe-18.04 - 5.4.0.1036.38 No subscription required linux-image-gcp-edge - 5.4.0.1044.31 linux-image-gcp - 5.4.0.1044.31 No subscription required linux-image-gke-5.4 - 5.4.0.1044.46~18.04.10 No subscription required linux-image-oracle - 5.4.0.1046.50~18.04.28 linux-image-oracle-edge - 5.4.0.1046.50~18.04.28 No subscription required linux-image-azure - 5.4.0.1048.27 linux-image-azure-edge - 5.4.0.1048.27 No subscription required linux-image-aws-edge - 5.4.0.1049.31 linux-image-aws - 5.4.0.1049.31 No subscription required linux-image-oem-osp1 - 5.4.0.74.83~18.04.67 linux-image-snapdragon-hwe-18.04 - 5.4.0.74.83~18.04.67 linux-image-generic-hwe-18.04 - 5.4.0.74.83~18.04.67 linux-image-generic-lpae-hwe-18.04 - 5.4.0.74.83~18.04.67 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.74.83~18.04.67 linux-image-lowlatency-hwe-18.04 - 5.4.0.74.83~18.04.67 linux-image-virtual-hwe-18.04 - 5.4.0.74.83~18.04.67 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.74.83~18.04.67 linux-image-oem - 5.4.0.74.83~18.04.67 linux-image-generic-hwe-18.04-edge - 5.4.0.74.83~18.04.67 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.74.83~18.04.67 linux-image-virtual-hwe-18.04-edge - 5.4.0.74.83~18.04.67 No subscription required Medium CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29264 CVE-2021-29647 CVE-2021-31916 CVE-2021-3483 Ubuntu 18.04 LTS It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack. (CVE-2020-24489) Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2020-24511) Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. (CVE-2020-24512) It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. (CVE-2020-24513) Update Instructions: Run `sudo pro fix USN-4985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20210608.0ubuntu0.18.04.1 No subscription required High CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2020-24489 Ubuntu 18.04 LTS It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.3-0.6ubuntu0.18.04.2 No subscription required Medium CVE-2017-8779 Ubuntu 18.04 LTS USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-4986-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rpcbind - 0.2.3-0.6ubuntu0.18.04.3 No subscription required None https://launchpad.net/bugs/1931507 Ubuntu 18.04 LTS It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4987-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libimage-exiftool-perl - 10.80-1ubuntu0.1 No subscription required High CVE-2021-22204 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update Instructions: Run `sudo pro fix USN-4988-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.11 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.11 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.11 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.11 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.11 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.11 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.11 No subscription required Medium CVE-2017-14528 CVE-2020-19667 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2021-20176 Ubuntu 18.04 LTS It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Ziming Zhang discovered that BlueZ incorrectly handled certain array indexes. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-3588) Update Instructions: Run `sudo pro fix USN-4989-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.5 bluez-tests - 5.48-0ubuntu3.5 bluez-obexd - 5.48-0ubuntu3.5 bluetooth - 5.48-0ubuntu3.5 bluez - 5.48-0ubuntu3.5 bluez-hcidump - 5.48-0ubuntu3.5 bluez-cups - 5.48-0ubuntu3.5 libbluetooth-dev - 5.48-0ubuntu3.5 No subscription required Medium CVE-2020-26558 CVE-2020-27153 CVE-2021-3588 Ubuntu 18.04 LTS It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. (CVE-2021-3580) It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16869) Update Instructions: Run `sudo pro fix USN-4990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nettle-bin - 3.4.1-0ubuntu0.18.04.1 libnettle6 - 3.4.1-0ubuntu0.18.04.1 libhogweed4 - 3.4.1-0ubuntu0.18.04.1 nettle-dev - 3.4.1-0ubuntu0.18.04.1 No subscription required Medium CVE-2018-16869 CVE-2021-3580 Ubuntu 18.04 LTS Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2017-8872) Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-20388) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-24977) It was discovered that libxml2 incorrectly handled invalid UTF-8 input. A remote attacker could possibly exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3517) It was discovered that libxml2 did not properly handle certain crafted XML files. A local attacker could exploit this with a crafted input to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3516, CVE-2021-3518) It was discovered that libxml2 incorrectly handled error states. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. (CVE-2021-3537) Sebastian Pipping discovered that libxml2 did not properly handle certain crafted XML files. A remote attacker could exploit this with a crafted XML file to cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3541) Update Instructions: Run `sudo pro fix USN-4991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.4 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.4 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.4 libxml2-udeb - 2.9.4+dfsg1-6.1ubuntu1.4 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.4 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.4 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.4 No subscription required Medium CVE-2017-8872 CVE-2019-20388 CVE-2020-24977 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541 Ubuntu 18.04 LTS Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-14372) Chris Coulson discovered that the rmmod command in GRUB 2 contained a use- after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-25632) Chris Coulson discovered that a buffer overflow existed in the command line parser in GRUB 2. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-27749) It was discovered that the cutmem command in GRUB 2 did not honor secure boot locking. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-27779) It was discovered that the option parser in GRUB 2 contained a heap overflow vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20225) It was discovered that the menu rendering implementation in GRUB 2 did not properly calculate the amount of memory needed in some situations, leading to out-of-bounds writes. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20233) Update Instructions: Run `sudo pro fix USN-4992-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grub-efi-arm64-signed - 1.167~18.04.5+2.04-1ubuntu44.1.2 grub-efi-amd64-signed - 1.167~18.04.5+2.04-1ubuntu44.1.2 No subscription required grub-efi-arm64-bin - 2.04-1ubuntu44.1.2 grub-efi-amd64 - 2.04-1ubuntu44.1.2 grub-efi-amd64-bin - 2.04-1ubuntu44.1.2 grub-efi-arm64 - 2.04-1ubuntu44.1.2 No subscription required Medium CVE-2020-14372 CVE-2020-25632 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021 Ubuntu 18.04 LTS Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950) Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. A remote attacker could use this issue to cause Apache to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Update Instructions: Run `sudo pro fix USN-4994-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.16 apache2-utils - 2.4.29-1ubuntu4.16 apache2-dev - 2.4.29-1ubuntu4.16 apache2-suexec-pristine - 2.4.29-1ubuntu4.16 apache2-suexec-custom - 2.4.29-1ubuntu4.16 apache2 - 2.4.29-1ubuntu4.16 apache2-doc - 2.4.29-1ubuntu4.16 apache2-ssl-dev - 2.4.29-1ubuntu4.16 apache2-bin - 2.4.29-1ubuntu4.16 No subscription required Medium CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 Ubuntu 18.04 LTS USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. (CVE-2021-23961, CVE-2021-23981, CVE-2021-23982, CVE-2021-23987, CVE-2021-23994, CVE-2021-23998, CVE-2021-23999, CVE-2021-29945, CVE-2021-29946, CVE-2021-29967) It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. (CVE-2021-23984) Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service (inability to send encrypted email) or confuse the user. (CVE-2021-23991, CVE-2021-23992, CVE-2021-23993) A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995) It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. (CVE-2021-24002) It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. (CVE-2021-29948) It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. (CVE-2021-29949) It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. (CVE-2021-29956) It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. (CVE-2021-29957) Update Instructions: Run `sudo pro fix USN-4995-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-br - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bn - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-be - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bg - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ja - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sl - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sk - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-si - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-gnome-support - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sv - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sr - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sq - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hsb - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cy - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cs - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ca - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-br - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pa - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ka - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ko - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-kk - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-kab - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pl - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-tw - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nn-no - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nb-no - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bn-bd - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-lt - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en-gb - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-uz - 1:78.11.0+build1-0ubuntu0.18.04.2 xul-ext-calendar-timezones - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-de - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-da - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-uk - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-dev - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-el - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en-us - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-rm - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ms - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ro - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-eu - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-et - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hant - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hans - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ru - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-mk - 1:78.11.0+build1-0ubuntu0.18.04.2 xul-ext-gdata-provider - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fr - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-es-es - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ta-lk - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fy - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fa - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fi - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ast - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nl - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nn - 1:78.11.0+build1-0ubuntu0.18.04.2 xul-ext-lightning - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ga-ie - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fy-nl - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nb - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-mozsymbols - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-cn - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-gl - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ga - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-tr - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-gd - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-th - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ta - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-dsb - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-it - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hy - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sv-se - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hr - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hu - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pa-in - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-he - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ar - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-af - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-pt - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cak - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-is - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-vi - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-es - 1:78.11.0+build1-0ubuntu0.18.04.2 thunderbird-locale-id - 1:78.11.0+build1-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-23961 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVE-2021-29949 CVE-2021-29956 CVE-2021-29957 CVE-2021-29967 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-4996-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.7 openexr - 2.2.0-11.1ubuntu1.7 libopenexr22 - 2.2.0-11.1ubuntu1.7 openexr-doc - 2.2.0-11.1ubuntu1.7 No subscription required Medium CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3598 CVE-2021-3605 Ubuntu 18.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. (CVE-2020-24588) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Update Instructions: Run `sudo pro fix USN-5000-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1018-gkeop - 5.4.0-1018.19~18.04.1 No subscription required linux-image-5.4.0-1038-raspi - 5.4.0-1038.41~18.04.1 No subscription required linux-image-5.4.0-1046-gke - 5.4.0-1046.48~18.04.1 No subscription required linux-image-5.4.0-1046-gcp - 5.4.0-1046.49~18.04.1 No subscription required linux-image-5.4.0-1048-oracle - 5.4.0-1048.52~18.04.1 No subscription required linux-image-5.4.0-1051-aws - 5.4.0-1051.53~18.04.1 linux-image-5.4.0-1051-azure - 5.4.0-1051.53~18.04.1 No subscription required linux-image-5.4.0-77-lowlatency - 5.4.0-77.86~18.04.1 linux-image-5.4.0-77-generic - 5.4.0-77.86~18.04.1 linux-image-5.4.0-77-generic-lpae - 5.4.0-77.86~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1018.19~18.04.19 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1038.40 linux-image-raspi-hwe-18.04 - 5.4.0.1038.40 No subscription required linux-image-gcp-edge - 5.4.0.1046.33 linux-image-gcp - 5.4.0.1046.33 No subscription required linux-image-gke-5.4 - 5.4.0.1046.48~18.04.12 No subscription required linux-image-oracle - 5.4.0.1048.52~18.04.30 linux-image-oracle-edge - 5.4.0.1048.52~18.04.30 No subscription required linux-image-azure - 5.4.0.1051.30 linux-image-azure-edge - 5.4.0.1051.30 No subscription required linux-image-aws-edge - 5.4.0.1051.33 linux-image-aws - 5.4.0.1051.33 No subscription required linux-image-oem-osp1 - 5.4.0.77.86~18.04.69 linux-image-generic-hwe-18.04 - 5.4.0.77.86~18.04.69 linux-image-generic-lpae-hwe-18.04 - 5.4.0.77.86~18.04.69 linux-image-snapdragon-hwe-18.04 - 5.4.0.77.86~18.04.69 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.77.86~18.04.69 linux-image-lowlatency-hwe-18.04 - 5.4.0.77.86~18.04.69 linux-image-virtual-hwe-18.04 - 5.4.0.77.86~18.04.69 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.77.86~18.04.69 linux-image-oem - 5.4.0.77.86~18.04.69 linux-image-generic-hwe-18.04-edge - 5.4.0.77.86~18.04.69 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.77.86~18.04.69 linux-image-virtual-hwe-18.04-edge - 5.4.0.77.86~18.04.69 No subscription required High CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-31829 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3506 CVE-2021-3609 Ubuntu 18.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5002-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.3.0-1041-raspi2 - 5.3.0-1041.43 No subscription required linux-image-5.3.0-1044-gke - 5.3.0-1044.47 No subscription required linux-image-5.3.0-75-lowlatency - 5.3.0-75.71 linux-image-5.3.0-75-generic - 5.3.0-75.71 No subscription required linux-image-raspi2-hwe-18.04 - 5.3.0.1041.30 No subscription required linux-image-gke-5.3 - 5.3.0.1044.27 No subscription required linux-image-gkeop-5.3 - 5.3.0.75.132 No subscription required High CVE-2021-3609 Ubuntu 18.04 LTS Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. (CVE-2021-3600) Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133) Update Instructions: Run `sudo pro fix USN-5003-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1022-dell300x - 4.15.0-1022.26 No subscription required linux-image-4.15.0-1075-oracle - 4.15.0-1075.83 No subscription required linux-image-4.15.0-1089-raspi2 - 4.15.0-1089.94 No subscription required linux-image-4.15.0-1103-gcp - 4.15.0-1103.116 No subscription required linux-image-4.15.0-1106-aws - 4.15.0-1106.113 No subscription required linux-image-4.15.0-1106-snapdragon - 4.15.0-1106.115 No subscription required linux-image-4.15.0-1118-azure - 4.15.0-1118.131 No subscription required linux-image-4.15.0-147-generic - 4.15.0-147.151 linux-image-4.15.0-147-generic-lpae - 4.15.0-147.151 linux-image-4.15.0-147-lowlatency - 4.15.0-147.151 No subscription required linux-image-dell300x - 4.15.0.1022.24 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1075.85 No subscription required linux-image-raspi2 - 4.15.0.1089.86 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1103.121 No subscription required linux-image-snapdragon - 4.15.0.1106.109 linux-image-aws-lts-18.04 - 4.15.0.1106.109 No subscription required linux-image-azure-lts-18.04 - 4.15.0.1118.91 No subscription required linux-image-virtual-hwe-16.04-edge - 4.15.0.147.134 linux-image-lowlatency-hwe-16.04 - 4.15.0.147.134 linux-image-generic-hwe-16.04-edge - 4.15.0.147.134 linux-image-virtual-hwe-16.04 - 4.15.0.147.134 linux-image-generic-lpae-hwe-16.04 - 4.15.0.147.134 linux-image-virtual - 4.15.0.147.134 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.147.134 linux-image-generic - 4.15.0.147.134 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.147.134 linux-image-generic-lpae - 4.15.0.147.134 linux-image-generic-hwe-16.04 - 4.15.0.147.134 linux-image-lowlatency - 4.15.0.147.134 No subscription required High CVE-2021-23133 CVE-2021-3600 CVE-2021-3609 Ubuntu 18.04 LTS It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287) Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-22116) Update Instructions: Run `sudo pro fix USN-5004-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rabbitmq-server - 3.6.10-1ubuntu0.5 No subscription required Medium CVE-2019-11287 CVE-2021-22116 Ubuntu 18.04 LTS It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-5005-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdjvulibre21 - 3.5.27.1-8ubuntu0.4 libdjvulibre-text - 3.5.27.1-8ubuntu0.4 djvulibre-desktop - 3.5.27.1-8ubuntu0.4 djview3 - 3.5.27.1-8ubuntu0.4 djvuserve - 3.5.27.1-8ubuntu0.4 libdjvulibre-dev - 3.5.27.1-8ubuntu0.4 djview - 3.5.27.1-8ubuntu0.4 djvulibre-bin - 3.5.27.1-8ubuntu0.4 No subscription required Medium CVE-2021-3630 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068) It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071) It was discovered that PHP incorrectly handled certain malformed XML data when being parsed by the SOAP extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-21702) It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704) It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705) Update Instructions: Run `sudo pro fix USN-5006-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.8 php7.2-enchant - 7.2.24-0ubuntu0.18.04.8 php7.2-ldap - 7.2.24-0ubuntu0.18.04.8 php7.2-fpm - 7.2.24-0ubuntu0.18.04.8 php7.2-recode - 7.2.24-0ubuntu0.18.04.8 php7.2-cli - 7.2.24-0ubuntu0.18.04.8 php7.2-json - 7.2.24-0ubuntu0.18.04.8 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.8 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.8 php7.2 - 7.2.24-0ubuntu0.18.04.8 php7.2-pspell - 7.2.24-0ubuntu0.18.04.8 php7.2-dev - 7.2.24-0ubuntu0.18.04.8 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.8 php7.2-gmp - 7.2.24-0ubuntu0.18.04.8 php7.2-opcache - 7.2.24-0ubuntu0.18.04.8 php7.2-gd - 7.2.24-0ubuntu0.18.04.8 php7.2-soap - 7.2.24-0ubuntu0.18.04.8 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.8 php7.2-intl - 7.2.24-0ubuntu0.18.04.8 php7.2-cgi - 7.2.24-0ubuntu0.18.04.8 php7.2-odbc - 7.2.24-0ubuntu0.18.04.8 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.8 php7.2-tidy - 7.2.24-0ubuntu0.18.04.8 php7.2-imap - 7.2.24-0ubuntu0.18.04.8 php7.2-readline - 7.2.24-0ubuntu0.18.04.8 php7.2-mysql - 7.2.24-0ubuntu0.18.04.8 php7.2-dba - 7.2.24-0ubuntu0.18.04.8 php7.2-xml - 7.2.24-0ubuntu0.18.04.8 php7.2-interbase - 7.2.24-0ubuntu0.18.04.8 php7.2-xsl - 7.2.24-0ubuntu0.18.04.8 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.8 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.8 php7.2-sybase - 7.2.24-0ubuntu0.18.04.8 php7.2-curl - 7.2.24-0ubuntu0.18.04.8 php7.2-common - 7.2.24-0ubuntu0.18.04.8 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.8 php7.2-snmp - 7.2.24-0ubuntu0.18.04.8 php7.2-zip - 7.2.24-0ubuntu0.18.04.8 No subscription required Medium CVE-2020-7068 CVE-2020-7071 CVE-2021-21702 CVE-2021-21704 CVE-2021-21705 Ubuntu 18.04 LTS Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3468) It was discovered that Avahi incorrectly handled certain hostnames. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. (CVE-2021-3502) Update Instructions: Run `sudo pro fix USN-5008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavahi-compat-libdnssd-dev - 0.7-3.1ubuntu1.3 libavahi-ui-gtk3-0 - 0.7-3.1ubuntu1.3 libavahi-core7-udeb - 0.7-3.1ubuntu1.3 libavahi-core7 - 0.7-3.1ubuntu1.3 libavahi-client3 - 0.7-3.1ubuntu1.3 libavahi-core-dev - 0.7-3.1ubuntu1.3 libavahi-client-dev - 0.7-3.1ubuntu1.3 avahi-ui-utils - 0.7-3.1ubuntu1.3 libavahi-gobject-dev - 0.7-3.1ubuntu1.3 avahi-dnsconfd - 0.7-3.1ubuntu1.3 libavahi-compat-libdnssd1 - 0.7-3.1ubuntu1.3 libavahi-common3 - 0.7-3.1ubuntu1.3 avahi-daemon - 0.7-3.1ubuntu1.3 avahi-discover - 0.7-3.1ubuntu1.3 libavahi-common-dev - 0.7-3.1ubuntu1.3 libavahi-common-data - 0.7-3.1ubuntu1.3 avahi-utils - 0.7-3.1ubuntu1.3 libavahi-common3-udeb - 0.7-3.1ubuntu1.3 libavahi-ui-gtk3-dev - 0.7-3.1ubuntu1.3 libavahi-glib-dev - 0.7-3.1ubuntu1.3 libavahi-gobject0 - 0.7-3.1ubuntu1.3 gir1.2-avahi-0.6 - 0.7-3.1ubuntu1.3 avahi-autoipd - 0.7-3.1ubuntu1.3 python-avahi - 0.7-3.1ubuntu1.3 libavahi-glib1 - 0.7-3.1ubuntu1.3 No subscription required Medium CVE-2021-3468 CVE-2021-3502 Ubuntu 18.04 LTS Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-15469) Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.04. (CVE-2020-29443) Cheolwoo Myung discovered that QEMU incorrectly handled SCSI device emulation. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-35504, CVE-2020-35505, CVE-2021-3392) Alex Xu discovered that QEMU incorrectly handled the virtio-fs shared file system daemon. An attacker inside the guest could possibly use this issue to read and write to host devices. This issue only affected Ubuntu 20.10. (CVE-2020-35517) It was discovered that QEMU incorrectly handled ARM Generic Interrupt Controller emulation. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-20221) Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, and Simon Werner discovered that QEMU incorrectly handled e1000 device emulation. An attacker inside the guest could possibly use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-20257) It was discovered that QEMU incorrectly handled SDHCI controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2021-3409) It was discovered that QEMU incorrectly handled certain NIC emulation devices. An attacker inside the guest could possibly use this issue to cause QEMU to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3416) Remy Noel discovered that QEMU incorrectly handled the USB redirector device. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. (CVE-2021-3527) It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3544) It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could possibly use this issue to obtain sensitive host information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3545) It was discovered that QEMU incorrectly handled the virtio vhost-user GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3546) It was discovered that QEMU incorrectly handled the PVRDMA device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, when QEMU is used in combination with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-3582, CVE-2021-3607, CVE-2021-3608) It was discovered that QEMU SLiRP networking incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595) Update Instructions: Run `sudo pro fix USN-5010-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.37 qemu-user-static - 1:2.11+dfsg-1ubuntu7.37 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.37 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.37 qemu-kvm - 1:2.11+dfsg-1ubuntu7.37 qemu-user - 1:2.11+dfsg-1ubuntu7.37 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.37 qemu-system - 1:2.11+dfsg-1ubuntu7.37 qemu-utils - 1:2.11+dfsg-1ubuntu7.37 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.37 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.37 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.37 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.37 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.37 qemu - 1:2.11+dfsg-1ubuntu7.37 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.37 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.37 No subscription required Medium CVE-2020-15469 CVE-2020-29443 CVE-2020-35504 CVE-2020-35505 CVE-2020-35517 CVE-2021-20221 CVE-2021-20257 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416 CVE-2021-3527 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3582 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3607 CVE-2021-3608 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, overlay text over another domain, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5011-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-szl - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 90.0+build1-0ubuntu0.18.04.1 firefox - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 90.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 90.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 90.0+build1-0ubuntu0.18.04.1 firefox-dev - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 90.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 90.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-29970 CVE-2021-29972 CVE-2021-29974 CVE-2021-29975 CVE-2021-29976 CVE-2021-29977 CVE-2021-30547 Ubuntu 18.04 LTS It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges. Update Instructions: Run `sudo pro fix USN-5012-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.5.2-0ubuntu1~18.04.2 golang-github-docker-containerd-dev - 1.5.2-0ubuntu1~18.04.2 golang-github-containerd-containerd-dev - 1.5.2-0ubuntu1~18.04.2 No subscription required High CVE-2021-32760 Ubuntu 18.04 LTS It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. (CVE-2021-33910) Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers. (CVE-2020-13529) Update Instructions: Run `sudo pro fix USN-5013-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.49 systemd-coredump - 237-3ubuntu10.49 systemd - 237-3ubuntu10.49 udev-udeb - 237-3ubuntu10.49 libsystemd0 - 237-3ubuntu10.49 systemd-container - 237-3ubuntu10.49 libnss-myhostname - 237-3ubuntu10.49 libudev1-udeb - 237-3ubuntu10.49 libudev1 - 237-3ubuntu10.49 libsystemd-dev - 237-3ubuntu10.49 libnss-systemd - 237-3ubuntu10.49 systemd-journal-remote - 237-3ubuntu10.49 libpam-systemd - 237-3ubuntu10.49 libnss-mymachines - 237-3ubuntu10.49 libnss-resolve - 237-3ubuntu10.49 systemd-sysv - 237-3ubuntu10.49 udev - 237-3ubuntu10.49 libudev-dev - 237-3ubuntu10.49 No subscription required High CVE-2020-13529 CVE-2021-33910 Ubuntu 18.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5014-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi2-5.3-headers-5.3.0-1042 - 5.3.0-1042.44 linux-modules-5.3.0-1042-raspi2 - 5.3.0-1042.44 linux-buildinfo-5.3.0-1042-raspi2 - 5.3.0-1042.44 linux-tools-5.3.0-1042-raspi2 - 5.3.0-1042.44 linux-image-5.3.0-1042-raspi2 - 5.3.0-1042.44 linux-raspi2-5.3-tools-5.3.0-1042 - 5.3.0-1042.44 linux-headers-5.3.0-1042-raspi2 - 5.3.0-1042.44 No subscription required linux-modules-extra-5.3.0-1045-gke - 5.3.0-1045.48 linux-buildinfo-5.3.0-1045-gke - 5.3.0-1045.48 linux-headers-5.3.0-1045-gke - 5.3.0-1045.48 linux-tools-5.3.0-1045-gke - 5.3.0-1045.48 linux-image-unsigned-5.3.0-1045-gke - 5.3.0-1045.48 linux-image-5.3.0-1045-gke - 5.3.0-1045.48 linux-modules-5.3.0-1045-gke - 5.3.0-1045.48 linux-gke-5.3-tools-5.3.0-1045 - 5.3.0-1045.48 linux-gke-5.3-headers-5.3.0-1045 - 5.3.0-1045.48 No subscription required vlan-modules-5.3.0-76-generic-di - 5.3.0-76.72 nic-shared-modules-5.3.0-76-generic-di - 5.3.0-76.72 md-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-source-5.3.0 - 5.3.0-76.72 plip-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-buildinfo-5.3.0-76-lowlatency - 5.3.0-76.72 sata-modules-5.3.0-76-generic-di - 5.3.0-76.72 ppp-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-modules-5.3.0-76-generic - 5.3.0-76.72 nic-pcmcia-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-image-5.3.0-76-lowlatency - 5.3.0-76.72 scsi-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-hwe-cloud-tools-5.3.0-76 - 5.3.0-76.72 multipath-modules-5.3.0-76-generic-di - 5.3.0-76.72 pcmcia-storage-modules-5.3.0-76-generic-di - 5.3.0-76.72 nfs-modules-5.3.0-76-generic-di - 5.3.0-76.72 floppy-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-modules-5.3.0-76-lowlatency - 5.3.0-76.72 kernel-signed-image-5.3.0-76-generic-di - 5.3.0-76.72 linux-tools-5.3.0-76-lowlatency - 5.3.0-76.72 linux-headers-5.3.0-76-lowlatency - 5.3.0-76.72 input-modules-5.3.0-76-generic-di - 5.3.0-76.72 fs-core-modules-5.3.0-76-generic-di - 5.3.0-76.72 mouse-modules-5.3.0-76-generic-di - 5.3.0-76.72 nic-usb-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-headers-5.3.0-76-generic - 5.3.0-76.72 fs-secondary-modules-5.3.0-76-generic-di - 5.3.0-76.72 usb-modules-5.3.0-76-generic-di - 5.3.0-76.72 virtio-modules-5.3.0-76-generic-di - 5.3.0-76.72 fb-modules-5.3.0-76-generic-di - 5.3.0-76.72 fat-modules-5.3.0-76-generic-di - 5.3.0-76.72 pata-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-hwe-headers-5.3.0-76 - 5.3.0-76.72 crypto-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-hwe-udebs-generic - 5.3.0-76.72 linux-cloud-tools-5.3.0-76-lowlatency - 5.3.0-76.72 message-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-modules-extra-5.3.0-76-generic - 5.3.0-76.72 serial-modules-5.3.0-76-generic-di - 5.3.0-76.72 block-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-image-unsigned-5.3.0-76-generic - 5.3.0-76.72 parport-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-hwe-tools-5.3.0-76 - 5.3.0-76.72 kernel-image-5.3.0-76-generic-di - 5.3.0-76.72 linux-cloud-tools-5.3.0-76-generic - 5.3.0-76.72 nic-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-buildinfo-5.3.0-76-generic - 5.3.0-76.72 storage-core-modules-5.3.0-76-generic-di - 5.3.0-76.72 firewire-core-modules-5.3.0-76-generic-di - 5.3.0-76.72 pcmcia-modules-5.3.0-76-generic-di - 5.3.0-76.72 linux-tools-5.3.0-76-generic - 5.3.0-76.72 linux-image-5.3.0-76-generic - 5.3.0-76.72 linux-image-unsigned-5.3.0-76-lowlatency - 5.3.0-76.72 ipmi-modules-5.3.0-76-generic-di - 5.3.0-76.72 No subscription required linux-tools-raspi2-hwe-18.04 - 5.3.0.1042.31 linux-raspi2-hwe-18.04 - 5.3.0.1042.31 linux-headers-raspi2-hwe-18.04 - 5.3.0.1042.31 linux-image-raspi2-hwe-18.04 - 5.3.0.1042.31 No subscription required linux-gke-5.3 - 5.3.0.1045.28 linux-image-gke-5.3 - 5.3.0.1045.28 linux-headers-gke-5.3 - 5.3.0.1045.28 linux-tools-gke-5.3 - 5.3.0.1045.28 linux-modules-extra-gke-5.3 - 5.3.0.1045.28 No subscription required linux-image-gkeop-5.3 - 5.3.0.76.133 linux-cloud-tools-gkeop-5.3 - 5.3.0.76.133 linux-gkeop-5.3 - 5.3.0.76.133 linux-modules-extra-gkeop-5.3 - 5.3.0.76.133 linux-tools-gkeop-5.3 - 5.3.0.76.133 linux-headers-gkeop-5.3 - 5.3.0.76.133 No subscription required High CVE-2021-33909 Ubuntu 18.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Update Instructions: Run `sudo pro fix USN-5017-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1021 - 5.4.0-1021.22~18.04.1 linux-image-unsigned-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-tools-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-headers-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-buildinfo-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-modules-extra-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1021.22~18.04.1 linux-gkeop-5.4-tools-5.4.0-1021 - 5.4.0-1021.22~18.04.1 linux-image-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 linux-gkeop-5.4-headers-5.4.0-1021 - 5.4.0-1021.22~18.04.1 linux-modules-5.4.0-1021-gkeop - 5.4.0-1021.22~18.04.1 No subscription required linux-image-5.4.0-1041-raspi - 5.4.0-1041.45~18.04.1 linux-buildinfo-5.4.0-1041-raspi - 5.4.0-1041.45~18.04.1 linux-tools-5.4.0-1041-raspi - 5.4.0-1041.45~18.04.1 linux-headers-5.4.0-1041-raspi - 5.4.0-1041.45~18.04.1 linux-raspi-5.4-headers-5.4.0-1041 - 5.4.0-1041.45~18.04.1 linux-modules-5.4.0-1041-raspi - 5.4.0-1041.45~18.04.1 linux-raspi-5.4-tools-5.4.0-1041 - 5.4.0-1041.45~18.04.1 No subscription required linux-image-unsigned-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-modules-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-headers-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-gke-5.4-headers-5.4.0-1049 - 5.4.0-1049.52~18.04.1 linux-buildinfo-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-image-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-tools-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-modules-extra-5.4.0-1049-gke - 5.4.0-1049.52~18.04.1 linux-gke-5.4-tools-5.4.0-1049 - 5.4.0-1049.52~18.04.1 No subscription required linux-gcp-5.4-tools-5.4.0-1049 - 5.4.0-1049.53~18.04.1 linux-gcp-5.4-headers-5.4.0-1049 - 5.4.0-1049.53~18.04.1 linux-modules-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-image-unsigned-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-image-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-tools-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-modules-extra-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-headers-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 linux-buildinfo-5.4.0-1049-gcp - 5.4.0-1049.53~18.04.1 No subscription required linux-image-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-buildinfo-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-modules-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-oracle-5.4-tools-5.4.0-1052 - 5.4.0-1052.56~18.04.1 linux-oracle-5.4-headers-5.4.0-1052 - 5.4.0-1052.56~18.04.1 linux-image-unsigned-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-headers-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-modules-extra-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 linux-tools-5.4.0-1052-oracle - 5.4.0-1052.56~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1054 - 5.4.0-1054.57~18.04.1 linux-buildinfo-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-image-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-headers-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-tools-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-cloud-tools-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-aws-5.4-tools-5.4.0-1054 - 5.4.0-1054.57~18.04.1 linux-modules-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1054 - 5.4.0-1054.57~18.04.1 linux-modules-extra-5.4.0-1054-aws - 5.4.0-1054.57~18.04.1 No subscription required linux-headers-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-azure-5.4-headers-5.4.0-1055 - 5.4.0-1055.57~18.04.1 linux-azure-5.4-tools-5.4.0-1055 - 5.4.0-1055.57~18.04.1 linux-modules-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-tools-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-modules-extra-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-cloud-tools-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1055 - 5.4.0-1055.57~18.04.1 linux-image-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-buildinfo-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 linux-image-unsigned-5.4.0-1055-azure - 5.4.0-1055.57~18.04.1 No subscription required parport-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-headers-5.4.0-80-generic-lpae - 5.4.0-80.90~18.04.1 nic-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 parport-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-80.90~18.04.1 linux-hwe-5.4-tools-5.4.0-80 - 5.4.0-80.90~18.04.1 crypto-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 linux-modules-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 linux-image-5.4.0-80-generic-lpae - 5.4.0-80.90~18.04.1 pcmcia-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-hwe-5.4-udebs-generic-lpae - 5.4.0-80.90~18.04.1 scsi-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 fs-secondary-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 input-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 nic-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 linux-image-unsigned-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 virtio-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-modules-5.4.0-80-generic-lpae - 5.4.0-80.90~18.04.1 linux-cloud-tools-5.4.0-80-generic - 5.4.0-80.90~18.04.1 fb-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 crypto-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 fat-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-hwe-5.4-udebs-generic - 5.4.0-80.90~18.04.1 linux-image-5.4.0-80-generic - 5.4.0-80.90~18.04.1 ipmi-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 pata-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 block-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-tools-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 linux-cloud-tools-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 nfs-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 storage-core-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 linux-modules-5.4.0-80-generic - 5.4.0-80.90~18.04.1 fs-core-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 dasd-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 md-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 kernel-image-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 usb-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 serial-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-hwe-5.4-headers-5.4.0-80 - 5.4.0-80.90~18.04.1 vlan-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-buildinfo-5.4.0-80-generic - 5.4.0-80.90~18.04.1 ipmi-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 fat-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 usb-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 nic-shared-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 message-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-tools-5.4.0-80-generic-lpae - 5.4.0-80.90~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-80.90~18.04.1 floppy-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 pcmcia-storage-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 kernel-signed-image-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 mouse-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 sata-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 mouse-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 multipath-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 scsi-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 kernel-image-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 dasd-extra-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 fs-core-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-image-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 linux-buildinfo-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 linux-modules-extra-5.4.0-80-generic - 5.4.0-80.90~18.04.1 linux-buildinfo-5.4.0-80-generic-lpae - 5.4.0-80.90~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-80.90~18.04.1 linux-tools-5.4.0-80-generic - 5.4.0-80.90~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-80 - 5.4.0-80.90~18.04.1 ppp-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 nic-shared-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-headers-5.4.0-80-generic - 5.4.0-80.90~18.04.1 plip-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 sata-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 storage-core-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 block-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 nfs-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 input-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 vlan-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 fs-secondary-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 ppp-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 plip-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 md-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 nic-usb-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 firewire-core-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 multipath-modules-5.4.0-80-generic-lpae-di - 5.4.0-80.90~18.04.1 nic-usb-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 linux-headers-5.4.0-80-lowlatency - 5.4.0-80.90~18.04.1 linux-image-unsigned-5.4.0-80-generic - 5.4.0-80.90~18.04.1 nic-pcmcia-modules-5.4.0-80-generic-di - 5.4.0-80.90~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1021.22~18.04.22 linux-cloud-tools-gkeop-5.4 - 5.4.0.1021.22~18.04.22 linux-modules-extra-gkeop-5.4 - 5.4.0.1021.22~18.04.22 linux-tools-gkeop-5.4 - 5.4.0.1021.22~18.04.22 linux-headers-gkeop-5.4 - 5.4.0.1021.22~18.04.22 linux-gkeop-5.4 - 5.4.0.1021.22~18.04.22 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1041.44 linux-headers-raspi-hwe-18.04 - 5.4.0.1041.44 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1041.44 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1041.44 linux-raspi-hwe-18.04 - 5.4.0.1041.44 linux-image-raspi-hwe-18.04-edge - 5.4.0.1041.44 linux-tools-raspi-hwe-18.04 - 5.4.0.1041.44 linux-raspi-hwe-18.04-edge - 5.4.0.1041.44 No subscription required linux-image-gcp-edge - 5.4.0.1049.36 linux-tools-gcp-edge - 5.4.0.1049.36 linux-headers-gcp-edge - 5.4.0.1049.36 linux-modules-extra-gcp - 5.4.0.1049.36 linux-modules-extra-gcp-edge - 5.4.0.1049.36 linux-tools-gcp - 5.4.0.1049.36 linux-gcp - 5.4.0.1049.36 linux-headers-gcp - 5.4.0.1049.36 linux-image-gcp - 5.4.0.1049.36 linux-gcp-edge - 5.4.0.1049.36 No subscription required linux-headers-gke-5.4 - 5.4.0.1049.52~18.04.15 linux-tools-gke-5.4 - 5.4.0.1049.52~18.04.15 linux-modules-extra-gke-5.4 - 5.4.0.1049.52~18.04.15 linux-gke-5.4 - 5.4.0.1049.52~18.04.15 linux-image-gke-5.4 - 5.4.0.1049.52~18.04.15 No subscription required linux-headers-oracle - 5.4.0.1052.56~18.04.32 linux-tools-oracle - 5.4.0.1052.56~18.04.32 linux-signed-image-oracle - 5.4.0.1052.56~18.04.32 linux-signed-oracle - 5.4.0.1052.56~18.04.32 linux-tools-oracle-edge - 5.4.0.1052.56~18.04.32 linux-oracle-edge - 5.4.0.1052.56~18.04.32 linux-modules-extra-oracle-edge - 5.4.0.1052.56~18.04.32 linux-image-oracle-edge - 5.4.0.1052.56~18.04.32 linux-modules-extra-oracle - 5.4.0.1052.56~18.04.32 linux-signed-oracle-edge - 5.4.0.1052.56~18.04.32 linux-signed-image-oracle-edge - 5.4.0.1052.56~18.04.32 linux-headers-oracle-edge - 5.4.0.1052.56~18.04.32 linux-image-oracle - 5.4.0.1052.56~18.04.32 linux-oracle - 5.4.0.1052.56~18.04.32 No subscription required linux-headers-aws - 5.4.0.1054.37 linux-image-aws - 5.4.0.1054.37 linux-aws-edge - 5.4.0.1054.37 linux-modules-extra-aws-edge - 5.4.0.1054.37 linux-headers-aws-edge - 5.4.0.1054.37 linux-aws - 5.4.0.1054.37 linux-modules-extra-aws - 5.4.0.1054.37 linux-tools-aws - 5.4.0.1054.37 linux-tools-aws-edge - 5.4.0.1054.37 linux-image-aws-edge - 5.4.0.1054.37 No subscription required linux-cloud-tools-azure - 5.4.0.1055.35 linux-tools-azure - 5.4.0.1055.35 linux-image-azure-edge - 5.4.0.1055.35 linux-tools-azure-edge - 5.4.0.1055.35 linux-cloud-tools-azure-edge - 5.4.0.1055.35 linux-modules-extra-azure - 5.4.0.1055.35 linux-signed-image-azure - 5.4.0.1055.35 linux-azure - 5.4.0.1055.35 linux-image-azure - 5.4.0.1055.35 linux-signed-azure - 5.4.0.1055.35 linux-signed-image-azure-edge - 5.4.0.1055.35 linux-azure-edge - 5.4.0.1055.35 linux-modules-extra-azure-edge - 5.4.0.1055.35 linux-headers-azure-edge - 5.4.0.1055.35 linux-signed-azure-edge - 5.4.0.1055.35 linux-headers-azure - 5.4.0.1055.35 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-headers-snapdragon-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-generic-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-image-snapdragon-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-generic-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-snapdragon-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-oem - 5.4.0.80.90~18.04.72 linux-headers-lowlatency-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-lowlatency-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-oem-osp1 - 5.4.0.80.90~18.04.72 linux-headers-oem - 5.4.0.80.90~18.04.72 linux-snapdragon-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-image-generic-lpae-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-lowlatency-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-headers-generic-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-headers-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-snapdragon-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-headers-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-generic-lpae-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-extra-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-oem-osp1 - 5.4.0.80.90~18.04.72 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-generic-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-lowlatency-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-generic-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-generic-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-oem - 5.4.0.80.90~18.04.72 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-oem - 5.4.0.80.90~18.04.72 linux-headers-oem-osp1 - 5.4.0.80.90~18.04.72 linux-generic-lpae-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-headers-generic-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-oem-osp1 - 5.4.0.80.90~18.04.72 linux-image-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-lowlatency-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-virtual-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.80.90~18.04.72 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-tools-generic-hwe-18.04 - 5.4.0.80.90~18.04.72 linux-image-virtual-hwe-18.04-edge - 5.4.0.80.90~18.04.72 No subscription required High CVE-2020-26558 CVE-2021-0129 CVE-2021-33909 Ubuntu 18.04 LTS It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update Instructions: Run `sudo pro fix USN-5018-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1078-oracle - 4.15.0-1078.86 linux-image-unsigned-4.15.0-1078-oracle - 4.15.0-1078.86 linux-modules-4.15.0-1078-oracle - 4.15.0-1078.86 linux-modules-extra-4.15.0-1078-oracle - 4.15.0-1078.86 linux-oracle-headers-4.15.0-1078 - 4.15.0-1078.86 linux-headers-4.15.0-1078-oracle - 4.15.0-1078.86 linux-oracle-tools-4.15.0-1078 - 4.15.0-1078.86 linux-tools-4.15.0-1078-oracle - 4.15.0-1078.86 linux-buildinfo-4.15.0-1078-oracle - 4.15.0-1078.86 No subscription required linux-buildinfo-4.15.0-1092-raspi2 - 4.15.0-1092.98 linux-raspi2-tools-4.15.0-1092 - 4.15.0-1092.98 linux-image-4.15.0-1092-raspi2 - 4.15.0-1092.98 linux-tools-4.15.0-1092-raspi2 - 4.15.0-1092.98 linux-raspi2-headers-4.15.0-1092 - 4.15.0-1092.98 linux-modules-4.15.0-1092-raspi2 - 4.15.0-1092.98 linux-headers-4.15.0-1092-raspi2 - 4.15.0-1092.98 No subscription required linux-image-4.15.0-1097-kvm - 4.15.0-1097.99 linux-headers-4.15.0-1097-kvm - 4.15.0-1097.99 linux-buildinfo-4.15.0-1097-kvm - 4.15.0-1097.99 linux-tools-4.15.0-1097-kvm - 4.15.0-1097.99 linux-kvm-headers-4.15.0-1097 - 4.15.0-1097.99 linux-kvm-tools-4.15.0-1097 - 4.15.0-1097.99 linux-modules-4.15.0-1097-kvm - 4.15.0-1097.99 No subscription required linux-tools-4.15.0-1106-gcp - 4.15.0-1106.120 linux-modules-4.15.0-1106-gcp - 4.15.0-1106.120 linux-buildinfo-4.15.0-1106-gcp - 4.15.0-1106.120 linux-gcp-4.15-tools-4.15.0-1106 - 4.15.0-1106.120 linux-image-unsigned-4.15.0-1106-gcp - 4.15.0-1106.120 linux-headers-4.15.0-1106-gcp - 4.15.0-1106.120 linux-modules-extra-4.15.0-1106-gcp - 4.15.0-1106.120 linux-image-4.15.0-1106-gcp - 4.15.0-1106.120 linux-gcp-4.15-headers-4.15.0-1106 - 4.15.0-1106.120 No subscription required linux-headers-4.15.0-1109-aws - 4.15.0-1109.116 linux-cloud-tools-4.15.0-1109-aws - 4.15.0-1109.116 linux-modules-extra-4.15.0-1109-aws - 4.15.0-1109.116 linux-tools-4.15.0-1109-aws - 4.15.0-1109.116 linux-modules-4.15.0-1109-aws - 4.15.0-1109.116 linux-aws-tools-4.15.0-1109 - 4.15.0-1109.116 linux-aws-headers-4.15.0-1109 - 4.15.0-1109.116 linux-buildinfo-4.15.0-1109-aws - 4.15.0-1109.116 linux-aws-cloud-tools-4.15.0-1109 - 4.15.0-1109.116 linux-image-4.15.0-1109-aws - 4.15.0-1109.116 No subscription required linux-snapdragon-tools-4.15.0-1109 - 4.15.0-1109.118 linux-modules-4.15.0-1109-snapdragon - 4.15.0-1109.118 linux-image-4.15.0-1109-snapdragon - 4.15.0-1109.118 linux-buildinfo-4.15.0-1109-snapdragon - 4.15.0-1109.118 linux-headers-4.15.0-1109-snapdragon - 4.15.0-1109.118 linux-tools-4.15.0-1109-snapdragon - 4.15.0-1109.118 linux-snapdragon-headers-4.15.0-1109 - 4.15.0-1109.118 No subscription required linux-headers-4.15.0-1121-azure - 4.15.0-1121.134 linux-cloud-tools-4.15.0-1121-azure - 4.15.0-1121.134 linux-image-unsigned-4.15.0-1121-azure - 4.15.0-1121.134 linux-azure-4.15-tools-4.15.0-1121 - 4.15.0-1121.134 linux-azure-4.15-headers-4.15.0-1121 - 4.15.0-1121.134 linux-image-4.15.0-1121-azure - 4.15.0-1121.134 linux-tools-4.15.0-1121-azure - 4.15.0-1121.134 linux-modules-extra-4.15.0-1121-azure - 4.15.0-1121.134 linux-modules-4.15.0-1121-azure - 4.15.0-1121.134 linux-buildinfo-4.15.0-1121-azure - 4.15.0-1121.134 linux-azure-4.15-cloud-tools-4.15.0-1121 - 4.15.0-1121.134 No subscription required nic-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 usb-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-udebs-generic-lpae - 4.15.0-151.157 linux-tools-common - 4.15.0-151.157 mouse-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 block-modules-4.15.0-151-generic-di - 4.15.0-151.157 plip-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-buildinfo-4.15.0-151-generic - 4.15.0-151.157 pcmcia-modules-4.15.0-151-generic-di - 4.15.0-151.157 ipmi-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 fat-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-cloud-tools-4.15.0-151 - 4.15.0-151.157 linux-tools-4.15.0-151-generic - 4.15.0-151.157 kernel-signed-image-4.15.0-151-generic-di - 4.15.0-151.157 linux-tools-host - 4.15.0-151.157 linux-tools-4.15.0-151-lowlatency - 4.15.0-151.157 virtio-modules-4.15.0-151-generic-di - 4.15.0-151.157 kernel-image-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-doc - 4.15.0-151.157 linux-image-4.15.0-151-generic - 4.15.0-151.157 nic-modules-4.15.0-151-generic-di - 4.15.0-151.157 fs-core-modules-4.15.0-151-generic-di - 4.15.0-151.157 crypto-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-cloud-tools-4.15.0-151-lowlatency - 4.15.0-151.157 linux-modules-4.15.0-151-generic-lpae - 4.15.0-151.157 input-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-image-4.15.0-151-lowlatency - 4.15.0-151.157 md-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 input-modules-4.15.0-151-generic-di - 4.15.0-151.157 ppp-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 serial-modules-4.15.0-151-generic-di - 4.15.0-151.157 firewire-core-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-headers-4.15.0-151 - 4.15.0-151.157 nfs-modules-4.15.0-151-generic-di - 4.15.0-151.157 plip-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 nic-pcmcia-modules-4.15.0-151-generic-di - 4.15.0-151.157 nic-usb-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-modules-4.15.0-151-generic - 4.15.0-151.157 fs-core-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 floppy-modules-4.15.0-151-generic-di - 4.15.0-151.157 pcmcia-storage-modules-4.15.0-151-generic-di - 4.15.0-151.157 sata-modules-4.15.0-151-generic-di - 4.15.0-151.157 vlan-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 fs-secondary-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 dasd-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-tools-4.15.0-151-generic-lpae - 4.15.0-151.157 fat-modules-4.15.0-151-generic-di - 4.15.0-151.157 ipmi-modules-4.15.0-151-generic-di - 4.15.0-151.157 message-modules-4.15.0-151-generic-di - 4.15.0-151.157 scsi-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 irda-modules-4.15.0-151-generic-di - 4.15.0-151.157 sata-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 scsi-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-modules-4.15.0-151-lowlatency - 4.15.0-151.157 irda-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 dasd-extra-modules-4.15.0-151-generic-di - 4.15.0-151.157 usb-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-modules-extra-4.15.0-151-generic - 4.15.0-151.157 fb-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-tools-4.15.0-151 - 4.15.0-151.157 linux-headers-4.15.0-151-generic - 4.15.0-151.157 nfs-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-headers-4.15.0-151-generic-lpae - 4.15.0-151.157 storage-core-modules-4.15.0-151-generic-di - 4.15.0-151.157 multipath-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-cloud-tools-common - 4.15.0-151.157 linux-headers-4.15.0-151-lowlatency - 4.15.0-151.157 linux-udebs-generic - 4.15.0-151.157 crypto-modules-4.15.0-151-generic-di - 4.15.0-151.157 pata-modules-4.15.0-151-generic-di - 4.15.0-151.157 vlan-modules-4.15.0-151-generic-di - 4.15.0-151.157 ppp-modules-4.15.0-151-generic-di - 4.15.0-151.157 mouse-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-image-unsigned-4.15.0-151-generic - 4.15.0-151.157 block-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-image-unsigned-4.15.0-151-lowlatency - 4.15.0-151.157 nic-usb-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 fs-secondary-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-libc-dev - 4.15.0-151.157 linux-buildinfo-4.15.0-151-generic-lpae - 4.15.0-151.157 nic-shared-modules-4.15.0-151-generic-di - 4.15.0-151.157 linux-buildinfo-4.15.0-151-lowlatency - 4.15.0-151.157 linux-source-4.15.0 - 4.15.0-151.157 linux-cloud-tools-4.15.0-151-generic - 4.15.0-151.157 storage-core-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 md-modules-4.15.0-151-generic-di - 4.15.0-151.157 parport-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae - 4.15.0-151.157 parport-modules-4.15.0-151-generic-di - 4.15.0-151.157 nic-shared-modules-4.15.0-151-generic-lpae-di - 4.15.0-151.157 kernel-image-4.15.0-151-generic-di - 4.15.0-151.157 multipath-modules-4.15.0-151-generic-di - 4.15.0-151.157 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1078.88 linux-oracle-lts-18.04 - 4.15.0.1078.88 linux-tools-oracle-lts-18.04 - 4.15.0.1078.88 linux-signed-oracle-lts-18.04 - 4.15.0.1078.88 linux-headers-oracle-lts-18.04 - 4.15.0.1078.88 linux-signed-image-oracle-lts-18.04 - 4.15.0.1078.88 No subscription required linux-raspi2 - 4.15.0.1092.90 linux-headers-raspi2 - 4.15.0.1092.90 linux-image-raspi2 - 4.15.0.1092.90 linux-tools-raspi2 - 4.15.0.1092.90 No subscription required linux-kvm - 4.15.0.1097.93 linux-headers-kvm - 4.15.0.1097.93 linux-image-kvm - 4.15.0.1097.93 linux-tools-kvm - 4.15.0.1097.93 No subscription required linux-gcp-lts-18.04 - 4.15.0.1106.125 linux-tools-gcp-lts-18.04 - 4.15.0.1106.125 linux-image-gcp-lts-18.04 - 4.15.0.1106.125 linux-headers-gcp-lts-18.04 - 4.15.0.1106.125 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1106.125 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1109.112 linux-snapdragon - 4.15.0.1109.112 linux-headers-aws-lts-18.04 - 4.15.0.1109.112 linux-headers-snapdragon - 4.15.0.1109.112 linux-tools-snapdragon - 4.15.0.1109.112 linux-aws-lts-18.04 - 4.15.0.1109.112 linux-modules-extra-aws-lts-18.04 - 4.15.0.1109.112 linux-image-snapdragon - 4.15.0.1109.112 linux-tools-aws-lts-18.04 - 4.15.0.1109.112 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1121.94 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1121.94 linux-tools-azure-lts-18.04 - 4.15.0.1121.94 linux-headers-azure-lts-18.04 - 4.15.0.1121.94 linux-signed-image-azure-lts-18.04 - 4.15.0.1121.94 linux-azure-lts-18.04 - 4.15.0.1121.94 linux-signed-azure-lts-18.04 - 4.15.0.1121.94 linux-image-azure-lts-18.04 - 4.15.0.1121.94 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-headers-generic-lpae - 4.15.0.151.139 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-image-extra-virtual-hwe-16.04 - 4.15.0.151.139 linux-image-virtual - 4.15.0.151.139 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.151.139 linux-signed-lowlatency - 4.15.0.151.139 linux-image-generic - 4.15.0.151.139 linux-headers-generic-hwe-16.04-edge - 4.15.0.151.139 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.151.139 linux-generic-lpae-hwe-16.04 - 4.15.0.151.139 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-image-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-generic-lpae-hwe-16.04-edge - 4.15.0.151.139 linux-signed-image-lowlatency - 4.15.0.151.139 linux-signed-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-crashdump - 4.15.0.151.139 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.151.139 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.151.139 linux-source - 4.15.0.151.139 linux-signed-image-generic - 4.15.0.151.139 linux-lowlatency - 4.15.0.151.139 linux-tools-generic-lpae - 4.15.0.151.139 linux-cloud-tools-generic - 4.15.0.151.139 linux-generic-hwe-16.04-edge - 4.15.0.151.139 linux-virtual - 4.15.0.151.139 linux-headers-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.151.139 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-tools-generic-hwe-16.04 - 4.15.0.151.139 linux-tools-virtual - 4.15.0.151.139 linux-signed-generic-hwe-16.04-edge - 4.15.0.151.139 linux-cloud-tools-virtual - 4.15.0.151.139 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-generic-lpae - 4.15.0.151.139 linux-generic - 4.15.0.151.139 linux-signed-image-generic-hwe-16.04 - 4.15.0.151.139 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.151.139 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-headers-lowlatency - 4.15.0.151.139 linux-headers-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-generic-hwe-16.04 - 4.15.0.151.139 linux-tools-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-image-generic-lpae - 4.15.0.151.139 linux-tools-generic - 4.15.0.151.139 linux-tools-virtual-hwe-16.04 - 4.15.0.151.139 linux-virtual-hwe-16.04 - 4.15.0.151.139 linux-image-extra-virtual - 4.15.0.151.139 linux-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-cloud-tools-lowlatency - 4.15.0.151.139 linux-image-generic-hwe-16.04 - 4.15.0.151.139 linux-image-generic-hwe-16.04-edge - 4.15.0.151.139 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-image-generic-lpae-hwe-16.04 - 4.15.0.151.139 linux-virtual-hwe-16.04-edge - 4.15.0.151.139 linux-tools-lowlatency-hwe-16.04 - 4.15.0.151.139 linux-signed-generic-hwe-16.04 - 4.15.0.151.139 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.151.139 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.151.139 linux-headers-generic - 4.15.0.151.139 linux-headers-virtual-hwe-16.04 - 4.15.0.151.139 linux-tools-lowlatency - 4.15.0.151.139 linux-image-virtual-hwe-16.04 - 4.15.0.151.139 linux-headers-generic-hwe-16.04 - 4.15.0.151.139 linux-headers-virtual - 4.15.0.151.139 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.151.139 linux-signed-generic - 4.15.0.151.139 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.151.139 linux-tools-generic-hwe-16.04-edge - 4.15.0.151.139 linux-image-lowlatency - 4.15.0.151.139 No subscription required High CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2021-0129 CVE-2021-23134 CVE-2021-31829 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-33909 Ubuntu 18.04 LTS It was discovered that an assert() could be triggered in the NVIDIA graphics drivers. A local attacker could use this to cause a denial of service. (CVE-2021-1093) It was discovered that the NVIDIA graphics drivers permitted an out-of-bounds array access. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1094) It was discovered that the NVIDIA graphics drivers contained a vulnerability in the kernel mode layer where they did not properly control calls with embedded parameters in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1095) Update Instructions: Run `sudo pro fix USN-5019-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-compute-utils-390 - 390.144-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.144-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.144-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.144-0ubuntu0.18.04.1 nvidia-utils-390 - 390.144-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.144-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.144-0ubuntu0.18.04.1 nvidia-driver-390 - 390.144-0ubuntu0.18.04.1 nvidia-384-dev - 390.144-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.144-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.144-0ubuntu0.18.04.1 nvidia-384 - 390.144-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.144-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.144-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.144-0ubuntu0.18.04.1 nvidia-headless-390 - 390.144-0ubuntu0.18.04.1 libnvidia-common-390 - 390.144-0ubuntu0.18.04.1 libcuda1-384 - 390.144-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.144-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.144-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.144-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.144-0ubuntu0.18.04.1 No subscription required xserver-xorg-video-nvidia-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-headless-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-kernel-common-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-gl-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-decode-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-ifr1-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-compute-utils-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-fbc1-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-driver-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-utils-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-common-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-compute-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-headless-no-dkms-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-encode-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-kernel-source-418-server - 418.211.00-0ubuntu0.18.04.1 libnvidia-cfg1-418-server - 418.211.00-0ubuntu0.18.04.1 nvidia-dkms-418-server - 418.211.00-0ubuntu0.18.04.1 No subscription required libnvidia-compute-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-ifr1-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-driver-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-decode-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-headless-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-gl-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-common-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-common-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-extra-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-utils-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-utils-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-headless-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-cfg1-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-kernel-common-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-encode-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-dkms-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-kernel-source-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-encode-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-driver-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-compute-utils-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-cfg1-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-fbc1-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-kernel-source-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-kernel-common-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440-server - 450.142.00-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440-server - 450.142.00-0ubuntu0.18.04.1 nvidia-dkms-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-ifr1-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-fbc1-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450-server - 450.142.00-0ubuntu0.18.04.1 nvidia-compute-utils-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-compute-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-decode-450-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-extra-440-server - 450.142.00-0ubuntu0.18.04.1 libnvidia-gl-440-server - 450.142.00-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450-server - 450.142.00-0ubuntu0.18.04.1 No subscription required libnvidia-common-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-gl-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-utils-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-encode-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-fbc1-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-fbc1-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-source-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-compute-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-gl-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-common-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-common-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-cfg1-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-encode-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-gl-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-compute-utils-460 - 460.91.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-common-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-cfg1-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-cfg1-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-utils-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-decode-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-driver-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-compute-460 - 460.91.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-ifr1-460-server - 460.91.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-driver-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-fbc1-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-source-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-encode-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-common-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-common-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-dkms-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-extra-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-compute-utils-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-compute-utils-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-common-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-decode-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-dkms-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-extra-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-driver-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-fbc1-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-source-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-source-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-compute-utils-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-ifr1-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-ifr1-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-decode-460 - 460.91.03-0ubuntu0.18.04.1 libnvidia-encode-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-kernel-common-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-utils-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-utils-455 - 460.91.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-gl-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-cfg1-460-server - 460.91.03-0ubuntu0.18.04.1 libnvidia-decode-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-ifr1-460 - 460.91.03-0ubuntu0.18.04.1 nvidia-dkms-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460-server - 460.91.03-0ubuntu0.18.04.1 nvidia-dkms-455 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-headless-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-compute-450 - 460.91.03-0ubuntu0.18.04.1 libnvidia-extra-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-compute-455 - 460.91.03-0ubuntu0.18.04.1 libnvidia-extra-450 - 460.91.03-0ubuntu0.18.04.1 nvidia-driver-460-server - 460.91.03-0ubuntu0.18.04.1 No subscription required libnvidia-common-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-cfg1-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-ifr1-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-headless-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-gl-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-gl-465 - 470.57.02-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-cfg1-465 - 470.57.02-0ubuntu0.18.04.1 nvidia-headless-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-compute-utils-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-compute-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-kernel-common-465 - 470.57.02-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-465 - 470.57.02-0ubuntu0.18.04.1 nvidia-utils-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-encode-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-compute-465 - 470.57.02-0ubuntu0.18.04.1 nvidia-compute-utils-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-kernel-common-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-utils-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-kernel-source-465 - 470.57.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-encode-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-dkms-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-extra-465 - 470.57.02-0ubuntu0.18.04.1 nvidia-kernel-source-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-driver-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-dkms-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-fbc1-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-extra-470 - 470.57.02-0ubuntu0.18.04.1 nvidia-driver-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-decode-465 - 470.57.02-0ubuntu0.18.04.1 libnvidia-fbc1-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-common-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-decode-470 - 470.57.02-0ubuntu0.18.04.1 libnvidia-ifr1-465 - 470.57.02-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-1093 CVE-2021-1094 CVE-2021-1095 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-31799) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to conduct port scans and service banner extractions. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to perform machine-in-the-middle attackers to bypass the TLS protection. (CVE-2021-32066) Update Instructions: Run `sudo pro fix USN-5020-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.10 ruby2.5 - 2.5.1-1ubuntu1.10 ruby2.5-doc - 2.5.1-1ubuntu1.10 libruby2.5 - 2.5.1-1ubuntu1.10 No subscription required Medium CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 Ubuntu 18.04 LTS Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925) Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924) Update Instructions: Run `sudo pro fix USN-5021-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.14 libcurl4-openssl-dev - 7.58.0-2ubuntu3.14 libcurl3-gnutls - 7.58.0-2ubuntu3.14 libcurl4-doc - 7.58.0-2ubuntu3.14 libcurl3-nss - 7.58.0-2ubuntu3.14 libcurl4-nss-dev - 7.58.0-2ubuntu3.14 libcurl4 - 7.58.0-2ubuntu3.14 curl - 7.58.0-2ubuntu3.14 No subscription required Medium CVE-2021-22898 CVE-2021-22924 CVE-2021-22925 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.26 in Ubuntu 20.04 LTS and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.35. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html https://www.oracle.com/security-alerts/cpujul2021.html Update Instructions: Run `sudo pro fix USN-5022-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.35-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.35-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.35-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.35-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.35-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.35-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.35-0ubuntu0.18.04.1 mysql-server - 5.7.35-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.35-0ubuntu0.18.04.1 mysql-testsuite - 5.7.35-0ubuntu0.18.04.1 libmysqld-dev - 5.7.35-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.35-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-2339 CVE-2021-2340 CVE-2021-2342 CVE-2021-2352 CVE-2021-2354 CVE-2021-2356 CVE-2021-2357 CVE-2021-2367 CVE-2021-2370 CVE-2021-2372 CVE-2021-2374 CVE-2021-2383 CVE-2021-2384 CVE-2021-2385 CVE-2021-2387 CVE-2021-2389 CVE-2021-2390 CVE-2021-2399 CVE-2021-2402 CVE-2021-2410 CVE-2021-2417 CVE-2021-2418 CVE-2021-2422 CVE-2021-2424 CVE-2021-2425 CVE-2021-2426 CVE-2021-2427 CVE-2021-2429 CVE-2021-2437 CVE-2021-2440 CVE-2021-2441 Ubuntu 18.04 LTS It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-5023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaspell15 - 0.60.7~20110707-4ubuntu0.2 aspell-doc - 0.60.7~20110707-4ubuntu0.2 aspell - 0.60.7~20110707-4ubuntu0.2 libpspell-dev - 0.60.7~20110707-4ubuntu0.2 libaspell-dev - 0.60.7~20110707-4ubuntu0.2 No subscription required Medium CVE-2019-25051 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5024-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.32.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.32.3-0ubuntu0.18.04.1 webkit2gtk-driver - 2.32.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.32.3-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.32.3-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.32.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.32.3-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 Ubuntu 18.04 LTS It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5025-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.28-4ubuntu0.18.04.2 libsndfile1-dev - 1.0.28-4ubuntu0.18.04.2 sndfile-programs - 1.0.28-4ubuntu0.18.04.2 No subscription required Medium CVE-2021-3246 Ubuntu 18.04 LTS It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-18020) It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36978) Update Instructions: Run `sudo pro fix USN-5026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqpdf-dev - 8.0.2-3ubuntu0.1 qpdf - 8.0.2-3ubuntu0.1 libqpdf21 - 8.0.2-3ubuntu0.1 No subscription required Medium CVE-2018-18020 CVE-2021-36978 Ubuntu 18.04 LTS It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5027-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-pear - 1:1.10.5+submodules+notgz-1ubuntu1.18.04.4 No subscription required Medium CVE-2021-32610 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.10 libexiv2-14 - 0.25-3.1ubuntu0.18.04.10 libexiv2-doc - 0.25-3.1ubuntu0.18.04.10 libexiv2-dev - 0.25-3.1ubuntu0.18.04.10 No subscription required None Ubuntu 18.04 LTS It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2014-10402) It was discovered that the Perl DBI module incorrectly handled certain long strings. A local attacker could possibly use this issue to cause the DBI module to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-14393) Update Instructions: Run `sudo pro fix USN-5030-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libdbi-perl - 1.640-1ubuntu0.3 No subscription required Medium CVE-2014-10402 CVE-2020-14393 Ubuntu 18.04 LTS Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them. Update Instructions: Run `sudo pro fix USN-5032-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 20.10.7-0ubuntu1~18.04.1 docker.io - 20.10.7-0ubuntu1~18.04.1 golang-docker-dev - 20.10.7-0ubuntu1~18.04.1 vim-syntax-docker - 20.10.7-0ubuntu1~18.04.1 docker-doc - 20.10.7-0ubuntu1~18.04.1 No subscription required None https://launchpad.net/bugs/1938908 Ubuntu 18.04 LTS Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks. Update Instructions: Run `sudo pro fix USN-5034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.14.0-1ubuntu0.1 libc-ares-dev - 1.14.0-1ubuntu0.1 No subscription required Medium CVE-2021-3672 Ubuntu 18.04 LTS It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-8955) It was discovered that Tor did not properly handle the input length to dump_desc() function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-28089) It was discovered that Tor did not properly sanitize the relay nickname in dirvote_add_signatures_to_pending_consensus() function. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. (CVE-2021-28090) It was discovered that Tor did not properly validate the layer hint on half-open streams. A remote attacker could possibly use this issue to bypass the access control, leading to remote code execution. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-34548) It was discovered that Tor was using an insecure hash function. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34549) It was discovered that Tor did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted request, a remote attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly reading sensitive data. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-34550) It was discovered that Tor mishandles the relationship between batch-signature verification and single-signature verification. An attacker could possibly use this issue to cause an assertion failure and then cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-38385) Update Instructions: Run `sudo pro fix USN-5036-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tor - 0.3.2.10-1ubuntu0.2~esm2 tor-geoipdb - 0.3.2.10-1ubuntu0.2~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-8955 CVE-2021-28089 CVE-2021-28090 CVE-2021-34548 CVE-2021-34549 CVE-2021-34550 CVE-2021-38385 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 91.0+build2-0ubuntu0.18.04.1 firefox - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 91.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 91.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 91.0+build2-0ubuntu0.18.04.1 firefox-dev - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 91.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 91.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 Ubuntu 18.04 LTS USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5037-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 91.0.2+build1-0ubuntu0.18.04.1 firefox - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 91.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 91.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 91.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 91.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 91.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1941496 Ubuntu 18.04 LTS It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3677) It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449) Update Instructions: Run `sudo pro fix USN-5038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.18-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.18-0ubuntu0.18.04.1 libecpg6 - 10.18-0ubuntu0.18.04.1 libpq-dev - 10.18-0ubuntu0.18.04.1 libpgtypes3 - 10.18-0ubuntu0.18.04.1 postgresql-10 - 10.18-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.18-0ubuntu0.18.04.1 libecpg-dev - 10.18-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.18-0ubuntu0.18.04.1 libpq5 - 10.18-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.18-0ubuntu0.18.04.1 postgresql-doc-10 - 10.18-0ubuntu0.18.04.1 postgresql-client-10 - 10.18-0ubuntu0.18.04.1 libecpg-compat3 - 10.18-0ubuntu0.18.04.1 No subscription required High CVE-2021-3449 CVE-2021-3677 Ubuntu 18.04 LTS It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622) It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-34335, CVE-2021-37615, CVE-2021-37616, CVE-2021-37618, CVE-2021-37619, CVE-2021-37621, CVE-2021-37623) Update Instructions: Run `sudo pro fix USN-5043-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exiv2 - 0.25-3.1ubuntu0.18.04.11 libexiv2-14 - 0.25-3.1ubuntu0.18.04.11 libexiv2-doc - 0.25-3.1ubuntu0.18.04.11 libexiv2-dev - 0.25-3.1ubuntu0.18.04.11 No subscription required Medium CVE-2021-32815 CVE-2021-34334 CVE-2021-34335 CVE-2021-37615 CVE-2021-37616 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 Ubuntu 18.04 LTS It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update Instructions: Run `sudo pro fix USN-5044-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1079-oracle - 4.15.0-1079.87 linux-tools-4.15.0-1079-oracle - 4.15.0-1079.87 linux-buildinfo-4.15.0-1079-oracle - 4.15.0-1079.87 linux-modules-4.15.0-1079-oracle - 4.15.0-1079.87 linux-oracle-headers-4.15.0-1079 - 4.15.0-1079.87 linux-headers-4.15.0-1079-oracle - 4.15.0-1079.87 linux-image-4.15.0-1079-oracle - 4.15.0-1079.87 linux-oracle-tools-4.15.0-1079 - 4.15.0-1079.87 linux-modules-extra-4.15.0-1079-oracle - 4.15.0-1079.87 No subscription required linux-tools-4.15.0-1094-raspi2 - 4.15.0-1094.100 linux-raspi2-tools-4.15.0-1094 - 4.15.0-1094.100 linux-modules-4.15.0-1094-raspi2 - 4.15.0-1094.100 linux-buildinfo-4.15.0-1094-raspi2 - 4.15.0-1094.100 linux-image-4.15.0-1094-raspi2 - 4.15.0-1094.100 linux-raspi2-headers-4.15.0-1094 - 4.15.0-1094.100 linux-headers-4.15.0-1094-raspi2 - 4.15.0-1094.100 No subscription required linux-modules-4.15.0-1098-kvm - 4.15.0-1098.100 linux-image-4.15.0-1098-kvm - 4.15.0-1098.100 linux-buildinfo-4.15.0-1098-kvm - 4.15.0-1098.100 linux-kvm-headers-4.15.0-1098 - 4.15.0-1098.100 linux-kvm-tools-4.15.0-1098 - 4.15.0-1098.100 linux-headers-4.15.0-1098-kvm - 4.15.0-1098.100 linux-tools-4.15.0-1098-kvm - 4.15.0-1098.100 No subscription required linux-image-unsigned-4.15.0-1107-gcp - 4.15.0-1107.121 linux-gcp-4.15-tools-4.15.0-1107 - 4.15.0-1107.121 linux-modules-4.15.0-1107-gcp - 4.15.0-1107.121 linux-modules-extra-4.15.0-1107-gcp - 4.15.0-1107.121 linux-image-4.15.0-1107-gcp - 4.15.0-1107.121 linux-headers-4.15.0-1107-gcp - 4.15.0-1107.121 linux-buildinfo-4.15.0-1107-gcp - 4.15.0-1107.121 linux-gcp-4.15-headers-4.15.0-1107 - 4.15.0-1107.121 linux-tools-4.15.0-1107-gcp - 4.15.0-1107.121 No subscription required linux-modules-extra-4.15.0-1110-aws - 4.15.0-1110.117 linux-aws-tools-4.15.0-1110 - 4.15.0-1110.117 linux-headers-4.15.0-1110-aws - 4.15.0-1110.117 linux-buildinfo-4.15.0-1110-aws - 4.15.0-1110.117 linux-aws-headers-4.15.0-1110 - 4.15.0-1110.117 linux-modules-4.15.0-1110-aws - 4.15.0-1110.117 linux-cloud-tools-4.15.0-1110-aws - 4.15.0-1110.117 linux-aws-cloud-tools-4.15.0-1110 - 4.15.0-1110.117 linux-image-4.15.0-1110-aws - 4.15.0-1110.117 linux-tools-4.15.0-1110-aws - 4.15.0-1110.117 No subscription required linux-modules-4.15.0-1111-snapdragon - 4.15.0-1111.120 linux-snapdragon-headers-4.15.0-1111 - 4.15.0-1111.120 linux-snapdragon-tools-4.15.0-1111 - 4.15.0-1111.120 linux-headers-4.15.0-1111-snapdragon - 4.15.0-1111.120 linux-tools-4.15.0-1111-snapdragon - 4.15.0-1111.120 linux-buildinfo-4.15.0-1111-snapdragon - 4.15.0-1111.120 linux-image-4.15.0-1111-snapdragon - 4.15.0-1111.120 No subscription required linux-modules-extra-4.15.0-1122-azure - 4.15.0-1122.135 linux-azure-4.15-headers-4.15.0-1122 - 4.15.0-1122.135 linux-image-4.15.0-1122-azure - 4.15.0-1122.135 linux-tools-4.15.0-1122-azure - 4.15.0-1122.135 linux-headers-4.15.0-1122-azure - 4.15.0-1122.135 linux-azure-4.15-tools-4.15.0-1122 - 4.15.0-1122.135 linux-buildinfo-4.15.0-1122-azure - 4.15.0-1122.135 linux-azure-4.15-cloud-tools-4.15.0-1122 - 4.15.0-1122.135 linux-modules-4.15.0-1122-azure - 4.15.0-1122.135 linux-cloud-tools-4.15.0-1122-azure - 4.15.0-1122.135 linux-image-unsigned-4.15.0-1122-azure - 4.15.0-1122.135 No subscription required linux-headers-4.15.0-154-generic-lpae - 4.15.0-154.161 linux-buildinfo-4.15.0-154-generic-lpae - 4.15.0-154.161 linux-tools-common - 4.15.0-154.161 linux-headers-4.15.0-154-lowlatency - 4.15.0-154.161 linux-buildinfo-4.15.0-154-generic - 4.15.0-154.161 linux-doc - 4.15.0-154.161 linux-tools-4.15.0-154 - 4.15.0-154.161 linux-image-4.15.0-154-generic-lpae - 4.15.0-154.161 linux-libc-dev - 4.15.0-154.161 linux-headers-4.15.0-154 - 4.15.0-154.161 linux-image-4.15.0-154-lowlatency - 4.15.0-154.161 linux-image-unsigned-4.15.0-154-generic - 4.15.0-154.161 linux-cloud-tools-4.15.0-154-lowlatency - 4.15.0-154.161 linux-tools-host - 4.15.0-154.161 linux-image-unsigned-4.15.0-154-lowlatency - 4.15.0-154.161 linux-tools-4.15.0-154-lowlatency - 4.15.0-154.161 linux-modules-4.15.0-154-lowlatency - 4.15.0-154.161 linux-tools-4.15.0-154-generic-lpae - 4.15.0-154.161 linux-modules-4.15.0-154-generic-lpae - 4.15.0-154.161 linux-buildinfo-4.15.0-154-lowlatency - 4.15.0-154.161 linux-modules-4.15.0-154-generic - 4.15.0-154.161 linux-cloud-tools-common - 4.15.0-154.161 linux-cloud-tools-4.15.0-154-generic - 4.15.0-154.161 linux-modules-extra-4.15.0-154-generic - 4.15.0-154.161 linux-cloud-tools-4.15.0-154 - 4.15.0-154.161 linux-tools-4.15.0-154-generic - 4.15.0-154.161 linux-headers-4.15.0-154-generic - 4.15.0-154.161 linux-source-4.15.0 - 4.15.0-154.161 linux-image-4.15.0-154-generic - 4.15.0-154.161 No subscription required linux-oracle-lts-18.04 - 4.15.0.1079.89 linux-image-oracle-lts-18.04 - 4.15.0.1079.89 linux-signed-image-oracle-lts-18.04 - 4.15.0.1079.89 linux-signed-oracle-lts-18.04 - 4.15.0.1079.89 linux-headers-oracle-lts-18.04 - 4.15.0.1079.89 linux-tools-oracle-lts-18.04 - 4.15.0.1079.89 No subscription required linux-raspi2 - 4.15.0.1094.92 linux-headers-raspi2 - 4.15.0.1094.92 linux-image-raspi2 - 4.15.0.1094.92 linux-tools-raspi2 - 4.15.0.1094.92 No subscription required linux-kvm - 4.15.0.1098.94 linux-headers-kvm - 4.15.0.1098.94 linux-tools-kvm - 4.15.0.1098.94 linux-image-kvm - 4.15.0.1098.94 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1107.126 linux-gcp-lts-18.04 - 4.15.0.1107.126 linux-tools-gcp-lts-18.04 - 4.15.0.1107.126 linux-image-gcp-lts-18.04 - 4.15.0.1107.126 linux-headers-gcp-lts-18.04 - 4.15.0.1107.126 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1110.113 linux-headers-aws-lts-18.04 - 4.15.0.1110.113 linux-aws-lts-18.04 - 4.15.0.1110.113 linux-modules-extra-aws-lts-18.04 - 4.15.0.1110.113 linux-tools-aws-lts-18.04 - 4.15.0.1110.113 No subscription required linux-snapdragon - 4.15.0.1111.114 linux-headers-snapdragon - 4.15.0.1111.114 linux-tools-snapdragon - 4.15.0.1111.114 linux-image-snapdragon - 4.15.0.1111.114 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1122.95 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1122.95 linux-tools-azure-lts-18.04 - 4.15.0.1122.95 linux-headers-azure-lts-18.04 - 4.15.0.1122.95 linux-signed-image-azure-lts-18.04 - 4.15.0.1122.95 linux-azure-lts-18.04 - 4.15.0.1122.95 linux-signed-azure-lts-18.04 - 4.15.0.1122.95 linux-image-azure-lts-18.04 - 4.15.0.1122.95 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-cloud-tools-virtual - 4.15.0.154.143 linux-headers-generic-lpae - 4.15.0.154.143 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-image-extra-virtual-hwe-16.04 - 4.15.0.154.143 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.154.143 linux-image-generic - 4.15.0.154.143 linux-tools-lowlatency - 4.15.0.154.143 linux-tools-generic-hwe-16.04-edge - 4.15.0.154.143 linux-headers-generic-hwe-16.04-edge - 4.15.0.154.143 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.154.143 linux-generic-lpae-hwe-16.04 - 4.15.0.154.143 linux-signed-generic-hwe-16.04-edge - 4.15.0.154.143 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-image-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-signed-image-lowlatency - 4.15.0.154.143 linux-signed-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-crashdump - 4.15.0.154.143 linux-signed-image-generic - 4.15.0.154.143 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-lowlatency - 4.15.0.154.143 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.154.143 linux-source - 4.15.0.154.143 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.154.143 linux-cloud-tools-generic - 4.15.0.154.143 linux-generic-hwe-16.04-edge - 4.15.0.154.143 linux-headers-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-tools-generic-lpae - 4.15.0.154.143 linux-tools-virtual-hwe-16.04 - 4.15.0.154.143 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.154.143 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-tools-generic-hwe-16.04 - 4.15.0.154.143 linux-tools-virtual - 4.15.0.154.143 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-generic-lpae - 4.15.0.154.143 linux-image-extra-virtual - 4.15.0.154.143 linux-generic - 4.15.0.154.143 linux-virtual - 4.15.0.154.143 linux-image-virtual - 4.15.0.154.143 linux-signed-image-generic-hwe-16.04 - 4.15.0.154.143 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-headers-lowlatency - 4.15.0.154.143 linux-headers-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-headers-generic-hwe-16.04 - 4.15.0.154.143 linux-image-generic-lpae-hwe-16.04 - 4.15.0.154.143 linux-generic-hwe-16.04 - 4.15.0.154.143 linux-tools-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-generic-lpae-hwe-16.04-edge - 4.15.0.154.143 linux-tools-generic - 4.15.0.154.143 linux-image-generic-hwe-16.04-edge - 4.15.0.154.143 linux-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-cloud-tools-lowlatency - 4.15.0.154.143 linux-image-generic-hwe-16.04 - 4.15.0.154.143 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.154.143 linux-tools-lowlatency-hwe-16.04 - 4.15.0.154.143 linux-signed-generic - 4.15.0.154.143 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.154.143 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.154.143 linux-headers-generic - 4.15.0.154.143 linux-headers-virtual-hwe-16.04 - 4.15.0.154.143 linux-virtual-hwe-16.04 - 4.15.0.154.143 linux-virtual-hwe-16.04-edge - 4.15.0.154.143 linux-image-virtual-hwe-16.04 - 4.15.0.154.143 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.154.143 linux-headers-virtual - 4.15.0.154.143 linux-signed-generic-hwe-16.04 - 4.15.0.154.143 linux-image-generic-lpae - 4.15.0.154.143 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.154.143 linux-signed-lowlatency - 4.15.0.154.143 linux-image-lowlatency - 4.15.0.154.143 No subscription required Medium CVE-2021-3564 CVE-2021-3573 Ubuntu 18.04 LTS Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update Instructions: Run `sudo pro fix USN-5045-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-tools-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-gkeop-5.4-tools-5.4.0-1022 - 5.4.0-1022.23~18.04.1 linux-headers-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-modules-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-image-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-modules-extra-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-buildinfo-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-cloud-tools-5.4.0-1022-gkeop - 5.4.0-1022.23~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1022.23~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1022 - 5.4.0-1022.23~18.04.1 linux-gkeop-5.4-headers-5.4.0-1022 - 5.4.0-1022.23~18.04.1 No subscription required linux-raspi-5.4-headers-5.4.0-1042 - 5.4.0-1042.46~18.04.3 linux-tools-5.4.0-1042-raspi - 5.4.0-1042.46~18.04.3 linux-headers-5.4.0-1042-raspi - 5.4.0-1042.46~18.04.3 linux-modules-5.4.0-1042-raspi - 5.4.0-1042.46~18.04.3 linux-image-5.4.0-1042-raspi - 5.4.0-1042.46~18.04.3 linux-raspi-5.4-tools-5.4.0-1042 - 5.4.0-1042.46~18.04.3 linux-buildinfo-5.4.0-1042-raspi - 5.4.0-1042.46~18.04.3 No subscription required linux-image-unsigned-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-gke-5.4-headers-5.4.0-1051 - 5.4.0-1051.54~18.04.1 linux-gke-5.4-tools-5.4.0-1051 - 5.4.0-1051.54~18.04.1 linux-modules-extra-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-image-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-headers-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-buildinfo-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-tools-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 linux-modules-5.4.0-1051-gke - 5.4.0-1051.54~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1051 - 5.4.0-1051.55~18.04.1 linux-image-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-image-unsigned-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-headers-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-modules-extra-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-buildinfo-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-tools-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-modules-5.4.0-1051-gcp - 5.4.0-1051.55~18.04.1 linux-gcp-5.4-tools-5.4.0-1051 - 5.4.0-1051.55~18.04.1 No subscription required linux-tools-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-oracle-5.4-tools-5.4.0-1053 - 5.4.0-1053.57~18.04.1 linux-image-unsigned-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-headers-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-image-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-oracle-5.4-headers-5.4.0-1053 - 5.4.0-1053.57~18.04.1 linux-modules-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-modules-extra-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 linux-buildinfo-5.4.0-1053-oracle - 5.4.0-1053.57~18.04.1 No subscription required linux-image-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-aws-5.4-headers-5.4.0-1055 - 5.4.0-1055.58~18.04.1 linux-cloud-tools-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-modules-extra-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-headers-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1055 - 5.4.0-1055.58~18.04.1 linux-modules-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-tools-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 linux-aws-5.4-tools-5.4.0-1055 - 5.4.0-1055.58~18.04.1 linux-buildinfo-5.4.0-1055-aws - 5.4.0-1055.58~18.04.1 No subscription required linux-azure-5.4-headers-5.4.0-1056 - 5.4.0-1056.58~18.04.1 linux-azure-5.4-tools-5.4.0-1056 - 5.4.0-1056.58~18.04.1 linux-image-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-modules-extra-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-headers-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-modules-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-tools-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-buildinfo-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-image-unsigned-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1056 - 5.4.0-1056.58~18.04.1 linux-cloud-tools-5.4.0-1056-azure - 5.4.0-1056.58~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-81.91~18.04.1 linux-hwe-5.4-tools-5.4.0-81 - 5.4.0-81.91~18.04.1 linux-modules-extra-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-image-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-headers-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-tools-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-tools-5.4.0-81-generic-lpae - 5.4.0-81.91~18.04.1 linux-tools-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-modules-5.4.0-81-generic-lpae - 5.4.0-81.91~18.04.1 linux-cloud-tools-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-81.91~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-81 - 5.4.0-81.91~18.04.1 linux-cloud-tools-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-image-unsigned-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-headers-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-modules-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-buildinfo-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-headers-5.4.0-81-generic-lpae - 5.4.0-81.91~18.04.1 linux-image-unsigned-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-image-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 linux-buildinfo-5.4.0-81-generic - 5.4.0-81.91~18.04.1 linux-buildinfo-5.4.0-81-generic-lpae - 5.4.0-81.91~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-81.91~18.04.1 linux-hwe-5.4-headers-5.4.0-81 - 5.4.0-81.91~18.04.1 linux-image-5.4.0-81-generic-lpae - 5.4.0-81.91~18.04.1 linux-modules-5.4.0-81-lowlatency - 5.4.0-81.91~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1022.23~18.04.23 linux-modules-extra-gkeop-5.4 - 5.4.0.1022.23~18.04.23 linux-gkeop-5.4 - 5.4.0.1022.23~18.04.23 linux-image-gkeop-5.4 - 5.4.0.1022.23~18.04.23 linux-tools-gkeop-5.4 - 5.4.0.1022.23~18.04.23 linux-headers-gkeop-5.4 - 5.4.0.1022.23~18.04.23 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1042.45 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1042.45 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1042.45 linux-raspi-hwe-18.04 - 5.4.0.1042.45 linux-headers-raspi-hwe-18.04 - 5.4.0.1042.45 linux-image-raspi-hwe-18.04-edge - 5.4.0.1042.45 linux-tools-raspi-hwe-18.04 - 5.4.0.1042.45 linux-raspi-hwe-18.04-edge - 5.4.0.1042.45 No subscription required linux-image-gcp-edge - 5.4.0.1051.37 linux-tools-gcp-edge - 5.4.0.1051.37 linux-headers-gcp-edge - 5.4.0.1051.37 linux-modules-extra-gcp - 5.4.0.1051.37 linux-tools-gcp - 5.4.0.1051.37 linux-modules-extra-gcp-edge - 5.4.0.1051.37 linux-gcp - 5.4.0.1051.37 linux-headers-gcp - 5.4.0.1051.37 linux-image-gcp - 5.4.0.1051.37 linux-gcp-edge - 5.4.0.1051.37 No subscription required linux-headers-gke-5.4 - 5.4.0.1051.54~18.04.16 linux-tools-gke-5.4 - 5.4.0.1051.54~18.04.16 linux-modules-extra-gke-5.4 - 5.4.0.1051.54~18.04.16 linux-gke-5.4 - 5.4.0.1051.54~18.04.16 linux-image-gke-5.4 - 5.4.0.1051.54~18.04.16 No subscription required linux-headers-oracle - 5.4.0.1053.57~18.04.33 linux-tools-oracle - 5.4.0.1053.57~18.04.33 linux-signed-image-oracle - 5.4.0.1053.57~18.04.33 linux-signed-oracle - 5.4.0.1053.57~18.04.33 linux-tools-oracle-edge - 5.4.0.1053.57~18.04.33 linux-oracle-edge - 5.4.0.1053.57~18.04.33 linux-modules-extra-oracle-edge - 5.4.0.1053.57~18.04.33 linux-image-oracle-edge - 5.4.0.1053.57~18.04.33 linux-modules-extra-oracle - 5.4.0.1053.57~18.04.33 linux-signed-oracle-edge - 5.4.0.1053.57~18.04.33 linux-signed-image-oracle-edge - 5.4.0.1053.57~18.04.33 linux-headers-oracle-edge - 5.4.0.1053.57~18.04.33 linux-image-oracle - 5.4.0.1053.57~18.04.33 linux-oracle - 5.4.0.1053.57~18.04.33 No subscription required linux-headers-aws - 5.4.0.1055.38 linux-image-aws - 5.4.0.1055.38 linux-tools-aws-edge - 5.4.0.1055.38 linux-aws-edge - 5.4.0.1055.38 linux-aws - 5.4.0.1055.38 linux-modules-extra-aws-edge - 5.4.0.1055.38 linux-headers-aws-edge - 5.4.0.1055.38 linux-modules-extra-aws - 5.4.0.1055.38 linux-tools-aws - 5.4.0.1055.38 linux-image-aws-edge - 5.4.0.1055.38 No subscription required linux-tools-azure-edge - 5.4.0.1056.36 linux-cloud-tools-azure - 5.4.0.1056.36 linux-tools-azure - 5.4.0.1056.36 linux-image-azure-edge - 5.4.0.1056.36 linux-signed-image-azure-edge - 5.4.0.1056.36 linux-cloud-tools-azure-edge - 5.4.0.1056.36 linux-modules-extra-azure - 5.4.0.1056.36 linux-signed-image-azure - 5.4.0.1056.36 linux-azure - 5.4.0.1056.36 linux-image-azure - 5.4.0.1056.36 linux-signed-azure - 5.4.0.1056.36 linux-headers-azure-edge - 5.4.0.1056.36 linux-azure-edge - 5.4.0.1056.36 linux-modules-extra-azure-edge - 5.4.0.1056.36 linux-signed-azure-edge - 5.4.0.1056.36 linux-headers-azure - 5.4.0.1056.36 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-headers-snapdragon-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-image-generic-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-snapdragon-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-oem - 5.4.0.81.91~18.04.73 linux-tools-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-lowlatency-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-lowlatency-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-extra-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-image-oem-osp1 - 5.4.0.81.91~18.04.73 linux-snapdragon-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-generic-lpae-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-lowlatency-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-generic-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-tools-snapdragon-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-oem - 5.4.0.81.91~18.04.73 linux-headers-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-generic-lpae-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-oem-osp1 - 5.4.0.81.91~18.04.73 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-oem - 5.4.0.81.91~18.04.73 linux-tools-generic-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-generic-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-generic-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-snapdragon-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-oem - 5.4.0.81.91~18.04.73 linux-headers-oem-osp1 - 5.4.0.81.91~18.04.73 linux-tools-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-generic-lpae-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-generic-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-generic-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-oem-osp1 - 5.4.0.81.91~18.04.73 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-image-lowlatency-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-lowlatency-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.81.91~18.04.73 linux-generic-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.81.91~18.04.73 linux-image-virtual-hwe-18.04-edge - 5.4.0.81.91~18.04.73 No subscription required Medium CVE-2021-34693 CVE-2021-3564 CVE-2021-3573 Ubuntu 18.04 LTS It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks. Update Instructions: Run `sudo pro fix USN-5047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-szl - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 91.0.1+build1-0ubuntu0.18.04.1 firefox - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 91.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 91.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 91.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 91.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 91.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-29991 Ubuntu 18.04 LTS It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: inetutils-tools - 2:1.9.4-3ubuntu0.1 inetutils-ftpd - 2:1.9.4-3ubuntu0.1 inetutils-talkd - 2:1.9.4-3ubuntu0.1 inetutils-traceroute - 2:1.9.4-3ubuntu0.1 inetutils-talk - 2:1.9.4-3ubuntu0.1 inetutils-telnetd - 2:1.9.4-3ubuntu0.1 inetutils-inetd - 2:1.9.4-3ubuntu0.1 inetutils-ping - 2:1.9.4-3ubuntu0.1 inetutils-syslogd - 2:1.9.4-3ubuntu0.1 inetutils-ftp - 2:1.9.4-3ubuntu0.1 inetutils-telnet - 2:1.9.4-3ubuntu0.1 No subscription required Medium CVE-2020-10188 Ubuntu 18.04 LTS John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. (CVE-2021-3711) Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Update Instructions: Run `sudo pro fix USN-5051-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.1 - 1.1.1-1ubuntu2.1~18.04.13 libssl-dev - 1.1.1-1ubuntu2.1~18.04.13 openssl - 1.1.1-1ubuntu2.1~18.04.13 libssl-doc - 1.1.1-1ubuntu2.1~18.04.13 No subscription required High CVE-2021-3711 CVE-2021-3712 Ubuntu 18.04 LTS USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Update Instructions: Run `sudo pro fix USN-5051-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.7 openssl1.0 - 1.0.2n-1ubuntu5.7 libssl1.0-dev - 1.0.2n-1ubuntu5.7 No subscription required Medium CVE-2021-3712 Ubuntu 18.04 LTS MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges. Update Instructions: Run `sudo pro fix USN-5052-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mongodb-server - 1:3.6.3-0ubuntu1.3 mongodb - 1:3.6.3-0ubuntu1.3 mongodb-clients - 1:3.6.3-0ubuntu1.3 mongodb-server-core - 1:3.6.3-0ubuntu1.3 No subscription required Low CVE-2019-2386 Ubuntu 18.04 LTS Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution. Update Instructions: Run `sudo pro fix USN-5054-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-uwsgi - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-rados - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-xslt - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-servlet-openjdk-8 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-rack-ruby2.5 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-ring-openjdk-8 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-asyncio-python - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-curl-cron - 2.0.15-10.2ubuntu2.2 uwsgi-infrastructure-plugins - 2.0.15-10.2ubuntu2.2 uwsgi-dev - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-geoip - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-jwsgi-openjdk-8 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-glusterfs - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-greenlet-python - 2.0.15-10.2ubuntu2.2 python3-uwsgidecorators - 2.0.15-10.2ubuntu2.2 uwsgi-app-integration-plugins - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-alarm-curl - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-lua5.1 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-lua5.2 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-python - 2.0.15-10.2ubuntu2.2 uwsgi - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-emperor-pg - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-gevent-python - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-graylog2 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-asyncio-python3 - 2.0.15-10.2ubuntu2.2 uwsgi-emperor - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-fiber - 2.0.15-10.2ubuntu2.2 uwsgi-plugins-all - 2.0.15-10.2ubuntu2.2 libapache2-mod-proxy-uwsgi - 2.0.15-10.2ubuntu2.2 libapache2-mod-ruwsgi - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-rbthreads - 2.0.15-10.2ubuntu2.2 python-uwsgidecorators - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-gccgo - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-alarm-xmpp - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-python3 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-router-access - 2.0.15-10.2ubuntu2.2 uwsgi-core - 2.0.15-10.2ubuntu2.2 uwsgi-extra - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-jvm-openjdk-8 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-sqlite3 - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-tornado-python - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-mono - 2.0.15-10.2ubuntu2.2 uwsgi-src - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-psgi - 2.0.15-10.2ubuntu2.2 uwsgi-plugin-ldap - 2.0.15-10.2ubuntu2.2 No subscription required Medium CVE-2020-11984 Ubuntu 18.04 LTS Michael Catanzaro discovered that grilo incorrectly handled certain TLS certificate verification. An attacker could possibly use this issue to MITM attacks. Update Instructions: Run `sudo pro fix USN-5055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-grilo-0.3 - 0.3.4-1ubuntu0.1 libgrilo-0.3-bin - 0.3.4-1ubuntu0.1 libgrilo-0.3-0 - 0.3.4-1ubuntu0.1 libgrilo-0.3-dev - 0.3.4-1ubuntu0.1 libgrilo-0.3-doc - 0.3.4-1ubuntu0.1 No subscription required Medium CVE-2021-39365 Ubuntu 18.04 LTS Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-5057-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squashfs-tools - 1:4.3-6ubuntu0.18.04.3 No subscription required Medium CVE-2021-40153 Ubuntu 18.04 LTS It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. (CVE-2021-29969) Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-30547) Update Instructions: Run `sudo pro fix USN-5058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:78.13.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:78.13.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:78.13.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:78.13.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:78.13.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVE-2021-30547 Ubuntu 18.04 LTS It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.3 libntfs-3g88 - 1:2017.3.23-2ubuntu0.18.04.3 ntfs-3g-dev - 1:2017.3.23-2ubuntu0.18.04.3 No subscription required None https://launchpad.net/bugs/1942235 Ubuntu 18.04 LTS Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpio - 2.12+dfsg-6ubuntu0.18.04.4 cpio-win32 - 2.12+dfsg-6ubuntu0.18.04.4 No subscription required Medium CVE-2021-38185 Ubuntu 18.04 LTS Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents. Update Instructions: Run `sudo pro fix USN-5066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pysaml2-doc - 4.0.2-0ubuntu3.2 python-pysaml2 - 4.0.2-0ubuntu3.2 python3-pysaml2 - 4.0.2-0ubuntu3.2 No subscription required Medium CVE-2021-21239 Ubuntu 18.04 LTS Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10852) It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16838) It was discovered that SSSD incorrectly handled users with no home directory set. When no home directory was set, SSSD would return the root directory instead of an empty string, possibly bypassing security measures. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3811) Cedric Buissart discovered that SSSD incorrectly handled the sssctl command. In certain environments, a local user could use this issue to execute arbitrary commands and possibly escalate privileges. (CVE-2021-3621) Update Instructions: Run `sudo pro fix USN-5067-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsss-certmap-dev - 1.16.1-1ubuntu1.8 libipa-hbac-dev - 1.16.1-1ubuntu1.8 sssd-ad - 1.16.1-1ubuntu1.8 libsss-sudo - 1.16.1-1ubuntu1.8 libsss-nss-idmap0 - 1.16.1-1ubuntu1.8 libnss-sss - 1.16.1-1ubuntu1.8 sssd-ipa - 1.16.1-1ubuntu1.8 libsss-simpleifp0 - 1.16.1-1ubuntu1.8 libsss-idmap-dev - 1.16.1-1ubuntu1.8 python3-libsss-nss-idmap - 1.16.1-1ubuntu1.8 libsss-certmap0 - 1.16.1-1ubuntu1.8 python3-sss - 1.16.1-1ubuntu1.8 libpam-sss - 1.16.1-1ubuntu1.8 sssd - 1.16.1-1ubuntu1.8 python-libsss-nss-idmap - 1.16.1-1ubuntu1.8 libsss-idmap0 - 1.16.1-1ubuntu1.8 libipa-hbac0 - 1.16.1-1ubuntu1.8 libsss-nss-idmap-dev - 1.16.1-1ubuntu1.8 libsss-simpleifp-dev - 1.16.1-1ubuntu1.8 sssd-kcm - 1.16.1-1ubuntu1.8 python-libipa-hbac - 1.16.1-1ubuntu1.8 libwbclient-sssd - 1.16.1-1ubuntu1.8 libwbclient-sssd-dev - 1.16.1-1ubuntu1.8 sssd-common - 1.16.1-1ubuntu1.8 python3-libipa-hbac - 1.16.1-1ubuntu1.8 sssd-ldap - 1.16.1-1ubuntu1.8 sssd-tools - 1.16.1-1ubuntu1.8 sssd-ad-common - 1.16.1-1ubuntu1.8 sssd-krb5-common - 1.16.1-1ubuntu1.8 sssd-dbus - 1.16.1-1ubuntu1.8 sssd-krb5 - 1.16.1-1ubuntu1.8 python-sss - 1.16.1-1ubuntu1.8 sssd-proxy - 1.16.1-1ubuntu1.8 No subscription required Medium CVE-2018-10852 CVE-2018-16838 CVE-2019-3811 CVE-2021-3621 Ubuntu 18.04 LTS It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. (CVE-2017-6363) It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. (CVE-2021-381) It was discovered that GD Graphics Library incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. (CVE-2021-40145) Update Instructions: Run `sudo pro fix USN-5068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgd3 - 2.2.5-4ubuntu0.5 libgd-tools - 2.2.5-4ubuntu0.5 libgd-dev - 2.2.5-4ubuntu0.5 No subscription required Medium CVE-2017-6363 CVE-2021-38115 CVE-2021-40145 Ubuntu 18.04 LTS It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack. Update Instructions: Run `sudo pro fix USN-5069-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-mellon - 0.13.1-1ubuntu0.3 No subscription required Medium CVE-2021-3639 Ubuntu 18.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup). (CVE-2020-36311) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) Update Instructions: Run `sudo pro fix USN-5071-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-image-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-modules-extra-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-buildinfo-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-gkeop-5.4-tools-5.4.0-1023 - 5.4.0-1023.24~18.04.1 linux-image-unsigned-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1023.24~18.04.1 linux-cloud-tools-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-tools-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-modules-5.4.0-1023-gkeop - 5.4.0-1023.24~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1023 - 5.4.0-1023.24~18.04.1 linux-gkeop-5.4-headers-5.4.0-1023 - 5.4.0-1023.24~18.04.1 No subscription required linux-image-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-buildinfo-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-gke-5.4-tools-5.4.0-1052 - 5.4.0-1052.55~18.04.1 linux-gke-5.4-headers-5.4.0-1052 - 5.4.0-1052.55~18.04.1 linux-modules-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-headers-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-modules-extra-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-image-unsigned-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 linux-tools-5.4.0-1052-gke - 5.4.0-1052.55~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1052 - 5.4.0-1052.56~18.04.1 linux-image-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-buildinfo-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-modules-extra-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-modules-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-headers-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-image-unsigned-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-tools-5.4.0-1052-gcp - 5.4.0-1052.56~18.04.1 linux-gcp-5.4-tools-5.4.0-1052 - 5.4.0-1052.56~18.04.1 No subscription required linux-oracle-5.4-tools-5.4.0-1054 - 5.4.0-1054.58~18.04.1 linux-modules-extra-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-modules-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-headers-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-buildinfo-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-image-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-tools-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 linux-oracle-5.4-headers-5.4.0-1054 - 5.4.0-1054.58~18.04.1 linux-image-unsigned-5.4.0-1054-oracle - 5.4.0-1054.58~18.04.1 No subscription required linux-modules-extra-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-aws-5.4-headers-5.4.0-1056 - 5.4.0-1056.59~18.04.1 linux-tools-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-headers-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-image-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1056 - 5.4.0-1056.59~18.04.1 linux-modules-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-cloud-tools-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-buildinfo-5.4.0-1056-aws - 5.4.0-1056.59~18.04.1 linux-aws-5.4-tools-5.4.0-1056 - 5.4.0-1056.59~18.04.1 No subscription required linux-azure-5.4-tools-5.4.0-1058 - 5.4.0-1058.60~18.04.1 linux-azure-5.4-headers-5.4.0-1058 - 5.4.0-1058.60~18.04.1 linux-modules-extra-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1058 - 5.4.0-1058.60~18.04.1 linux-image-unsigned-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-image-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-headers-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-buildinfo-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-tools-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-cloud-tools-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 linux-modules-5.4.0-1058-azure - 5.4.0-1058.60~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1023.24~18.04.24 linux-modules-extra-gkeop-5.4 - 5.4.0.1023.24~18.04.24 linux-gkeop-5.4 - 5.4.0.1023.24~18.04.24 linux-image-gkeop-5.4 - 5.4.0.1023.24~18.04.24 linux-headers-gkeop-5.4 - 5.4.0.1023.24~18.04.24 linux-tools-gkeop-5.4 - 5.4.0.1023.24~18.04.24 No subscription required linux-image-gcp-edge - 5.4.0.1052.38 linux-tools-gcp-edge - 5.4.0.1052.38 linux-headers-gcp-edge - 5.4.0.1052.38 linux-modules-extra-gcp - 5.4.0.1052.38 linux-tools-gcp - 5.4.0.1052.38 linux-modules-extra-gcp-edge - 5.4.0.1052.38 linux-gcp - 5.4.0.1052.38 linux-headers-gcp - 5.4.0.1052.38 linux-image-gcp - 5.4.0.1052.38 linux-gcp-edge - 5.4.0.1052.38 No subscription required linux-headers-gke-5.4 - 5.4.0.1052.55~18.04.17 linux-tools-gke-5.4 - 5.4.0.1052.55~18.04.17 linux-modules-extra-gke-5.4 - 5.4.0.1052.55~18.04.17 linux-gke-5.4 - 5.4.0.1052.55~18.04.17 linux-image-gke-5.4 - 5.4.0.1052.55~18.04.17 No subscription required linux-headers-oracle - 5.4.0.1054.58~18.04.34 linux-tools-oracle - 5.4.0.1054.58~18.04.34 linux-signed-image-oracle - 5.4.0.1054.58~18.04.34 linux-signed-oracle - 5.4.0.1054.58~18.04.34 linux-tools-oracle-edge - 5.4.0.1054.58~18.04.34 linux-oracle-edge - 5.4.0.1054.58~18.04.34 linux-modules-extra-oracle-edge - 5.4.0.1054.58~18.04.34 linux-image-oracle-edge - 5.4.0.1054.58~18.04.34 linux-modules-extra-oracle - 5.4.0.1054.58~18.04.34 linux-signed-oracle-edge - 5.4.0.1054.58~18.04.34 linux-signed-image-oracle-edge - 5.4.0.1054.58~18.04.34 linux-headers-oracle-edge - 5.4.0.1054.58~18.04.34 linux-image-oracle - 5.4.0.1054.58~18.04.34 linux-oracle - 5.4.0.1054.58~18.04.34 No subscription required linux-headers-aws - 5.4.0.1056.39 linux-image-aws - 5.4.0.1056.39 linux-aws-edge - 5.4.0.1056.39 linux-aws - 5.4.0.1056.39 linux-tools-aws - 5.4.0.1056.39 linux-headers-aws-edge - 5.4.0.1056.39 linux-modules-extra-aws - 5.4.0.1056.39 linux-modules-extra-aws-edge - 5.4.0.1056.39 linux-tools-aws-edge - 5.4.0.1056.39 linux-image-aws-edge - 5.4.0.1056.39 No subscription required linux-signed-azure - 5.4.0.1058.38 linux-tools-azure-edge - 5.4.0.1058.38 linux-cloud-tools-azure - 5.4.0.1058.38 linux-tools-azure - 5.4.0.1058.38 linux-image-azure-edge - 5.4.0.1058.38 linux-cloud-tools-azure-edge - 5.4.0.1058.38 linux-modules-extra-azure - 5.4.0.1058.38 linux-azure - 5.4.0.1058.38 linux-signed-image-azure-edge - 5.4.0.1058.38 linux-image-azure - 5.4.0.1058.38 linux-signed-image-azure - 5.4.0.1058.38 linux-headers-azure-edge - 5.4.0.1058.38 linux-azure-edge - 5.4.0.1058.38 linux-modules-extra-azure-edge - 5.4.0.1058.38 linux-signed-azure-edge - 5.4.0.1058.38 linux-headers-azure - 5.4.0.1058.38 No subscription required High CVE-2020-36311 CVE-2021-22543 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 Ubuntu 18.04 LTS USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup). (CVE-2020-36311) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) Update Instructions: Run `sudo pro fix USN-5071-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-84-generic-lpae - 5.4.0-84.94~18.04.1 linux-headers-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-84.94~18.04.1 linux-image-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-84.94~18.04.1 linux-hwe-5.4-tools-5.4.0-84 - 5.4.0-84.94~18.04.1 linux-buildinfo-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-84 - 5.4.0-84.94~18.04.1 linux-modules-5.4.0-84-generic-lpae - 5.4.0-84.94~18.04.1 linux-headers-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-84.94~18.04.1 linux-cloud-tools-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-tools-5.4.0-84-generic-lpae - 5.4.0-84.94~18.04.1 linux-modules-extra-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-image-unsigned-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-hwe-5.4-headers-5.4.0-84 - 5.4.0-84.94~18.04.1 linux-buildinfo-5.4.0-84-generic-lpae - 5.4.0-84.94~18.04.1 linux-image-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-image-unsigned-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-cloud-tools-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-tools-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-modules-5.4.0-84-generic - 5.4.0-84.94~18.04.1 linux-tools-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-buildinfo-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 linux-headers-5.4.0-84-generic-lpae - 5.4.0-84.94~18.04.1 linux-modules-5.4.0-84-lowlatency - 5.4.0-84.94~18.04.1 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-generic-lpae-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-lowlatency-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-generic-lpae-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-snapdragon-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-tools-snapdragon-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-tools-oem - 5.4.0.84.94~18.04.75 linux-image-oem-osp1 - 5.4.0.84.94~18.04.75 linux-headers-oem-osp1 - 5.4.0.84.94~18.04.75 linux-headers-snapdragon-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-headers-oem - 5.4.0.84.94~18.04.75 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-image-extra-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-generic-lpae-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-snapdragon-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-generic-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-snapdragon-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-headers-generic-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-generic-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-image-lowlatency-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-generic-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-lowlatency-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-headers-generic-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-oem-osp1 - 5.4.0.84.94~18.04.75 linux-headers-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-tools-oem-osp1 - 5.4.0.84.94~18.04.75 linux-image-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-image-oem - 5.4.0.84.94~18.04.75 linux-tools-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-generic-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-lowlatency-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-generic-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-headers-lowlatency-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-tools-generic-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.84.94~18.04.75 linux-oem - 5.4.0.84.94~18.04.75 linux-headers-virtual-hwe-18.04 - 5.4.0.84.94~18.04.75 linux-image-virtual-hwe-18.04-edge - 5.4.0.84.94~18.04.75 No subscription required High CVE-2020-36311 CVE-2021-22543 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 Ubuntu 18.04 LTS It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) Update Instructions: Run `sudo pro fix USN-5071-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1043-raspi - 5.4.0-1043.47~18.04.1 linux-raspi-5.4-tools-5.4.0-1043 - 5.4.0-1043.47~18.04.1 linux-raspi-5.4-headers-5.4.0-1043 - 5.4.0-1043.47~18.04.1 linux-tools-5.4.0-1043-raspi - 5.4.0-1043.47~18.04.1 linux-buildinfo-5.4.0-1043-raspi - 5.4.0-1043.47~18.04.1 linux-image-5.4.0-1043-raspi - 5.4.0-1043.47~18.04.1 linux-modules-5.4.0-1043-raspi - 5.4.0-1043.47~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1043.46 linux-image-raspi-hwe-18.04 - 5.4.0.1043.46 linux-raspi-hwe-18.04-edge - 5.4.0.1043.46 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1043.46 linux-raspi-hwe-18.04 - 5.4.0.1043.46 linux-headers-raspi-hwe-18.04 - 5.4.0.1043.46 linux-tools-raspi-hwe-18.04 - 5.4.0.1043.46 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1043.46 No subscription required Medium CVE-2021-22543 CVE-2021-3612 Ubuntu 18.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-buildinfo-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-modules-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-image-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-dell300x-headers-4.15.0-1027 - 4.15.0-1027.32 linux-headers-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-tools-4.15.0-1027-dell300x - 4.15.0-1027.32 linux-dell300x-tools-4.15.0-1027 - 4.15.0-1027.32 No subscription required linux-modules-4.15.0-1080-oracle - 4.15.0-1080.88 linux-buildinfo-4.15.0-1080-oracle - 4.15.0-1080.88 linux-headers-4.15.0-1080-oracle - 4.15.0-1080.88 linux-modules-extra-4.15.0-1080-oracle - 4.15.0-1080.88 linux-image-unsigned-4.15.0-1080-oracle - 4.15.0-1080.88 linux-image-4.15.0-1080-oracle - 4.15.0-1080.88 linux-oracle-tools-4.15.0-1080 - 4.15.0-1080.88 linux-oracle-headers-4.15.0-1080 - 4.15.0-1080.88 linux-tools-4.15.0-1080-oracle - 4.15.0-1080.88 No subscription required linux-image-4.15.0-1099-kvm - 4.15.0-1099.101 linux-modules-4.15.0-1099-kvm - 4.15.0-1099.101 linux-kvm-headers-4.15.0-1099 - 4.15.0-1099.101 linux-kvm-tools-4.15.0-1099 - 4.15.0-1099.101 linux-tools-4.15.0-1099-kvm - 4.15.0-1099.101 linux-buildinfo-4.15.0-1099-kvm - 4.15.0-1099.101 linux-headers-4.15.0-1099-kvm - 4.15.0-1099.101 No subscription required linux-modules-4.15.0-1111-aws - 4.15.0-1111.118 linux-buildinfo-4.15.0-1111-aws - 4.15.0-1111.118 linux-headers-4.15.0-1111-aws - 4.15.0-1111.118 linux-aws-tools-4.15.0-1111 - 4.15.0-1111.118 linux-tools-4.15.0-1111-aws - 4.15.0-1111.118 linux-modules-extra-4.15.0-1111-aws - 4.15.0-1111.118 linux-image-4.15.0-1111-aws - 4.15.0-1111.118 linux-aws-headers-4.15.0-1111 - 4.15.0-1111.118 linux-aws-cloud-tools-4.15.0-1111 - 4.15.0-1111.118 linux-cloud-tools-4.15.0-1111-aws - 4.15.0-1111.118 No subscription required linux-headers-4.15.0-1112-snapdragon - 4.15.0-1112.121 linux-image-4.15.0-1112-snapdragon - 4.15.0-1112.121 linux-snapdragon-headers-4.15.0-1112 - 4.15.0-1112.121 linux-modules-4.15.0-1112-snapdragon - 4.15.0-1112.121 linux-tools-4.15.0-1112-snapdragon - 4.15.0-1112.121 linux-snapdragon-tools-4.15.0-1112 - 4.15.0-1112.121 linux-buildinfo-4.15.0-1112-snapdragon - 4.15.0-1112.121 No subscription required linux-cloud-tools-4.15.0-1123-azure - 4.15.0-1123.136 linux-azure-4.15-cloud-tools-4.15.0-1123 - 4.15.0-1123.136 linux-tools-4.15.0-1123-azure - 4.15.0-1123.136 linux-headers-4.15.0-1123-azure - 4.15.0-1123.136 linux-azure-4.15-tools-4.15.0-1123 - 4.15.0-1123.136 linux-azure-4.15-headers-4.15.0-1123 - 4.15.0-1123.136 linux-image-4.15.0-1123-azure - 4.15.0-1123.136 linux-modules-extra-4.15.0-1123-azure - 4.15.0-1123.136 linux-modules-4.15.0-1123-azure - 4.15.0-1123.136 linux-buildinfo-4.15.0-1123-azure - 4.15.0-1123.136 linux-image-unsigned-4.15.0-1123-azure - 4.15.0-1123.136 No subscription required linux-image-4.15.0-156-lowlatency - 4.15.0-156.163 linux-tools-common - 4.15.0-156.163 linux-modules-4.15.0-156-generic - 4.15.0-156.163 linux-buildinfo-4.15.0-156-generic-lpae - 4.15.0-156.163 linux-tools-host - 4.15.0-156.163 linux-doc - 4.15.0-156.163 linux-image-4.15.0-156-generic - 4.15.0-156.163 linux-libc-dev - 4.15.0-156.163 linux-modules-extra-4.15.0-156-generic - 4.15.0-156.163 linux-headers-4.15.0-156 - 4.15.0-156.163 linux-modules-4.15.0-156-generic-lpae - 4.15.0-156.163 linux-headers-4.15.0-156-generic - 4.15.0-156.163 linux-image-unsigned-4.15.0-156-lowlatency - 4.15.0-156.163 linux-image-unsigned-4.15.0-156-generic - 4.15.0-156.163 linux-image-4.15.0-156-generic-lpae - 4.15.0-156.163 linux-buildinfo-4.15.0-156-lowlatency - 4.15.0-156.163 linux-modules-4.15.0-156-lowlatency - 4.15.0-156.163 linux-headers-4.15.0-156-lowlatency - 4.15.0-156.163 linux-tools-4.15.0-156 - 4.15.0-156.163 linux-cloud-tools-4.15.0-156-generic - 4.15.0-156.163 linux-cloud-tools-4.15.0-156-lowlatency - 4.15.0-156.163 linux-cloud-tools-common - 4.15.0-156.163 linux-headers-4.15.0-156-generic-lpae - 4.15.0-156.163 linux-tools-4.15.0-156-generic-lpae - 4.15.0-156.163 linux-cloud-tools-4.15.0-156 - 4.15.0-156.163 linux-tools-4.15.0-156-lowlatency - 4.15.0-156.163 linux-buildinfo-4.15.0-156-generic - 4.15.0-156.163 linux-tools-4.15.0-156-generic - 4.15.0-156.163 linux-source-4.15.0 - 4.15.0-156.163 No subscription required linux-tools-dell300x - 4.15.0.1027.29 linux-headers-dell300x - 4.15.0.1027.29 linux-image-dell300x - 4.15.0.1027.29 linux-dell300x - 4.15.0.1027.29 No subscription required linux-oracle-lts-18.04 - 4.15.0.1080.90 linux-image-oracle-lts-18.04 - 4.15.0.1080.90 linux-tools-oracle-lts-18.04 - 4.15.0.1080.90 linux-signed-oracle-lts-18.04 - 4.15.0.1080.90 linux-headers-oracle-lts-18.04 - 4.15.0.1080.90 linux-signed-image-oracle-lts-18.04 - 4.15.0.1080.90 No subscription required linux-headers-kvm - 4.15.0.1099.95 linux-kvm - 4.15.0.1099.95 linux-image-kvm - 4.15.0.1099.95 linux-tools-kvm - 4.15.0.1099.95 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1111.114 linux-headers-aws-lts-18.04 - 4.15.0.1111.114 linux-aws-lts-18.04 - 4.15.0.1111.114 linux-tools-aws-lts-18.04 - 4.15.0.1111.114 linux-modules-extra-aws-lts-18.04 - 4.15.0.1111.114 No subscription required linux-snapdragon - 4.15.0.1112.115 linux-headers-snapdragon - 4.15.0.1112.115 linux-tools-snapdragon - 4.15.0.1112.115 linux-image-snapdragon - 4.15.0.1112.115 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1123.96 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1123.96 linux-headers-azure-lts-18.04 - 4.15.0.1123.96 linux-signed-image-azure-lts-18.04 - 4.15.0.1123.96 linux-tools-azure-lts-18.04 - 4.15.0.1123.96 linux-azure-lts-18.04 - 4.15.0.1123.96 linux-signed-azure-lts-18.04 - 4.15.0.1123.96 linux-image-azure-lts-18.04 - 4.15.0.1123.96 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-signed-generic-hwe-16.04-edge - 4.15.0.156.145 linux-headers-generic-lpae - 4.15.0.156.145 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-image-extra-virtual-hwe-16.04 - 4.15.0.156.145 linux-image-virtual - 4.15.0.156.145 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.156.145 linux-signed-lowlatency - 4.15.0.156.145 linux-image-generic - 4.15.0.156.145 linux-tools-lowlatency - 4.15.0.156.145 linux-headers-generic-hwe-16.04-edge - 4.15.0.156.145 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.156.145 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-image-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-generic-lpae-hwe-16.04-edge - 4.15.0.156.145 linux-signed-image-lowlatency - 4.15.0.156.145 linux-signed-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-crashdump - 4.15.0.156.145 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.156.145 linux-source - 4.15.0.156.145 linux-signed-image-generic - 4.15.0.156.145 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.156.145 linux-tools-generic-lpae - 4.15.0.156.145 linux-cloud-tools-generic - 4.15.0.156.145 linux-generic-hwe-16.04-edge - 4.15.0.156.145 linux-virtual - 4.15.0.156.145 linux-headers-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-tools-virtual-hwe-16.04 - 4.15.0.156.145 linux-tools-generic-hwe-16.04 - 4.15.0.156.145 linux-tools-virtual - 4.15.0.156.145 linux-image-generic-lpae - 4.15.0.156.145 linux-cloud-tools-virtual - 4.15.0.156.145 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-generic-lpae - 4.15.0.156.145 linux-generic - 4.15.0.156.145 linux-signed-generic-hwe-16.04 - 4.15.0.156.145 linux-signed-image-generic-hwe-16.04 - 4.15.0.156.145 linux-generic-lpae-hwe-16.04 - 4.15.0.156.145 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-headers-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-headers-generic-hwe-16.04 - 4.15.0.156.145 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-generic-hwe-16.04 - 4.15.0.156.145 linux-tools-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-tools-generic - 4.15.0.156.145 linux-virtual-hwe-16.04 - 4.15.0.156.145 linux-image-extra-virtual - 4.15.0.156.145 linux-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-cloud-tools-lowlatency - 4.15.0.156.145 linux-image-generic-hwe-16.04 - 4.15.0.156.145 linux-image-generic-hwe-16.04-edge - 4.15.0.156.145 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-image-virtual-hwe-16.04 - 4.15.0.156.145 linux-image-generic-lpae-hwe-16.04 - 4.15.0.156.145 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.156.145 linux-tools-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-signed-generic - 4.15.0.156.145 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.156.145 linux-headers-generic - 4.15.0.156.145 linux-headers-virtual-hwe-16.04 - 4.15.0.156.145 linux-virtual-hwe-16.04-edge - 4.15.0.156.145 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.156.145 linux-headers-lowlatency - 4.15.0.156.145 linux-headers-virtual - 4.15.0.156.145 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.156.145 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.156.145 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.156.145 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.156.145 linux-tools-generic-hwe-16.04-edge - 4.15.0.156.145 linux-lowlatency - 4.15.0.156.145 linux-image-lowlatency - 4.15.0.156.145 No subscription required High CVE-2021-34693 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 CVE-2021-38160 Ubuntu 18.04 LTS Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1108-gcp - 4.15.0-1108.122 linux-image-4.15.0-1108-gcp - 4.15.0-1108.122 linux-modules-extra-4.15.0-1108-gcp - 4.15.0-1108.122 linux-gcp-4.15-tools-4.15.0-1108 - 4.15.0-1108.122 linux-gcp-4.15-headers-4.15.0-1108 - 4.15.0-1108.122 linux-tools-4.15.0-1108-gcp - 4.15.0-1108.122 linux-buildinfo-4.15.0-1108-gcp - 4.15.0-1108.122 linux-modules-4.15.0-1108-gcp - 4.15.0-1108.122 linux-image-unsigned-4.15.0-1108-gcp - 4.15.0-1108.122 No subscription required linux-gcp-lts-18.04 - 4.15.0.1108.127 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1108.127 linux-tools-gcp-lts-18.04 - 4.15.0.1108.127 linux-headers-gcp-lts-18.04 - 4.15.0.1108.127 linux-image-gcp-lts-18.04 - 4.15.0.1108.127 No subscription required High CVE-2021-34693 CVE-2021-3612 CVE-2021-3653 CVE-2021-3656 CVE-2021-38160 Ubuntu 18.04 LTS Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693) Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Update Instructions: Run `sudo pro fix USN-5073-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1095-raspi2 - 4.15.0-1095.101 linux-tools-4.15.0-1095-raspi2 - 4.15.0-1095.101 linux-raspi2-tools-4.15.0-1095 - 4.15.0-1095.101 linux-modules-4.15.0-1095-raspi2 - 4.15.0-1095.101 linux-raspi2-headers-4.15.0-1095 - 4.15.0-1095.101 linux-headers-4.15.0-1095-raspi2 - 4.15.0-1095.101 linux-image-4.15.0-1095-raspi2 - 4.15.0-1095.101 No subscription required linux-tools-raspi2 - 4.15.0.1095.93 linux-raspi2 - 4.15.0.1095.93 linux-headers-raspi2 - 4.15.0.1095.93 linux-image-raspi2 - 4.15.0.1095.93 No subscription required Medium CVE-2021-34693 CVE-2021-3612 CVE-2021-38160 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass mixed content blocking, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5074-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-szl - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 92.0+build3-0ubuntu0.18.04.1 firefox - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 92.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 92.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 92.0+build3-0ubuntu0.18.04.1 firefox-dev - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 92.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 92.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-38491 CVE-2021-38493 CVE-2021-38494 Ubuntu 18.04 LTS It was discovered that Git allowed newline characters in certain repository paths. An attacker could potentially use this issue to perform cross-protocol requests. Update Instructions: Run `sudo pro fix USN-5076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.9 gitweb - 1:2.17.1-1ubuntu0.9 git-gui - 1:2.17.1-1ubuntu0.9 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.9 git-el - 1:2.17.1-1ubuntu0.9 gitk - 1:2.17.1-1ubuntu0.9 git-all - 1:2.17.1-1ubuntu0.9 git-mediawiki - 1:2.17.1-1ubuntu0.9 git-daemon-run - 1:2.17.1-1ubuntu0.9 git-man - 1:2.17.1-1ubuntu0.9 git-doc - 1:2.17.1-1ubuntu0.9 git-svn - 1:2.17.1-1ubuntu0.9 git-cvs - 1:2.17.1-1ubuntu0.9 git-email - 1:2.17.1-1ubuntu0.9 No subscription required Medium CVE-2021-40330 Ubuntu 18.04 LTS Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information. Update Instructions: Run `sudo pro fix USN-5077-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.20.9-0ubuntu7.26 python3-problem-report - 2.20.9-0ubuntu7.26 apport-kde - 2.20.9-0ubuntu7.26 apport-retrace - 2.20.9-0ubuntu7.26 apport-valgrind - 2.20.9-0ubuntu7.26 python3-apport - 2.20.9-0ubuntu7.26 dh-apport - 2.20.9-0ubuntu7.26 apport-gtk - 2.20.9-0ubuntu7.26 python-apport - 2.20.9-0ubuntu7.26 python-problem-report - 2.20.9-0ubuntu7.26 apport-noui - 2.20.9-0ubuntu7.26 No subscription required Medium CVE-2021-3709 CVE-2021-3710 Ubuntu 18.04 LTS Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Update Instructions: Run `sudo pro fix USN-5078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squashfs-tools - 1:4.3-6ubuntu0.18.04.4 No subscription required Medium CVE-2021-41072 Ubuntu 18.04 LTS It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.15 libcurl4-openssl-dev - 7.58.0-2ubuntu3.15 libcurl3-gnutls - 7.58.0-2ubuntu3.15 libcurl4-doc - 7.58.0-2ubuntu3.15 libcurl3-nss - 7.58.0-2ubuntu3.15 libcurl4-nss-dev - 7.58.0-2ubuntu3.15 libcurl4 - 7.58.0-2ubuntu3.15 curl - 7.58.0-2ubuntu3.15 No subscription required Medium CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 Ubuntu 18.04 LTS USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update Instructions: Run `sudo pro fix USN-5079-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.16 libcurl4-openssl-dev - 7.58.0-2ubuntu3.16 libcurl3-gnutls - 7.58.0-2ubuntu3.16 libcurl4-doc - 7.58.0-2ubuntu3.16 libcurl3-nss - 7.58.0-2ubuntu3.16 libcurl4-nss-dev - 7.58.0-2ubuntu3.16 libcurl4 - 7.58.0-2ubuntu3.16 curl - 7.58.0-2ubuntu3.16 No subscription required None https://launchpad.net/bugs/1944120 Ubuntu 18.04 LTS It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information. Update Instructions: Run `sudo pro fix USN-5080-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt11-dev - 1.5.4-3+really1.8.1-4ubuntu1.3 No subscription required libgcrypt20 - 1.8.1-4ubuntu1.3 libgcrypt-mingw-w64-dev - 1.8.1-4ubuntu1.3 libgcrypt20-doc - 1.8.1-4ubuntu1.3 libgcrypt20-dev - 1.8.1-4ubuntu1.3 No subscription required Medium CVE-2021-33560 CVE-2021-40528 Ubuntu 18.04 LTS It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2020-17507) It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2021-38593) Update Instructions: Run `sudo pro fix USN-5081-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5widgets5 - 5.9.5+dfsg-0ubuntu2.6 libqt5opengl5 - 5.9.5+dfsg-0ubuntu2.6 libqt5concurrent5 - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-mysql - 5.9.5+dfsg-0ubuntu2.6 qtbase5-dev - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-sqlite - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-psql - 5.9.5+dfsg-0ubuntu2.6 libqt5core5a - 5.9.5+dfsg-0ubuntu2.6 libqt5network5 - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5 - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-odbc - 5.9.5+dfsg-0ubuntu2.6 libqt5dbus5 - 5.9.5+dfsg-0ubuntu2.6 libqt5gui5 - 5.9.5+dfsg-0ubuntu2.6 qtbase5-doc - 5.9.5+dfsg-0ubuntu2.6 libqt5opengl5-dev - 5.9.5+dfsg-0ubuntu2.6 qtbase5-doc-html - 5.9.5+dfsg-0ubuntu2.6 qtbase5-dev-tools - 5.9.5+dfsg-0ubuntu2.6 qt5-qmake - 5.9.5+dfsg-0ubuntu2.6 qt5-gtk-platformtheme - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-tds - 5.9.5+dfsg-0ubuntu2.6 qtbase5-private-dev - 5.9.5+dfsg-0ubuntu2.6 libqt5sql5-ibase - 5.9.5+dfsg-0ubuntu2.6 libqt5printsupport5 - 5.9.5+dfsg-0ubuntu2.6 libqt5xml5 - 5.9.5+dfsg-0ubuntu2.6 qtbase5-examples - 5.9.5+dfsg-0ubuntu2.6 libqt5test5 - 5.9.5+dfsg-0ubuntu2.6 qt5-qmake-bin - 5.9.5+dfsg-0ubuntu2.6 qt5-default - 5.9.5+dfsg-0ubuntu2.6 No subscription required Medium CVE-2020-17507 CVE-2021-38593 Ubuntu 18.04 LTS Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5086-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-common - 4.15.0-158.166 linux-headers-4.15.0-158-lowlatency - 4.15.0-158.166 linux-tools-host - 4.15.0-158.166 linux-buildinfo-4.15.0-158-generic-lpae - 4.15.0-158.166 linux-modules-4.15.0-158-generic - 4.15.0-158.166 linux-doc - 4.15.0-158.166 linux-buildinfo-4.15.0-158-lowlatency - 4.15.0-158.166 linux-libc-dev - 4.15.0-158.166 linux-headers-4.15.0-158 - 4.15.0-158.166 linux-tools-4.15.0-158-generic - 4.15.0-158.166 linux-image-4.15.0-158-generic - 4.15.0-158.166 linux-headers-4.15.0-158-generic-lpae - 4.15.0-158.166 linux-buildinfo-4.15.0-158-generic - 4.15.0-158.166 linux-modules-4.15.0-158-generic-lpae - 4.15.0-158.166 linux-headers-4.15.0-158-generic - 4.15.0-158.166 linux-image-unsigned-4.15.0-158-lowlatency - 4.15.0-158.166 linux-tools-4.15.0-158-generic-lpae - 4.15.0-158.166 linux-image-4.15.0-158-generic-lpae - 4.15.0-158.166 linux-cloud-tools-4.15.0-158-lowlatency - 4.15.0-158.166 linux-source-4.15.0 - 4.15.0-158.166 linux-tools-4.15.0-158-lowlatency - 4.15.0-158.166 linux-image-4.15.0-158-lowlatency - 4.15.0-158.166 linux-tools-4.15.0-158 - 4.15.0-158.166 linux-cloud-tools-common - 4.15.0-158.166 linux-cloud-tools-4.15.0-158-generic - 4.15.0-158.166 linux-image-unsigned-4.15.0-158-generic - 4.15.0-158.166 linux-modules-extra-4.15.0-158-generic - 4.15.0-158.166 linux-cloud-tools-4.15.0-158 - 4.15.0-158.166 linux-modules-4.15.0-158-lowlatency - 4.15.0-158.166 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-cloud-tools-virtual - 4.15.0.158.147 linux-headers-generic-lpae - 4.15.0.158.147 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-image-extra-virtual-hwe-16.04 - 4.15.0.158.147 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.158.147 linux-image-generic - 4.15.0.158.147 linux-tools-lowlatency - 4.15.0.158.147 linux-headers-generic-hwe-16.04-edge - 4.15.0.158.147 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.158.147 linux-generic-lpae-hwe-16.04 - 4.15.0.158.147 linux-signed-generic-hwe-16.04-edge - 4.15.0.158.147 linux-tools-generic-hwe-16.04 - 4.15.0.158.147 linux-tools-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-tools-virtual-hwe-16.04 - 4.15.0.158.147 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-image-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-generic-lpae-hwe-16.04-edge - 4.15.0.158.147 linux-signed-image-lowlatency - 4.15.0.158.147 linux-signed-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-crashdump - 4.15.0.158.147 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-lowlatency - 4.15.0.158.147 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.158.147 linux-source - 4.15.0.158.147 linux-signed-image-generic - 4.15.0.158.147 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.158.147 linux-tools-generic-lpae - 4.15.0.158.147 linux-cloud-tools-generic - 4.15.0.158.147 linux-generic-hwe-16.04-edge - 4.15.0.158.147 linux-virtual - 4.15.0.158.147 linux-headers-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.158.147 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.158.147 linux-tools-virtual - 4.15.0.158.147 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-generic-lpae - 4.15.0.158.147 linux-generic - 4.15.0.158.147 linux-image-virtual - 4.15.0.158.147 linux-tools-generic-hwe-16.04-edge - 4.15.0.158.147 linux-signed-image-generic-hwe-16.04 - 4.15.0.158.147 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.158.147 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-headers-lowlatency - 4.15.0.158.147 linux-headers-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-headers-generic-hwe-16.04 - 4.15.0.158.147 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-generic-hwe-16.04 - 4.15.0.158.147 linux-image-generic-hwe-16.04 - 4.15.0.158.147 linux-tools-generic - 4.15.0.158.147 linux-virtual-hwe-16.04 - 4.15.0.158.147 linux-image-extra-virtual - 4.15.0.158.147 linux-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-cloud-tools-lowlatency - 4.15.0.158.147 linux-image-generic-hwe-16.04-edge - 4.15.0.158.147 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-virtual-hwe-16.04-edge - 4.15.0.158.147 linux-tools-lowlatency-hwe-16.04 - 4.15.0.158.147 linux-signed-generic - 4.15.0.158.147 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.158.147 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.158.147 linux-headers-generic - 4.15.0.158.147 linux-headers-virtual-hwe-16.04 - 4.15.0.158.147 linux-image-generic-lpae-hwe-16.04 - 4.15.0.158.147 linux-image-virtual-hwe-16.04 - 4.15.0.158.147 linux-headers-virtual - 4.15.0.158.147 linux-signed-generic-hwe-16.04 - 4.15.0.158.147 linux-image-generic-lpae - 4.15.0.158.147 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.158.147 linux-signed-lowlatency - 4.15.0.158.147 linux-image-lowlatency - 4.15.0.158.147 No subscription required linux-image-unsigned-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-86.97~18.04.1 linux-buildinfo-5.4.0-86-generic-lpae - 5.4.0-86.97~18.04.1 linux-headers-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-hwe-5.4-tools-5.4.0-86 - 5.4.0-86.97~18.04.1 linux-image-5.4.0-86-generic-lpae - 5.4.0-86.97~18.04.1 linux-modules-extra-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-tools-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-modules-5.4.0-86-generic-lpae - 5.4.0-86.97~18.04.1 linux-buildinfo-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-image-unsigned-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-tools-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-86 - 5.4.0-86.97~18.04.1 linux-modules-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-buildinfo-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-image-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-cloud-tools-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-86.97~18.04.1 linux-headers-5.4.0-86-generic-lpae - 5.4.0-86.97~18.04.1 linux-cloud-tools-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-86.97~18.04.1 linux-tools-5.4.0-86-generic-lpae - 5.4.0-86.97~18.04.1 linux-hwe-5.4-headers-5.4.0-86 - 5.4.0-86.97~18.04.1 linux-modules-5.4.0-86-generic - 5.4.0-86.97~18.04.1 linux-headers-5.4.0-86-lowlatency - 5.4.0-86.97~18.04.1 linux-image-5.4.0-86-generic - 5.4.0-86.97~18.04.1 No subscription required linux-image-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-headers-snapdragon-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-image-generic-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-snapdragon-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-image-oem - 5.4.0.86.97~18.04.77 linux-tools-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-oem-osp1 - 5.4.0.86.97~18.04.77 linux-headers-lowlatency-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-lowlatency-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-extra-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-image-oem-osp1 - 5.4.0.86.97~18.04.77 linux-snapdragon-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-generic-lpae-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-tools-lowlatency-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-generic-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-tools-snapdragon-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-generic-lpae-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-oem - 5.4.0.86.97~18.04.77 linux-tools-oem-osp1 - 5.4.0.86.97~18.04.77 linux-tools-generic-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-generic-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-generic-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-oem - 5.4.0.86.97~18.04.77 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-snapdragon-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-tools-oem - 5.4.0.86.97~18.04.77 linux-headers-oem-osp1 - 5.4.0.86.97~18.04.77 linux-tools-virtual-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-generic-lpae-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-tools-generic-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-generic-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-image-lowlatency-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-lowlatency-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.86.97~18.04.77 linux-generic-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.86.97~18.04.77 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.86.97~18.04.77 No subscription required None https://launchpad.net/bugs/1943960 Ubuntu 18.04 LTS A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.0 - 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37-gtk2 - 2.32.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-dev - 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 - 2.32.4-0ubuntu0.18.04.1 webkit2gtk-driver - 2.32.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-18 - 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-doc - 2.32.4-0ubuntu0.18.04.1 libjavascriptcoregtk-4.0-bin - 2.32.4-0ubuntu0.18.04.1 gir1.2-webkit2-4.0 - 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-dev - 2.32.4-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-30858 Ubuntu 18.04 LTS The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA. Update Instructions: Run `sudo pro fix USN-5089-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20210119~18.04.2 No subscription required None https://launchpad.net/bugs/1944481 Ubuntu 18.04 LTS James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-36160) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update Instructions: Run `sudo pro fix USN-5090-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.17 apache2-utils - 2.4.29-1ubuntu4.17 apache2-dev - 2.4.29-1ubuntu4.17 apache2-suexec-pristine - 2.4.29-1ubuntu4.17 apache2-suexec-custom - 2.4.29-1ubuntu4.17 apache2 - 2.4.29-1ubuntu4.17 apache2-doc - 2.4.29-1ubuntu4.17 apache2-ssl-dev - 2.4.29-1ubuntu4.17 apache2-bin - 2.4.29-1ubuntu4.17 No subscription required Medium CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 Ubuntu 18.04 LTS USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-36160) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update Instructions: Run `sudo pro fix USN-5090-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.18 apache2-utils - 2.4.29-1ubuntu4.18 apache2-dev - 2.4.29-1ubuntu4.18 apache2-suexec-pristine - 2.4.29-1ubuntu4.18 apache2-suexec-custom - 2.4.29-1ubuntu4.18 apache2 - 2.4.29-1ubuntu4.18 apache2-doc - 2.4.29-1ubuntu4.18 apache2-ssl-dev - 2.4.29-1ubuntu4.18 apache2-bin - 2.4.29-1ubuntu4.18 No subscription required None https://launchpad.net/bugs/1945311 Ubuntu 18.04 LTS Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code. (CVE-2021-37576) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) Update Instructions: Run `sudo pro fix USN-5091-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-tools-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-modules-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-headers-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-gkeop-5.4-tools-5.4.0-1024 - 5.4.0-1024.25~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1024.25~18.04.1 linux-image-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-image-unsigned-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-modules-extra-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-buildinfo-5.4.0-1024-gkeop - 5.4.0-1024.25~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1024 - 5.4.0-1024.25~18.04.1 linux-gkeop-5.4-headers-5.4.0-1024 - 5.4.0-1024.25~18.04.1 No subscription required linux-gke-5.4-tools-5.4.0-1053 - 5.4.0-1053.56~18.04.1 linux-modules-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-buildinfo-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-tools-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-headers-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-modules-extra-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-image-unsigned-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 linux-gke-5.4-headers-5.4.0-1053 - 5.4.0-1053.56~18.04.1 linux-image-5.4.0-1053-gke - 5.4.0-1053.56~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1053 - 5.4.0-1053.57~18.04.1 linux-modules-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-buildinfo-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-headers-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-image-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-modules-extra-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-image-unsigned-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-tools-5.4.0-1053-gcp - 5.4.0-1053.57~18.04.1 linux-gcp-5.4-tools-5.4.0-1053 - 5.4.0-1053.57~18.04.1 No subscription required linux-oracle-5.4-tools-5.4.0-1055 - 5.4.0-1055.59~18.04.1 linux-tools-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-modules-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-buildinfo-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-image-unsigned-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-image-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-oracle-5.4-headers-5.4.0-1055 - 5.4.0-1055.59~18.04.1 linux-headers-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 linux-modules-extra-5.4.0-1055-oracle - 5.4.0-1055.59~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1057 - 5.4.0-1057.60~18.04.1 linux-image-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-tools-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-buildinfo-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-cloud-tools-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-modules-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1057 - 5.4.0-1057.60~18.04.1 linux-aws-5.4-tools-5.4.0-1057 - 5.4.0-1057.60~18.04.1 linux-headers-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 linux-modules-extra-5.4.0-1057-aws - 5.4.0-1057.60~18.04.1 No subscription required linux-azure-5.4-tools-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-azure-5.4-headers-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-buildinfo-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-image-unsigned-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-modules-extra-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-modules-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-tools-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-image-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-headers-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 linux-cloud-tools-5.4.0-1059-azure - 5.4.0-1059.62~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-87.98~18.04.1 linux-hwe-5.4-tools-5.4.0-87 - 5.4.0-87.98~18.04.1 linux-tools-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-modules-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-tools-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-image-5.4.0-87-generic-lpae - 5.4.0-87.98~18.04.1 linux-modules-5.4.0-87-generic-lpae - 5.4.0-87.98~18.04.1 linux-modules-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-buildinfo-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-headers-5.4.0-87-generic-lpae - 5.4.0-87.98~18.04.1 linux-cloud-tools-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-headers-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-buildinfo-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-tools-5.4.0-87-generic-lpae - 5.4.0-87.98~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-87 - 5.4.0-87.98~18.04.1 linux-headers-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-87.98~18.04.1 linux-buildinfo-5.4.0-87-generic-lpae - 5.4.0-87.98~18.04.1 linux-image-unsigned-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-modules-extra-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-cloud-tools-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-87.98~18.04.1 linux-image-unsigned-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-hwe-5.4-headers-5.4.0-87 - 5.4.0-87.98~18.04.1 linux-image-5.4.0-87-generic - 5.4.0-87.98~18.04.1 linux-image-5.4.0-87-lowlatency - 5.4.0-87.98~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1024.25~18.04.25 linux-modules-extra-gkeop-5.4 - 5.4.0.1024.25~18.04.25 linux-gkeop-5.4 - 5.4.0.1024.25~18.04.25 linux-headers-gkeop-5.4 - 5.4.0.1024.25~18.04.25 linux-image-gkeop-5.4 - 5.4.0.1024.25~18.04.25 linux-tools-gkeop-5.4 - 5.4.0.1024.25~18.04.25 No subscription required linux-image-gcp-edge - 5.4.0.1053.39 linux-tools-gcp-edge - 5.4.0.1053.39 linux-headers-gcp-edge - 5.4.0.1053.39 linux-modules-extra-gcp - 5.4.0.1053.39 linux-modules-extra-gcp-edge - 5.4.0.1053.39 linux-tools-gcp - 5.4.0.1053.39 linux-gcp - 5.4.0.1053.39 linux-headers-gcp - 5.4.0.1053.39 linux-image-gcp - 5.4.0.1053.39 linux-gcp-edge - 5.4.0.1053.39 No subscription required linux-headers-gke-5.4 - 5.4.0.1053.56~18.04.18 linux-tools-gke-5.4 - 5.4.0.1053.56~18.04.18 linux-modules-extra-gke-5.4 - 5.4.0.1053.56~18.04.18 linux-gke-5.4 - 5.4.0.1053.56~18.04.18 linux-image-gke-5.4 - 5.4.0.1053.56~18.04.18 No subscription required linux-headers-oracle - 5.4.0.1055.59~18.04.35 linux-signed-image-oracle - 5.4.0.1055.59~18.04.35 linux-signed-oracle - 5.4.0.1055.59~18.04.35 linux-tools-oracle-edge - 5.4.0.1055.59~18.04.35 linux-oracle-edge - 5.4.0.1055.59~18.04.35 linux-modules-extra-oracle-edge - 5.4.0.1055.59~18.04.35 linux-image-oracle-edge - 5.4.0.1055.59~18.04.35 linux-modules-extra-oracle - 5.4.0.1055.59~18.04.35 linux-signed-oracle-edge - 5.4.0.1055.59~18.04.35 linux-signed-image-oracle-edge - 5.4.0.1055.59~18.04.35 linux-headers-oracle-edge - 5.4.0.1055.59~18.04.35 linux-image-oracle - 5.4.0.1055.59~18.04.35 linux-tools-oracle - 5.4.0.1055.59~18.04.35 linux-oracle - 5.4.0.1055.59~18.04.35 No subscription required linux-headers-aws - 5.4.0.1057.40 linux-image-aws - 5.4.0.1057.40 linux-aws-edge - 5.4.0.1057.40 linux-aws - 5.4.0.1057.40 linux-modules-extra-aws-edge - 5.4.0.1057.40 linux-headers-aws-edge - 5.4.0.1057.40 linux-modules-extra-aws - 5.4.0.1057.40 linux-tools-aws - 5.4.0.1057.40 linux-tools-aws-edge - 5.4.0.1057.40 linux-image-aws-edge - 5.4.0.1057.40 No subscription required linux-signed-azure - 5.4.0.1059.39 linux-tools-azure-edge - 5.4.0.1059.39 linux-cloud-tools-azure - 5.4.0.1059.39 linux-tools-azure - 5.4.0.1059.39 linux-image-azure-edge - 5.4.0.1059.39 linux-cloud-tools-azure-edge - 5.4.0.1059.39 linux-modules-extra-azure - 5.4.0.1059.39 linux-azure - 5.4.0.1059.39 linux-signed-image-azure-edge - 5.4.0.1059.39 linux-image-azure - 5.4.0.1059.39 linux-signed-image-azure - 5.4.0.1059.39 linux-azure-edge - 5.4.0.1059.39 linux-modules-extra-azure-edge - 5.4.0.1059.39 linux-headers-azure-edge - 5.4.0.1059.39 linux-signed-azure-edge - 5.4.0.1059.39 linux-headers-azure - 5.4.0.1059.39 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-headers-snapdragon-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-image-generic-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-snapdragon-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-oem - 5.4.0.87.98~18.04.78 linux-tools-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-lowlatency-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-lowlatency-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-extra-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-image-oem-osp1 - 5.4.0.87.98~18.04.78 linux-headers-oem - 5.4.0.87.98~18.04.78 linux-snapdragon-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-generic-lpae-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-lowlatency-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-generic-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-tools-snapdragon-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-generic-lpae-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-oem-osp1 - 5.4.0.87.98~18.04.78 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-tools-generic-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-image-generic-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-generic-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-oem - 5.4.0.87.98~18.04.78 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-snapdragon-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-oem - 5.4.0.87.98~18.04.78 linux-headers-oem-osp1 - 5.4.0.87.98~18.04.78 linux-tools-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-generic-lpae-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-generic-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-oem-osp1 - 5.4.0.87.98~18.04.78 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-image-lowlatency-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-lowlatency-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.87.98~18.04.78 linux-generic-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-tools-generic-hwe-18.04 - 5.4.0.87.98~18.04.78 linux-image-virtual-hwe-18.04-edge - 5.4.0.87.98~18.04.78 No subscription required Medium CVE-2021-33624 CVE-2021-3679 CVE-2021-37576 CVE-2021-38160 CVE-2021-38199 CVE-2021-38204 Ubuntu 18.04 LTS Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) Update Instructions: Run `sudo pro fix USN-5091-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi-5.4-headers-5.4.0-1044 - 5.4.0-1044.48~18.04.1 linux-modules-5.4.0-1044-raspi - 5.4.0-1044.48~18.04.1 linux-headers-5.4.0-1044-raspi - 5.4.0-1044.48~18.04.1 linux-raspi-5.4-tools-5.4.0-1044 - 5.4.0-1044.48~18.04.1 linux-buildinfo-5.4.0-1044-raspi - 5.4.0-1044.48~18.04.1 linux-tools-5.4.0-1044-raspi - 5.4.0-1044.48~18.04.1 linux-image-5.4.0-1044-raspi - 5.4.0-1044.48~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1044.47 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1044.47 linux-image-raspi-hwe-18.04 - 5.4.0.1044.47 linux-raspi-hwe-18.04-edge - 5.4.0.1044.47 linux-raspi-hwe-18.04 - 5.4.0.1044.47 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1044.47 linux-tools-raspi-hwe-18.04 - 5.4.0.1044.47 linux-headers-raspi-hwe-18.04 - 5.4.0.1044.47 No subscription required Medium CVE-2021-33624 CVE-2021-3679 CVE-2021-38160 CVE-2021-38199 CVE-2021-38204 Ubuntu 18.04 LTS USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels. Unfortunately, for Linux kernels intended for use within Microsoft Azure environments, that update introduced a regression that could cause the kernel to fail to boot in large Azure instance types. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. (CVE-2021-33624) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code. (CVE-2021-37576) It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) Update Instructions: Run `sudo pro fix USN-5091-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-buildinfo-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-cloud-tools-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-tools-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-azure-5.4-tools-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-azure-5.4-headers-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-image-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-modules-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-image-unsigned-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 linux-modules-extra-5.4.0-1061-azure - 5.4.0-1061.64~18.04.1 No subscription required linux-signed-azure - 5.4.0.1061.41 linux-tools-azure-edge - 5.4.0.1061.41 linux-azure - 5.4.0.1061.41 linux-signed-image-azure-edge - 5.4.0.1061.41 linux-image-azure - 5.4.0.1061.41 linux-signed-image-azure - 5.4.0.1061.41 linux-cloud-tools-azure-edge - 5.4.0.1061.41 linux-tools-azure - 5.4.0.1061.41 linux-headers-azure-edge - 5.4.0.1061.41 linux-image-azure-edge - 5.4.0.1061.41 linux-modules-extra-azure - 5.4.0.1061.41 linux-azure-edge - 5.4.0.1061.41 linux-modules-extra-azure-edge - 5.4.0.1061.41 linux-signed-azure-edge - 5.4.0.1061.41 linux-headers-azure - 5.4.0.1061.41 linux-cloud-tools-azure - 5.4.0.1061.41 No subscription required None https://launchpad.net/bugs/1940564 Ubuntu 18.04 LTS Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3770) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3778) Dhiraj Mishra discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2021-3796) Update Instructions: Run `sudo pro fix USN-5093-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.6 vim-gnome - 2:8.0.1453-1ubuntu1.6 vim-athena - 2:8.0.1453-1ubuntu1.6 xxd - 2:8.0.1453-1ubuntu1.6 vim-gtk - 2:8.0.1453-1ubuntu1.6 vim-gui-common - 2:8.0.1453-1ubuntu1.6 vim - 2:8.0.1453-1ubuntu1.6 vim-doc - 2:8.0.1453-1ubuntu1.6 vim-tiny - 2:8.0.1453-1ubuntu1.6 vim-runtime - 2:8.0.1453-1ubuntu1.6 vim-gtk3 - 2:8.0.1453-1ubuntu1.6 vim-nox - 2:8.0.1453-1ubuntu1.6 No subscription required Medium CVE-2021-3770 CVE-2021-3778 CVE-2021-3796 Ubuntu 18.04 LTS It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) Alexey Kardashevskiy discovered that the KVM implementation for PowerPC systems in the Linux kernel did not properly validate RTAS arguments in some situations. An attacker in a guest vm could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code. (CVE-2021-37576) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) Update Instructions: Run `sudo pro fix USN-5094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-headers-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-image-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-image-unsigned-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-dell300x-headers-4.15.0-1028 - 4.15.0-1028.33 linux-tools-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-modules-4.15.0-1028-dell300x - 4.15.0-1028.33 linux-dell300x-tools-4.15.0-1028 - 4.15.0-1028.33 No subscription required linux-buildinfo-4.15.0-1081-oracle - 4.15.0-1081.89 linux-image-4.15.0-1081-oracle - 4.15.0-1081.89 linux-image-unsigned-4.15.0-1081-oracle - 4.15.0-1081.89 linux-headers-4.15.0-1081-oracle - 4.15.0-1081.89 linux-tools-4.15.0-1081-oracle - 4.15.0-1081.89 linux-modules-4.15.0-1081-oracle - 4.15.0-1081.89 linux-oracle-headers-4.15.0-1081 - 4.15.0-1081.89 linux-oracle-tools-4.15.0-1081 - 4.15.0-1081.89 linux-modules-extra-4.15.0-1081-oracle - 4.15.0-1081.89 No subscription required linux-kvm-tools-4.15.0-1100 - 4.15.0-1100.102 linux-modules-4.15.0-1100-kvm - 4.15.0-1100.102 linux-buildinfo-4.15.0-1100-kvm - 4.15.0-1100.102 linux-headers-4.15.0-1100-kvm - 4.15.0-1100.102 linux-kvm-headers-4.15.0-1100 - 4.15.0-1100.102 linux-tools-4.15.0-1100-kvm - 4.15.0-1100.102 linux-image-4.15.0-1100-kvm - 4.15.0-1100.102 No subscription required linux-buildinfo-4.15.0-1109-gcp - 4.15.0-1109.123 linux-gcp-4.15-tools-4.15.0-1109 - 4.15.0-1109.123 linux-tools-4.15.0-1109-gcp - 4.15.0-1109.123 linux-image-4.15.0-1109-gcp - 4.15.0-1109.123 linux-modules-extra-4.15.0-1109-gcp - 4.15.0-1109.123 linux-headers-4.15.0-1109-gcp - 4.15.0-1109.123 linux-modules-4.15.0-1109-gcp - 4.15.0-1109.123 linux-gcp-4.15-headers-4.15.0-1109 - 4.15.0-1109.123 linux-image-unsigned-4.15.0-1109-gcp - 4.15.0-1109.123 No subscription required linux-tools-4.15.0-1112-aws - 4.15.0-1112.119 linux-modules-4.15.0-1112-aws - 4.15.0-1112.119 linux-modules-extra-4.15.0-1112-aws - 4.15.0-1112.119 linux-buildinfo-4.15.0-1112-aws - 4.15.0-1112.119 linux-aws-tools-4.15.0-1112 - 4.15.0-1112.119 linux-headers-4.15.0-1112-aws - 4.15.0-1112.119 linux-aws-headers-4.15.0-1112 - 4.15.0-1112.119 linux-aws-cloud-tools-4.15.0-1112 - 4.15.0-1112.119 linux-image-4.15.0-1112-aws - 4.15.0-1112.119 linux-cloud-tools-4.15.0-1112-aws - 4.15.0-1112.119 No subscription required linux-headers-4.15.0-1113-snapdragon - 4.15.0-1113.122 linux-buildinfo-4.15.0-1113-snapdragon - 4.15.0-1113.122 linux-snapdragon-tools-4.15.0-1113 - 4.15.0-1113.122 linux-tools-4.15.0-1113-snapdragon - 4.15.0-1113.122 linux-modules-4.15.0-1113-snapdragon - 4.15.0-1113.122 linux-snapdragon-headers-4.15.0-1113 - 4.15.0-1113.122 linux-image-4.15.0-1113-snapdragon - 4.15.0-1113.122 No subscription required linux-buildinfo-4.15.0-1124-azure - 4.15.0-1124.137 linux-image-4.15.0-1124-azure - 4.15.0-1124.137 linux-azure-4.15-tools-4.15.0-1124 - 4.15.0-1124.137 linux-azure-4.15-headers-4.15.0-1124 - 4.15.0-1124.137 linux-headers-4.15.0-1124-azure - 4.15.0-1124.137 linux-cloud-tools-4.15.0-1124-azure - 4.15.0-1124.137 linux-tools-4.15.0-1124-azure - 4.15.0-1124.137 linux-modules-4.15.0-1124-azure - 4.15.0-1124.137 linux-modules-extra-4.15.0-1124-azure - 4.15.0-1124.137 linux-image-unsigned-4.15.0-1124-azure - 4.15.0-1124.137 linux-azure-4.15-cloud-tools-4.15.0-1124 - 4.15.0-1124.137 No subscription required linux-cloud-tools-4.15.0-159-generic - 4.15.0-159.167 linux-tools-common - 4.15.0-159.167 linux-buildinfo-4.15.0-159-generic - 4.15.0-159.167 linux-cloud-tools-common - 4.15.0-159.167 linux-tools-host - 4.15.0-159.167 linux-tools-4.15.0-159-generic - 4.15.0-159.167 linux-doc - 4.15.0-159.167 linux-image-4.15.0-159-generic-lpae - 4.15.0-159.167 linux-modules-4.15.0-159-lowlatency - 4.15.0-159.167 linux-modules-4.15.0-159-generic-lpae - 4.15.0-159.167 linux-buildinfo-4.15.0-159-generic-lpae - 4.15.0-159.167 linux-headers-4.15.0-159-generic-lpae - 4.15.0-159.167 linux-libc-dev - 4.15.0-159.167 linux-image-unsigned-4.15.0-159-lowlatency - 4.15.0-159.167 linux-headers-4.15.0-159 - 4.15.0-159.167 linux-headers-4.15.0-159-generic - 4.15.0-159.167 linux-cloud-tools-4.15.0-159-lowlatency - 4.15.0-159.167 linux-buildinfo-4.15.0-159-lowlatency - 4.15.0-159.167 linux-tools-4.15.0-159 - 4.15.0-159.167 linux-modules-4.15.0-159-generic - 4.15.0-159.167 linux-image-4.15.0-159-lowlatency - 4.15.0-159.167 linux-tools-4.15.0-159-lowlatency - 4.15.0-159.167 linux-image-4.15.0-159-generic - 4.15.0-159.167 linux-modules-extra-4.15.0-159-generic - 4.15.0-159.167 linux-tools-4.15.0-159-generic-lpae - 4.15.0-159.167 linux-cloud-tools-4.15.0-159 - 4.15.0-159.167 linux-source-4.15.0 - 4.15.0-159.167 linux-image-unsigned-4.15.0-159-generic - 4.15.0-159.167 linux-headers-4.15.0-159-lowlatency - 4.15.0-159.167 No subscription required linux-tools-dell300x - 4.15.0.1028.30 linux-headers-dell300x - 4.15.0.1028.30 linux-image-dell300x - 4.15.0.1028.30 linux-dell300x - 4.15.0.1028.30 No subscription required linux-oracle-lts-18.04 - 4.15.0.1081.91 linux-image-oracle-lts-18.04 - 4.15.0.1081.91 linux-signed-image-oracle-lts-18.04 - 4.15.0.1081.91 linux-tools-oracle-lts-18.04 - 4.15.0.1081.91 linux-signed-oracle-lts-18.04 - 4.15.0.1081.91 linux-headers-oracle-lts-18.04 - 4.15.0.1081.91 No subscription required linux-kvm - 4.15.0.1100.96 linux-headers-kvm - 4.15.0.1100.96 linux-tools-kvm - 4.15.0.1100.96 linux-image-kvm - 4.15.0.1100.96 No subscription required linux-gcp-lts-18.04 - 4.15.0.1109.128 linux-tools-gcp-lts-18.04 - 4.15.0.1109.128 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1109.128 linux-image-gcp-lts-18.04 - 4.15.0.1109.128 linux-headers-gcp-lts-18.04 - 4.15.0.1109.128 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1112.115 linux-headers-aws-lts-18.04 - 4.15.0.1112.115 linux-modules-extra-aws-lts-18.04 - 4.15.0.1112.115 linux-tools-aws-lts-18.04 - 4.15.0.1112.115 linux-aws-lts-18.04 - 4.15.0.1112.115 No subscription required linux-headers-snapdragon - 4.15.0.1113.116 linux-snapdragon - 4.15.0.1113.116 linux-tools-snapdragon - 4.15.0.1113.116 linux-image-snapdragon - 4.15.0.1113.116 No subscription required linux-cloud-tools-azure-lts-18.04 - 4.15.0.1124.97 linux-tools-azure-lts-18.04 - 4.15.0.1124.97 linux-modules-extra-azure-lts-18.04 - 4.15.0.1124.97 linux-headers-azure-lts-18.04 - 4.15.0.1124.97 linux-signed-image-azure-lts-18.04 - 4.15.0.1124.97 linux-azure-lts-18.04 - 4.15.0.1124.97 linux-signed-azure-lts-18.04 - 4.15.0.1124.97 linux-image-azure-lts-18.04 - 4.15.0.1124.97 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-image-extra-virtual-hwe-16.04 - 4.15.0.159.148 linux-image-virtual - 4.15.0.159.148 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.159.148 linux-image-generic - 4.15.0.159.148 linux-tools-lowlatency - 4.15.0.159.148 linux-tools-generic-hwe-16.04-edge - 4.15.0.159.148 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-headers-generic-hwe-16.04-edge - 4.15.0.159.148 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.159.148 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-image-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-generic-lpae-hwe-16.04-edge - 4.15.0.159.148 linux-signed-image-lowlatency - 4.15.0.159.148 linux-generic-lpae-hwe-16.04 - 4.15.0.159.148 linux-signed-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-crashdump - 4.15.0.159.148 linux-signed-image-generic - 4.15.0.159.148 linux-headers-generic-lpae - 4.15.0.159.148 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.159.148 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.159.148 linux-lowlatency - 4.15.0.159.148 linux-cloud-tools-generic - 4.15.0.159.148 linux-generic-hwe-16.04-edge - 4.15.0.159.148 linux-virtual - 4.15.0.159.148 linux-headers-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-tools-generic-lpae - 4.15.0.159.148 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.159.148 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-tools-generic-hwe-16.04 - 4.15.0.159.148 linux-tools-virtual - 4.15.0.159.148 linux-signed-generic-hwe-16.04-edge - 4.15.0.159.148 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-generic - 4.15.0.159.148 linux-generic-lpae - 4.15.0.159.148 linux-signed-generic-hwe-16.04 - 4.15.0.159.148 linux-signed-image-generic-hwe-16.04 - 4.15.0.159.148 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.159.148 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-headers-lowlatency - 4.15.0.159.148 linux-headers-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-headers-generic-hwe-16.04 - 4.15.0.159.148 linux-generic-hwe-16.04 - 4.15.0.159.148 linux-tools-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-cloud-tools-virtual - 4.15.0.159.148 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.159.148 linux-image-generic-lpae - 4.15.0.159.148 linux-tools-generic - 4.15.0.159.148 linux-source - 4.15.0.159.148 linux-tools-virtual-hwe-16.04 - 4.15.0.159.148 linux-virtual-hwe-16.04 - 4.15.0.159.148 linux-image-extra-virtual - 4.15.0.159.148 linux-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-cloud-tools-lowlatency - 4.15.0.159.148 linux-image-generic-hwe-16.04-edge - 4.15.0.159.148 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-image-generic-lpae-hwe-16.04 - 4.15.0.159.148 linux-tools-lowlatency-hwe-16.04 - 4.15.0.159.148 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.159.148 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.159.148 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.159.148 linux-headers-generic - 4.15.0.159.148 linux-headers-virtual-hwe-16.04 - 4.15.0.159.148 linux-virtual-hwe-16.04-edge - 4.15.0.159.148 linux-image-virtual-hwe-16.04 - 4.15.0.159.148 linux-headers-virtual - 4.15.0.159.148 linux-signed-generic - 4.15.0.159.148 linux-signed-lowlatency - 4.15.0.159.148 linux-image-generic-hwe-16.04 - 4.15.0.159.148 linux-image-lowlatency - 4.15.0.159.148 No subscription required Medium CVE-2021-22543 CVE-2021-3679 CVE-2021-3732 CVE-2021-37576 CVE-2021-38204 CVE-2021-38205 Ubuntu 18.04 LTS It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) Update Instructions: Run `sudo pro fix USN-5094-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1096-raspi2 - 4.15.0-1096.102 linux-modules-4.15.0-1096-raspi2 - 4.15.0-1096.102 linux-buildinfo-4.15.0-1096-raspi2 - 4.15.0-1096.102 linux-headers-4.15.0-1096-raspi2 - 4.15.0-1096.102 linux-raspi2-tools-4.15.0-1096 - 4.15.0-1096.102 linux-raspi2-headers-4.15.0-1096 - 4.15.0-1096.102 linux-tools-4.15.0-1096-raspi2 - 4.15.0-1096.102 No subscription required linux-tools-raspi2 - 4.15.0.1096.94 linux-raspi2 - 4.15.0.1096.94 linux-headers-raspi2 - 4.15.0.1096.94 linux-image-raspi2 - 4.15.0.1096.94 No subscription required Medium CVE-2021-22543 CVE-2021-3679 CVE-2021-3732 CVE-2021-38204 CVE-2021-38205 Ubuntu 18.04 LTS It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-io-java-doc - 2.6-2ubuntu0.18.04.1 libcommons-io-java - 2.6-2ubuntu0.18.04.1 No subscription required Medium CVE-2021-29425 Ubuntu 18.04 LTS It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information. Update Instructions: Run `sudo pro fix USN-5098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-bl - 1.1.2-1ubuntu1.1 No subscription required Medium CVE-2020-8244 Ubuntu 18.04 LTS It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation. Update Instructions: Run `sudo pro fix USN-5100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.5.2-0ubuntu1~18.04.3 golang-github-docker-containerd-dev - 1.5.2-0ubuntu1~18.04.3 golang-github-containerd-containerd-dev - 1.5.2-0ubuntu1~18.04.3 No subscription required High CVE-2021-41103 Ubuntu 18.04 LTS It was discovered that MongoDB incorrectly handled certain wire protocol messages. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mongodb-server - 1:3.6.3-0ubuntu1.4 mongodb - 1:3.6.3-0ubuntu1.4 mongodb-clients - 1:3.6.3-0ubuntu1.4 mongodb-server-core - 1:3.6.3-0ubuntu1.4 No subscription required Medium CVE-2019-20925 Ubuntu 18.04 LTS It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. (CVE-2019-3902) It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. (CVE-2018-17983) Update Instructions: Run `sudo pro fix USN-5102-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mercurial - 4.5.3-1ubuntu2.2 mercurial-common - 4.5.3-1ubuntu2.2 No subscription required Medium CVE-2018-17983 CVE-2019-3902 Ubuntu 18.04 LTS Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges. Update Instructions: Run `sudo pro fix USN-5103-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 20.10.7-0ubuntu1~18.04.2 docker.io - 20.10.7-0ubuntu1~18.04.2 golang-docker-dev - 20.10.7-0ubuntu1~18.04.2 vim-syntax-docker - 20.10.7-0ubuntu1~18.04.2 docker-doc - 20.10.7-0ubuntu1~18.04.2 No subscription required Medium CVE-2021-41089 Ubuntu 18.04 LTS Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5104-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.12 squid - 3.5.27-1ubuntu1.12 squid-cgi - 3.5.27-1ubuntu1.12 squid-purge - 3.5.27-1ubuntu1.12 squidclient - 3.5.27-1ubuntu1.12 squid3 - 3.5.27-1ubuntu1.12 No subscription required Medium CVE-2021-28116 Ubuntu 18.04 LTS It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests. Update Instructions: Run `sudo pro fix USN-5105-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-bottle - 0.12.13-1ubuntu0.1 python-bottle - 0.12.13-1ubuntu0.1 python-bottle-doc - 0.12.13-1ubuntu0.1 No subscription required Medium CVE-2020-28473 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5107-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-szl - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 93.0+build1-0ubuntu0.18.04.1 firefox - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 93.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 93.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 93.0+build1-0ubuntu0.18.04.1 firefox-dev - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 93.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 93.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38499 CVE-2021-38500 CVE-2021-38501 Ubuntu 18.04 LTS It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact. Update Instructions: Run `sudo pro fix USN-5108-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libntlm0 - 1.4-8ubuntu0.1 libntlm0-dev - 1.4-8ubuntu0.1 No subscription required Medium CVE-2019-17455 Ubuntu 18.04 LTS It was discovered that Ardour incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ardour-video-timeline - 1:5.12.0-3ubuntu0.1 ardour - 1:5.12.0-3ubuntu0.1 ardour-data - 1:5.12.0-3ubuntu0.1 No subscription required Medium CVE-2020-22617 Ubuntu 18.04 LTS It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2021-41990) It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-41991) Update Instructions: Run `sudo pro fix USN-5111-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-nm - 5.6.2-1ubuntu2.7 strongswan-scepclient - 5.6.2-1ubuntu2.7 libcharon-extra-plugins - 5.6.2-1ubuntu2.7 libcharon-standard-plugins - 5.6.2-1ubuntu2.7 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.7 strongswan-charon - 5.6.2-1ubuntu2.7 libstrongswan - 5.6.2-1ubuntu2.7 strongswan-swanctl - 5.6.2-1ubuntu2.7 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.7 strongswan-starter - 5.6.2-1ubuntu2.7 charon-systemd - 5.6.2-1ubuntu2.7 strongswan - 5.6.2-1ubuntu2.7 strongswan-tnc-server - 5.6.2-1ubuntu2.7 strongswan-tnc-client - 5.6.2-1ubuntu2.7 strongswan-tnc-base - 5.6.2-1ubuntu2.7 charon-cmd - 5.6.2-1ubuntu2.7 strongswan-libcharon - 5.6.2-1ubuntu2.7 strongswan-pki - 5.6.2-1ubuntu2.7 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.7 strongswan-tnc-pdp - 5.6.2-1ubuntu2.7 No subscription required Medium CVE-2021-41990 CVE-2021-41991 Ubuntu 18.04 LTS It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Update Instructions: Run `sudo pro fix USN-5114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-headers-4.15.0-1029 - 4.15.0-1029.34 linux-buildinfo-4.15.0-1029-dell300x - 4.15.0-1029.34 linux-image-unsigned-4.15.0-1029-dell300x - 4.15.0-1029.34 linux-headers-4.15.0-1029-dell300x - 4.15.0-1029.34 linux-tools-4.15.0-1029-dell300x - 4.15.0-1029.34 linux-dell300x-tools-4.15.0-1029 - 4.15.0-1029.34 linux-modules-4.15.0-1029-dell300x - 4.15.0-1029.34 linux-image-4.15.0-1029-dell300x - 4.15.0-1029.34 No subscription required linux-image-unsigned-4.15.0-1082-oracle - 4.15.0-1082.90 linux-modules-extra-4.15.0-1082-oracle - 4.15.0-1082.90 linux-buildinfo-4.15.0-1082-oracle - 4.15.0-1082.90 linux-tools-4.15.0-1082-oracle - 4.15.0-1082.90 linux-image-4.15.0-1082-oracle - 4.15.0-1082.90 linux-oracle-tools-4.15.0-1082 - 4.15.0-1082.90 linux-oracle-headers-4.15.0-1082 - 4.15.0-1082.90 linux-headers-4.15.0-1082-oracle - 4.15.0-1082.90 linux-modules-4.15.0-1082-oracle - 4.15.0-1082.90 No subscription required linux-raspi2-tools-4.15.0-1097 - 4.15.0-1097.103 linux-headers-4.15.0-1097-raspi2 - 4.15.0-1097.103 linux-image-4.15.0-1097-raspi2 - 4.15.0-1097.103 linux-buildinfo-4.15.0-1097-raspi2 - 4.15.0-1097.103 linux-raspi2-headers-4.15.0-1097 - 4.15.0-1097.103 linux-tools-4.15.0-1097-raspi2 - 4.15.0-1097.103 linux-modules-4.15.0-1097-raspi2 - 4.15.0-1097.103 No subscription required linux-image-4.15.0-1101-kvm - 4.15.0-1101.103 linux-modules-4.15.0-1101-kvm - 4.15.0-1101.103 linux-kvm-tools-4.15.0-1101 - 4.15.0-1101.103 linux-buildinfo-4.15.0-1101-kvm - 4.15.0-1101.103 linux-headers-4.15.0-1101-kvm - 4.15.0-1101.103 linux-kvm-headers-4.15.0-1101 - 4.15.0-1101.103 linux-tools-4.15.0-1101-kvm - 4.15.0-1101.103 No subscription required linux-modules-extra-4.15.0-1110-gcp - 4.15.0-1110.124 linux-tools-4.15.0-1110-gcp - 4.15.0-1110.124 linux-headers-4.15.0-1110-gcp - 4.15.0-1110.124 linux-image-4.15.0-1110-gcp - 4.15.0-1110.124 linux-gcp-4.15-tools-4.15.0-1110 - 4.15.0-1110.124 linux-gcp-4.15-headers-4.15.0-1110 - 4.15.0-1110.124 linux-modules-4.15.0-1110-gcp - 4.15.0-1110.124 linux-buildinfo-4.15.0-1110-gcp - 4.15.0-1110.124 linux-image-unsigned-4.15.0-1110-gcp - 4.15.0-1110.124 No subscription required linux-headers-4.15.0-1114-aws - 4.15.0-1114.121 linux-modules-4.15.0-1114-aws - 4.15.0-1114.121 linux-buildinfo-4.15.0-1114-aws - 4.15.0-1114.121 linux-cloud-tools-4.15.0-1114-aws - 4.15.0-1114.121 linux-aws-tools-4.15.0-1114 - 4.15.0-1114.121 linux-modules-extra-4.15.0-1114-aws - 4.15.0-1114.121 linux-image-4.15.0-1114-aws - 4.15.0-1114.121 linux-aws-headers-4.15.0-1114 - 4.15.0-1114.121 linux-tools-4.15.0-1114-aws - 4.15.0-1114.121 linux-aws-cloud-tools-4.15.0-1114 - 4.15.0-1114.121 No subscription required linux-buildinfo-4.15.0-1114-snapdragon - 4.15.0-1114.123 linux-snapdragon-tools-4.15.0-1114 - 4.15.0-1114.123 linux-tools-4.15.0-1114-snapdragon - 4.15.0-1114.123 linux-modules-4.15.0-1114-snapdragon - 4.15.0-1114.123 linux-snapdragon-headers-4.15.0-1114 - 4.15.0-1114.123 linux-image-4.15.0-1114-snapdragon - 4.15.0-1114.123 linux-headers-4.15.0-1114-snapdragon - 4.15.0-1114.123 No subscription required linux-cloud-tools-4.15.0-1125-azure - 4.15.0-1125.138 linux-image-4.15.0-1125-azure - 4.15.0-1125.138 linux-azure-4.15-headers-4.15.0-1125 - 4.15.0-1125.138 linux-modules-4.15.0-1125-azure - 4.15.0-1125.138 linux-azure-4.15-tools-4.15.0-1125 - 4.15.0-1125.138 linux-tools-4.15.0-1125-azure - 4.15.0-1125.138 linux-buildinfo-4.15.0-1125-azure - 4.15.0-1125.138 linux-azure-4.15-cloud-tools-4.15.0-1125 - 4.15.0-1125.138 linux-headers-4.15.0-1125-azure - 4.15.0-1125.138 linux-image-unsigned-4.15.0-1125-azure - 4.15.0-1125.138 linux-modules-extra-4.15.0-1125-azure - 4.15.0-1125.138 No subscription required linux-tools-common - 4.15.0-161.169 linux-modules-extra-4.15.0-161-generic - 4.15.0-161.169 linux-headers-4.15.0-161-lowlatency - 4.15.0-161.169 linux-tools-host - 4.15.0-161.169 linux-cloud-tools-4.15.0-161-lowlatency - 4.15.0-161.169 linux-doc - 4.15.0-161.169 linux-modules-4.15.0-161-generic - 4.15.0-161.169 linux-buildinfo-4.15.0-161-lowlatency - 4.15.0-161.169 linux-image-4.15.0-161-lowlatency - 4.15.0-161.169 linux-libc-dev - 4.15.0-161.169 linux-modules-4.15.0-161-lowlatency - 4.15.0-161.169 linux-tools-4.15.0-161 - 4.15.0-161.169 linux-modules-4.15.0-161-generic-lpae - 4.15.0-161.169 linux-image-unsigned-4.15.0-161-generic - 4.15.0-161.169 linux-buildinfo-4.15.0-161-generic-lpae - 4.15.0-161.169 linux-image-4.15.0-161-generic-lpae - 4.15.0-161.169 linux-headers-4.15.0-161 - 4.15.0-161.169 linux-image-4.15.0-161-generic - 4.15.0-161.169 linux-tools-4.15.0-161-generic - 4.15.0-161.169 linux-image-unsigned-4.15.0-161-lowlatency - 4.15.0-161.169 linux-buildinfo-4.15.0-161-generic - 4.15.0-161.169 linux-tools-4.15.0-161-lowlatency - 4.15.0-161.169 linux-tools-4.15.0-161-generic-lpae - 4.15.0-161.169 linux-source-4.15.0 - 4.15.0-161.169 linux-cloud-tools-common - 4.15.0-161.169 linux-cloud-tools-4.15.0-161 - 4.15.0-161.169 linux-headers-4.15.0-161-generic-lpae - 4.15.0-161.169 linux-headers-4.15.0-161-generic - 4.15.0-161.169 linux-cloud-tools-4.15.0-161-generic - 4.15.0-161.169 No subscription required linux-tools-dell300x - 4.15.0.1029.31 linux-headers-dell300x - 4.15.0.1029.31 linux-image-dell300x - 4.15.0.1029.31 linux-dell300x - 4.15.0.1029.31 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1082.92 linux-signed-image-oracle-lts-18.04 - 4.15.0.1082.92 linux-oracle-lts-18.04 - 4.15.0.1082.92 linux-signed-oracle-lts-18.04 - 4.15.0.1082.92 linux-headers-oracle-lts-18.04 - 4.15.0.1082.92 linux-tools-oracle-lts-18.04 - 4.15.0.1082.92 No subscription required linux-raspi2 - 4.15.0.1097.95 linux-headers-raspi2 - 4.15.0.1097.95 linux-image-raspi2 - 4.15.0.1097.95 linux-tools-raspi2 - 4.15.0.1097.95 No subscription required linux-kvm - 4.15.0.1101.97 linux-headers-kvm - 4.15.0.1101.97 linux-image-kvm - 4.15.0.1101.97 linux-tools-kvm - 4.15.0.1101.97 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1110.129 linux-gcp-lts-18.04 - 4.15.0.1110.129 linux-tools-gcp-lts-18.04 - 4.15.0.1110.129 linux-image-gcp-lts-18.04 - 4.15.0.1110.129 linux-headers-gcp-lts-18.04 - 4.15.0.1110.129 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1114.117 linux-snapdragon - 4.15.0.1114.117 linux-headers-aws-lts-18.04 - 4.15.0.1114.117 linux-headers-snapdragon - 4.15.0.1114.117 linux-tools-snapdragon - 4.15.0.1114.117 linux-aws-lts-18.04 - 4.15.0.1114.117 linux-modules-extra-aws-lts-18.04 - 4.15.0.1114.117 linux-image-snapdragon - 4.15.0.1114.117 linux-tools-aws-lts-18.04 - 4.15.0.1114.117 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1125.98 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1125.98 linux-tools-azure-lts-18.04 - 4.15.0.1125.98 linux-headers-azure-lts-18.04 - 4.15.0.1125.98 linux-signed-image-azure-lts-18.04 - 4.15.0.1125.98 linux-azure-lts-18.04 - 4.15.0.1125.98 linux-signed-azure-lts-18.04 - 4.15.0.1125.98 linux-image-azure-lts-18.04 - 4.15.0.1125.98 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-cloud-tools-virtual - 4.15.0.161.150 linux-headers-generic-lpae - 4.15.0.161.150 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-image-extra-virtual-hwe-16.04 - 4.15.0.161.150 linux-image-virtual - 4.15.0.161.150 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.161.150 linux-image-generic - 4.15.0.161.150 linux-tools-lowlatency - 4.15.0.161.150 linux-headers-generic-hwe-16.04-edge - 4.15.0.161.150 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.161.150 linux-generic-lpae-hwe-16.04 - 4.15.0.161.150 linux-signed-generic-hwe-16.04-edge - 4.15.0.161.150 linux-tools-generic-hwe-16.04 - 4.15.0.161.150 linux-image-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-generic-lpae-hwe-16.04-edge - 4.15.0.161.150 linux-signed-image-lowlatency - 4.15.0.161.150 linux-signed-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-crashdump - 4.15.0.161.150 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-lowlatency - 4.15.0.161.150 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.161.150 linux-source - 4.15.0.161.150 linux-signed-image-generic - 4.15.0.161.150 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.161.150 linux-tools-generic-lpae - 4.15.0.161.150 linux-cloud-tools-generic - 4.15.0.161.150 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-tools-virtual-hwe-16.04 - 4.15.0.161.150 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.161.150 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.161.150 linux-tools-virtual - 4.15.0.161.150 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-generic-lpae - 4.15.0.161.150 linux-generic - 4.15.0.161.150 linux-virtual - 4.15.0.161.150 linux-tools-generic-hwe-16.04-edge - 4.15.0.161.150 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.161.150 linux-generic-hwe-16.04-edge - 4.15.0.161.150 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-headers-lowlatency - 4.15.0.161.150 linux-headers-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-headers-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-headers-generic-hwe-16.04 - 4.15.0.161.150 linux-generic-hwe-16.04 - 4.15.0.161.150 linux-tools-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-signed-image-generic-hwe-16.04 - 4.15.0.161.150 linux-tools-generic - 4.15.0.161.150 linux-image-extra-virtual - 4.15.0.161.150 linux-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-cloud-tools-lowlatency - 4.15.0.161.150 linux-image-generic-hwe-16.04 - 4.15.0.161.150 linux-image-generic-hwe-16.04-edge - 4.15.0.161.150 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-image-generic-lpae-hwe-16.04 - 4.15.0.161.150 linux-virtual-hwe-16.04-edge - 4.15.0.161.150 linux-tools-lowlatency-hwe-16.04 - 4.15.0.161.150 linux-signed-generic - 4.15.0.161.150 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.161.150 linux-headers-generic - 4.15.0.161.150 linux-headers-virtual-hwe-16.04 - 4.15.0.161.150 linux-virtual-hwe-16.04 - 4.15.0.161.150 linux-image-lowlatency - 4.15.0.161.150 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.161.150 linux-image-virtual-hwe-16.04 - 4.15.0.161.150 linux-headers-virtual - 4.15.0.161.150 linux-signed-generic-hwe-16.04 - 4.15.0.161.150 linux-image-generic-lpae - 4.15.0.161.150 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.161.150 linux-signed-lowlatency - 4.15.0.161.150 No subscription required Medium CVE-2020-3702 CVE-2021-38198 CVE-2021-40490 CVE-2021-42008 Ubuntu 18.04 LTS It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Update Instructions: Run `sudo pro fix USN-5116-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gcp-5.4-headers-5.4.0-1055 - 5.4.0-1055.59~18.04.1 linux-modules-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-image-unsigned-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-tools-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-buildinfo-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-image-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-modules-extra-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-headers-5.4.0-1055-gcp - 5.4.0-1055.59~18.04.1 linux-gcp-5.4-tools-5.4.0-1055 - 5.4.0-1055.59~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-89.100~18.04.1 linux-headers-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-image-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-buildinfo-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-image-5.4.0-89-generic-lpae - 5.4.0-89.100~18.04.1 linux-headers-5.4.0-89-generic-lpae - 5.4.0-89.100~18.04.1 linux-image-unsigned-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-modules-extra-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-cloud-tools-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-tools-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-buildinfo-5.4.0-89-generic-lpae - 5.4.0-89.100~18.04.1 linux-hwe-5.4-tools-5.4.0-89 - 5.4.0-89.100~18.04.1 linux-headers-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-89 - 5.4.0-89.100~18.04.1 linux-buildinfo-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-89.100~18.04.1 linux-image-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-modules-5.4.0-89-generic - 5.4.0-89.100~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-89.100~18.04.1 linux-image-unsigned-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-cloud-tools-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-modules-5.4.0-89-generic-lpae - 5.4.0-89.100~18.04.1 linux-tools-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 linux-hwe-5.4-headers-5.4.0-89 - 5.4.0-89.100~18.04.1 linux-tools-5.4.0-89-generic-lpae - 5.4.0-89.100~18.04.1 linux-modules-5.4.0-89-lowlatency - 5.4.0-89.100~18.04.1 No subscription required linux-image-gcp-edge - 5.4.0.1055.41 linux-tools-gcp-edge - 5.4.0.1055.41 linux-headers-gcp-edge - 5.4.0.1055.41 linux-modules-extra-gcp - 5.4.0.1055.41 linux-modules-extra-gcp-edge - 5.4.0.1055.41 linux-tools-gcp - 5.4.0.1055.41 linux-gcp - 5.4.0.1055.41 linux-headers-gcp - 5.4.0.1055.41 linux-image-gcp - 5.4.0.1055.41 linux-gcp-edge - 5.4.0.1055.41 No subscription required linux-headers-snapdragon-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-generic-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-generic-lpae-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-snapdragon-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-oem - 5.4.0.89.100~18.04.79 linux-tools-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-generic-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-lowlatency-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-lowlatency-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-extra-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-image-oem-osp1 - 5.4.0.89.100~18.04.79 linux-snapdragon-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-generic-lpae-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-tools-lowlatency-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-headers-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-snapdragon-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-oem - 5.4.0.89.100~18.04.79 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-oem - 5.4.0.89.100~18.04.79 linux-tools-oem-osp1 - 5.4.0.89.100~18.04.79 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-generic-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-generic-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-generic-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-oem - 5.4.0.89.100~18.04.79 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-snapdragon-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-oem-osp1 - 5.4.0.89.100~18.04.79 linux-generic-lpae-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-tools-generic-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-generic-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-oem-osp1 - 5.4.0.89.100~18.04.79 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-image-lowlatency-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-lowlatency-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.89.100~18.04.79 linux-generic-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.89.100~18.04.79 linux-image-virtual-hwe-18.04-edge - 5.4.0.89.100~18.04.79 No subscription required Medium CVE-2020-3702 CVE-2021-3732 CVE-2021-38198 CVE-2021-38205 CVE-2021-40490 CVE-2021-42008 Ubuntu 18.04 LTS It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490) It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008) Update Instructions: Run `sudo pro fix USN-5116-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gkeop-5.4-tools-5.4.0-1025 - 5.4.0-1025.26~18.04.1 linux-tools-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1025.26~18.04.1 linux-modules-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-buildinfo-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-image-unsigned-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-modules-extra-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-cloud-tools-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-headers-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-image-5.4.0-1025-gkeop - 5.4.0-1025.26~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1025 - 5.4.0-1025.26~18.04.1 linux-gkeop-5.4-headers-5.4.0-1025 - 5.4.0-1025.26~18.04.1 No subscription required linux-raspi-5.4-headers-5.4.0-1045 - 5.4.0-1045.49~18.04.1 linux-buildinfo-5.4.0-1045-raspi - 5.4.0-1045.49~18.04.1 linux-modules-5.4.0-1045-raspi - 5.4.0-1045.49~18.04.1 linux-tools-5.4.0-1045-raspi - 5.4.0-1045.49~18.04.1 linux-raspi-5.4-tools-5.4.0-1045 - 5.4.0-1045.49~18.04.1 linux-headers-5.4.0-1045-raspi - 5.4.0-1045.49~18.04.1 linux-image-5.4.0-1045-raspi - 5.4.0-1045.49~18.04.1 No subscription required linux-gke-5.4-tools-5.4.0-1054 - 5.4.0-1054.57~18.04.1 linux-modules-extra-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-image-unsigned-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-gke-5.4-headers-5.4.0-1054 - 5.4.0-1054.57~18.04.1 linux-modules-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-buildinfo-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-image-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-headers-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 linux-tools-5.4.0-1054-gke - 5.4.0-1054.57~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1056 - 5.4.0-1056.60~18.04.1 linux-headers-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-oracle-5.4-tools-5.4.0-1056 - 5.4.0-1056.60~18.04.1 linux-buildinfo-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-tools-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-image-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-buildinfo-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-image-unsigned-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-modules-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-modules-extra-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-image-unsigned-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-tools-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-headers-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-image-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-modules-5.4.0-1056-oracle - 5.4.0-1056.60~18.04.1 linux-gcp-5.4-tools-5.4.0-1056 - 5.4.0-1056.60~18.04.1 linux-modules-extra-5.4.0-1056-gcp - 5.4.0-1056.60~18.04.1 linux-oracle-5.4-headers-5.4.0-1056 - 5.4.0-1056.60~18.04.1 No subscription required linux-image-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-cloud-tools-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-headers-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-aws-5.4-headers-5.4.0-1058 - 5.4.0-1058.61~18.04.3 linux-buildinfo-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-modules-extra-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-aws-5.4-cloud-tools-5.4.0-1058 - 5.4.0-1058.61~18.04.3 linux-tools-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 linux-aws-5.4-tools-5.4.0-1058 - 5.4.0-1058.61~18.04.3 linux-modules-5.4.0-1058-aws - 5.4.0-1058.61~18.04.3 No subscription required linux-modules-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-tools-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-image-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1062 - 5.4.0-1062.65~18.04.1 linux-azure-5.4-headers-5.4.0-1062 - 5.4.0-1062.65~18.04.1 linux-headers-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-buildinfo-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-azure-5.4-tools-5.4.0-1062 - 5.4.0-1062.65~18.04.1 linux-cloud-tools-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-modules-extra-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 linux-image-unsigned-5.4.0-1062-azure - 5.4.0-1062.65~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1025.26~18.04.26 linux-modules-extra-gkeop-5.4 - 5.4.0.1025.26~18.04.26 linux-image-gkeop-5.4 - 5.4.0.1025.26~18.04.26 linux-headers-gkeop-5.4 - 5.4.0.1025.26~18.04.26 linux-tools-gkeop-5.4 - 5.4.0.1025.26~18.04.26 linux-gkeop-5.4 - 5.4.0.1025.26~18.04.26 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1045.48 linux-headers-raspi-hwe-18.04 - 5.4.0.1045.48 linux-image-raspi-hwe-18.04-edge - 5.4.0.1045.48 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1045.48 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1045.48 linux-raspi-hwe-18.04 - 5.4.0.1045.48 linux-tools-raspi-hwe-18.04 - 5.4.0.1045.48 linux-raspi-hwe-18.04-edge - 5.4.0.1045.48 No subscription required linux-tools-gke-5.4 - 5.4.0.1054.57~18.04.19 linux-modules-extra-gke-5.4 - 5.4.0.1054.57~18.04.19 linux-gke-5.4 - 5.4.0.1054.57~18.04.19 linux-headers-gke-5.4 - 5.4.0.1054.57~18.04.19 linux-image-gke-5.4 - 5.4.0.1054.57~18.04.19 No subscription required linux-image-gcp-edge - 5.4.0.1056.42 linux-tools-gcp-edge - 5.4.0.1056.42 linux-headers-gcp-edge - 5.4.0.1056.42 linux-tools-gcp - 5.4.0.1056.42 linux-modules-extra-gcp-edge - 5.4.0.1056.42 linux-gcp - 5.4.0.1056.42 linux-headers-gcp - 5.4.0.1056.42 linux-image-gcp - 5.4.0.1056.42 linux-modules-extra-gcp - 5.4.0.1056.42 linux-gcp-edge - 5.4.0.1056.42 No subscription required linux-headers-oracle - 5.4.0.1056.60~18.04.36 linux-tools-oracle - 5.4.0.1056.60~18.04.36 linux-signed-image-oracle - 5.4.0.1056.60~18.04.36 linux-signed-oracle - 5.4.0.1056.60~18.04.36 linux-tools-oracle-edge - 5.4.0.1056.60~18.04.36 linux-oracle-edge - 5.4.0.1056.60~18.04.36 linux-modules-extra-oracle-edge - 5.4.0.1056.60~18.04.36 linux-image-oracle-edge - 5.4.0.1056.60~18.04.36 linux-modules-extra-oracle - 5.4.0.1056.60~18.04.36 linux-signed-oracle-edge - 5.4.0.1056.60~18.04.36 linux-signed-image-oracle-edge - 5.4.0.1056.60~18.04.36 linux-headers-oracle-edge - 5.4.0.1056.60~18.04.36 linux-image-oracle - 5.4.0.1056.60~18.04.36 linux-oracle - 5.4.0.1056.60~18.04.36 No subscription required linux-headers-aws - 5.4.0.1058.41 linux-image-aws - 5.4.0.1058.41 linux-image-aws-edge - 5.4.0.1058.41 linux-aws-edge - 5.4.0.1058.41 linux-aws - 5.4.0.1058.41 linux-modules-extra-aws-edge - 5.4.0.1058.41 linux-headers-aws-edge - 5.4.0.1058.41 linux-modules-extra-aws - 5.4.0.1058.41 linux-tools-aws - 5.4.0.1058.41 linux-tools-aws-edge - 5.4.0.1058.41 No subscription required linux-signed-azure - 5.4.0.1062.42 linux-tools-azure-edge - 5.4.0.1062.42 linux-cloud-tools-azure - 5.4.0.1062.42 linux-tools-azure - 5.4.0.1062.42 linux-image-azure-edge - 5.4.0.1062.42 linux-cloud-tools-azure-edge - 5.4.0.1062.42 linux-modules-extra-azure - 5.4.0.1062.42 linux-azure - 5.4.0.1062.42 linux-signed-image-azure-edge - 5.4.0.1062.42 linux-image-azure - 5.4.0.1062.42 linux-signed-image-azure - 5.4.0.1062.42 linux-headers-azure-edge - 5.4.0.1062.42 linux-azure-edge - 5.4.0.1062.42 linux-modules-extra-azure-edge - 5.4.0.1062.42 linux-signed-azure-edge - 5.4.0.1062.42 linux-headers-azure - 5.4.0.1062.42 No subscription required Medium CVE-2020-3702 CVE-2021-3732 CVE-2021-38198 CVE-2021-38205 CVE-2021-40490 CVE-2021-42008 Ubuntu 18.04 LTS It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash. (CVE-2021-30498, CVE-2021-30499) Update Instructions: Run `sudo pro fix USN-5119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: caca-utils - 0.99.beta19-2ubuntu0.18.04.3 libcaca-dev - 0.99.beta19-2ubuntu0.18.04.3 libcaca0 - 0.99.beta19-2ubuntu0.18.04.3 No subscription required Medium CVE-2021-30498 CVE-2021-30499 Ubuntu 18.04 LTS Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery (CSRF) tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. (CVE-2021-42097) Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery (CSRF) tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. (CVE-2021-42096) Update Instructions: Run `sudo pro fix USN-5121-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.4 No subscription required High CVE-2021-42096 CVE-2021-42097 Ubuntu 18.04 LTS It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. Update Instructions: Run `sudo pro fix USN-5122-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.27 python3-problem-report - 2.20.9-0ubuntu7.27 apport-kde - 2.20.9-0ubuntu7.27 apport-retrace - 2.20.9-0ubuntu7.27 apport-valgrind - 2.20.9-0ubuntu7.27 python3-apport - 2.20.9-0ubuntu7.27 dh-apport - 2.20.9-0ubuntu7.27 apport-gtk - 2.20.9-0ubuntu7.27 apport - 2.20.9-0ubuntu7.27 python-problem-report - 2.20.9-0ubuntu7.27 apport-noui - 2.20.9-0ubuntu7.27 No subscription required None https://launchpad.net/bugs/1948657 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html https://www.oracle.com/security-alerts/cpuoct2021.html Update Instructions: Run `sudo pro fix USN-5123-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.36-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.36-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.36-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.36-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.36-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.36-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.36-0ubuntu0.18.04.1 mysql-server - 5.7.36-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.36-0ubuntu0.18.04.1 mysql-testsuite - 5.7.36-0ubuntu0.18.04.1 libmysqld-dev - 5.7.36-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.36-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-2478 CVE-2021-2479 CVE-2021-2481 CVE-2021-35546 CVE-2021-35575 CVE-2021-35577 CVE-2021-35584 CVE-2021-35591 CVE-2021-35596 CVE-2021-35597 CVE-2021-35602 CVE-2021-35604 CVE-2021-35607 CVE-2021-35608 CVE-2021-35610 CVE-2021-35612 CVE-2021-35613 CVE-2021-35622 CVE-2021-35623 CVE-2021-35624 CVE-2021-35625 CVE-2021-35626 CVE-2021-35627 CVE-2021-35628 CVE-2021-35630 CVE-2021-35631 CVE-2021-35632 CVE-2021-35633 CVE-2021-35634 CVE-2021-35635 CVE-2021-35636 CVE-2021-35637 CVE-2021-35638 CVE-2021-35639 CVE-2021-35640 CVE-2021-35641 CVE-2021-35642 CVE-2021-35643 CVE-2021-35644 CVE-2021-35645 CVE-2021-35646 CVE-2021-35647 CVE-2021-35648 Ubuntu 18.04 LTS It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-16592) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) Update Instructions: Run `sudo pro fix USN-5124-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.30-21ubuntu1~18.04.7 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.7 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-multiarch - 2.30-21ubuntu1~18.04.7 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.7 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.7 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-for-build - 2.30-21ubuntu1~18.04.7 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.7 binutils-for-host - 2.30-21ubuntu1~18.04.7 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-i686-gnu - 2.30-21ubuntu1~18.04.7 binutils-doc - 2.30-21ubuntu1~18.04.7 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.7 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.7 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-source - 2.30-21ubuntu1~18.04.7 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-common - 2.30-21ubuntu1~18.04.7 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.7 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.7 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.7 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.7 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.7 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.7 libbinutils - 2.30-21ubuntu1~18.04.7 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.7 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.7 binutils - 2.30-21ubuntu1~18.04.7 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.7 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.7 No subscription required Low CVE-2020-16592 Ubuntu 18.04 LTS It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.10 php7.2-enchant - 7.2.24-0ubuntu0.18.04.10 php7.2-ldap - 7.2.24-0ubuntu0.18.04.10 php7.2-fpm - 7.2.24-0ubuntu0.18.04.10 php7.2-recode - 7.2.24-0ubuntu0.18.04.10 php7.2-cli - 7.2.24-0ubuntu0.18.04.10 php7.2-json - 7.2.24-0ubuntu0.18.04.10 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.10 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.10 php7.2 - 7.2.24-0ubuntu0.18.04.10 php7.2-pspell - 7.2.24-0ubuntu0.18.04.10 php7.2-dev - 7.2.24-0ubuntu0.18.04.10 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.10 php7.2-gmp - 7.2.24-0ubuntu0.18.04.10 php7.2-opcache - 7.2.24-0ubuntu0.18.04.10 php7.2-gd - 7.2.24-0ubuntu0.18.04.10 php7.2-soap - 7.2.24-0ubuntu0.18.04.10 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.10 php7.2-intl - 7.2.24-0ubuntu0.18.04.10 php7.2-cgi - 7.2.24-0ubuntu0.18.04.10 php7.2-odbc - 7.2.24-0ubuntu0.18.04.10 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.10 php7.2-tidy - 7.2.24-0ubuntu0.18.04.10 php7.2-imap - 7.2.24-0ubuntu0.18.04.10 php7.2-readline - 7.2.24-0ubuntu0.18.04.10 php7.2-mysql - 7.2.24-0ubuntu0.18.04.10 php7.2-dba - 7.2.24-0ubuntu0.18.04.10 php7.2-xml - 7.2.24-0ubuntu0.18.04.10 php7.2-interbase - 7.2.24-0ubuntu0.18.04.10 php7.2-xsl - 7.2.24-0ubuntu0.18.04.10 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.10 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.10 php7.2-sybase - 7.2.24-0ubuntu0.18.04.10 php7.2-curl - 7.2.24-0ubuntu0.18.04.10 php7.2-common - 7.2.24-0ubuntu0.18.04.10 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.10 php7.2-snmp - 7.2.24-0ubuntu0.18.04.10 php7.2-zip - 7.2.24-0ubuntu0.18.04.10 No subscription required High CVE-2021-21703 Ubuntu 18.04 LTS Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5126-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.11.3+dfsg-1ubuntu1.16 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.16 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.16 bind9utils - 1:9.11.3+dfsg-1ubuntu1.16 bind9-host - 1:9.11.3+dfsg-1ubuntu1.16 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.16 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.16 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.16 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.16 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.16 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.16 libirs160 - 1:9.11.3+dfsg-1ubuntu1.16 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.16 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.16 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.16 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.16 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.16 bind9 - 1:9.11.3+dfsg-1ubuntu1.16 libisc169 - 1:9.11.3+dfsg-1ubuntu1.16 No subscription required Medium CVE-2021-25219 Ubuntu 18.04 LTS Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-27781) It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. This issue only affected Ubuntu 21.04. (CVE-2021-20288) Sergey Bobrov discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. This issue only affected Ubuntu 21.04. (CVE-2021-3509) Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could use this to violate system integrity. (CVE-2021-3524) It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service. (CVE-2021-3531) Update Instructions: Run `sudo pro fix USN-5128-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rbd - 12.2.13-0ubuntu0.18.04.10 python3-rbd - 12.2.13-0ubuntu0.18.04.10 python-rados - 12.2.13-0ubuntu0.18.04.10 ceph-mgr - 12.2.13-0ubuntu0.18.04.10 ceph - 12.2.13-0ubuntu0.18.04.10 ceph-test - 12.2.13-0ubuntu0.18.04.10 rbd-mirror - 12.2.13-0ubuntu0.18.04.10 rbd-nbd - 12.2.13-0ubuntu0.18.04.10 librbd-dev - 12.2.13-0ubuntu0.18.04.10 libradosstriper1 - 12.2.13-0ubuntu0.18.04.10 rbd-fuse - 12.2.13-0ubuntu0.18.04.10 librados-dev - 12.2.13-0ubuntu0.18.04.10 libcephfs-jni - 12.2.13-0ubuntu0.18.04.10 radosgw - 12.2.13-0ubuntu0.18.04.10 librados2 - 12.2.13-0ubuntu0.18.04.10 ceph-mon - 12.2.13-0ubuntu0.18.04.10 libcephfs2 - 12.2.13-0ubuntu0.18.04.10 librgw2 - 12.2.13-0ubuntu0.18.04.10 ceph-mds - 12.2.13-0ubuntu0.18.04.10 libradosstriper-dev - 12.2.13-0ubuntu0.18.04.10 librbd1 - 12.2.13-0ubuntu0.18.04.10 python3-rgw - 12.2.13-0ubuntu0.18.04.10 python-rgw - 12.2.13-0ubuntu0.18.04.10 python-ceph - 12.2.13-0ubuntu0.18.04.10 libcephfs-dev - 12.2.13-0ubuntu0.18.04.10 rados-objclass-dev - 12.2.13-0ubuntu0.18.04.10 ceph-osd - 12.2.13-0ubuntu0.18.04.10 python3-ceph-argparse - 12.2.13-0ubuntu0.18.04.10 librgw-dev - 12.2.13-0ubuntu0.18.04.10 python3-rados - 12.2.13-0ubuntu0.18.04.10 ceph-base - 12.2.13-0ubuntu0.18.04.10 python-cephfs - 12.2.13-0ubuntu0.18.04.10 python3-cephfs - 12.2.13-0ubuntu0.18.04.10 ceph-fuse - 12.2.13-0ubuntu0.18.04.10 ceph-common - 12.2.13-0ubuntu0.18.04.10 libcephfs-java - 12.2.13-0ubuntu0.18.04.10 ceph-resource-agents - 12.2.13-0ubuntu0.18.04.10 No subscription required Medium CVE-2020-27781 CVE-2021-3524 CVE-2021-3531 CVE-2021-20288 CVE-2021-3509 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the browser UI, confuse the user, conduct phishing attacks, or execute arbitrary code. (CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509) It was discovered that the 'Copy Image Link' context menu action would copy the final image URL after redirects. If a user were tricked into copying and pasting a link for an embedded image that triggered authentication flows back to the page, an attacker could potentially exploit this to steal authentication tokens. Update Instructions: Run `sudo pro fix USN-5131-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-szl - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 94.0+build3-0ubuntu0.18.04.1 firefox - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 94.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 94.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 94.0+build3-0ubuntu0.18.04.1 firefox-dev - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 94.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 94.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 Ubuntu 18.04 LTS It was discovered that ICU contains a use after free issue. An attacker could use this issue to cause a denial of service with crafted input. Update Instructions: Run `sudo pro fix USN-5133-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: icu-devtools - 60.2-3ubuntu3.2 libiculx60 - 60.2-3ubuntu3.2 libicu60 - 60.2-3ubuntu3.2 libicu-dev - 60.2-3ubuntu3.2 icu-doc - 60.2-3ubuntu3.2 No subscription required Low CVE-2020-21913 Ubuntu 18.04 LTS An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry. Update Instructions: Run `sudo pro fix USN-5134-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-docker-docker-dev - 20.10.7-0ubuntu5~18.04.3 docker.io - 20.10.7-0ubuntu5~18.04.3 golang-docker-dev - 20.10.7-0ubuntu5~18.04.3 vim-syntax-docker - 20.10.7-0ubuntu5~18.04.3 docker-doc - 20.10.7-0ubuntu5~18.04.3 No subscription required Medium CVE-2021-41092 Ubuntu 18.04 LTS It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-3655) It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759) Michael Wakabayashi discovered that the NFSv4 client implementation in the Linux kernel did not properly order connection setup operations. An attacker controlling a remote NFS server could use this to cause a denial of service on the client. (CVE-2021-38199) It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller implementation in the Linux kernel did not properly perform boundary checks in some situations, allowing out-of-bounds write access. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. In Ubuntu, this issue only affected systems running armhf kernels. (CVE-2021-42252) Update Instructions: Run `sudo pro fix USN-5136-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1030 - 4.15.0-1030.35 linux-image-4.15.0-1030-dell300x - 4.15.0-1030.35 linux-buildinfo-4.15.0-1030-dell300x - 4.15.0-1030.35 linux-dell300x-headers-4.15.0-1030 - 4.15.0-1030.35 linux-image-unsigned-4.15.0-1030-dell300x - 4.15.0-1030.35 linux-headers-4.15.0-1030-dell300x - 4.15.0-1030.35 linux-tools-4.15.0-1030-dell300x - 4.15.0-1030.35 linux-modules-4.15.0-1030-dell300x - 4.15.0-1030.35 No subscription required linux-image-unsigned-4.15.0-1083-oracle - 4.15.0-1083.91 linux-headers-4.15.0-1083-oracle - 4.15.0-1083.91 linux-buildinfo-4.15.0-1083-oracle - 4.15.0-1083.91 linux-image-4.15.0-1083-oracle - 4.15.0-1083.91 linux-tools-4.15.0-1083-oracle - 4.15.0-1083.91 linux-modules-4.15.0-1083-oracle - 4.15.0-1083.91 linux-modules-extra-4.15.0-1083-oracle - 4.15.0-1083.91 linux-oracle-tools-4.15.0-1083 - 4.15.0-1083.91 linux-oracle-headers-4.15.0-1083 - 4.15.0-1083.91 No subscription required linux-headers-4.15.0-1098-raspi2 - 4.15.0-1098.104 linux-raspi2-tools-4.15.0-1098 - 4.15.0-1098.104 linux-tools-4.15.0-1098-raspi2 - 4.15.0-1098.104 linux-modules-4.15.0-1098-raspi2 - 4.15.0-1098.104 linux-buildinfo-4.15.0-1098-raspi2 - 4.15.0-1098.104 linux-image-4.15.0-1098-raspi2 - 4.15.0-1098.104 linux-raspi2-headers-4.15.0-1098 - 4.15.0-1098.104 No subscription required linux-buildinfo-4.15.0-1102-kvm - 4.15.0-1102.104 linux-headers-4.15.0-1102-kvm - 4.15.0-1102.104 linux-image-4.15.0-1102-kvm - 4.15.0-1102.104 linux-modules-4.15.0-1102-kvm - 4.15.0-1102.104 linux-kvm-tools-4.15.0-1102 - 4.15.0-1102.104 linux-tools-4.15.0-1102-kvm - 4.15.0-1102.104 linux-kvm-headers-4.15.0-1102 - 4.15.0-1102.104 No subscription required linux-tools-4.15.0-1111-gcp - 4.15.0-1111.125 linux-gcp-4.15-tools-4.15.0-1111 - 4.15.0-1111.125 linux-image-4.15.0-1111-gcp - 4.15.0-1111.125 linux-image-unsigned-4.15.0-1111-gcp - 4.15.0-1111.125 linux-gcp-4.15-headers-4.15.0-1111 - 4.15.0-1111.125 linux-modules-4.15.0-1111-gcp - 4.15.0-1111.125 linux-buildinfo-4.15.0-1111-gcp - 4.15.0-1111.125 linux-modules-extra-4.15.0-1111-gcp - 4.15.0-1111.125 linux-headers-4.15.0-1111-gcp - 4.15.0-1111.125 No subscription required linux-buildinfo-4.15.0-1115-aws - 4.15.0-1115.122 linux-tools-4.15.0-1115-aws - 4.15.0-1115.122 linux-headers-4.15.0-1115-aws - 4.15.0-1115.122 linux-image-4.15.0-1115-aws - 4.15.0-1115.122 linux-aws-tools-4.15.0-1115 - 4.15.0-1115.122 linux-cloud-tools-4.15.0-1115-aws - 4.15.0-1115.122 linux-modules-extra-4.15.0-1115-aws - 4.15.0-1115.122 linux-modules-4.15.0-1115-aws - 4.15.0-1115.122 linux-aws-headers-4.15.0-1115 - 4.15.0-1115.122 linux-aws-cloud-tools-4.15.0-1115 - 4.15.0-1115.122 No subscription required linux-modules-4.15.0-1115-snapdragon - 4.15.0-1115.124 linux-snapdragon-tools-4.15.0-1115 - 4.15.0-1115.124 linux-tools-4.15.0-1115-snapdragon - 4.15.0-1115.124 linux-headers-4.15.0-1115-snapdragon - 4.15.0-1115.124 linux-image-4.15.0-1115-snapdragon - 4.15.0-1115.124 linux-snapdragon-headers-4.15.0-1115 - 4.15.0-1115.124 linux-buildinfo-4.15.0-1115-snapdragon - 4.15.0-1115.124 No subscription required linux-buildinfo-4.15.0-1126-azure - 4.15.0-1126.139 linux-azure-4.15-cloud-tools-4.15.0-1126 - 4.15.0-1126.139 linux-modules-4.15.0-1126-azure - 4.15.0-1126.139 linux-image-unsigned-4.15.0-1126-azure - 4.15.0-1126.139 linux-azure-4.15-headers-4.15.0-1126 - 4.15.0-1126.139 linux-azure-4.15-tools-4.15.0-1126 - 4.15.0-1126.139 linux-headers-4.15.0-1126-azure - 4.15.0-1126.139 linux-tools-4.15.0-1126-azure - 4.15.0-1126.139 linux-modules-extra-4.15.0-1126-azure - 4.15.0-1126.139 linux-image-4.15.0-1126-azure - 4.15.0-1126.139 linux-cloud-tools-4.15.0-1126-azure - 4.15.0-1126.139 No subscription required linux-tools-common - 4.15.0-162.170 linux-modules-4.15.0-162-lowlatency - 4.15.0-162.170 linux-image-unsigned-4.15.0-162-generic - 4.15.0-162.170 linux-doc - 4.15.0-162.170 linux-tools-4.15.0-162-lowlatency - 4.15.0-162.170 linux-image-4.15.0-162-generic-lpae - 4.15.0-162.170 linux-tools-4.15.0-162-generic-lpae - 4.15.0-162.170 linux-libc-dev - 4.15.0-162.170 linux-headers-4.15.0-162-lowlatency - 4.15.0-162.170 linux-headers-4.15.0-162 - 4.15.0-162.170 linux-modules-4.15.0-162-generic - 4.15.0-162.170 linux-tools-host - 4.15.0-162.170 linux-image-unsigned-4.15.0-162-lowlatency - 4.15.0-162.170 linux-image-4.15.0-162-generic - 4.15.0-162.170 linux-cloud-tools-4.15.0-162-generic - 4.15.0-162.170 linux-tools-4.15.0-162 - 4.15.0-162.170 linux-buildinfo-4.15.0-162-generic - 4.15.0-162.170 linux-headers-4.15.0-162-generic - 4.15.0-162.170 linux-cloud-tools-common - 4.15.0-162.170 linux-cloud-tools-4.15.0-162-lowlatency - 4.15.0-162.170 linux-tools-4.15.0-162-generic - 4.15.0-162.170 linux-cloud-tools-4.15.0-162 - 4.15.0-162.170 linux-buildinfo-4.15.0-162-generic-lpae - 4.15.0-162.170 linux-buildinfo-4.15.0-162-lowlatency - 4.15.0-162.170 linux-modules-4.15.0-162-generic-lpae - 4.15.0-162.170 linux-headers-4.15.0-162-generic-lpae - 4.15.0-162.170 linux-source-4.15.0 - 4.15.0-162.170 linux-image-4.15.0-162-lowlatency - 4.15.0-162.170 linux-modules-extra-4.15.0-162-generic - 4.15.0-162.170 No subscription required linux-tools-dell300x - 4.15.0.1030.32 linux-headers-dell300x - 4.15.0.1030.32 linux-image-dell300x - 4.15.0.1030.32 linux-dell300x - 4.15.0.1030.32 No subscription required linux-oracle-lts-18.04 - 4.15.0.1083.93 linux-image-oracle-lts-18.04 - 4.15.0.1083.93 linux-signed-image-oracle-lts-18.04 - 4.15.0.1083.93 linux-signed-oracle-lts-18.04 - 4.15.0.1083.93 linux-headers-oracle-lts-18.04 - 4.15.0.1083.93 linux-tools-oracle-lts-18.04 - 4.15.0.1083.93 No subscription required linux-raspi2 - 4.15.0.1098.96 linux-headers-raspi2 - 4.15.0.1098.96 linux-image-raspi2 - 4.15.0.1098.96 linux-tools-raspi2 - 4.15.0.1098.96 No subscription required linux-tools-kvm - 4.15.0.1102.98 linux-kvm - 4.15.0.1102.98 linux-headers-kvm - 4.15.0.1102.98 linux-image-kvm - 4.15.0.1102.98 No subscription required linux-gcp-lts-18.04 - 4.15.0.1111.130 linux-tools-gcp-lts-18.04 - 4.15.0.1111.130 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1111.130 linux-image-gcp-lts-18.04 - 4.15.0.1111.130 linux-headers-gcp-lts-18.04 - 4.15.0.1111.130 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1115.118 linux-snapdragon - 4.15.0.1115.118 linux-headers-aws-lts-18.04 - 4.15.0.1115.118 linux-headers-snapdragon - 4.15.0.1115.118 linux-tools-snapdragon - 4.15.0.1115.118 linux-aws-lts-18.04 - 4.15.0.1115.118 linux-modules-extra-aws-lts-18.04 - 4.15.0.1115.118 linux-image-snapdragon - 4.15.0.1115.118 linux-tools-aws-lts-18.04 - 4.15.0.1115.118 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1126.99 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1126.99 linux-tools-azure-lts-18.04 - 4.15.0.1126.99 linux-headers-azure-lts-18.04 - 4.15.0.1126.99 linux-signed-image-azure-lts-18.04 - 4.15.0.1126.99 linux-azure-lts-18.04 - 4.15.0.1126.99 linux-signed-azure-lts-18.04 - 4.15.0.1126.99 linux-image-azure-lts-18.04 - 4.15.0.1126.99 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-signed-generic-hwe-16.04-edge - 4.15.0.162.151 linux-headers-generic-lpae - 4.15.0.162.151 linux-image-extra-virtual-hwe-16.04 - 4.15.0.162.151 linux-image-virtual - 4.15.0.162.151 linux-image-generic - 4.15.0.162.151 linux-tools-lowlatency - 4.15.0.162.151 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-headers-generic-hwe-16.04-edge - 4.15.0.162.151 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.162.151 linux-generic-lpae-hwe-16.04 - 4.15.0.162.151 linux-cloud-tools-virtual - 4.15.0.162.151 linux-tools-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-image-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-generic-lpae-hwe-16.04-edge - 4.15.0.162.151 linux-signed-image-lowlatency - 4.15.0.162.151 linux-signed-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-crashdump - 4.15.0.162.151 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.162.151 linux-signed-image-generic - 4.15.0.162.151 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-lowlatency - 4.15.0.162.151 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.162.151 linux-source - 4.15.0.162.151 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.162.151 linux-tools-generic-lpae - 4.15.0.162.151 linux-cloud-tools-generic - 4.15.0.162.151 linux-signed-lowlatency - 4.15.0.162.151 linux-generic-hwe-16.04-edge - 4.15.0.162.151 linux-headers-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-tools-virtual-hwe-16.04 - 4.15.0.162.151 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.162.151 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.162.151 linux-tools-virtual - 4.15.0.162.151 linux-image-generic-lpae - 4.15.0.162.151 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-generic-lpae - 4.15.0.162.151 linux-generic - 4.15.0.162.151 linux-virtual - 4.15.0.162.151 linux-signed-image-generic-hwe-16.04 - 4.15.0.162.151 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.162.151 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-headers-lowlatency - 4.15.0.162.151 linux-headers-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-image-generic-lpae-hwe-16.04 - 4.15.0.162.151 linux-generic-hwe-16.04 - 4.15.0.162.151 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.162.151 linux-tools-generic - 4.15.0.162.151 linux-virtual-hwe-16.04 - 4.15.0.162.151 linux-image-extra-virtual - 4.15.0.162.151 linux-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-cloud-tools-lowlatency - 4.15.0.162.151 linux-image-generic-hwe-16.04-edge - 4.15.0.162.151 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-virtual-hwe-16.04-edge - 4.15.0.162.151 linux-tools-lowlatency-hwe-16.04 - 4.15.0.162.151 linux-signed-generic - 4.15.0.162.151 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.162.151 linux-headers-generic - 4.15.0.162.151 linux-headers-virtual-hwe-16.04 - 4.15.0.162.151 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.162.151 linux-image-virtual-hwe-16.04 - 4.15.0.162.151 linux-headers-generic-hwe-16.04 - 4.15.0.162.151 linux-headers-virtual - 4.15.0.162.151 linux-signed-generic-hwe-16.04 - 4.15.0.162.151 linux-tools-generic-hwe-16.04 - 4.15.0.162.151 linux-tools-generic-hwe-16.04-edge - 4.15.0.162.151 linux-image-generic-hwe-16.04 - 4.15.0.162.151 linux-image-lowlatency - 4.15.0.162.151 No subscription required Medium CVE-2019-19449 CVE-2020-36322 CVE-2020-36385 CVE-2021-3655 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38199 CVE-2021-42252 Ubuntu 18.04 LTS It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-34556) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side-channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-35477) It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. (CVE-2021-3739) It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759) It was discovered that the Aspeed Low Pin Count (LPC) Bus Controller implementation in the Linux kernel did not properly perform boundary checks in some situations, allowing out-of-bounds write access. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. In Ubuntu, this issue only affected systems running armhf kernels. (CVE-2021-42252) Update Instructions: Run `sudo pro fix USN-5137-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-gkeop-5.4-tools-5.4.0-1026 - 5.4.0-1026.27~18.04.1 linux-headers-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-tools-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1026.27~18.04.1 linux-modules-extra-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-modules-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-image-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-buildinfo-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-cloud-tools-5.4.0-1026-gkeop - 5.4.0-1026.27~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1026 - 5.4.0-1026.27~18.04.1 linux-gkeop-5.4-headers-5.4.0-1026 - 5.4.0-1026.27~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1057 - 5.4.0-1057.61~18.04.1 linux-modules-extra-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-headers-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-buildinfo-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-image-unsigned-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-modules-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-image-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 linux-gcp-5.4-tools-5.4.0-1057 - 5.4.0-1057.61~18.04.1 linux-tools-5.4.0-1057-gcp - 5.4.0-1057.61~18.04.1 No subscription required linux-cloud-tools-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-modules-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-aws-5.4-headers-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-tools-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-image-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-modules-extra-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-buildinfo-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-headers-5.4.0-1059-aws - 5.4.0-1059.62~18.04.1 linux-aws-5.4-tools-5.4.0-1059 - 5.4.0-1059.62~18.04.1 No subscription required linux-cloud-tools-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-image-unsigned-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-azure-5.4-headers-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-buildinfo-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-tools-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-azure-5.4-tools-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-headers-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-modules-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-image-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 linux-modules-extra-5.4.0-1063-azure - 5.4.0-1063.66~18.04.1 No subscription required linux-buildinfo-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-90.101~18.04.1 linux-cloud-tools-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-headers-5.4.0-90-generic-lpae - 5.4.0-90.101~18.04.1 linux-headers-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-hwe-5.4-tools-5.4.0-90 - 5.4.0-90.101~18.04.1 linux-tools-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-image-unsigned-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-modules-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-image-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-cloud-tools-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-tools-5.4.0-90-generic-lpae - 5.4.0-90.101~18.04.1 linux-modules-extra-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-buildinfo-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-image-5.4.0-90-generic-lpae - 5.4.0-90.101~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-90 - 5.4.0-90.101~18.04.1 linux-image-unsigned-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-image-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-90.101~18.04.1 linux-headers-5.4.0-90-generic - 5.4.0-90.101~18.04.1 linux-tools-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-90.101~18.04.1 linux-hwe-5.4-headers-5.4.0-90 - 5.4.0-90.101~18.04.1 linux-buildinfo-5.4.0-90-generic-lpae - 5.4.0-90.101~18.04.1 linux-modules-5.4.0-90-lowlatency - 5.4.0-90.101~18.04.1 linux-modules-5.4.0-90-generic-lpae - 5.4.0-90.101~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1026.27~18.04.27 linux-modules-extra-gkeop-5.4 - 5.4.0.1026.27~18.04.27 linux-gkeop-5.4 - 5.4.0.1026.27~18.04.27 linux-headers-gkeop-5.4 - 5.4.0.1026.27~18.04.27 linux-image-gkeop-5.4 - 5.4.0.1026.27~18.04.27 linux-tools-gkeop-5.4 - 5.4.0.1026.27~18.04.27 No subscription required linux-headers-gcp - 5.4.0.1057.43 linux-image-gcp-edge - 5.4.0.1057.43 linux-tools-gcp-edge - 5.4.0.1057.43 linux-headers-gcp-edge - 5.4.0.1057.43 linux-modules-extra-gcp - 5.4.0.1057.43 linux-modules-extra-gcp-edge - 5.4.0.1057.43 linux-tools-gcp - 5.4.0.1057.43 linux-gcp - 5.4.0.1057.43 linux-image-gcp - 5.4.0.1057.43 linux-gcp-edge - 5.4.0.1057.43 No subscription required linux-headers-aws - 5.4.0.1059.42 linux-image-aws - 5.4.0.1059.42 linux-modules-extra-aws-edge - 5.4.0.1059.42 linux-aws-edge - 5.4.0.1059.42 linux-aws - 5.4.0.1059.42 linux-headers-aws-edge - 5.4.0.1059.42 linux-modules-extra-aws - 5.4.0.1059.42 linux-tools-aws - 5.4.0.1059.42 linux-tools-aws-edge - 5.4.0.1059.42 linux-image-aws-edge - 5.4.0.1059.42 No subscription required linux-tools-azure-edge - 5.4.0.1063.43 linux-cloud-tools-azure - 5.4.0.1063.43 linux-tools-azure - 5.4.0.1063.43 linux-image-azure-edge - 5.4.0.1063.43 linux-signed-image-azure-edge - 5.4.0.1063.43 linux-cloud-tools-azure-edge - 5.4.0.1063.43 linux-signed-azure-edge - 5.4.0.1063.43 linux-modules-extra-azure - 5.4.0.1063.43 linux-headers-azure - 5.4.0.1063.43 linux-azure - 5.4.0.1063.43 linux-image-azure - 5.4.0.1063.43 linux-signed-image-azure - 5.4.0.1063.43 linux-signed-azure - 5.4.0.1063.43 linux-headers-azure-edge - 5.4.0.1063.43 linux-azure-edge - 5.4.0.1063.43 linux-modules-extra-azure-edge - 5.4.0.1063.43 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-headers-snapdragon-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-generic-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-snapdragon-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-oem - 5.4.0.90.101~18.04.80 linux-headers-lowlatency-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-lowlatency-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-extra-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-oem-osp1 - 5.4.0.90.101~18.04.80 linux-snapdragon-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-generic-lpae-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-tools-lowlatency-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-generic-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-tools-snapdragon-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-generic-lpae-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-oem - 5.4.0.90.101~18.04.80 linux-tools-oem-osp1 - 5.4.0.90.101~18.04.80 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-tools-generic-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-image-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-lowlatency-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-generic-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-generic-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-oem - 5.4.0.90.101~18.04.80 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-headers-oem-osp1 - 5.4.0.90.101~18.04.80 linux-snapdragon-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-tools-oem - 5.4.0.90.101~18.04.80 linux-tools-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-generic-lpae-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-generic-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-oem-osp1 - 5.4.0.90.101~18.04.80 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-lowlatency-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-tools-virtual-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.90.101~18.04.80 linux-generic-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-tools-generic-hwe-18.04 - 5.4.0.90.101~18.04.80 linux-image-virtual-hwe-18.04-edge - 5.4.0.90.101~18.04.80 No subscription required Medium CVE-2019-19449 CVE-2020-36385 CVE-2021-3428 CVE-2021-34556 CVE-2021-35477 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-42252 Ubuntu 18.04 LTS It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. (CVE-2020-36385) Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2021-3428) Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-34556) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass (SSB) side-channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-35477) It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. (CVE-2021-3739) It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2021-3743) It was discovered that the virtual terminal (vt) device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. (CVE-2021-3753) It was discovered that the Linux kernel did not properly account for the memory usage of certain IPC objects. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3759) Update Instructions: Run `sudo pro fix USN-5137-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi-5.4-headers-5.4.0-1046 - 5.4.0-1046.50~18.04.1 linux-modules-5.4.0-1046-raspi - 5.4.0-1046.50~18.04.1 linux-headers-5.4.0-1046-raspi - 5.4.0-1046.50~18.04.1 linux-raspi-5.4-tools-5.4.0-1046 - 5.4.0-1046.50~18.04.1 linux-tools-5.4.0-1046-raspi - 5.4.0-1046.50~18.04.1 linux-image-5.4.0-1046-raspi - 5.4.0-1046.50~18.04.1 linux-buildinfo-5.4.0-1046-raspi - 5.4.0-1046.50~18.04.1 No subscription required linux-tools-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-image-unsigned-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-gke-5.4-tools-5.4.0-1055 - 5.4.0-1055.58~18.04.1 linux-image-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-headers-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-modules-extra-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-buildinfo-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-modules-5.4.0-1055-gke - 5.4.0-1055.58~18.04.1 linux-gke-5.4-headers-5.4.0-1055 - 5.4.0-1055.58~18.04.1 No subscription required linux-oracle-5.4-tools-5.4.0-1057 - 5.4.0-1057.61~18.04.1 linux-buildinfo-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-modules-extra-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-image-unsigned-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-image-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-tools-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-modules-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-headers-5.4.0-1057-oracle - 5.4.0-1057.61~18.04.1 linux-oracle-5.4-headers-5.4.0-1057 - 5.4.0-1057.61~18.04.1 No subscription required linux-raspi-hwe-18.04-edge - 5.4.0.1046.49 linux-raspi-hwe-18.04 - 5.4.0.1046.49 linux-image-raspi-hwe-18.04-edge - 5.4.0.1046.49 linux-tools-raspi-hwe-18.04 - 5.4.0.1046.49 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1046.49 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1046.49 linux-image-raspi-hwe-18.04 - 5.4.0.1046.49 linux-headers-raspi-hwe-18.04 - 5.4.0.1046.49 No subscription required linux-gke-5.4 - 5.4.0.1055.58~18.04.20 linux-headers-gke-5.4 - 5.4.0.1055.58~18.04.20 linux-image-gke-5.4 - 5.4.0.1055.58~18.04.20 linux-tools-gke-5.4 - 5.4.0.1055.58~18.04.20 linux-modules-extra-gke-5.4 - 5.4.0.1055.58~18.04.20 No subscription required linux-modules-extra-oracle - 5.4.0.1057.61~18.04.37 linux-signed-oracle-edge - 5.4.0.1057.61~18.04.37 linux-oracle-edge - 5.4.0.1057.61~18.04.37 linux-headers-oracle - 5.4.0.1057.61~18.04.37 linux-headers-oracle-edge - 5.4.0.1057.61~18.04.37 linux-image-oracle - 5.4.0.1057.61~18.04.37 linux-signed-image-oracle-edge - 5.4.0.1057.61~18.04.37 linux-signed-oracle - 5.4.0.1057.61~18.04.37 linux-tools-oracle - 5.4.0.1057.61~18.04.37 linux-tools-oracle-edge - 5.4.0.1057.61~18.04.37 linux-modules-extra-oracle-edge - 5.4.0.1057.61~18.04.37 linux-signed-image-oracle - 5.4.0.1057.61~18.04.37 linux-image-oracle-edge - 5.4.0.1057.61~18.04.37 linux-oracle - 5.4.0.1057.61~18.04.37 No subscription required Medium CVE-2019-19449 CVE-2020-36385 CVE-2021-3428 CVE-2021-34556 CVE-2021-35477 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 Ubuntu 18.04 LTS The py.path.svnwc component of py (aka python-py) through v1.9.0 contains a regular expression with an ambiguous subpattern that is susceptible to catastrophic backtracing. This could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. Update Instructions: Run `sudo pro fix USN-5138-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pypy-py - 1.5.2-1ubuntu0.1 python3-py - 1.5.2-1ubuntu0.1 python-py - 1.5.2-1ubuntu0.1 No subscription required Medium CVE-2020-29651 Ubuntu 18.04 LTS It was discovered that Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5143-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: leptonica-progs - 1.75.3-3ubuntu0.1~esm1 libleptonica-dev - 1.75.3-3ubuntu0.1~esm1 liblept5 - 1.75.3-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-7247 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5144-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.8 openexr - 2.2.0-11.1ubuntu1.8 libopenexr22 - 2.2.0-11.1ubuntu1.8 openexr-doc - 2.2.0-11.1ubuntu1.8 No subscription required Medium CVE-2021-3933 Ubuntu 18.04 LTS Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Update Instructions: Run `sudo pro fix USN-5145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.19-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.19-0ubuntu0.18.04.1 libecpg6 - 10.19-0ubuntu0.18.04.1 libpq-dev - 10.19-0ubuntu0.18.04.1 libpgtypes3 - 10.19-0ubuntu0.18.04.1 postgresql-10 - 10.19-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.19-0ubuntu0.18.04.1 libecpg-dev - 10.19-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.19-0ubuntu0.18.04.1 libpq5 - 10.19-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.19-0ubuntu0.18.04.1 postgresql-doc-10 - 10.19-0ubuntu0.18.04.1 postgresql-client-10 - 10.19-0ubuntu0.18.04.1 libecpg-compat3 - 10.19-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-23214 CVE-2021-23222 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:78.14.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:78.14.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:78.14.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:78.14.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:78.14.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-38493 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. (CVE-2019-20807) Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04 and Ubuntu 21.10. (CVE-2021-3872) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3903) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3927) It was discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possible execute arbitrary code with user privileges. (CVE-2021-3928) Update Instructions: Run `sudo pro fix USN-5147-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.7 vim-gnome - 2:8.0.1453-1ubuntu1.7 vim-athena - 2:8.0.1453-1ubuntu1.7 xxd - 2:8.0.1453-1ubuntu1.7 vim-gtk - 2:8.0.1453-1ubuntu1.7 vim-gui-common - 2:8.0.1453-1ubuntu1.7 vim - 2:8.0.1453-1ubuntu1.7 vim-doc - 2:8.0.1453-1ubuntu1.7 vim-tiny - 2:8.0.1453-1ubuntu1.7 vim-runtime - 2:8.0.1453-1ubuntu1.7 vim-gtk3 - 2:8.0.1453-1ubuntu1.7 vim-nox - 2:8.0.1453-1ubuntu1.7 No subscription required Medium CVE-2017-17087 CVE-2019-20807 CVE-2021-3872 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 Ubuntu 18.04 LTS It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhivex-bin - 1.3.15-1ubuntu0.1 libhivex-ocaml-dev - 1.3.15-1ubuntu0.1 libhivex-dev - 1.3.15-1ubuntu0.1 libhivex0 - 1.3.15-1ubuntu0.1 python3-hivex - 1.3.15-1ubuntu0.1 libwin-hivex-perl - 1.3.15-1ubuntu0.1 libhivex-ocaml - 1.3.15-1ubuntu0.1 python-hivex - 1.3.15-1ubuntu0.1 ruby-hivex - 1.3.15-1ubuntu0.1 No subscription required Medium CVE-2021-3504 Ubuntu 18.04 LTS It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5150-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-dev - 2.2.0-11.1ubuntu1.9 openexr - 2.2.0-11.1ubuntu1.9 libopenexr22 - 2.2.0-11.1ubuntu1.9 openexr-doc - 2.2.0-11.1ubuntu1.9 No subscription required Low CVE-2021-3941 Ubuntu 18.04 LTS It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-43331) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-43332) Update Instructions: Run `sudo pro fix USN-5151-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.5 No subscription required Medium CVE-2021-43331 CVE-2021-43332 https://launchpad.net/bugs/1949401 https://launchpad.net/mailman/+bug/1949403 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-41159) It was discovered that FreeRDP incorrectly handled certain connections. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2021-41160) Update Instructions: Run `sudo pro fix USN-5154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.2 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.2 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.2 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.2 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.2 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.2 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.2 No subscription required Medium CVE-2021-41159 CVE-2021-41160 Ubuntu 18.04 LTS It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-3658) It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. (CVE-2021-41229) It was discovered that the BlueZ gatt server incorrectly handled disconnects. A remote attacker could possibly use this issue to cause BlueZ to crash, leading to a denial of service. (CVE-2021-43400) Update Instructions: Run `sudo pro fix USN-5155-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.6 bluez-tests - 5.48-0ubuntu3.6 bluez-obexd - 5.48-0ubuntu3.6 bluetooth - 5.48-0ubuntu3.6 bluez - 5.48-0ubuntu3.6 bluez-hcidump - 5.48-0ubuntu3.6 bluez-cups - 5.48-0ubuntu3.6 libbluetooth-dev - 5.48-0ubuntu3.6 No subscription required Medium CVE-2021-3658 CVE-2021-41229 CVE-2021-43400 Ubuntu 18.04 LTS It was discovered that Postorius mishandled specially crafted input. An attacker could use this vulnerability that obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5157-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-postorius - 1.1.2-3ubuntu0.1 No subscription required Medium CVE-2021-40347 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20244) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. (CVE-2021-20313) Update Instructions: Run `sudo pro fix USN-5158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.12 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.12 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.12 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.12 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.12 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.12 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.12 No subscription required Medium CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 Ubuntu 18.04 LTS It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server. Update Instructions: Run `sudo pro fix USN-5160-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mc-data - 3:4.8.19-1ubuntu0.1~esm1 mc - 3:4.8.19-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-36370 Ubuntu 18.04 LTS Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-3655) It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3744, CVE-2021-3764) Update Instructions: Run `sudo pro fix USN-5163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-cloud-tools-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-gkeop-5.4-headers-5.4.0-1027 - 5.4.0-1027.28~18.04.1 linux-modules-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-buildinfo-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1027.28~18.04.1 linux-gkeop-5.4-tools-5.4.0-1027 - 5.4.0-1027.28~18.04.1 linux-headers-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-image-unsigned-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-image-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-tools-5.4.0-1027-gkeop - 5.4.0-1027.28~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1027 - 5.4.0-1027.28~18.04.1 No subscription required linux-raspi-5.4-headers-5.4.0-1047 - 5.4.0-1047.52~18.04.1 linux-headers-5.4.0-1047-raspi - 5.4.0-1047.52~18.04.1 linux-tools-5.4.0-1047-raspi - 5.4.0-1047.52~18.04.1 linux-image-5.4.0-1047-raspi - 5.4.0-1047.52~18.04.1 linux-raspi-5.4-tools-5.4.0-1047 - 5.4.0-1047.52~18.04.1 linux-buildinfo-5.4.0-1047-raspi - 5.4.0-1047.52~18.04.1 linux-modules-5.4.0-1047-raspi - 5.4.0-1047.52~18.04.1 No subscription required linux-headers-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-image-unsigned-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-gke-5.4-tools-5.4.0-1056 - 5.4.0-1056.59~18.04.1 linux-gke-5.4-headers-5.4.0-1056 - 5.4.0-1056.59~18.04.1 linux-tools-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-image-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-modules-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-buildinfo-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 linux-modules-extra-5.4.0-1056-gke - 5.4.0-1056.59~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1058 - 5.4.0-1058.62~18.04.1 linux-tools-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-image-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-image-unsigned-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-modules-extra-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-buildinfo-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-modules-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-modules-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-oracle-5.4-tools-5.4.0-1058 - 5.4.0-1058.62~18.04.1 linux-image-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-oracle-5.4-headers-5.4.0-1058 - 5.4.0-1058.62~18.04.1 linux-headers-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-headers-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-tools-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-gcp-5.4-tools-5.4.0-1058 - 5.4.0-1058.62~18.04.1 linux-buildinfo-5.4.0-1058-gcp - 5.4.0-1058.62~18.04.1 linux-image-unsigned-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 linux-modules-extra-5.4.0-1058-oracle - 5.4.0-1058.62~18.04.1 No subscription required linux-modules-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-aws-5.4-headers-5.4.0-1060 - 5.4.0-1060.63~18.04.1 linux-aws-5.4-tools-5.4.0-1060 - 5.4.0-1060.63~18.04.1 linux-headers-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-tools-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-buildinfo-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-modules-extra-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-image-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1060 - 5.4.0-1060.63~18.04.1 linux-cloud-tools-5.4.0-1060-aws - 5.4.0-1060.63~18.04.1 No subscription required linux-modules-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-cloud-tools-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-image-unsigned-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-headers-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-azure-5.4-headers-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-modules-extra-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-buildinfo-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-tools-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 linux-azure-5.4-tools-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-image-5.4.0-1064-azure - 5.4.0-1064.67~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-91.102~18.04.1 linux-tools-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-modules-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-cloud-tools-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-hwe-5.4-tools-5.4.0-91 - 5.4.0-91.102~18.04.1 linux-modules-extra-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-buildinfo-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-headers-5.4.0-91-generic-lpae - 5.4.0-91.102~18.04.1 linux-image-unsigned-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-headers-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-tools-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-modules-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-image-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-image-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-modules-5.4.0-91-generic-lpae - 5.4.0-91.102~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-91.102~18.04.1 linux-tools-5.4.0-91-generic-lpae - 5.4.0-91.102~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-91.102~18.04.1 linux-headers-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-hwe-5.4-headers-5.4.0-91 - 5.4.0-91.102~18.04.1 linux-buildinfo-5.4.0-91-lowlatency - 5.4.0-91.102~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-91 - 5.4.0-91.102~18.04.1 linux-image-5.4.0-91-generic-lpae - 5.4.0-91.102~18.04.1 linux-buildinfo-5.4.0-91-generic-lpae - 5.4.0-91.102~18.04.1 linux-cloud-tools-5.4.0-91-generic - 5.4.0-91.102~18.04.1 linux-image-unsigned-5.4.0-91-generic - 5.4.0-91.102~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1027.28~18.04.28 linux-image-gkeop-5.4 - 5.4.0.1027.28~18.04.28 linux-gkeop-5.4 - 5.4.0.1027.28~18.04.28 linux-modules-extra-gkeop-5.4 - 5.4.0.1027.28~18.04.28 linux-headers-gkeop-5.4 - 5.4.0.1027.28~18.04.28 linux-tools-gkeop-5.4 - 5.4.0.1027.28~18.04.28 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1047.50 linux-headers-raspi-hwe-18.04 - 5.4.0.1047.50 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1047.50 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1047.50 linux-raspi-hwe-18.04 - 5.4.0.1047.50 linux-image-raspi-hwe-18.04-edge - 5.4.0.1047.50 linux-tools-raspi-hwe-18.04 - 5.4.0.1047.50 linux-raspi-hwe-18.04-edge - 5.4.0.1047.50 No subscription required linux-headers-gke-5.4 - 5.4.0.1056.59~18.04.21 linux-tools-gke-5.4 - 5.4.0.1056.59~18.04.21 linux-modules-extra-gke-5.4 - 5.4.0.1056.59~18.04.21 linux-gke-5.4 - 5.4.0.1056.59~18.04.21 linux-image-gke-5.4 - 5.4.0.1056.59~18.04.21 No subscription required linux-image-gcp-edge - 5.4.0.1058.44 linux-headers-gcp-edge - 5.4.0.1058.44 linux-modules-extra-gcp - 5.4.0.1058.44 linux-modules-extra-gcp-edge - 5.4.0.1058.44 linux-tools-gcp - 5.4.0.1058.44 linux-gcp - 5.4.0.1058.44 linux-tools-gcp-edge - 5.4.0.1058.44 linux-headers-gcp - 5.4.0.1058.44 linux-image-gcp - 5.4.0.1058.44 linux-gcp-edge - 5.4.0.1058.44 No subscription required linux-headers-oracle - 5.4.0.1058.62~18.04.38 linux-tools-oracle - 5.4.0.1058.62~18.04.38 linux-signed-image-oracle - 5.4.0.1058.62~18.04.38 linux-signed-oracle - 5.4.0.1058.62~18.04.38 linux-tools-oracle-edge - 5.4.0.1058.62~18.04.38 linux-oracle-edge - 5.4.0.1058.62~18.04.38 linux-modules-extra-oracle-edge - 5.4.0.1058.62~18.04.38 linux-image-oracle-edge - 5.4.0.1058.62~18.04.38 linux-modules-extra-oracle - 5.4.0.1058.62~18.04.38 linux-signed-oracle-edge - 5.4.0.1058.62~18.04.38 linux-signed-image-oracle-edge - 5.4.0.1058.62~18.04.38 linux-headers-oracle-edge - 5.4.0.1058.62~18.04.38 linux-image-oracle - 5.4.0.1058.62~18.04.38 linux-oracle - 5.4.0.1058.62~18.04.38 No subscription required linux-headers-aws - 5.4.0.1060.43 linux-image-aws - 5.4.0.1060.43 linux-aws-edge - 5.4.0.1060.43 linux-aws - 5.4.0.1060.43 linux-headers-aws-edge - 5.4.0.1060.43 linux-modules-extra-aws - 5.4.0.1060.43 linux-tools-aws - 5.4.0.1060.43 linux-modules-extra-aws-edge - 5.4.0.1060.43 linux-tools-aws-edge - 5.4.0.1060.43 linux-image-aws-edge - 5.4.0.1060.43 No subscription required linux-signed-azure - 5.4.0.1064.44 linux-cloud-tools-azure - 5.4.0.1064.44 linux-tools-azure - 5.4.0.1064.44 linux-image-azure-edge - 5.4.0.1064.44 linux-cloud-tools-azure-edge - 5.4.0.1064.44 linux-image-azure - 5.4.0.1064.44 linux-modules-extra-azure - 5.4.0.1064.44 linux-azure - 5.4.0.1064.44 linux-signed-image-azure-edge - 5.4.0.1064.44 linux-signed-image-azure - 5.4.0.1064.44 linux-headers-azure-edge - 5.4.0.1064.44 linux-azure-edge - 5.4.0.1064.44 linux-modules-extra-azure-edge - 5.4.0.1064.44 linux-signed-azure-edge - 5.4.0.1064.44 linux-tools-azure-edge - 5.4.0.1064.44 linux-headers-azure - 5.4.0.1064.44 No subscription required linux-headers-snapdragon-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-generic-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-snapdragon-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-oem - 5.4.0.91.102~18.04.81 linux-headers-generic-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-lowlatency-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-lowlatency-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-extra-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-image-oem-osp1 - 5.4.0.91.102~18.04.81 linux-headers-oem - 5.4.0.91.102~18.04.81 linux-snapdragon-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-generic-lpae-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-lowlatency-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-tools-snapdragon-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-generic-lpae-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-oem-osp1 - 5.4.0.91.102~18.04.81 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-tools-generic-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-generic-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-generic-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-oem - 5.4.0.91.102~18.04.81 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-snapdragon-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-oem - 5.4.0.91.102~18.04.81 linux-headers-oem-osp1 - 5.4.0.91.102~18.04.81 linux-tools-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-generic-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-oem-osp1 - 5.4.0.91.102~18.04.81 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-image-lowlatency-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-generic-lpae-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-tools-virtual-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-lowlatency-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-image-virtual-hwe-18.04-edge - 5.4.0.91.102~18.04.81 linux-generic-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.91.102~18.04.81 linux-tools-generic-hwe-18.04 - 5.4.0.91.102~18.04.81 No subscription required Medium CVE-2021-3655 CVE-2021-37159 CVE-2021-3744 CVE-2021-3764 Ubuntu 18.04 LTS It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-37159) It was discovered that the AMD Cryptographic Coprocessor (CCP) driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3744, CVE-2021-3764) Update Instructions: Run `sudo pro fix USN-5164-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1031 - 4.15.0-1031.36 linux-buildinfo-4.15.0-1031-dell300x - 4.15.0-1031.36 linux-image-unsigned-4.15.0-1031-dell300x - 4.15.0-1031.36 linux-headers-4.15.0-1031-dell300x - 4.15.0-1031.36 linux-tools-4.15.0-1031-dell300x - 4.15.0-1031.36 linux-dell300x-headers-4.15.0-1031 - 4.15.0-1031.36 linux-image-4.15.0-1031-dell300x - 4.15.0-1031.36 linux-modules-4.15.0-1031-dell300x - 4.15.0-1031.36 No subscription required linux-buildinfo-4.15.0-1084-oracle - 4.15.0-1084.92 linux-image-unsigned-4.15.0-1084-oracle - 4.15.0-1084.92 linux-modules-4.15.0-1084-oracle - 4.15.0-1084.92 linux-tools-4.15.0-1084-oracle - 4.15.0-1084.92 linux-image-4.15.0-1084-oracle - 4.15.0-1084.92 linux-headers-4.15.0-1084-oracle - 4.15.0-1084.92 linux-oracle-tools-4.15.0-1084 - 4.15.0-1084.92 linux-oracle-headers-4.15.0-1084 - 4.15.0-1084.92 linux-modules-extra-4.15.0-1084-oracle - 4.15.0-1084.92 No subscription required linux-buildinfo-4.15.0-1099-raspi2 - 4.15.0-1099.106 linux-modules-4.15.0-1099-raspi2 - 4.15.0-1099.106 linux-raspi2-tools-4.15.0-1099 - 4.15.0-1099.106 linux-tools-4.15.0-1099-raspi2 - 4.15.0-1099.106 linux-headers-4.15.0-1099-raspi2 - 4.15.0-1099.106 linux-image-4.15.0-1099-raspi2 - 4.15.0-1099.106 linux-raspi2-headers-4.15.0-1099 - 4.15.0-1099.106 No subscription required linux-kvm-headers-4.15.0-1103 - 4.15.0-1103.105 linux-tools-4.15.0-1103-kvm - 4.15.0-1103.105 linux-buildinfo-4.15.0-1103-kvm - 4.15.0-1103.105 linux-kvm-tools-4.15.0-1103 - 4.15.0-1103.105 linux-headers-4.15.0-1103-kvm - 4.15.0-1103.105 linux-image-4.15.0-1103-kvm - 4.15.0-1103.105 linux-modules-4.15.0-1103-kvm - 4.15.0-1103.105 No subscription required linux-gcp-4.15-headers-4.15.0-1112 - 4.15.0-1112.126 linux-buildinfo-4.15.0-1112-gcp - 4.15.0-1112.126 linux-headers-4.15.0-1112-gcp - 4.15.0-1112.126 linux-gcp-4.15-tools-4.15.0-1112 - 4.15.0-1112.126 linux-image-4.15.0-1112-gcp - 4.15.0-1112.126 linux-modules-extra-4.15.0-1112-gcp - 4.15.0-1112.126 linux-modules-4.15.0-1112-gcp - 4.15.0-1112.126 linux-tools-4.15.0-1112-gcp - 4.15.0-1112.126 linux-image-unsigned-4.15.0-1112-gcp - 4.15.0-1112.126 No subscription required linux-cloud-tools-4.15.0-1116-aws - 4.15.0-1116.123 linux-aws-tools-4.15.0-1116 - 4.15.0-1116.123 linux-image-4.15.0-1116-aws - 4.15.0-1116.123 linux-tools-4.15.0-1116-aws - 4.15.0-1116.123 linux-buildinfo-4.15.0-1116-aws - 4.15.0-1116.123 linux-headers-4.15.0-1116-aws - 4.15.0-1116.123 linux-modules-extra-4.15.0-1116-aws - 4.15.0-1116.123 linux-aws-headers-4.15.0-1116 - 4.15.0-1116.123 linux-aws-cloud-tools-4.15.0-1116 - 4.15.0-1116.123 linux-modules-4.15.0-1116-aws - 4.15.0-1116.123 No subscription required linux-buildinfo-4.15.0-1116-snapdragon - 4.15.0-1116.125 linux-snapdragon-tools-4.15.0-1116 - 4.15.0-1116.125 linux-headers-4.15.0-1116-snapdragon - 4.15.0-1116.125 linux-modules-4.15.0-1116-snapdragon - 4.15.0-1116.125 linux-image-4.15.0-1116-snapdragon - 4.15.0-1116.125 linux-snapdragon-headers-4.15.0-1116 - 4.15.0-1116.125 linux-tools-4.15.0-1116-snapdragon - 4.15.0-1116.125 No subscription required linux-modules-4.15.0-1127-azure - 4.15.0-1127.140 linux-azure-4.15-cloud-tools-4.15.0-1127 - 4.15.0-1127.140 linux-cloud-tools-4.15.0-1127-azure - 4.15.0-1127.140 linux-headers-4.15.0-1127-azure - 4.15.0-1127.140 linux-tools-4.15.0-1127-azure - 4.15.0-1127.140 linux-buildinfo-4.15.0-1127-azure - 4.15.0-1127.140 linux-image-4.15.0-1127-azure - 4.15.0-1127.140 linux-azure-4.15-tools-4.15.0-1127 - 4.15.0-1127.140 linux-modules-extra-4.15.0-1127-azure - 4.15.0-1127.140 linux-image-unsigned-4.15.0-1127-azure - 4.15.0-1127.140 linux-azure-4.15-headers-4.15.0-1127 - 4.15.0-1127.140 No subscription required linux-cloud-tools-4.15.0-163-generic - 4.15.0-163.171 linux-tools-common - 4.15.0-163.171 linux-buildinfo-4.15.0-163-lowlatency - 4.15.0-163.171 linux-tools-host - 4.15.0-163.171 linux-tools-4.15.0-163-generic - 4.15.0-163.171 linux-doc - 4.15.0-163.171 linux-modules-4.15.0-163-generic - 4.15.0-163.171 linux-headers-4.15.0-163-generic - 4.15.0-163.171 linux-libc-dev - 4.15.0-163.171 linux-image-4.15.0-163-generic-lpae - 4.15.0-163.171 linux-tools-4.15.0-163-lowlatency - 4.15.0-163.171 linux-tools-4.15.0-163 - 4.15.0-163.171 linux-tools-4.15.0-163-generic-lpae - 4.15.0-163.171 linux-modules-4.15.0-163-lowlatency - 4.15.0-163.171 linux-image-unsigned-4.15.0-163-lowlatency - 4.15.0-163.171 linux-headers-4.15.0-163 - 4.15.0-163.171 linux-modules-extra-4.15.0-163-generic - 4.15.0-163.171 linux-image-4.15.0-163-generic - 4.15.0-163.171 linux-headers-4.15.0-163-generic-lpae - 4.15.0-163.171 linux-cloud-tools-common - 4.15.0-163.171 linux-cloud-tools-4.15.0-163 - 4.15.0-163.171 linux-image-unsigned-4.15.0-163-generic - 4.15.0-163.171 linux-modules-4.15.0-163-generic-lpae - 4.15.0-163.171 linux-buildinfo-4.15.0-163-generic - 4.15.0-163.171 linux-buildinfo-4.15.0-163-generic-lpae - 4.15.0-163.171 linux-cloud-tools-4.15.0-163-lowlatency - 4.15.0-163.171 linux-headers-4.15.0-163-lowlatency - 4.15.0-163.171 linux-source-4.15.0 - 4.15.0-163.171 linux-image-4.15.0-163-lowlatency - 4.15.0-163.171 No subscription required linux-tools-dell300x - 4.15.0.1031.33 linux-headers-dell300x - 4.15.0.1031.33 linux-image-dell300x - 4.15.0.1031.33 linux-dell300x - 4.15.0.1031.33 No subscription required linux-oracle-lts-18.04 - 4.15.0.1084.94 linux-image-oracle-lts-18.04 - 4.15.0.1084.94 linux-signed-image-oracle-lts-18.04 - 4.15.0.1084.94 linux-tools-oracle-lts-18.04 - 4.15.0.1084.94 linux-signed-oracle-lts-18.04 - 4.15.0.1084.94 linux-headers-oracle-lts-18.04 - 4.15.0.1084.94 No subscription required linux-raspi2 - 4.15.0.1099.97 linux-headers-raspi2 - 4.15.0.1099.97 linux-image-raspi2 - 4.15.0.1099.97 linux-tools-raspi2 - 4.15.0.1099.97 No subscription required linux-kvm - 4.15.0.1103.99 linux-headers-kvm - 4.15.0.1103.99 linux-image-kvm - 4.15.0.1103.99 linux-tools-kvm - 4.15.0.1103.99 No subscription required linux-gcp-lts-18.04 - 4.15.0.1112.131 linux-tools-gcp-lts-18.04 - 4.15.0.1112.131 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1112.131 linux-image-gcp-lts-18.04 - 4.15.0.1112.131 linux-headers-gcp-lts-18.04 - 4.15.0.1112.131 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1116.119 linux-snapdragon - 4.15.0.1116.119 linux-headers-aws-lts-18.04 - 4.15.0.1116.119 linux-headers-snapdragon - 4.15.0.1116.119 linux-tools-snapdragon - 4.15.0.1116.119 linux-aws-lts-18.04 - 4.15.0.1116.119 linux-modules-extra-aws-lts-18.04 - 4.15.0.1116.119 linux-image-snapdragon - 4.15.0.1116.119 linux-tools-aws-lts-18.04 - 4.15.0.1116.119 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1127.100 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1127.100 linux-tools-azure-lts-18.04 - 4.15.0.1127.100 linux-signed-image-azure-lts-18.04 - 4.15.0.1127.100 linux-headers-azure-lts-18.04 - 4.15.0.1127.100 linux-azure-lts-18.04 - 4.15.0.1127.100 linux-signed-azure-lts-18.04 - 4.15.0.1127.100 linux-image-azure-lts-18.04 - 4.15.0.1127.100 No subscription required linux-signed-generic-hwe-16.04 - 4.15.0.163.152 linux-image-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-signed-generic-hwe-16.04-edge - 4.15.0.163.152 linux-headers-generic-lpae - 4.15.0.163.152 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-image-extra-virtual-hwe-16.04 - 4.15.0.163.152 linux-image-virtual - 4.15.0.163.152 linux-headers-virtual - 4.15.0.163.152 linux-tools-lowlatency - 4.15.0.163.152 linux-headers-generic-hwe-16.04-edge - 4.15.0.163.152 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.163.152 linux-generic-lpae-hwe-16.04 - 4.15.0.163.152 linux-cloud-tools-virtual - 4.15.0.163.152 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-image-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-generic-lpae-hwe-16.04-edge - 4.15.0.163.152 linux-signed-image-lowlatency - 4.15.0.163.152 linux-signed-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-crashdump - 4.15.0.163.152 linux-signed-image-generic - 4.15.0.163.152 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.163.152 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.163.152 linux-source - 4.15.0.163.152 linux-lowlatency - 4.15.0.163.152 linux-tools-generic-lpae - 4.15.0.163.152 linux-cloud-tools-generic - 4.15.0.163.152 linux-generic-hwe-16.04-edge - 4.15.0.163.152 linux-headers-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-tools-generic-hwe-16.04 - 4.15.0.163.152 linux-tools-virtual - 4.15.0.163.152 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-generic-lpae - 4.15.0.163.152 linux-generic - 4.15.0.163.152 linux-virtual - 4.15.0.163.152 linux-signed-image-generic-hwe-16.04 - 4.15.0.163.152 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.163.152 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-headers-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-headers-generic-hwe-16.04 - 4.15.0.163.152 linux-generic-hwe-16.04 - 4.15.0.163.152 linux-tools-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-image-generic-lpae - 4.15.0.163.152 linux-tools-generic - 4.15.0.163.152 linux-tools-virtual-hwe-16.04 - 4.15.0.163.152 linux-virtual-hwe-16.04 - 4.15.0.163.152 linux-image-extra-virtual - 4.15.0.163.152 linux-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.163.152 linux-cloud-tools-lowlatency - 4.15.0.163.152 linux-image-generic-hwe-16.04 - 4.15.0.163.152 linux-image-generic-hwe-16.04-edge - 4.15.0.163.152 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-image-generic-lpae-hwe-16.04 - 4.15.0.163.152 linux-tools-lowlatency-hwe-16.04 - 4.15.0.163.152 linux-signed-generic - 4.15.0.163.152 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.163.152 linux-headers-generic - 4.15.0.163.152 linux-tools-generic-hwe-16.04-edge - 4.15.0.163.152 linux-virtual-hwe-16.04-edge - 4.15.0.163.152 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.163.152 linux-image-virtual-hwe-16.04 - 4.15.0.163.152 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.163.152 linux-headers-lowlatency - 4.15.0.163.152 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.163.152 linux-headers-virtual-hwe-16.04 - 4.15.0.163.152 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.163.152 linux-image-lowlatency - 4.15.0.163.152 linux-signed-lowlatency - 4.15.0.163.152 linux-image-generic - 4.15.0.163.152 No subscription required Medium CVE-2021-37159 CVE-2021-3744 CVE-2021-3764 Ubuntu 18.04 LTS Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.13 libnss3 - 2:3.35-2ubuntu2.13 libnss3-tools - 2:3.35-2ubuntu2.13 No subscription required High CVE-2021-43527 Ubuntu 18.04 LTS Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5168-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-br - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bn - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-be - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bg - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ja - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sl - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sk - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-si - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-gnome-support - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sv - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sr - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sq - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hsb - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cy - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cs - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ca - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-br - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pa - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ka - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ko - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-kk - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-kab - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pl - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-tw - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nn-no - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nb-no - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-bn-bd - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-lt - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en-gb - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-uz - 1:78.14.0+build1-0ubuntu0.18.04.2 xul-ext-calendar-timezones - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-de - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-da - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-uk - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-dev - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-el - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-en-us - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-rm - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ms - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ro - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-eu - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-et - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hant - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-hans - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ru - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-es - 1:78.14.0+build1-0ubuntu0.18.04.2 xul-ext-gdata-provider - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fr - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-es-es - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ta-lk - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fy - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fa - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fi - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ast - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nl - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nn - 1:78.14.0+build1-0ubuntu0.18.04.2 xul-ext-lightning - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ga-ie - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-fy-nl - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-nb - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-mozsymbols - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-zh-cn - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-gl - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ga - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-tr - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-gd - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-th - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ta - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-dsb - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-vi - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hy - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-sv-se - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hr - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-hu - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pa-in - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-he - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-ar - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-af - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-pt-pt - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-cak - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-is - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-it - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-mk - 1:78.14.0+build1-0ubuntu0.18.04.2 thunderbird-locale-id - 1:78.14.0+build1-0ubuntu0.18.04.2 No subscription required High CVE-2021-43527 Ubuntu 18.04 LTS Matthias Gerstner discovered that there was a race condition in the mkhomedir tool shipped with the oddjob package. An authenticated attacker could use this to setup a symlink attack and change permissions on files on the host filesystem. Update Instructions: Run `sudo pro fix USN-5169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: oddjob - 0.34.3-4ubuntu0.1~esm1 oddjob-mkhomedir - 0.34.3-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-10737 Ubuntu 18.04 LTS It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service (crash) or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5171-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.631-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-10685 CVE-2018-11496 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-9058 Ubuntu 18.04 LTS It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. (CVE-2018-19198, CVE-2018-19199, CVE-2018-19200) It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information. (CVE-2018-20721) Update Instructions: Run `sudo pro fix USN-5172-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-doc - 0.8.4-1+deb9u2build0.18.04.1 liburiparser-dev - 0.8.4-1+deb9u2build0.18.04.1 liburiparser1 - 0.8.4-1+deb9u2build0.18.04.1 No subscription required Medium CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Ubuntu 18.04 LTS It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5173-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmodbus-dev - 3.0.6-2+deb9u1build0.18.04.1 libmodbus5 - 3.0.6-2+deb9u1build0.18.04.1 No subscription required Medium CVE-2019-14462 CVE-2019-14463 Ubuntu 18.04 LTS Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. (CVE-2016-2124) Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. (CVE-2020-25717) Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. (CVE-2020-25722) Joseph Sutton discovered that Samba incorrectly handled certain TGS requests. An authenticated attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2021-3671) The fix for CVE-2020-25717 results in possible behaviour changes that could affect certain environments. Please see the upstream advisory for more information: https://www.samba.org/samba/security/CVE-2020-25717.html Update Instructions: Run `sudo pro fix USN-5174-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 No subscription required Medium CVE-2016-2124 CVE-2020-25717 CVE-2020-25722 CVE-2021-3671 Ubuntu 18.04 LTS USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/show_bug.cgi?id=14922 This update fixes the problem. Original advisory details: Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. (CVE-2016-2124) Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. (CVE-2020-25717) Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. (CVE-2020-25722) Joseph Sutton discovered that Samba incorrectly handled certain TGS requests. An authenticated attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2021-3671) The fix for CVE-2020-25717 results in possible behaviour changes that could affect certain environments. Please see the upstream advisory for more information: https://www.samba.org/samba/security/CVE-2020-25717.html Update Instructions: Run `sudo pro fix USN-5174-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 No subscription required None https://launchpad.net/bugs/1950363 Ubuntu 18.04 LTS It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine. Update Instructions: Run `sudo pro fix USN-5177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: inetutils-tools - 2:1.9.4-3ubuntu0.1+esm1 inetutils-ftpd - 2:1.9.4-3ubuntu0.1+esm1 inetutils-talkd - 2:1.9.4-3ubuntu0.1+esm1 inetutils-traceroute - 2:1.9.4-3ubuntu0.1+esm1 inetutils-talk - 2:1.9.4-3ubuntu0.1+esm1 inetutils-telnetd - 2:1.9.4-3ubuntu0.1+esm1 inetutils-inetd - 2:1.9.4-3ubuntu0.1+esm1 inetutils-ping - 2:1.9.4-3ubuntu0.1+esm1 inetutils-syslogd - 2:1.9.4-3ubuntu0.1+esm1 inetutils-ftp - 2:1.9.4-3ubuntu0.1+esm1 inetutils-telnet - 2:1.9.4-3ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-40491 Ubuntu 18.04 LTS It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-28831) It was discovered that BusyBox incorrectly handled certain malformed LZMA archives. If a user or automated system were tricked into processing a specially crafted LZMA archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly leak sensitive information. (CVE-2021-42374) Vera Mens, Uri Katz, Tal Keren, Sharon Brizinov, and Shachar Menashe discovered that BusyBox incorrectly handled certain awk patterns. If a user or automated system were tricked into processing a specially crafted awk pattern, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386) Update Instructions: Run `sudo pro fix USN-5179-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.27.2-2ubuntu3.4 busybox-syslogd - 1:1.27.2-2ubuntu3.4 udhcpd - 1:1.27.2-2ubuntu3.4 busybox-initramfs - 1:1.27.2-2ubuntu3.4 udhcpc - 1:1.27.2-2ubuntu3.4 busybox-static - 1:1.27.2-2ubuntu3.4 No subscription required Medium CVE-2021-28831 CVE-2021-42374 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 Ubuntu 18.04 LTS It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes. Update Instructions: Run `sudo pro fix USN-5180-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mailman - 1:2.1.26-1ubuntu0.6 No subscription required Medium CVE-2021-44227 Ubuntu 18.04 LTS It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. (CVE-2021-41184) It was discovered that jQuery UI checkboxradio widget did not properly decode certain values from HTML entities. An attacker could possibly use this issue to generate a cross-site scripting(XSS) attack, resulting in a crash or possibly execute arbitrary code. (CVE-2022-31160) Update Instructions: Run `sudo pro fix USN-5181-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-jquery-ui - 1.12.1+dfsg-5ubuntu0.18.04.1~esm2 libjs-jquery-ui - 1.12.1+dfsg-5ubuntu0.18.04.1~esm2 libjs-jquery-ui-docs - 1.12.1+dfsg-5ubuntu0.18.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-41184 CVE-2022-31160 Ubuntu 18.04 LTS It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12625) It was discovered that Roundcube Webmail incorrectly processed login and logout POST requests. An attacker could possibly use this issue to launch a cross-site request forgery (CSRF) attack and force an authenticated user to be logged out. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12626) It was discovered that Roundcube Webmail incorrectly processed new plugin names in rcube_plugin_api.php. An attacker could possibly use this issue to obtain sensitive information from local files or to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12640) It was discovered that Roundcube Webmail did not sanitize shell metacharacters recovered from variables in its configuration settings. An attacker could possibly use this issue to execute arbitrary code in the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12641) It was discovered that Roundcube Webmail incorrectly sanitized characters in the username template object. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13964) It was discovered that Roundcube Webmail allowed preview of text/html content. A remote attacker could possibly use this issue to send a malicious XML attachment via an email message and execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13965) Andrea Cardaci discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained an SVG element in the XML namespace. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15562) Lukasz Pilorz discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained SVG documents. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-16145) Alex Birnberg discovered that Roundcube Webmail incorrectly sanitized characters in plain text e-mail messages that included link reference elements. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-35730) It was discovered that Roundcube Webmail did not properly sanitize HTML special characters in warning messages that contained an attachment's filename extension. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-44025) It was discovered that Roundcube Webmail incorrectly managed session variables related to search functionalities. A remote attacker could possibly use this issue to execute a SQL injection attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-44026) It was discovered that Roundcube Webmail did not properly sanitize HTML special characters when dealing with HTML messages that contained CSS content. A remote attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-46144) Update Instructions: Run `sudo pro fix USN-5182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: roundcube-pgsql - 1.3.6+dfsg.1-1ubuntu0.1~esm2 roundcube-mysql - 1.3.6+dfsg.1-1ubuntu0.1~esm2 roundcube-plugins - 1.3.6+dfsg.1-1ubuntu0.1~esm2 roundcube - 1.3.6+dfsg.1-1ubuntu0.1~esm2 roundcube-core - 1.3.6+dfsg.1-1ubuntu0.1~esm2 roundcube-sqlite3 - 1.3.6+dfsg.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-12625 CVE-2020-12626 CVE-2020-12640 CVE-2020-12641 CVE-2020-13964 CVE-2020-13965 CVE-2020-15562 CVE-2020-16145 CVE-2020-35730 CVE-2021-44025 CVE-2021-44026 CVE-2021-46144 Ubuntu 18.04 LTS Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5183-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.7 bluez-tests - 5.48-0ubuntu3.7 bluez-obexd - 5.48-0ubuntu3.7 bluetooth - 5.48-0ubuntu3.7 bluez - 5.48-0ubuntu3.7 bluez-hcidump - 5.48-0ubuntu3.7 bluez-cups - 5.48-0ubuntu3.7 libbluetooth-dev - 5.48-0ubuntu3.7 No subscription required Medium CVE-2019-8922 Ubuntu 18.04 LTS It was discovered that libmysofa mishandled certain input. An attacker could use this vulnerability to cause a denial of service (crash). Update Instructions: Run `sudo pro fix USN-5184-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysofa-utils - 0.6~dfsg0-3+deb10u1ubuntu0.1~esm1 libmysofa0 - 0.6~dfsg0-3+deb10u1ubuntu0.1~esm1 libmysofa-dev - 0.6~dfsg0-3+deb10u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-3756 Ubuntu 18.04 LTS It was discovered that MATIO incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5185-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmatio-doc - 1.5.11-1ubuntu0.1~esm1 libmatio4 - 1.5.11-1ubuntu0.1~esm1 libmatio-dev - 1.5.11-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-17533 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546) A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. (CVE-2021-43540) Update Instructions: Run `sudo pro fix USN-5186-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-szl - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 95.0+build1-0ubuntu0.18.04.1 firefox - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 95.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 95.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 95.0+build1-0ubuntu0.18.04.1 firefox-dev - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 95.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 95.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43540 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Ubuntu 18.04 LTS USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546) A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. (CVE-2021-43540) Update Instructions: Run `sudo pro fix USN-5186-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-szl - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 95.0.1+build2-0ubuntu0.18.04.1 firefox - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 95.0.1+build2-0ubuntu0.18.04.1 firefox-geckodriver - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 95.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 95.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 95.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 95.0.1+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1955433 Ubuntu 18.04 LTS It was discovered that Glances incorrectly parsed untrusted XML data due to usage of xmlrpclib. An attacker could possibly use this to perform an External Entity (XXE) Injection and cause the host system to crash. Update Instructions: Run `sudo pro fix USN-5187-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glances - 2.11.1-3ubuntu0.1~esm1 glances-doc - 2.11.1-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-23418 Ubuntu 18.04 LTS It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass. Update Instructions: Run `sudo pro fix USN-5188-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: keepalived - 1:1.3.9-1ubuntu0.18.04.3 No subscription required Medium CVE-2021-44225 Ubuntu 18.04 LTS It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.9 libglib2.0-data - 2.56.4-0ubuntu0.18.04.9 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.9 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.9 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.9 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.9 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.9 No subscription required Medium CVE-2021-3800 Ubuntu 18.04 LTS It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921) It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950) It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953) It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938) It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672) Update Instructions: Run `sudo pro fix USN-5190-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.28-2ubuntu0.1+esm1 libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.1+esm1 libgraphicsmagick1-dev - 1.3.28-2ubuntu0.1+esm1 graphicsmagick - 1.3.28-2ubuntu0.1+esm1 graphicsmagick-imagemagick-compat - 1.3.28-2ubuntu0.1+esm1 graphicsmagick-libmagick-dev-compat - 1.3.28-2ubuntu0.1+esm1 libgraphicsmagick++1-dev - 1.3.28-2ubuntu0.1+esm1 libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12921 CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 CVE-2020-10938 CVE-2020-12672 Ubuntu 18.04 LTS It was discovered that Flatpak incorrectly handled certain AF_UNIX sockets. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement. Update Instructions: Run `sudo pro fix USN-5191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflatpak0 - 1.0.9-0ubuntu0.4 libflatpak-dev - 1.0.9-0ubuntu0.4 gir1.2-flatpak-1.0 - 1.0.9-0ubuntu0.4 libflatpak-doc - 1.0.9-0ubuntu0.4 flatpak - 1.0.9-0ubuntu0.4 flatpak-tests - 1.0.9-0ubuntu0.4 No subscription required Medium CVE-2021-41133 Ubuntu 18.04 LTS Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Please see the following link for more information: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell Update Instructions: Run `sudo pro fix USN-5192-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j2-java - 2.10.0-2ubuntu0.1 liblog4j2-java-doc - 2.10.0-2ubuntu0.1 No subscription required High CVE-2021-44228 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.10 xmir - 2:1.19.6-1ubuntu4.10 xwayland - 2:1.19.6-1ubuntu4.10 xorg-server-source - 2:1.19.6-1ubuntu4.10 xdmx - 2:1.19.6-1ubuntu4.10 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.10 xserver-xorg-dev - 2:1.19.6-1ubuntu4.10 xvfb - 2:1.19.6-1ubuntu4.10 xnest - 2:1.19.6-1ubuntu4.10 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.10 xdmx-tools - 2:1.19.6-1ubuntu4.10 xserver-xephyr - 2:1.19.6-1ubuntu4.10 xserver-common - 2:1.19.6-1ubuntu4.10 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.6 No subscription required Medium CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 Ubuntu 18.04 LTS It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5195-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mumble - 1.2.19-1ubuntu1.1 mumble-server - 1.2.19-1ubuntu1.1 No subscription required Medium CVE-2021-27229 Ubuntu 18.04 LTS It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Update Instructions: Run `sudo pro fix USN-5199-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.6 python3.6-venv - 3.6.9-1~18.04ubuntu1.6 python3.6-doc - 3.6.9-1~18.04ubuntu1.6 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.6 python3.6-dev - 3.6.9-1~18.04ubuntu1.6 python3.6 - 3.6.9-1~18.04ubuntu1.6 python3.6-minimal - 3.6.9-1~18.04ubuntu1.6 idle-python3.6 - 3.6.9-1~18.04ubuntu1.6 libpython3.6 - 3.6.9-1~18.04ubuntu1.6 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.6 python3.6-examples - 3.6.9-1~18.04ubuntu1.6 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.6 No subscription required Medium CVE-2021-3733 CVE-2021-3737 Ubuntu 18.04 LTS It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Update Instructions: Run `sudo pro fix USN-5200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.7-doc - 3.7.5-2ubuntu1~18.04.2 libpython3.7-minimal - 3.7.5-2ubuntu1~18.04.2 python3.7-minimal - 3.7.5-2ubuntu1~18.04.2 libpython3.7-dev - 3.7.5-2ubuntu1~18.04.2 python3.7-dev - 3.7.5-2ubuntu1~18.04.2 libpython3.7-testsuite - 3.7.5-2ubuntu1~18.04.2 libpython3.7-stdlib - 3.7.5-2ubuntu1~18.04.2 python3.7 - 3.7.5-2ubuntu1~18.04.2 python3.7-venv - 3.7.5-2ubuntu1~18.04.2 python3.7-examples - 3.7.5-2ubuntu1~18.04.2 idle-python3.7 - 3.7.5-2ubuntu1~18.04.2 libpython3.7 - 3.7.5-2ubuntu1~18.04.2 No subscription required libpython3.8-minimal - 3.8.0-3ubuntu1~18.04.2 python3.8-venv - 3.8.0-3ubuntu1~18.04.2 libpython3.8-stdlib - 3.8.0-3ubuntu1~18.04.2 libpython3.8-dev - 3.8.0-3ubuntu1~18.04.2 idle-python3.8 - 3.8.0-3ubuntu1~18.04.2 libpython3.8-testsuite - 3.8.0-3ubuntu1~18.04.2 python3.8 - 3.8.0-3ubuntu1~18.04.2 python3.8-minimal - 3.8.0-3ubuntu1~18.04.2 python3.8-examples - 3.8.0-3ubuntu1~18.04.2 python3.8-dev - 3.8.0-3ubuntu1~18.04.2 libpython3.8 - 3.8.0-3ubuntu1~18.04.2 No subscription required Medium CVE-2020-8492 CVE-2021-3733 CVE-2021-3737 Ubuntu 18.04 LTS Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information (rudimentary port scans). This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341) Markus Loewe discovered that OpenJDK did not properly handle JAR files containing multiple manifest files. An attacker could possibly use this to bypass JAR signature verification. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2369) Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly perform range check elimination in some situations. An attacker could possibly use this to construct a Java class that could bypass Java sandbox restrictions. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388) Asaf Greenholts discovered that OpenJDK preferred certain weak ciphers by default. An attacker could possibly use this to expose sensitive information. (CVE-2021-35550) It was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not properly restrict the amount of memory allocated in some situations. An attacker could use this to specially craft an RTF file that caused a denial of service. (CVE-2021-35556) It was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not properly restrict the amount of memory allocated in some situations. An attacker could use this to specially craft an RTF file that caused a denial of service. (CVE-2021-35559) Markus Loewe discovered that the HashMap and HashSet implementations in OpenJDK did not properly validate load factors during deserialization. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2021-35561) It was discovered that the Keytool component in OpenJDK did not properly handle certificates with validity ending dates in the far future. An attacker could use this to specially craft a certificate that when imported could corrupt a keystore. (CVE-2021-35564) Tristen Hayfield discovered that the HTTP server implementation in OpenJDK did not properly handle TLS session close in some situations. A remote attacker could possibly use this to cause a denial of service (application infinite loop). (CVE-2021-35565) Chuck Hunley discovered that the Kerberos implementation in OpenJDK did not correctly report subject principals when using Kerberos Constrained Delegation. An attacker could possibly use this to cause incorrect Kerberos tickets to be used. (CVE-2021-35567) it was discovered that the TLS implementation in OpenJDK did not properly handle TLS handshakes in certain situations where a Java application is acting as a TLS server. A remote attacker could possibly use this to cause a denial of service (application crash). (CVE-2021-35578) it was discovered that OpenJDK did not properly restrict the amount of memory allocated when processing BMP images. An attacker could use this to specially craft a BMP image file that could cause a denial of service. (CVE-2021-35586) It was discovered that the HotSpot VM in OpenJDK 8 did not properly perform validation of inner class index values in some situations. An attacker could use this to specially craft a class file that when loaded could cause a denial of service (Java VM crash). (CVE-2021-35588) Artem Smotrakov discovered that the TLS implementation in OpenJDK used non- constant time comparisons during TLS handshakes. A remote attacker could use this to expose sensitive information. (CVE-2021-35603) Update Instructions: Run `sudo pro fix USN-5202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.13+8-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.13+8-0ubuntu1~18.04 openjdk-11-source - 11.0.13+8-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.13+8-0ubuntu1~18.04 openjdk-11-jdk - 11.0.13+8-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.13+8-0ubuntu1~18.04 openjdk-11-jre - 11.0.13+8-0ubuntu1~18.04 openjdk-11-demo - 11.0.13+8-0ubuntu1~18.04 No subscription required openjdk-8-source - 8u312-b07-0ubuntu1~18.04 openjdk-8-doc - 8u312-b07-0ubuntu1~18.04 openjdk-8-jdk - 8u312-b07-0ubuntu1~18.04 openjdk-8-jre-headless - 8u312-b07-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u312-b07-0ubuntu1~18.04 openjdk-8-jre - 8u312-b07-0ubuntu1~18.04 openjdk-8-jre-zero - 8u312-b07-0ubuntu1~18.04 openjdk-8-demo - 8u312-b07-0ubuntu1~18.04 No subscription required Medium CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 Ubuntu 18.04 LTS Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2021-45115) Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-45116) Dennis Brinkrolf discovered that Django incorrectly handled certain file names. A remote attacker could possibly use this issue to save files to arbitrary filesystem locations. (CVE-2021-45452) Update Instructions: Run `sudo pro fix USN-5204-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.15 python-django-doc - 1:1.11.11-1ubuntu1.15 python-django-common - 1:1.11.11-1ubuntu1.15 python-django - 1:1.11.11-1ubuntu1.15 No subscription required Medium CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 Ubuntu 18.04 LTS It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-13112) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17580, CVE-2018-17582) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-17974, CVE-2018-18407) It was discovered that a use-after-free existed in Tcpreplay in the tcpbridge binary. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-18408) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2018-20552, CVE-2018-20553) It was discovered that a heap-based buffer over-read that existed in Tcpreplay caused an application crash when tcprewrite or tcpreplay-edit received specially crafted packet capture input. An attacker could possibly use this to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-12740) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-24265, CVE-2020-24266) It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcprewrite. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 ESM. (CVE-2022-27416) It was discovered that Tcpreplay did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted packet capture file, a remote attacker could possibly use this issue to cause Tcpreplay crash, resulting in a denial of service, or possibly read sensitive data. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-28487) Update Instructions: Run `sudo pro fix USN-5205-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpreplay - 4.2.6-1ubuntu0.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-13112 CVE-2018-17974 CVE-2018-18407 CVE-2018-18408 CVE-2018-17580 CVE-2018-17582 CVE-2018-20552 CVE-2018-20553 CVE-2020-12740 CVE-2020-24265 CVE-2020-24266 CVE-2022-27416 CVE-2022-28487 Ubuntu 18.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update Instructions: Run `sudo pro fix USN-5209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1033 - 4.15.0-1033.38 linux-headers-4.15.0-1033-dell300x - 4.15.0-1033.38 linux-image-4.15.0-1033-dell300x - 4.15.0-1033.38 linux-buildinfo-4.15.0-1033-dell300x - 4.15.0-1033.38 linux-tools-4.15.0-1033-dell300x - 4.15.0-1033.38 linux-dell300x-headers-4.15.0-1033 - 4.15.0-1033.38 linux-modules-4.15.0-1033-dell300x - 4.15.0-1033.38 linux-image-unsigned-4.15.0-1033-dell300x - 4.15.0-1033.38 No subscription required linux-modules-4.15.0-1085-oracle - 4.15.0-1085.93 linux-image-4.15.0-1085-oracle - 4.15.0-1085.93 linux-modules-extra-4.15.0-1085-oracle - 4.15.0-1085.93 linux-headers-4.15.0-1085-oracle - 4.15.0-1085.93 linux-tools-4.15.0-1085-oracle - 4.15.0-1085.93 linux-image-unsigned-4.15.0-1085-oracle - 4.15.0-1085.93 linux-buildinfo-4.15.0-1085-oracle - 4.15.0-1085.93 linux-oracle-tools-4.15.0-1085 - 4.15.0-1085.93 linux-oracle-headers-4.15.0-1085 - 4.15.0-1085.93 No subscription required linux-image-4.15.0-1101-raspi2 - 4.15.0-1101.108 linux-buildinfo-4.15.0-1101-raspi2 - 4.15.0-1101.108 linux-headers-4.15.0-1101-raspi2 - 4.15.0-1101.108 linux-modules-4.15.0-1101-raspi2 - 4.15.0-1101.108 linux-raspi2-headers-4.15.0-1101 - 4.15.0-1101.108 linux-tools-4.15.0-1101-raspi2 - 4.15.0-1101.108 linux-raspi2-tools-4.15.0-1101 - 4.15.0-1101.108 No subscription required linux-kvm-tools-4.15.0-1105 - 4.15.0-1105.107 linux-tools-4.15.0-1105-kvm - 4.15.0-1105.107 linux-image-4.15.0-1105-kvm - 4.15.0-1105.107 linux-kvm-headers-4.15.0-1105 - 4.15.0-1105.107 linux-buildinfo-4.15.0-1105-kvm - 4.15.0-1105.107 linux-headers-4.15.0-1105-kvm - 4.15.0-1105.107 linux-modules-4.15.0-1105-kvm - 4.15.0-1105.107 No subscription required linux-image-4.15.0-1114-gcp - 4.15.0-1114.128 linux-modules-extra-4.15.0-1114-gcp - 4.15.0-1114.128 linux-gcp-4.15-tools-4.15.0-1114 - 4.15.0-1114.128 linux-tools-4.15.0-1114-gcp - 4.15.0-1114.128 linux-image-unsigned-4.15.0-1114-gcp - 4.15.0-1114.128 linux-buildinfo-4.15.0-1114-gcp - 4.15.0-1114.128 linux-modules-4.15.0-1114-gcp - 4.15.0-1114.128 linux-headers-4.15.0-1114-gcp - 4.15.0-1114.128 linux-gcp-4.15-headers-4.15.0-1114 - 4.15.0-1114.128 No subscription required linux-tools-4.15.0-1118-aws - 4.15.0-1118.125 linux-headers-4.15.0-1118-aws - 4.15.0-1118.125 linux-buildinfo-4.15.0-1118-aws - 4.15.0-1118.125 linux-image-4.15.0-1118-aws - 4.15.0-1118.125 linux-aws-tools-4.15.0-1118 - 4.15.0-1118.125 linux-modules-4.15.0-1118-aws - 4.15.0-1118.125 linux-aws-cloud-tools-4.15.0-1118 - 4.15.0-1118.125 linux-aws-headers-4.15.0-1118 - 4.15.0-1118.125 linux-cloud-tools-4.15.0-1118-aws - 4.15.0-1118.125 linux-modules-extra-4.15.0-1118-aws - 4.15.0-1118.125 No subscription required linux-image-4.15.0-1118-snapdragon - 4.15.0-1118.127 linux-buildinfo-4.15.0-1118-snapdragon - 4.15.0-1118.127 linux-headers-4.15.0-1118-snapdragon - 4.15.0-1118.127 linux-snapdragon-tools-4.15.0-1118 - 4.15.0-1118.127 linux-snapdragon-headers-4.15.0-1118 - 4.15.0-1118.127 linux-modules-4.15.0-1118-snapdragon - 4.15.0-1118.127 linux-tools-4.15.0-1118-snapdragon - 4.15.0-1118.127 No subscription required linux-image-4.15.0-1129-azure - 4.15.0-1129.142 linux-cloud-tools-4.15.0-1129-azure - 4.15.0-1129.142 linux-buildinfo-4.15.0-1129-azure - 4.15.0-1129.142 linux-modules-extra-4.15.0-1129-azure - 4.15.0-1129.142 linux-azure-4.15-headers-4.15.0-1129 - 4.15.0-1129.142 linux-headers-4.15.0-1129-azure - 4.15.0-1129.142 linux-azure-4.15-tools-4.15.0-1129 - 4.15.0-1129.142 linux-tools-4.15.0-1129-azure - 4.15.0-1129.142 linux-azure-4.15-cloud-tools-4.15.0-1129 - 4.15.0-1129.142 linux-modules-4.15.0-1129-azure - 4.15.0-1129.142 linux-image-unsigned-4.15.0-1129-azure - 4.15.0-1129.142 No subscription required linux-tools-common - 4.15.0-166.174 linux-buildinfo-4.15.0-166-generic-lpae - 4.15.0-166.174 linux-tools-host - 4.15.0-166.174 linux-doc - 4.15.0-166.174 linux-image-unsigned-4.15.0-166-generic - 4.15.0-166.174 linux-tools-4.15.0-166-generic - 4.15.0-166.174 linux-modules-4.15.0-166-generic-lpae - 4.15.0-166.174 linux-buildinfo-4.15.0-166-generic - 4.15.0-166.174 linux-image-4.15.0-166-generic - 4.15.0-166.174 linux-libc-dev - 4.15.0-166.174 linux-cloud-tools-4.15.0-166-generic - 4.15.0-166.174 linux-modules-4.15.0-166-lowlatency - 4.15.0-166.174 linux-cloud-tools-4.15.0-166 - 4.15.0-166.174 linux-cloud-tools-4.15.0-166-lowlatency - 4.15.0-166.174 linux-headers-4.15.0-166-lowlatency - 4.15.0-166.174 linux-tools-4.15.0-166 - 4.15.0-166.174 linux-tools-4.15.0-166-generic-lpae - 4.15.0-166.174 linux-image-4.15.0-166-lowlatency - 4.15.0-166.174 linux-cloud-tools-common - 4.15.0-166.174 linux-image-4.15.0-166-generic-lpae - 4.15.0-166.174 linux-image-unsigned-4.15.0-166-lowlatency - 4.15.0-166.174 linux-modules-4.15.0-166-generic - 4.15.0-166.174 linux-buildinfo-4.15.0-166-lowlatency - 4.15.0-166.174 linux-headers-4.15.0-166-generic-lpae - 4.15.0-166.174 linux-tools-4.15.0-166-lowlatency - 4.15.0-166.174 linux-source-4.15.0 - 4.15.0-166.174 linux-modules-extra-4.15.0-166-generic - 4.15.0-166.174 linux-headers-4.15.0-166 - 4.15.0-166.174 linux-headers-4.15.0-166-generic - 4.15.0-166.174 No subscription required linux-tools-dell300x - 4.15.0.1033.35 linux-headers-dell300x - 4.15.0.1033.35 linux-dell300x - 4.15.0.1033.35 linux-image-dell300x - 4.15.0.1033.35 No subscription required linux-oracle-lts-18.04 - 4.15.0.1085.95 linux-image-oracle-lts-18.04 - 4.15.0.1085.95 linux-signed-image-oracle-lts-18.04 - 4.15.0.1085.95 linux-tools-oracle-lts-18.04 - 4.15.0.1085.95 linux-signed-oracle-lts-18.04 - 4.15.0.1085.95 linux-headers-oracle-lts-18.04 - 4.15.0.1085.95 No subscription required linux-image-raspi2 - 4.15.0.1101.99 linux-raspi2 - 4.15.0.1101.99 linux-headers-raspi2 - 4.15.0.1101.99 linux-tools-raspi2 - 4.15.0.1101.99 No subscription required linux-kvm - 4.15.0.1105.101 linux-headers-kvm - 4.15.0.1105.101 linux-image-kvm - 4.15.0.1105.101 linux-tools-kvm - 4.15.0.1105.101 No subscription required linux-gcp-lts-18.04 - 4.15.0.1114.133 linux-tools-gcp-lts-18.04 - 4.15.0.1114.133 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1114.133 linux-image-gcp-lts-18.04 - 4.15.0.1114.133 linux-headers-gcp-lts-18.04 - 4.15.0.1114.133 No subscription required linux-headers-aws-lts-18.04 - 4.15.0.1118.121 linux-image-aws-lts-18.04 - 4.15.0.1118.121 linux-headers-snapdragon - 4.15.0.1118.121 linux-tools-snapdragon - 4.15.0.1118.121 linux-snapdragon - 4.15.0.1118.121 linux-aws-lts-18.04 - 4.15.0.1118.121 linux-modules-extra-aws-lts-18.04 - 4.15.0.1118.121 linux-image-snapdragon - 4.15.0.1118.121 linux-tools-aws-lts-18.04 - 4.15.0.1118.121 No subscription required linux-cloud-tools-azure-lts-18.04 - 4.15.0.1129.102 linux-modules-extra-azure-lts-18.04 - 4.15.0.1129.102 linux-headers-azure-lts-18.04 - 4.15.0.1129.102 linux-tools-azure-lts-18.04 - 4.15.0.1129.102 linux-azure-lts-18.04 - 4.15.0.1129.102 linux-signed-azure-lts-18.04 - 4.15.0.1129.102 linux-image-azure-lts-18.04 - 4.15.0.1129.102 linux-signed-image-azure-lts-18.04 - 4.15.0.1129.102 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-signed-generic-hwe-16.04-edge - 4.15.0.166.155 linux-headers-generic-lpae - 4.15.0.166.155 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-image-virtual - 4.15.0.166.155 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.166.155 linux-signed-lowlatency - 4.15.0.166.155 linux-image-generic - 4.15.0.166.155 linux-tools-lowlatency - 4.15.0.166.155 linux-headers-generic-hwe-16.04-edge - 4.15.0.166.155 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.166.155 linux-generic-lpae-hwe-16.04 - 4.15.0.166.155 linux-cloud-tools-virtual - 4.15.0.166.155 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-image-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-generic-lpae-hwe-16.04-edge - 4.15.0.166.155 linux-signed-image-lowlatency - 4.15.0.166.155 linux-signed-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-crashdump - 4.15.0.166.155 linux-signed-image-generic - 4.15.0.166.155 linux-lowlatency - 4.15.0.166.155 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.166.155 linux-source - 4.15.0.166.155 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.166.155 linux-tools-generic-lpae - 4.15.0.166.155 linux-cloud-tools-generic - 4.15.0.166.155 linux-generic-hwe-16.04-edge - 4.15.0.166.155 linux-tools-virtual-hwe-16.04 - 4.15.0.166.155 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.166.155 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-tools-generic-hwe-16.04 - 4.15.0.166.155 linux-tools-virtual - 4.15.0.166.155 linux-image-generic-lpae - 4.15.0.166.155 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-generic-lpae - 4.15.0.166.155 linux-generic - 4.15.0.166.155 linux-virtual - 4.15.0.166.155 linux-signed-generic-hwe-16.04 - 4.15.0.166.155 linux-signed-image-generic-hwe-16.04 - 4.15.0.166.155 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.166.155 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-headers-lowlatency - 4.15.0.166.155 linux-headers-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-headers-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-headers-generic-hwe-16.04 - 4.15.0.166.155 linux-generic-hwe-16.04 - 4.15.0.166.155 linux-tools-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-tools-generic - 4.15.0.166.155 linux-virtual-hwe-16.04 - 4.15.0.166.155 linux-image-extra-virtual - 4.15.0.166.155 linux-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-cloud-tools-lowlatency - 4.15.0.166.155 linux-image-generic-hwe-16.04 - 4.15.0.166.155 linux-image-generic-hwe-16.04-edge - 4.15.0.166.155 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-image-extra-virtual-hwe-16.04 - 4.15.0.166.155 linux-image-generic-lpae-hwe-16.04 - 4.15.0.166.155 linux-virtual-hwe-16.04-edge - 4.15.0.166.155 linux-tools-lowlatency-hwe-16.04 - 4.15.0.166.155 linux-signed-generic - 4.15.0.166.155 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.166.155 linux-headers-generic - 4.15.0.166.155 linux-headers-virtual-hwe-16.04 - 4.15.0.166.155 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-image-virtual-hwe-16.04 - 4.15.0.166.155 linux-headers-virtual - 4.15.0.166.155 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.166.155 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.166.155 linux-tools-generic-hwe-16.04-edge - 4.15.0.166.155 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.166.155 linux-image-lowlatency - 4.15.0.166.155 No subscription required High CVE-2021-20317 CVE-2021-20321 CVE-2021-3760 CVE-2021-4002 CVE-2021-41864 CVE-2021-43389 Ubuntu 18.04 LTS Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update Instructions: Run `sudo pro fix USN-5210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-image-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-headers-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1029.30~18.04.2 linux-gkeop-5.4-tools-5.4.0-1029 - 5.4.0-1029.30~18.04.2 linux-tools-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-gkeop-5.4-cloud-tools-5.4.0-1029 - 5.4.0-1029.30~18.04.2 linux-modules-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-buildinfo-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-modules-extra-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-image-unsigned-5.4.0-1029-gkeop - 5.4.0-1029.30~18.04.2 linux-gkeop-5.4-headers-5.4.0-1029 - 5.4.0-1029.30~18.04.2 No subscription required linux-headers-5.4.0-1048-raspi - 5.4.0-1048.53~18.04.1 linux-raspi-5.4-headers-5.4.0-1048 - 5.4.0-1048.53~18.04.1 linux-image-5.4.0-1048-raspi - 5.4.0-1048.53~18.04.1 linux-buildinfo-5.4.0-1048-raspi - 5.4.0-1048.53~18.04.1 linux-tools-5.4.0-1048-raspi - 5.4.0-1048.53~18.04.1 linux-modules-5.4.0-1048-raspi - 5.4.0-1048.53~18.04.1 linux-raspi-5.4-tools-5.4.0-1048 - 5.4.0-1048.53~18.04.1 No subscription required linux-buildinfo-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-gke-5.4-headers-5.4.0-1057 - 5.4.0-1057.60~18.04.1 linux-modules-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-gke-5.4-tools-5.4.0-1057 - 5.4.0-1057.60~18.04.1 linux-headers-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-image-unsigned-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-image-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-modules-extra-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 linux-tools-5.4.0-1057-gke - 5.4.0-1057.60~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1059 - 5.4.0-1059.63~18.04.1 linux-oracle-5.4-tools-5.4.0-1059 - 5.4.0-1059.63~18.04.1 linux-tools-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-image-unsigned-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-buildinfo-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-modules-extra-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-image-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-headers-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-image-unsigned-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-gcp-5.4-tools-5.4.0-1059 - 5.4.0-1059.63~18.04.1 linux-modules-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-tools-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-oracle-5.4-headers-5.4.0-1059 - 5.4.0-1059.63~18.04.1 linux-headers-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-buildinfo-5.4.0-1059-oracle - 5.4.0-1059.63~18.04.1 linux-image-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-modules-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 linux-modules-extra-5.4.0-1059-gcp - 5.4.0-1059.63~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-aws-5.4-tools-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-cloud-tools-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-modules-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-buildinfo-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-image-unsigned-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-headers-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-tools-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 linux-modules-extra-5.4.0-1061-aws - 5.4.0-1061.64~18.04.1 No subscription required linux-buildinfo-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-image-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-modules-extra-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-image-unsigned-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-azure-5.4-headers-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-modules-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-azure-5.4-tools-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-tools-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-cloud-tools-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 linux-headers-5.4.0-1065-azure - 5.4.0-1065.68~18.04.1 No subscription required linux-headers-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-hwe-5.4-cloud-tools-common - 5.4.0-92.103~18.04.2 linux-modules-5.4.0-92-generic-lpae - 5.4.0-92.103~18.04.2 linux-modules-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-buildinfo-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-modules-extra-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-headers-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-modules-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-hwe-5.4-tools-5.4.0-92 - 5.4.0-92.103~18.04.2 linux-buildinfo-5.4.0-92-generic-lpae - 5.4.0-92.103~18.04.2 linux-image-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-tools-5.4.0-92-generic-lpae - 5.4.0-92.103~18.04.2 linux-image-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-cloud-tools-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-hwe-5.4-tools-common - 5.4.0-92.103~18.04.2 linux-cloud-tools-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-hwe-5.4-cloud-tools-5.4.0-92 - 5.4.0-92.103~18.04.2 linux-hwe-5.4-source-5.4.0 - 5.4.0-92.103~18.04.2 linux-hwe-5.4-headers-5.4.0-92 - 5.4.0-92.103~18.04.2 linux-headers-5.4.0-92-generic-lpae - 5.4.0-92.103~18.04.2 linux-image-unsigned-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-image-5.4.0-92-generic-lpae - 5.4.0-92.103~18.04.2 linux-tools-5.4.0-92-generic - 5.4.0-92.103~18.04.2 linux-tools-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-image-unsigned-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 linux-buildinfo-5.4.0-92-lowlatency - 5.4.0-92.103~18.04.2 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1029.30~18.04.30 linux-modules-extra-gkeop-5.4 - 5.4.0.1029.30~18.04.30 linux-gkeop-5.4 - 5.4.0.1029.30~18.04.30 linux-image-gkeop-5.4 - 5.4.0.1029.30~18.04.30 linux-headers-gkeop-5.4 - 5.4.0.1029.30~18.04.30 linux-tools-gkeop-5.4 - 5.4.0.1029.30~18.04.30 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1048.51 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1048.51 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1048.51 linux-raspi-hwe-18.04 - 5.4.0.1048.51 linux-image-raspi-hwe-18.04-edge - 5.4.0.1048.51 linux-tools-raspi-hwe-18.04 - 5.4.0.1048.51 linux-headers-raspi-hwe-18.04 - 5.4.0.1048.51 linux-raspi-hwe-18.04-edge - 5.4.0.1048.51 No subscription required linux-headers-gke-5.4 - 5.4.0.1057.60~18.04.22 linux-modules-extra-gke-5.4 - 5.4.0.1057.60~18.04.22 linux-gke-5.4 - 5.4.0.1057.60~18.04.22 linux-image-gke-5.4 - 5.4.0.1057.60~18.04.22 linux-tools-gke-5.4 - 5.4.0.1057.60~18.04.22 No subscription required linux-image-gcp-edge - 5.4.0.1059.45 linux-headers-gcp-edge - 5.4.0.1059.45 linux-modules-extra-gcp - 5.4.0.1059.45 linux-gcp-edge - 5.4.0.1059.45 linux-modules-extra-gcp-edge - 5.4.0.1059.45 linux-tools-gcp - 5.4.0.1059.45 linux-gcp - 5.4.0.1059.45 linux-tools-gcp-edge - 5.4.0.1059.45 linux-headers-gcp - 5.4.0.1059.45 linux-image-gcp - 5.4.0.1059.45 No subscription required linux-headers-oracle - 5.4.0.1059.63~18.04.39 linux-tools-oracle - 5.4.0.1059.63~18.04.39 linux-signed-image-oracle - 5.4.0.1059.63~18.04.39 linux-signed-oracle - 5.4.0.1059.63~18.04.39 linux-tools-oracle-edge - 5.4.0.1059.63~18.04.39 linux-oracle-edge - 5.4.0.1059.63~18.04.39 linux-modules-extra-oracle-edge - 5.4.0.1059.63~18.04.39 linux-image-oracle-edge - 5.4.0.1059.63~18.04.39 linux-modules-extra-oracle - 5.4.0.1059.63~18.04.39 linux-signed-oracle-edge - 5.4.0.1059.63~18.04.39 linux-signed-image-oracle-edge - 5.4.0.1059.63~18.04.39 linux-headers-oracle-edge - 5.4.0.1059.63~18.04.39 linux-image-oracle - 5.4.0.1059.63~18.04.39 linux-oracle - 5.4.0.1059.63~18.04.39 No subscription required linux-headers-aws - 5.4.0.1061.44 linux-image-aws - 5.4.0.1061.44 linux-aws-edge - 5.4.0.1061.44 linux-aws - 5.4.0.1061.44 linux-modules-extra-aws-edge - 5.4.0.1061.44 linux-headers-aws-edge - 5.4.0.1061.44 linux-modules-extra-aws - 5.4.0.1061.44 linux-tools-aws - 5.4.0.1061.44 linux-tools-aws-edge - 5.4.0.1061.44 linux-image-aws-edge - 5.4.0.1061.44 No subscription required linux-tools-azure-edge - 5.4.0.1065.45 linux-cloud-tools-azure - 5.4.0.1065.45 linux-tools-azure - 5.4.0.1065.45 linux-cloud-tools-azure-edge - 5.4.0.1065.45 linux-modules-extra-azure - 5.4.0.1065.45 linux-azure - 5.4.0.1065.45 linux-signed-image-azure-edge - 5.4.0.1065.45 linux-image-azure - 5.4.0.1065.45 linux-signed-image-azure - 5.4.0.1065.45 linux-signed-azure - 5.4.0.1065.45 linux-azure-edge - 5.4.0.1065.45 linux-modules-extra-azure-edge - 5.4.0.1065.45 linux-headers-azure-edge - 5.4.0.1065.45 linux-signed-azure-edge - 5.4.0.1065.45 linux-image-azure-edge - 5.4.0.1065.45 linux-headers-azure - 5.4.0.1065.45 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-headers-snapdragon-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-generic-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-oem - 5.4.0.92.103~18.04.82 linux-tools-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-lowlatency-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-lowlatency-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-extra-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-oem-osp1 - 5.4.0.92.103~18.04.82 linux-generic-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-headers-oem - 5.4.0.92.103~18.04.82 linux-snapdragon-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-generic-lpae-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-lowlatency-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-generic-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-oem - 5.4.0.92.103~18.04.82 linux-headers-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-oem - 5.4.0.92.103~18.04.82 linux-tools-snapdragon-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-snapdragon-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-generic-lpae-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-oem-osp1 - 5.4.0.92.103~18.04.82 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-tools-generic-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-image-generic-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-snapdragon-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-oem-osp1 - 5.4.0.92.103~18.04.82 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-tools-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-generic-lpae-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-generic-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-oem-osp1 - 5.4.0.92.103~18.04.82 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-lowlatency-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-lowlatency-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.92.103~18.04.82 linux-generic-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-tools-generic-hwe-18.04 - 5.4.0.92.103~18.04.82 linux-image-virtual-hwe-18.04-edge - 5.4.0.92.103~18.04.82 No subscription required High CVE-2020-26541 CVE-2021-20321 CVE-2021-3760 CVE-2021-4002 CVE-2021-41864 CVE-2021-43056 CVE-2021-43389 Ubuntu 18.04 LTS USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization (SEV) enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update Instructions: Run `sudo pro fix USN-5210-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-headers-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-gcp-5.4-tools-5.4.0-1060 - 5.4.0-1060.64~18.04.1 linux-gcp-5.4-headers-5.4.0-1060 - 5.4.0-1060.64~18.04.1 linux-image-unsigned-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-modules-extra-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-modules-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-buildinfo-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 linux-image-5.4.0-1060-gcp - 5.4.0-1060.64~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-94.106~18.04.1 linux-image-unsigned-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-image-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-tools-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-hwe-5.4-tools-5.4.0-94 - 5.4.0-94.106~18.04.1 linux-image-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-buildinfo-5.4.0-94-generic-lpae - 5.4.0-94.106~18.04.1 linux-buildinfo-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-image-unsigned-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-headers-5.4.0-94-generic-lpae - 5.4.0-94.106~18.04.1 linux-cloud-tools-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-headers-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-modules-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-modules-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-94.106~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-94 - 5.4.0-94.106~18.04.1 linux-buildinfo-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-cloud-tools-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-headers-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-tools-5.4.0-94-generic-lpae - 5.4.0-94.106~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-94.106~18.04.1 linux-hwe-5.4-headers-5.4.0-94 - 5.4.0-94.106~18.04.1 linux-modules-5.4.0-94-generic-lpae - 5.4.0-94.106~18.04.1 linux-tools-5.4.0-94-lowlatency - 5.4.0-94.106~18.04.1 linux-modules-extra-5.4.0-94-generic - 5.4.0-94.106~18.04.1 linux-image-5.4.0-94-generic-lpae - 5.4.0-94.106~18.04.1 No subscription required linux-image-gcp-edge - 5.4.0.1060.46 linux-tools-gcp-edge - 5.4.0.1060.46 linux-headers-gcp-edge - 5.4.0.1060.46 linux-modules-extra-gcp - 5.4.0.1060.46 linux-tools-gcp - 5.4.0.1060.46 linux-modules-extra-gcp-edge - 5.4.0.1060.46 linux-gcp - 5.4.0.1060.46 linux-headers-gcp - 5.4.0.1060.46 linux-image-gcp - 5.4.0.1060.46 linux-gcp-edge - 5.4.0.1060.46 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-headers-snapdragon-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-image-generic-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-oem - 5.4.0.94.106~18.04.83 linux-image-snapdragon-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-oem - 5.4.0.94.106~18.04.83 linux-tools-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-generic-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-lowlatency-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-lowlatency-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-extra-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-image-oem-osp1 - 5.4.0.94.106~18.04.83 linux-snapdragon-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-generic-lpae-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-tools-lowlatency-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-headers-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-snapdragon-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-generic-lpae-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-tools-oem-osp1 - 5.4.0.94.106~18.04.83 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-oem - 5.4.0.94.106~18.04.83 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-generic-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-generic-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-oem - 5.4.0.94.106~18.04.83 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-snapdragon-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-oem-osp1 - 5.4.0.94.106~18.04.83 linux-generic-lpae-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-tools-generic-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-generic-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-oem-osp1 - 5.4.0.94.106~18.04.83 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-image-lowlatency-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-lowlatency-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-generic-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.94.106~18.04.83 linux-image-generic-hwe-18.04-edge - 5.4.0.94.106~18.04.83 linux-image-virtual-hwe-18.04-edge - 5.4.0.94.106~18.04.83 No subscription required None https://launchpad.net/bugs/1956575 Ubuntu 18.04 LTS It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44224) It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-44790) Update Instructions: Run `sudo pro fix USN-5212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.21 apache2-utils - 2.4.29-1ubuntu4.21 apache2-dev - 2.4.29-1ubuntu4.21 apache2-suexec-pristine - 2.4.29-1ubuntu4.21 apache2-suexec-custom - 2.4.29-1ubuntu4.21 apache2 - 2.4.29-1ubuntu4.21 apache2-doc - 2.4.29-1ubuntu4.21 apache2-ssl-dev - 2.4.29-1ubuntu4.21 apache2-bin - 2.4.29-1ubuntu4.21 No subscription required Medium CVE-2021-44224 CVE-2021-44790 Ubuntu 18.04 LTS It was discovered that Cacti was incorrectly validating permissions for user accounts that had been recently disabled. An authenticated attacker could possibly use this to obtain unauthorized access to application and system data. (CVE-2020-13230) It was discovered that Cacti was incorrectly performing authorization checks in auth_profile.php. A remote unauthenticated attacker could use this to perform a CSRF attack and set a new admin email or make other changes. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13231) It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the color.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14295) It was discovered that Cacti did not properly escape file input fields when performing template import operations for various themes. An authenticated attacker could use this to perform XSS attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424) It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the data_debug.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701) Update Instructions: Run `sudo pro fix USN-5214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cacti - 1.1.38+ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13230 CVE-2020-13231 CVE-2020-14295 CVE-2020-14424 CVE-2020-35701 Ubuntu 18.04 LTS Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-nltk - 3.2.5-1ubuntu0.1+esm1 python3-nltk - 3.2.5-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-3828 Ubuntu 18.04 LTS It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-hosted-git-info - 2.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-23362 Ubuntu 18.04 LTS It was discovered that Composer did not properly sanitize URLs for Mercurial repositories in the root composer.json and package source download URLs. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5220-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: composer - 1.6.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-29472 Ubuntu 18.04 LTS It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-32626) It was discovered that Redis incorrectly handled some malformed requests when using Redis Lua Debugger. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32672) It was discovered that Redis incorrectly handled certain Redis Standard Protocol (RESP) requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32675) It was discovered that Redis incorrectly handled some configuration parameters with specially crafted network payloads. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Vulnerabilities CVE-2021-32627 and CVE-2021-41099 only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-32627, CVE-2021-32628, CVE-2021-32687, CVE-2021-41099). It was discovered that Redis incorrectly handled memory when processing certain input in 32-bit systems. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. One vulnerability (CVE-2021-32761) only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM and another vulnerability (CVE-2021-21309) only affected Ubuntu 18.04 ESM. (CVE-2021-32761, CVE-2021-21309). Update Instructions: Run `sudo pro fix USN-5221-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis-sentinel - 5:4.0.9-1ubuntu0.2+esm3 redis-server - 5:4.0.9-1ubuntu0.2+esm3 redis - 5:4.0.9-1ubuntu0.2+esm3 redis-tools - 5:4.0.9-1ubuntu0.2+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-41099 CVE-2021-32761 CVE-2021-21309 Ubuntu 18.04 LTS It was discovered that Apache Log4j 2 was vulnerable to remote code execution (RCE) attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. (CVE-2021-44832) Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105) Update Instructions: Run `sudo pro fix USN-5222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j2-java - 2.12.4-0ubuntu0.1 liblog4j2-java-doc - 2.12.4-0ubuntu0.1 No subscription required Medium CVE-2021-44832 CVE-2021-45105 Ubuntu 18.04 LTS It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5223-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j1.2-java-doc - 1.2.17-8+deb10u1ubuntu0.1 liblog4j1.2-java - 1.2.17-8+deb10u1ubuntu0.1 No subscription required Medium CVE-2021-4104 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5224-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.15 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.15 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.15 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.15 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.15 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.15 No subscription required Medium CVE-2021-45944 CVE-2021-45949 Ubuntu 18.04 LTS It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-lxml - 4.2.1-1ubuntu0.6 python-lxml - 4.2.1-1ubuntu0.6 python-lxml-doc - 4.2.1-1ubuntu0.6 No subscription required Medium CVE-2021-43818 Ubuntu 18.04 LTS It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817) Update Instructions: Run `sudo pro fix USN-5227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.7 python-pil-doc - 5.1.0-1ubuntu0.7 python3-pil - 5.1.0-1ubuntu0.7 python-pil - 5.1.0-1ubuntu0.7 python-pil.imagetk - 5.1.0-1ubuntu0.7 No subscription required Medium CVE-2021-23437 CVE-2021-34552 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 Ubuntu 18.04 LTS USN-5227-1 fixed vulnerabilities in Pillow. It was discovered that the fix for CVE-2022-22817 was incomplete. This update fixes the problem. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817) Update Instructions: Run `sudo pro fix USN-5227-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pil.imagetk - 5.1.0-1ubuntu0.8 python-pil-doc - 5.1.0-1ubuntu0.8 python3-pil - 5.1.0-1ubuntu0.8 python-pil - 5.1.0-1ubuntu0.8 python-pil.imagetk - 5.1.0-1ubuntu0.8 No subscription required Medium CVE-2022-22817 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information across domains, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 96.0+build2-0ubuntu0.18.04.1 firefox - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 96.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 96.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 96.0+build2-0ubuntu0.18.04.1 firefox-dev - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 96.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 96.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 CVE-2022-22752 Ubuntu 18.04 LTS It was discovered that App::cpanminus did not properly verify CHECKSUMS files. An attacker could possibly use this issue to bypass signature verification, gaining access to sensitive data or possibly executing unauthorized code. Update Instructions: Run `sudo pro fix USN-5230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cpanminus - 1.7043-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-16154 Ubuntu 18.04 LTS It was discovered that 389 Directory Server presented to users, during authentication, an error message which could be used to discover if a certain LDAP DN existed or not. A remote unauthenticated attacker could possibly use this to check the existence of an entry in a LDAP database and expose sensitive information. This issue affected only Ubuntu 20.04 ESM. (CVE-2020-35518) It was discovered that 389 Directory Server was incorrectly validating data used to access memory addresses. An authenticated attacker using a Syncrepl client could use this issue with a specially crafted query to cause 389 Directory Server to crash, resulting in a denial of service. (CVE-2021-3514) Update Instructions: Run `sudo pro fix USN-5231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: 389-ds-base - 1.3.7.10-1ubuntu1+esm1 389-ds-base-libs - 1.3.7.10-1ubuntu1+esm1 python3-lib389 - 1.3.7.10-1ubuntu1+esm1 python3-dirsrvtests - 1.3.7.10-1ubuntu1+esm1 389-ds-base-dev - 1.3.7.10-1ubuntu1+esm1 389-ds - 1.3.7.10-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-35518 CVE-2021-3514 Ubuntu 18.04 LTS Jakub Żoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: fail2ban - 0.10.2-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32749 Ubuntu 18.04 LTS It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-base - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.103.5+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.103.5+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.103.5+dfsg-0ubuntu0.18.04.1 clamdscan - 0.103.5+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-20698 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. (CVE-2021-41816) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a regular expression denial of service. (CVE-2021-41817) It was discovered that Ruby incorrectly handled certain cookie names. An attacker could possibly use this issue to access or expose sensitive information. (CVE-2021-41819) Update Instructions: Run `sudo pro fix USN-5235-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.5 - 2.5.1-1ubuntu1.11 ruby2.5 - 2.5.1-1ubuntu1.11 ruby2.5-doc - 2.5.1-1ubuntu1.11 ruby2.5-dev - 2.5.1-1ubuntu1.11 No subscription required Medium CVE-2021-41816 CVE-2021-41817 CVE-2021-41819 Ubuntu 18.04 LTS It was discovered that MediaInfoLib incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-26797) It was discovered that MediaInfoLib incorrectly handled certain specially crafted MpegPs files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15395) Update Instructions: Run `sudo pro fix USN-5237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mediainfodll - 17.12-1ubuntu0.1+esm1 libmediainfo-dev - 17.12-1ubuntu0.1+esm1 python3-mediainfodll - 17.12-1ubuntu0.1+esm1 libmediainfo0v5 - 17.12-1ubuntu0.1+esm1 libmediainfo-doc - 17.12-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-15395 CVE-2020-26797 Ubuntu 18.04 LTS It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpostgresql-jdbc-java - 9.4.1212-1ubuntu0.1~esm1 libpostgresql-jdbc-java-doc - 9.4.1212-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13692 Ubuntu 18.04 LTS It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttpmime-java - 4.5.5-1ubuntu0.1~esm1 libhttpclient-java - 4.5.5-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13956 Ubuntu 18.04 LTS William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gkeop-5.4-headers-5.4.0-1031 - 5.4.0-1031.32~18.04.1 linux-modules-extra-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-gkeop-5.4-tools-5.4.0-1031 - 5.4.0-1031.32~18.04.1 linux-modules-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-tools-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-headers-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1031.32~18.04.1 linux-buildinfo-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-image-unsigned-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-cloud-tools-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-image-5.4.0-1031-gkeop - 5.4.0-1031.32~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1031 - 5.4.0-1031.32~18.04.1 No subscription required linux-buildinfo-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 linux-tools-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 linux-headers-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 linux-image-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 linux-raspi-5.4-headers-5.4.0-1050 - 5.4.0-1050.56~18.04.1 linux-raspi-5.4-tools-5.4.0-1050 - 5.4.0-1050.56~18.04.1 linux-modules-5.4.0-1050-raspi - 5.4.0-1050.56~18.04.1 No subscription required linux-gke-5.4-tools-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-gke-5.4-headers-5.4.0-1059 - 5.4.0-1059.62~18.04.1 linux-image-unsigned-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-modules-extra-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-tools-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-headers-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-buildinfo-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-modules-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 linux-image-5.4.0-1059-gke - 5.4.0-1059.62~18.04.1 No subscription required linux-buildinfo-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-image-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-headers-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-modules-extra-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-image-unsigned-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-tools-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-oracle-5.4-headers-5.4.0-1061 - 5.4.0-1061.65~18.04.1 linux-modules-5.4.0-1061-oracle - 5.4.0-1061.65~18.04.1 linux-oracle-5.4-tools-5.4.0-1061 - 5.4.0-1061.65~18.04.1 No subscription required linux-modules-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-image-unsigned-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-headers-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-gcp-5.4-tools-5.4.0-1062 - 5.4.0-1062.66~18.04.1 linux-tools-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-gcp-5.4-headers-5.4.0-1062 - 5.4.0-1062.66~18.04.1 linux-image-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-modules-extra-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 linux-buildinfo-5.4.0-1062-gcp - 5.4.0-1062.66~18.04.1 No subscription required linux-buildinfo-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-aws-5.4-headers-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-aws-5.4-tools-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-cloud-tools-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-image-unsigned-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-modules-extra-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-tools-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-headers-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 linux-modules-5.4.0-1063-aws - 5.4.0-1063.66~18.04.1 No subscription required linux-headers-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-tools-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1067 - 5.4.0-1067.70~18.04.1 linux-buildinfo-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-image-unsigned-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-azure-5.4-headers-5.4.0-1067 - 5.4.0-1067.70~18.04.1 linux-cloud-tools-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-modules-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-azure-5.4-tools-5.4.0-1067 - 5.4.0-1067.70~18.04.1 linux-modules-extra-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 linux-image-5.4.0-1067-azure - 5.4.0-1067.70~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-96.109~18.04.1 linux-cloud-tools-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-buildinfo-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 linux-image-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-modules-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-tools-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 linux-modules-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-hwe-5.4-tools-5.4.0-96 - 5.4.0-96.109~18.04.1 linux-modules-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 linux-image-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-headers-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-image-unsigned-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-96.109~18.04.1 linux-buildinfo-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-cloud-tools-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-headers-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-modules-extra-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-headers-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-96.109~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-96 - 5.4.0-96.109~18.04.1 linux-tools-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-hwe-5.4-headers-5.4.0-96 - 5.4.0-96.109~18.04.1 linux-image-5.4.0-96-generic-lpae - 5.4.0-96.109~18.04.1 linux-tools-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 linux-image-unsigned-5.4.0-96-generic - 5.4.0-96.109~18.04.1 linux-buildinfo-5.4.0-96-lowlatency - 5.4.0-96.109~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1031.32~18.04.31 linux-modules-extra-gkeop-5.4 - 5.4.0.1031.32~18.04.31 linux-image-gkeop-5.4 - 5.4.0.1031.32~18.04.31 linux-headers-gkeop-5.4 - 5.4.0.1031.32~18.04.31 linux-tools-gkeop-5.4 - 5.4.0.1031.32~18.04.31 linux-gkeop-5.4 - 5.4.0.1031.32~18.04.31 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1050.52 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1050.52 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1050.52 linux-raspi-hwe-18.04 - 5.4.0.1050.52 linux-tools-raspi-hwe-18.04 - 5.4.0.1050.52 linux-headers-raspi-hwe-18.04 - 5.4.0.1050.52 linux-image-raspi-hwe-18.04-edge - 5.4.0.1050.52 linux-raspi-hwe-18.04-edge - 5.4.0.1050.52 No subscription required linux-headers-gke-5.4 - 5.4.0.1059.62~18.04.23 linux-modules-extra-gke-5.4 - 5.4.0.1059.62~18.04.23 linux-gke-5.4 - 5.4.0.1059.62~18.04.23 linux-image-gke-5.4 - 5.4.0.1059.62~18.04.23 linux-tools-gke-5.4 - 5.4.0.1059.62~18.04.23 No subscription required linux-headers-oracle - 5.4.0.1061.65~18.04.40 linux-tools-oracle - 5.4.0.1061.65~18.04.40 linux-signed-image-oracle - 5.4.0.1061.65~18.04.40 linux-signed-oracle - 5.4.0.1061.65~18.04.40 linux-tools-oracle-edge - 5.4.0.1061.65~18.04.40 linux-oracle-edge - 5.4.0.1061.65~18.04.40 linux-modules-extra-oracle-edge - 5.4.0.1061.65~18.04.40 linux-image-oracle-edge - 5.4.0.1061.65~18.04.40 linux-modules-extra-oracle - 5.4.0.1061.65~18.04.40 linux-signed-oracle-edge - 5.4.0.1061.65~18.04.40 linux-signed-image-oracle-edge - 5.4.0.1061.65~18.04.40 linux-headers-oracle-edge - 5.4.0.1061.65~18.04.40 linux-image-oracle - 5.4.0.1061.65~18.04.40 linux-oracle - 5.4.0.1061.65~18.04.40 No subscription required linux-headers-gcp - 5.4.0.1062.47 linux-image-gcp-edge - 5.4.0.1062.47 linux-tools-gcp-edge - 5.4.0.1062.47 linux-headers-gcp-edge - 5.4.0.1062.47 linux-modules-extra-gcp - 5.4.0.1062.47 linux-gcp-edge - 5.4.0.1062.47 linux-modules-extra-gcp-edge - 5.4.0.1062.47 linux-tools-gcp - 5.4.0.1062.47 linux-gcp - 5.4.0.1062.47 linux-image-gcp - 5.4.0.1062.47 No subscription required linux-headers-aws - 5.4.0.1063.45 linux-image-aws - 5.4.0.1063.45 linux-aws-edge - 5.4.0.1063.45 linux-aws - 5.4.0.1063.45 linux-modules-extra-aws-edge - 5.4.0.1063.45 linux-headers-aws-edge - 5.4.0.1063.45 linux-modules-extra-aws - 5.4.0.1063.45 linux-tools-aws - 5.4.0.1063.45 linux-tools-aws-edge - 5.4.0.1063.45 linux-image-aws-edge - 5.4.0.1063.45 No subscription required linux-signed-azure - 5.4.0.1067.46 linux-tools-azure-edge - 5.4.0.1067.46 linux-cloud-tools-azure - 5.4.0.1067.46 linux-tools-azure - 5.4.0.1067.46 linux-image-azure-edge - 5.4.0.1067.46 linux-cloud-tools-azure-edge - 5.4.0.1067.46 linux-modules-extra-azure - 5.4.0.1067.46 linux-azure - 5.4.0.1067.46 linux-signed-image-azure-edge - 5.4.0.1067.46 linux-image-azure - 5.4.0.1067.46 linux-signed-image-azure - 5.4.0.1067.46 linux-headers-azure-edge - 5.4.0.1067.46 linux-azure-edge - 5.4.0.1067.46 linux-modules-extra-azure-edge - 5.4.0.1067.46 linux-signed-azure-edge - 5.4.0.1067.46 linux-headers-azure - 5.4.0.1067.46 No subscription required linux-image-generic-lpae-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-snapdragon-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-oem - 5.4.0.96.109~18.04.84 linux-tools-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-image-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-lowlatency-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-extra-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-image-oem-osp1 - 5.4.0.96.109~18.04.84 linux-headers-oem - 5.4.0.96.109~18.04.84 linux-snapdragon-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-tools-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-tools-snapdragon-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-oem - 5.4.0.96.109~18.04.84 linux-headers-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-generic-lpae-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-tools-oem-osp1 - 5.4.0.96.109~18.04.84 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-tools-generic-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-image-generic-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-generic-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-headers-snapdragon-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-snapdragon-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-tools-oem - 5.4.0.96.109~18.04.84 linux-headers-oem-osp1 - 5.4.0.96.109~18.04.84 linux-tools-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-generic-lpae-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-generic-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-oem-osp1 - 5.4.0.96.109~18.04.84 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.96.109~18.04.84 linux-virtual-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-lowlatency-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-tools-generic-hwe-18.04 - 5.4.0.96.109~18.04.84 linux-image-virtual-hwe-18.04-edge - 5.4.0.96.109~18.04.84 No subscription required High CVE-2022-0185 Ubuntu 18.04 LTS It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5241-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libqt5svg5-dev - 5.9.5-0ubuntu1.1 qtsvg5-examples - 5.9.5-0ubuntu1.1 qtsvg5-doc-html - 5.9.5-0ubuntu1.1 libqt5svg5 - 5.9.5-0ubuntu1.1 qtsvg5-doc - 5.9.5-0ubuntu1.1 No subscription required Medium CVE-2018-19869 CVE-2021-3481 CVE-2021-45930 Ubuntu 18.04 LTS David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: aide-dynamic - 0.16-3ubuntu0.1 aide-common - 0.16-3ubuntu0.1 aide-xen - 0.16-3ubuntu0.1 aide - 0.16-3ubuntu0.1 No subscription required Medium CVE-2021-45417 Ubuntu 18.04 LTS USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5244-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.12.2-1ubuntu1.3 dbus - 1.12.2-1ubuntu1.3 libdbus-1-dev - 1.12.2-1ubuntu1.3 dbus-user-session - 1.12.2-1ubuntu1.3 dbus-x11 - 1.12.2-1ubuntu1.3 dbus-tests - 1.12.2-1ubuntu1.3 libdbus-1-3 - 1.12.2-1ubuntu1.3 No subscription required Low CVE-2020-35512 Ubuntu 18.04 LTS It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model (pom) even if the repositories weren't encrypted (http protocol). An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5245-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: maven - 3.6.0-1~18.04.1ubuntu0.1~esm1 libmaven3-core-java - 3.6.0-1~18.04.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-26291 Ubuntu 18.04 LTS It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. (CVE-2021-3973) It was discovered that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-3974) It was discovered that vim incorrectly handled memory when opening and editing certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984) It was discovered that vim incorrectly handled memory when opening and editing certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-4019) It was discovered that vim incorrectly handled memory when opening and editing certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges.(CVE-2021-4069) Update Instructions: Run `sudo pro fix USN-5247-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.8 vim-gnome - 2:8.0.1453-1ubuntu1.8 vim-athena - 2:8.0.1453-1ubuntu1.8 xxd - 2:8.0.1453-1ubuntu1.8 vim-gtk - 2:8.0.1453-1ubuntu1.8 vim-gui-common - 2:8.0.1453-1ubuntu1.8 vim - 2:8.0.1453-1ubuntu1.8 vim-doc - 2:8.0.1453-1ubuntu1.8 vim-tiny - 2:8.0.1453-1ubuntu1.8 vim-runtime - 2:8.0.1453-1ubuntu1.8 vim-gtk3 - 2:8.0.1453-1ubuntu1.8 vim-nox - 2:8.0.1453-1ubuntu1.8 No subscription required Medium CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751) It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. (CVE-2021-38502) It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528) A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538) It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126) Update Instructions: Run `sudo pro fix USN-5248-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:91.5.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:91.5.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:91.5.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:91.5.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:91.5.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2021-4126 CVE-2021-4129 CVE-2021-4140 CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 Ubuntu 18.04 LTS It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5249-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: usbview - 2.0-21-g6fe2f4f-1ubuntu1.1 No subscription required High CVE-2022-23220 Ubuntu 18.04 LTS Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Update Instructions: Run `sudo pro fix USN-5250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-nm - 5.6.2-1ubuntu2.8 strongswan-scepclient - 5.6.2-1ubuntu2.8 libcharon-extra-plugins - 5.6.2-1ubuntu2.8 libcharon-standard-plugins - 5.6.2-1ubuntu2.8 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.8 strongswan-charon - 5.6.2-1ubuntu2.8 libstrongswan - 5.6.2-1ubuntu2.8 strongswan-swanctl - 5.6.2-1ubuntu2.8 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.8 strongswan-starter - 5.6.2-1ubuntu2.8 charon-systemd - 5.6.2-1ubuntu2.8 strongswan - 5.6.2-1ubuntu2.8 strongswan-tnc-server - 5.6.2-1ubuntu2.8 strongswan-tnc-client - 5.6.2-1ubuntu2.8 strongswan-tnc-base - 5.6.2-1ubuntu2.8 charon-cmd - 5.6.2-1ubuntu2.8 strongswan-libcharon - 5.6.2-1ubuntu2.8 strongswan-pki - 5.6.2-1ubuntu2.8 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.8 strongswan-tnc-pdp - 5.6.2-1ubuntu2.8 No subscription required High CVE-2021-45079 Ubuntu 18.04 LTS It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system() function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5251-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgegl-0.3-0 - 0.3.30-1ubuntu1+esm1 gir1.2-gegl-0.3 - 0.3.30-1ubuntu1+esm1 gegl - 0.3.30-1ubuntu1+esm1 libgegl-doc - 0.3.30-1ubuntu1+esm1 libgegl-dev - 0.3.30-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-45463 Ubuntu 18.04 LTS It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Update Instructions: Run `sudo pro fix USN-5252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpolkit-backend-1-0 - 0.105-20ubuntu0.18.04.6 policykit-1-doc - 0.105-20ubuntu0.18.04.6 libpolkit-agent-1-0 - 0.105-20ubuntu0.18.04.6 libpolkit-gobject-1-dev - 0.105-20ubuntu0.18.04.6 libpolkit-gobject-1-0 - 0.105-20ubuntu0.18.04.6 policykit-1 - 0.105-20ubuntu0.18.04.6 gir1.2-polkit-1.0 - 0.105-20ubuntu0.18.04.6 libpolkit-backend-1-dev - 0.105-20ubuntu0.18.04.6 libpolkit-agent-1-dev - 0.105-20ubuntu0.18.04.6 No subscription required High CVE-2021-4034 Ubuntu 18.04 LTS It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. (CVE-2019-16782) It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performing the necessary integrity checks. An attacker could possibly use this issue to overwrite existing cookie data and gain control over a remote system's behaviour. This issue only affected Ubuntu 14.04 ESM. (CVE-2020-8184) It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. This issue was only fixed in Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2022-30123) Update Instructions: Run `sudo pro fix USN-5253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-4ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16782 CVE-2020-8184 CVE-2022-30122 CVE-2022-30123 Ubuntu 18.04 LTS It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424) It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-7169) Update Instructions: Run `sudo pro fix USN-5254-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.5-1ubuntu2.2 login - 1:4.5-1ubuntu2.2 uidmap - 1:4.5-1ubuntu2.2 No subscription required Low CVE-2017-12424 CVE-2018-7169 Ubuntu 18.04 LTS It was discovered that uriparser incorrectly handled certain memory operations. An attacker could use this to cause a denial of service. (CVE-2021-46141, CVE-2021-46142) Update Instructions: Run `sudo pro fix USN-5256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liburiparser-doc - 0.8.4-1+deb9u2ubuntu0.1 liburiparser-dev - 0.8.4-1+deb9u2ubuntu0.1 liburiparser1 - 0.8.4-1+deb9u2ubuntu0.1 No subscription required Medium CVE-2021-46141 CVE-2021-46142 Ubuntu 18.04 LTS It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-19860, CVE-2020-19861) Update Instructions: Run `sudo pro fix USN-5257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldns-dev - 1.7.0-3ubuntu4.1 libldns2 - 1.7.0-3ubuntu4.1 python3-ldns - 1.7.0-3ubuntu4.1 ldnsutils - 1.7.0-3ubuntu4.1 python-ldns - 1.7.0-3ubuntu4.1 No subscription required Medium CVE-2020-19860 CVE-2020-19861 Ubuntu 18.04 LTS Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. (CVE-2021-40516) Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9760) Stuart Nevans Locke discovered that WeeChat insecurely handled certain IRC messages. A remote unauthenticated attacker could possibly use these issues to cause denial of service in a client. These issues only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-9759, CVE-2020-8955) Joseph Bisch discovered that WeeChat's logger incorrectly handled certain memory operations when handling log file names. A remote attacker could possibly use this issue to cause denial of service in a client. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-14727) Update Instructions: Run `sudo pro fix USN-5258-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: weechat-dev - 1.9.1-1ubuntu1+esm1 weechat-core - 1.9.1-1ubuntu1+esm1 weechat-curses - 1.9.1-1ubuntu1+esm1 weechat-doc - 1.9.1-1ubuntu1+esm1 weechat-plugins - 1.9.1-1ubuntu1+esm1 weechat - 1.9.1-1ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-14727 CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516 Ubuntu 18.04 LTS USN-5259-1 fixed several vulnerabilities in Cron. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update Instructions: Run `sudo pro fix USN-5259-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cron - 3.0pl1-128.1ubuntu1.1 No subscription required Low CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Ubuntu 18.04 LTS USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update Instructions: Run `sudo pro fix USN-5259-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cron - 3.0pl1-128.1ubuntu1.2 No subscription required Low CVE-2017-9525 https://launchpad.net/bugs/1971895 https://ubuntu.com/security/notices/USN-5259-2 Ubuntu 18.04 LTS Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142) Update Instructions: Run `sudo pro fix USN-5260-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libparse-pidl-perl - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libnss-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libpam-winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 winbind - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 ctdb - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 smbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 python-samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-testsuite - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-common-bin - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libwbclient0 - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-dsdb-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libwbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libsmbclient-dev - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-vfs-modules - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-common - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 registry-tools - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 samba-libs - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 libsmbclient - 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 No subscription required High CVE-2021-44142 Ubuntu 18.04 LTS It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5266-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gke-5.4-headers-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-image-unsigned-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-modules-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-buildinfo-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-gke-5.4-tools-5.4.0-1061 - 5.4.0-1061.64~18.04.1 linux-headers-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-modules-extra-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-image-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 linux-tools-5.4.0-1061-gke - 5.4.0-1061.64~18.04.1 No subscription required linux-gke-5.4 - 5.4.0.1061.64~18.04.25 linux-headers-gke-5.4 - 5.4.0.1061.64~18.04.25 linux-image-gke-5.4 - 5.4.0.1061.64~18.04.25 linux-tools-gke-5.4 - 5.4.0.1061.64~18.04.25 linux-modules-extra-gke-5.4 - 5.4.0.1061.64~18.04.25 No subscription required Medium CVE-2021-22600 CVE-2021-42739 Ubuntu 18.04 LTS It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5267-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-headers-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-gkeop-5.4-headers-5.4.0-1032 - 5.4.0-1032.33~18.04.1 linux-gkeop-5.4-tools-5.4.0-1032 - 5.4.0-1032.33~18.04.1 linux-buildinfo-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-cloud-tools-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-image-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1032.33~18.04.1 linux-image-unsigned-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-tools-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-modules-5.4.0-1032-gkeop - 5.4.0-1032.33~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1032 - 5.4.0-1032.33~18.04.1 No subscription required linux-image-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-modules-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-image-unsigned-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-tools-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-buildinfo-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-modules-extra-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-headers-5.4.0-1062-oracle - 5.4.0-1062.66~18.04.1 linux-oracle-5.4-headers-5.4.0-1062 - 5.4.0-1062.66~18.04.1 linux-oracle-5.4-tools-5.4.0-1062 - 5.4.0-1062.66~18.04.1 No subscription required linux-image-unsigned-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-tools-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-modules-extra-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-image-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-headers-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-gcp-5.4-tools-5.4.0-1063 - 5.4.0-1063.67~18.04.1 linux-buildinfo-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 linux-gcp-5.4-headers-5.4.0-1063 - 5.4.0-1063.67~18.04.1 linux-modules-5.4.0-1063-gcp - 5.4.0-1063.67~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-aws-5.4-tools-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-image-unsigned-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-headers-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-buildinfo-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-cloud-tools-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-modules-extra-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1064 - 5.4.0-1064.67~18.04.1 linux-tools-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 linux-modules-5.4.0-1064-aws - 5.4.0-1064.67~18.04.1 No subscription required linux-headers-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-cloud-tools-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1068 - 5.4.0-1068.71~18.04.1 linux-modules-extra-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-azure-5.4-headers-5.4.0-1068 - 5.4.0-1068.71~18.04.1 linux-azure-5.4-tools-5.4.0-1068 - 5.4.0-1068.71~18.04.1 linux-buildinfo-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-modules-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-tools-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-image-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 linux-image-unsigned-5.4.0-1068-azure - 5.4.0-1068.71~18.04.1 No subscription required linux-modules-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-image-unsigned-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-97.110~18.04.1 linux-modules-5.4.0-97-generic-lpae - 5.4.0-97.110~18.04.1 linux-headers-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-hwe-5.4-tools-5.4.0-97 - 5.4.0-97.110~18.04.1 linux-headers-5.4.0-97-generic-lpae - 5.4.0-97.110~18.04.1 linux-tools-5.4.0-97-generic-lpae - 5.4.0-97.110~18.04.1 linux-cloud-tools-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-modules-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-cloud-tools-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-tools-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-image-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-image-unsigned-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-headers-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-modules-extra-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-image-5.4.0-97-generic-lpae - 5.4.0-97.110~18.04.1 linux-buildinfo-5.4.0-97-generic-lpae - 5.4.0-97.110~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-97 - 5.4.0-97.110~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-97.110~18.04.1 linux-buildinfo-5.4.0-97-generic - 5.4.0-97.110~18.04.1 linux-hwe-5.4-headers-5.4.0-97 - 5.4.0-97.110~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-97.110~18.04.1 linux-tools-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-buildinfo-5.4.0-97-lowlatency - 5.4.0-97.110~18.04.1 linux-image-5.4.0-97-generic - 5.4.0-97.110~18.04.1 No subscription required linux-image-gkeop-5.4 - 5.4.0.1032.33~18.04.32 linux-cloud-tools-gkeop-5.4 - 5.4.0.1032.33~18.04.32 linux-gkeop-5.4 - 5.4.0.1032.33~18.04.32 linux-headers-gkeop-5.4 - 5.4.0.1032.33~18.04.32 linux-modules-extra-gkeop-5.4 - 5.4.0.1032.33~18.04.32 linux-tools-gkeop-5.4 - 5.4.0.1032.33~18.04.32 No subscription required linux-headers-oracle - 5.4.0.1062.66~18.04.41 linux-tools-oracle - 5.4.0.1062.66~18.04.41 linux-signed-image-oracle - 5.4.0.1062.66~18.04.41 linux-signed-oracle - 5.4.0.1062.66~18.04.41 linux-tools-oracle-edge - 5.4.0.1062.66~18.04.41 linux-oracle-edge - 5.4.0.1062.66~18.04.41 linux-modules-extra-oracle-edge - 5.4.0.1062.66~18.04.41 linux-image-oracle-edge - 5.4.0.1062.66~18.04.41 linux-modules-extra-oracle - 5.4.0.1062.66~18.04.41 linux-signed-oracle-edge - 5.4.0.1062.66~18.04.41 linux-signed-image-oracle-edge - 5.4.0.1062.66~18.04.41 linux-headers-oracle-edge - 5.4.0.1062.66~18.04.41 linux-image-oracle - 5.4.0.1062.66~18.04.41 linux-oracle - 5.4.0.1062.66~18.04.41 No subscription required linux-headers-gcp - 5.4.0.1063.48 linux-image-gcp-edge - 5.4.0.1063.48 linux-tools-gcp-edge - 5.4.0.1063.48 linux-headers-gcp-edge - 5.4.0.1063.48 linux-modules-extra-gcp - 5.4.0.1063.48 linux-modules-extra-gcp-edge - 5.4.0.1063.48 linux-tools-gcp - 5.4.0.1063.48 linux-gcp - 5.4.0.1063.48 linux-image-gcp - 5.4.0.1063.48 linux-gcp-edge - 5.4.0.1063.48 No subscription required linux-headers-aws - 5.4.0.1064.46 linux-image-aws - 5.4.0.1064.46 linux-modules-extra-aws-edge - 5.4.0.1064.46 linux-aws-edge - 5.4.0.1064.46 linux-aws - 5.4.0.1064.46 linux-headers-aws-edge - 5.4.0.1064.46 linux-modules-extra-aws - 5.4.0.1064.46 linux-tools-aws - 5.4.0.1064.46 linux-tools-aws-edge - 5.4.0.1064.46 linux-image-aws-edge - 5.4.0.1064.46 No subscription required linux-signed-azure - 5.4.0.1068.47 linux-tools-azure-edge - 5.4.0.1068.47 linux-cloud-tools-azure - 5.4.0.1068.47 linux-image-azure-edge - 5.4.0.1068.47 linux-cloud-tools-azure-edge - 5.4.0.1068.47 linux-modules-extra-azure - 5.4.0.1068.47 linux-azure - 5.4.0.1068.47 linux-signed-image-azure-edge - 5.4.0.1068.47 linux-image-azure - 5.4.0.1068.47 linux-signed-image-azure - 5.4.0.1068.47 linux-azure-edge - 5.4.0.1068.47 linux-tools-azure - 5.4.0.1068.47 linux-modules-extra-azure-edge - 5.4.0.1068.47 linux-headers-azure-edge - 5.4.0.1068.47 linux-signed-azure-edge - 5.4.0.1068.47 linux-headers-azure - 5.4.0.1068.47 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-headers-snapdragon-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-image-generic-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-snapdragon-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-oem - 5.4.0.97.110~18.04.85 linux-tools-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-headers-lowlatency-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-lowlatency-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-oem-osp1 - 5.4.0.97.110~18.04.85 linux-headers-oem - 5.4.0.97.110~18.04.85 linux-snapdragon-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-generic-lpae-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-lowlatency-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-generic-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-tools-snapdragon-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-generic-lpae-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-image-extra-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-oem-osp1 - 5.4.0.97.110~18.04.85 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-tools-generic-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-image-generic-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-generic-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-oem - 5.4.0.97.110~18.04.85 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-snapdragon-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-oem - 5.4.0.97.110~18.04.85 linux-headers-oem-osp1 - 5.4.0.97.110~18.04.85 linux-tools-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-generic-lpae-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-generic-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-oem-osp1 - 5.4.0.97.110~18.04.85 linux-image-virtual-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-image-lowlatency-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-lowlatency-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.97.110~18.04.85 linux-generic-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-tools-generic-hwe-18.04 - 5.4.0.97.110~18.04.85 linux-image-virtual-hwe-18.04-edge - 5.4.0.97.110~18.04.85 No subscription required Medium CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 Ubuntu 18.04 LTS USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5267-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-gkeop-5.4-tools-5.4.0-1033 - 5.4.0-1033.34~18.04.1 linux-modules-extra-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-gkeop-5.4-headers-5.4.0-1033 - 5.4.0-1033.34~18.04.1 linux-image-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-modules-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-buildinfo-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1033.34~18.04.1 linux-cloud-tools-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1033 - 5.4.0-1033.34~18.04.1 linux-image-unsigned-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 linux-tools-5.4.0-1033-gkeop - 5.4.0-1033.34~18.04.1 No subscription required linux-gke-5.4-tools-5.4.0-1062 - 5.4.0-1062.65~18.04.1 linux-gke-5.4-headers-5.4.0-1062 - 5.4.0-1062.65~18.04.1 linux-modules-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-buildinfo-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-headers-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-image-unsigned-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-image-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-tools-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 linux-modules-extra-5.4.0-1062-gke - 5.4.0-1062.65~18.04.1 No subscription required linux-modules-extra-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-headers-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-image-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-modules-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-buildinfo-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-image-unsigned-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 linux-oracle-5.4-headers-5.4.0-1063 - 5.4.0-1063.67~18.04.1 linux-oracle-5.4-tools-5.4.0-1063 - 5.4.0-1063.67~18.04.1 linux-tools-5.4.0-1063-oracle - 5.4.0-1063.67~18.04.1 No subscription required linux-modules-extra-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-gcp-5.4-tools-5.4.0-1064 - 5.4.0-1064.68~18.04.1 linux-modules-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-tools-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-gcp-5.4-headers-5.4.0-1064 - 5.4.0-1064.68~18.04.1 linux-image-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-image-unsigned-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-headers-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 linux-buildinfo-5.4.0-1064-gcp - 5.4.0-1064.68~18.04.1 No subscription required linux-buildinfo-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-aws-5.4-headers-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-aws-5.4-tools-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-cloud-tools-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-headers-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-tools-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-image-unsigned-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-modules-extra-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-modules-5.4.0-1065-aws - 5.4.0-1065.68~18.04.1 No subscription required linux-azure-5.4-cloud-tools-5.4.0-1069 - 5.4.0-1069.72~18.04.1 linux-cloud-tools-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-buildinfo-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-azure-5.4-headers-5.4.0-1069 - 5.4.0-1069.72~18.04.1 linux-image-unsigned-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-headers-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-azure-5.4-tools-5.4.0-1069 - 5.4.0-1069.72~18.04.1 linux-image-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-modules-extra-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-modules-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 linux-tools-5.4.0-1069-azure - 5.4.0-1069.72~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-99.112~18.04.1 linux-modules-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-buildinfo-5.4.0-99-generic-lpae - 5.4.0-99.112~18.04.1 linux-buildinfo-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-image-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-hwe-5.4-tools-5.4.0-99 - 5.4.0-99.112~18.04.1 linux-image-unsigned-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-headers-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-headers-5.4.0-99-generic-lpae - 5.4.0-99.112~18.04.1 linux-image-5.4.0-99-generic-lpae - 5.4.0-99.112~18.04.1 linux-buildinfo-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-modules-extra-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-headers-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-tools-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-99 - 5.4.0-99.112~18.04.1 linux-cloud-tools-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-tools-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-99.112~18.04.1 linux-tools-5.4.0-99-generic-lpae - 5.4.0-99.112~18.04.1 linux-modules-5.4.0-99-generic-lpae - 5.4.0-99.112~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-99.112~18.04.1 linux-modules-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-hwe-5.4-headers-5.4.0-99 - 5.4.0-99.112~18.04.1 linux-image-5.4.0-99-lowlatency - 5.4.0-99.112~18.04.1 linux-image-unsigned-5.4.0-99-generic - 5.4.0-99.112~18.04.1 linux-cloud-tools-5.4.0-99-generic - 5.4.0-99.112~18.04.1 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1033.34~18.04.33 linux-modules-extra-gkeop-5.4 - 5.4.0.1033.34~18.04.33 linux-gkeop-5.4 - 5.4.0.1033.34~18.04.33 linux-headers-gkeop-5.4 - 5.4.0.1033.34~18.04.33 linux-image-gkeop-5.4 - 5.4.0.1033.34~18.04.33 linux-tools-gkeop-5.4 - 5.4.0.1033.34~18.04.33 No subscription required linux-headers-gke-5.4 - 5.4.0.1062.65~18.04.26 linux-tools-gke-5.4 - 5.4.0.1062.65~18.04.26 linux-modules-extra-gke-5.4 - 5.4.0.1062.65~18.04.26 linux-gke-5.4 - 5.4.0.1062.65~18.04.26 linux-image-gke-5.4 - 5.4.0.1062.65~18.04.26 No subscription required linux-headers-oracle - 5.4.0.1063.67~18.04.42 linux-tools-oracle - 5.4.0.1063.67~18.04.42 linux-signed-image-oracle - 5.4.0.1063.67~18.04.42 linux-signed-oracle - 5.4.0.1063.67~18.04.42 linux-tools-oracle-edge - 5.4.0.1063.67~18.04.42 linux-oracle-edge - 5.4.0.1063.67~18.04.42 linux-modules-extra-oracle-edge - 5.4.0.1063.67~18.04.42 linux-image-oracle-edge - 5.4.0.1063.67~18.04.42 linux-modules-extra-oracle - 5.4.0.1063.67~18.04.42 linux-signed-oracle-edge - 5.4.0.1063.67~18.04.42 linux-signed-image-oracle-edge - 5.4.0.1063.67~18.04.42 linux-headers-oracle-edge - 5.4.0.1063.67~18.04.42 linux-image-oracle - 5.4.0.1063.67~18.04.42 linux-oracle - 5.4.0.1063.67~18.04.42 No subscription required linux-image-gcp-edge - 5.4.0.1064.49 linux-tools-gcp-edge - 5.4.0.1064.49 linux-headers-gcp-edge - 5.4.0.1064.49 linux-modules-extra-gcp - 5.4.0.1064.49 linux-modules-extra-gcp-edge - 5.4.0.1064.49 linux-tools-gcp - 5.4.0.1064.49 linux-gcp - 5.4.0.1064.49 linux-headers-gcp - 5.4.0.1064.49 linux-image-gcp - 5.4.0.1064.49 linux-gcp-edge - 5.4.0.1064.49 No subscription required linux-headers-aws - 5.4.0.1065.47 linux-image-aws - 5.4.0.1065.47 linux-aws-edge - 5.4.0.1065.47 linux-aws - 5.4.0.1065.47 linux-modules-extra-aws-edge - 5.4.0.1065.47 linux-headers-aws-edge - 5.4.0.1065.47 linux-modules-extra-aws - 5.4.0.1065.47 linux-tools-aws - 5.4.0.1065.47 linux-image-aws-edge - 5.4.0.1065.47 linux-tools-aws-edge - 5.4.0.1065.47 No subscription required linux-signed-azure - 5.4.0.1069.48 linux-tools-azure-edge - 5.4.0.1069.48 linux-cloud-tools-azure - 5.4.0.1069.48 linux-tools-azure - 5.4.0.1069.48 linux-image-azure-edge - 5.4.0.1069.48 linux-cloud-tools-azure-edge - 5.4.0.1069.48 linux-modules-extra-azure - 5.4.0.1069.48 linux-azure - 5.4.0.1069.48 linux-signed-image-azure-edge - 5.4.0.1069.48 linux-image-azure - 5.4.0.1069.48 linux-signed-image-azure - 5.4.0.1069.48 linux-headers-azure-edge - 5.4.0.1069.48 linux-azure-edge - 5.4.0.1069.48 linux-modules-extra-azure-edge - 5.4.0.1069.48 linux-signed-azure-edge - 5.4.0.1069.48 linux-headers-azure - 5.4.0.1069.48 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-headers-snapdragon-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-generic-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-oem - 5.4.0.99.112~18.04.86 linux-tools-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-tools-lowlatency-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-lowlatency-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-lowlatency-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-extra-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-oem-osp1 - 5.4.0.99.112~18.04.86 linux-headers-oem - 5.4.0.99.112~18.04.86 linux-snapdragon-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-generic-lpae-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-generic-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-snapdragon-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-snapdragon-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-generic-lpae-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-tools-oem-osp1 - 5.4.0.99.112~18.04.86 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-generic-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-generic-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-oem - 5.4.0.99.112~18.04.86 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-snapdragon-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-tools-oem - 5.4.0.99.112~18.04.86 linux-headers-oem-osp1 - 5.4.0.99.112~18.04.86 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-tools-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-generic-lpae-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-generic-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-oem-osp1 - 5.4.0.99.112~18.04.86 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-lowlatency-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-lowlatency-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-generic-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-tools-generic-hwe-18.04 - 5.4.0.99.112~18.04.86 linux-image-generic-hwe-18.04-edge - 5.4.0.99.112~18.04.86 linux-image-virtual-hwe-18.04-edge - 5.4.0.99.112~18.04.86 No subscription required None https://launchpad.net/bugs/1959665 Ubuntu 18.04 LTS USN-5267-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Raspberry Pi devices. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5267-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi-5.4-headers-5.4.0-1052 - 5.4.0-1052.58~18.04.1 linux-raspi-5.4-tools-5.4.0-1052 - 5.4.0-1052.58~18.04.1 linux-buildinfo-5.4.0-1052-raspi - 5.4.0-1052.58~18.04.1 linux-headers-5.4.0-1052-raspi - 5.4.0-1052.58~18.04.1 linux-modules-5.4.0-1052-raspi - 5.4.0-1052.58~18.04.1 linux-image-5.4.0-1052-raspi - 5.4.0-1052.58~18.04.1 linux-tools-5.4.0-1052-raspi - 5.4.0-1052.58~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1052.54 linux-tools-raspi-hwe-18.04 - 5.4.0.1052.54 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1052.54 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1052.54 linux-raspi-hwe-18.04-edge - 5.4.0.1052.54 linux-raspi-hwe-18.04 - 5.4.0.1052.54 linux-image-raspi-hwe-18.04 - 5.4.0.1052.54 linux-headers-raspi-hwe-18.04 - 5.4.0.1052.54 No subscription required Medium CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 Ubuntu 18.04 LTS Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2021-20322) It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739) Update Instructions: Run `sudo pro fix USN-5268-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1034 - 4.15.0-1034.39 linux-buildinfo-4.15.0-1034-dell300x - 4.15.0-1034.39 linux-dell300x-headers-4.15.0-1034 - 4.15.0-1034.39 linux-image-unsigned-4.15.0-1034-dell300x - 4.15.0-1034.39 linux-tools-4.15.0-1034-dell300x - 4.15.0-1034.39 linux-headers-4.15.0-1034-dell300x - 4.15.0-1034.39 linux-image-4.15.0-1034-dell300x - 4.15.0-1034.39 linux-modules-4.15.0-1034-dell300x - 4.15.0-1034.39 No subscription required linux-image-4.15.0-1086-oracle - 4.15.0-1086.94 linux-image-unsigned-4.15.0-1086-oracle - 4.15.0-1086.94 linux-headers-4.15.0-1086-oracle - 4.15.0-1086.94 linux-modules-4.15.0-1086-oracle - 4.15.0-1086.94 linux-modules-extra-4.15.0-1086-oracle - 4.15.0-1086.94 linux-tools-4.15.0-1086-oracle - 4.15.0-1086.94 linux-oracle-tools-4.15.0-1086 - 4.15.0-1086.94 linux-oracle-headers-4.15.0-1086 - 4.15.0-1086.94 linux-buildinfo-4.15.0-1086-oracle - 4.15.0-1086.94 No subscription required linux-image-4.15.0-1102-raspi2 - 4.15.0-1102.109 linux-tools-4.15.0-1102-raspi2 - 4.15.0-1102.109 linux-raspi2-headers-4.15.0-1102 - 4.15.0-1102.109 linux-modules-4.15.0-1102-raspi2 - 4.15.0-1102.109 linux-raspi2-tools-4.15.0-1102 - 4.15.0-1102.109 linux-headers-4.15.0-1102-raspi2 - 4.15.0-1102.109 linux-buildinfo-4.15.0-1102-raspi2 - 4.15.0-1102.109 No subscription required linux-kvm-headers-4.15.0-1106 - 4.15.0-1106.108 linux-headers-4.15.0-1106-kvm - 4.15.0-1106.108 linux-kvm-tools-4.15.0-1106 - 4.15.0-1106.108 linux-modules-4.15.0-1106-kvm - 4.15.0-1106.108 linux-tools-4.15.0-1106-kvm - 4.15.0-1106.108 linux-buildinfo-4.15.0-1106-kvm - 4.15.0-1106.108 linux-image-4.15.0-1106-kvm - 4.15.0-1106.108 No subscription required linux-modules-extra-4.15.0-1115-gcp - 4.15.0-1115.129 linux-image-4.15.0-1115-gcp - 4.15.0-1115.129 linux-buildinfo-4.15.0-1115-gcp - 4.15.0-1115.129 linux-image-unsigned-4.15.0-1115-gcp - 4.15.0-1115.129 linux-tools-4.15.0-1115-gcp - 4.15.0-1115.129 linux-modules-4.15.0-1115-gcp - 4.15.0-1115.129 linux-gcp-4.15-tools-4.15.0-1115 - 4.15.0-1115.129 linux-headers-4.15.0-1115-gcp - 4.15.0-1115.129 linux-gcp-4.15-headers-4.15.0-1115 - 4.15.0-1115.129 No subscription required linux-headers-4.15.0-1119-aws - 4.15.0-1119.127 linux-tools-4.15.0-1119-aws - 4.15.0-1119.127 linux-aws-tools-4.15.0-1119 - 4.15.0-1119.127 linux-modules-extra-4.15.0-1119-aws - 4.15.0-1119.127 linux-buildinfo-4.15.0-1119-aws - 4.15.0-1119.127 linux-aws-headers-4.15.0-1119 - 4.15.0-1119.127 linux-image-unsigned-4.15.0-1119-aws - 4.15.0-1119.127 linux-cloud-tools-4.15.0-1119-aws - 4.15.0-1119.127 linux-aws-cloud-tools-4.15.0-1119 - 4.15.0-1119.127 linux-modules-4.15.0-1119-aws - 4.15.0-1119.127 No subscription required linux-buildinfo-4.15.0-1119-snapdragon - 4.15.0-1119.128 linux-snapdragon-headers-4.15.0-1119 - 4.15.0-1119.128 linux-snapdragon-tools-4.15.0-1119 - 4.15.0-1119.128 linux-modules-4.15.0-1119-snapdragon - 4.15.0-1119.128 linux-headers-4.15.0-1119-snapdragon - 4.15.0-1119.128 linux-image-4.15.0-1119-snapdragon - 4.15.0-1119.128 linux-tools-4.15.0-1119-snapdragon - 4.15.0-1119.128 No subscription required linux-image-4.15.0-167-generic-lpae - 4.15.0-167.175 linux-tools-common - 4.15.0-167.175 linux-headers-4.15.0-167-generic-lpae - 4.15.0-167.175 linux-tools-host - 4.15.0-167.175 linux-doc - 4.15.0-167.175 linux-libc-dev - 4.15.0-167.175 linux-buildinfo-4.15.0-167-generic-lpae - 4.15.0-167.175 linux-modules-4.15.0-167-generic-lpae - 4.15.0-167.175 linux-modules-extra-4.15.0-167-generic - 4.15.0-167.175 linux-tools-4.15.0-167-generic - 4.15.0-167.175 linux-tools-4.15.0-167-lowlatency - 4.15.0-167.175 linux-image-unsigned-4.15.0-167-generic - 4.15.0-167.175 linux-tools-4.15.0-167 - 4.15.0-167.175 linux-cloud-tools-4.15.0-167-generic - 4.15.0-167.175 linux-headers-4.15.0-167 - 4.15.0-167.175 linux-tools-4.15.0-167-generic-lpae - 4.15.0-167.175 linux-image-4.15.0-167-lowlatency - 4.15.0-167.175 linux-cloud-tools-common - 4.15.0-167.175 linux-headers-4.15.0-167-generic - 4.15.0-167.175 linux-cloud-tools-4.15.0-167 - 4.15.0-167.175 linux-modules-4.15.0-167-lowlatency - 4.15.0-167.175 linux-image-unsigned-4.15.0-167-lowlatency - 4.15.0-167.175 linux-buildinfo-4.15.0-167-lowlatency - 4.15.0-167.175 linux-headers-4.15.0-167-lowlatency - 4.15.0-167.175 linux-modules-4.15.0-167-generic - 4.15.0-167.175 linux-source-4.15.0 - 4.15.0-167.175 linux-image-4.15.0-167-generic - 4.15.0-167.175 linux-cloud-tools-4.15.0-167-lowlatency - 4.15.0-167.175 linux-buildinfo-4.15.0-167-generic - 4.15.0-167.175 No subscription required linux-headers-dell300x - 4.15.0.1034.36 linux-image-dell300x - 4.15.0.1034.36 linux-tools-dell300x - 4.15.0.1034.36 linux-dell300x - 4.15.0.1034.36 No subscription required linux-oracle-lts-18.04 - 4.15.0.1086.96 linux-image-oracle-lts-18.04 - 4.15.0.1086.96 linux-signed-oracle-lts-18.04 - 4.15.0.1086.96 linux-headers-oracle-lts-18.04 - 4.15.0.1086.96 linux-signed-image-oracle-lts-18.04 - 4.15.0.1086.96 linux-tools-oracle-lts-18.04 - 4.15.0.1086.96 No subscription required linux-image-raspi2 - 4.15.0.1102.100 linux-raspi2 - 4.15.0.1102.100 linux-headers-raspi2 - 4.15.0.1102.100 linux-tools-raspi2 - 4.15.0.1102.100 No subscription required linux-kvm - 4.15.0.1106.102 linux-headers-kvm - 4.15.0.1106.102 linux-tools-kvm - 4.15.0.1106.102 linux-image-kvm - 4.15.0.1106.102 No subscription required linux-gcp-lts-18.04 - 4.15.0.1115.134 linux-tools-gcp-lts-18.04 - 4.15.0.1115.134 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1115.134 linux-image-gcp-lts-18.04 - 4.15.0.1115.134 linux-headers-gcp-lts-18.04 - 4.15.0.1115.134 No subscription required linux-snapdragon - 4.15.0.1119.122 linux-image-aws-lts-18.04 - 4.15.0.1119.122 linux-headers-aws-lts-18.04 - 4.15.0.1119.122 linux-headers-snapdragon - 4.15.0.1119.122 linux-tools-snapdragon - 4.15.0.1119.122 linux-aws-lts-18.04 - 4.15.0.1119.122 linux-modules-extra-aws-lts-18.04 - 4.15.0.1119.122 linux-image-snapdragon - 4.15.0.1119.122 linux-tools-aws-lts-18.04 - 4.15.0.1119.122 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-signed-generic-hwe-16.04-edge - 4.15.0.167.156 linux-headers-generic-lpae - 4.15.0.167.156 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-image-extra-virtual-hwe-16.04 - 4.15.0.167.156 linux-image-virtual - 4.15.0.167.156 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.167.156 linux-image-generic - 4.15.0.167.156 linux-tools-lowlatency - 4.15.0.167.156 linux-tools-generic-hwe-16.04-edge - 4.15.0.167.156 linux-headers-generic-hwe-16.04-edge - 4.15.0.167.156 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.167.156 linux-generic-lpae-hwe-16.04 - 4.15.0.167.156 linux-cloud-tools-virtual - 4.15.0.167.156 linux-tools-virtual-hwe-16.04 - 4.15.0.167.156 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-image-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-generic-lpae-hwe-16.04-edge - 4.15.0.167.156 linux-signed-image-lowlatency - 4.15.0.167.156 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.167.156 linux-signed-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-crashdump - 4.15.0.167.156 linux-signed-image-generic - 4.15.0.167.156 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.167.156 linux-tools-generic-lpae - 4.15.0.167.156 linux-cloud-tools-generic - 4.15.0.167.156 linux-generic-hwe-16.04-edge - 4.15.0.167.156 linux-virtual - 4.15.0.167.156 linux-headers-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.167.156 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.167.156 linux-tools-virtual - 4.15.0.167.156 linux-image-extra-virtual - 4.15.0.167.156 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-generic-lpae - 4.15.0.167.156 linux-generic - 4.15.0.167.156 linux-signed-image-generic-hwe-16.04 - 4.15.0.167.156 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.167.156 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-cloud-tools-lowlatency - 4.15.0.167.156 linux-headers-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-headers-generic-hwe-16.04 - 4.15.0.167.156 linux-generic-hwe-16.04 - 4.15.0.167.156 linux-tools-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-image-generic-lpae - 4.15.0.167.156 linux-tools-generic-hwe-16.04 - 4.15.0.167.156 linux-tools-generic - 4.15.0.167.156 linux-source - 4.15.0.167.156 linux-virtual-hwe-16.04 - 4.15.0.167.156 linux-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-image-generic-hwe-16.04 - 4.15.0.167.156 linux-image-generic-hwe-16.04-edge - 4.15.0.167.156 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-image-generic-lpae-hwe-16.04 - 4.15.0.167.156 linux-virtual-hwe-16.04-edge - 4.15.0.167.156 linux-tools-lowlatency-hwe-16.04 - 4.15.0.167.156 linux-signed-generic - 4.15.0.167.156 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.167.156 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.167.156 linux-headers-generic - 4.15.0.167.156 linux-headers-virtual-hwe-16.04 - 4.15.0.167.156 linux-image-virtual-hwe-16.04 - 4.15.0.167.156 linux-headers-lowlatency - 4.15.0.167.156 linux-headers-virtual - 4.15.0.167.156 linux-signed-generic-hwe-16.04 - 4.15.0.167.156 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.167.156 linux-signed-lowlatency - 4.15.0.167.156 linux-lowlatency - 4.15.0.167.156 linux-image-lowlatency - 4.15.0.167.156 No subscription required Medium CVE-2021-20322 CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 Ubuntu 18.04 LTS Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2022-22818) Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service. (CVE-2022-23833) Update Instructions: Run `sudo pro fix USN-5269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.16 python-django-doc - 1:1.11.11-1ubuntu1.16 python-django-common - 1:1.11.11-1ubuntu1.16 python-django - 1:1.11.11-1ubuntu1.16 No subscription required Medium CVE-2022-22818 CVE-2022-23833 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.28 in Ubuntu 20.04 LTS and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.37. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-28.html https://www.oracle.com/security-alerts/cpujan2022.html Update Instructions: Run `sudo pro fix USN-5270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.37-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.37-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.37-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.37-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.37-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.37-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.37-0ubuntu0.18.04.1 mysql-server - 5.7.37-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.37-0ubuntu0.18.04.1 mysql-testsuite - 5.7.37-0ubuntu0.18.04.1 libmysqld-dev - 5.7.37-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.37-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21245 CVE-2022-21249 CVE-2022-21253 CVE-2022-21254 CVE-2022-21256 CVE-2022-21264 CVE-2022-21265 CVE-2022-21270 CVE-2022-21301 CVE-2022-21302 CVE-2022-21303 CVE-2022-21304 CVE-2022-21339 CVE-2022-21342 CVE-2022-21344 CVE-2022-21348 CVE-2022-21351 CVE-2022-21358 CVE-2022-21362 CVE-2022-21367 CVE-2022-21368 CVE-2022-21370 CVE-2022-21372 CVE-2022-21374 CVE-2022-21378 CVE-2022-21379 Ubuntu 18.04 LTS It was discovered that Adminer did not escape data in the history parameter of the default URI. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35572) Adam Crosser and Brian Sizemore discovered that Adminer incorrectly handled redirection requests to internal servers. An unauthenticated remote attacker could possibly use this to perform a server-side request forgery attack and expose sensitive information. (CVE-2021-21311) It was discovered that Adminer was incorrectly escaping data in the doc_link function. A remote attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-29625) Update Instructions: Run `sudo pro fix USN-5271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: adminer - 4.6.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-35572 CVE-2021-21311 CVE-2021-29625 Ubuntu 18.04 LTS It was discovered that HDF5 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5272-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhdf5-doc - 1.10.0-patch1+docs-4ubuntu0.1~esm2 hdf5-helpers - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-cpp-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-mpich-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-openmpi-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-openmpi-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-mpich-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-100 - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-jni - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-java - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-mpi-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm2 libhdf5-serial-dev - 1.10.0-patch1+docs-4ubuntu0.1~esm2 hdf5-tools - 1.10.0-patch1+docs-4ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-17233 CVE-2018-17234 CVE-2018-17237 Ubuntu 18.04 LTS Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue to corrupt the database and cause a denial of service. (CVE-2021-3421, CVE-2021-20271) Demi M. Obenour discovered that RPM Package Manager incorrectly handled memory when processing certain data from the database. An attacker could possibly use this issue to cause a denial of service. This issue only affects Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20266) Update Instructions: Run `sudo pro fix USN-5273-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: debugedit - 4.14.1+dfsg1-2ubuntu0.1~esm1 rpm-i18n - 4.14.1+dfsg1-2ubuntu0.1~esm1 python-rpm - 4.14.1+dfsg1-2ubuntu0.1~esm1 rpm-common - 4.14.1+dfsg1-2ubuntu0.1~esm1 rpm - 4.14.1+dfsg1-2ubuntu0.1~esm1 librpm-dev - 4.14.1+dfsg1-2ubuntu0.1~esm1 rpm2cpio - 4.14.1+dfsg1-2ubuntu0.1~esm1 librpmio8 - 4.14.1+dfsg1-2ubuntu0.1~esm1 python3-rpm - 4.14.1+dfsg1-2ubuntu0.1~esm1 librpm8 - 4.14.1+dfsg1-2ubuntu0.1~esm1 librpmsign8 - 4.14.1+dfsg1-2ubuntu0.1~esm1 librpmbuild8 - 4.14.1+dfsg1-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 Ubuntu 18.04 LTS It was discovered that Simple DirectMedia Layer library incorrectly handled memory when parsing certain specially crafted .BMP files. An attacker could possibly use these issues to crash the application or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5274-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl2-dev - 2.0.8+dfsg1-1ubuntu1.18.04.4+esm1 libsdl2-doc - 2.0.8+dfsg1-1ubuntu1.18.04.4+esm1 libsdl2-2.0-0 - 2.0.8+dfsg1-1ubuntu1.18.04.4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-14409 CVE-2020-14410 Ubuntu 18.04 LTS Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. (CVE-2022-0204) Update Instructions: Run `sudo pro fix USN-5275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.8 bluez-tests - 5.48-0ubuntu3.8 bluez-obexd - 5.48-0ubuntu3.8 bluetooth - 5.48-0ubuntu3.8 bluez - 5.48-0ubuntu3.8 bluez-hcidump - 5.48-0ubuntu3.8 bluez-cups - 5.48-0ubuntu3.8 libbluetooth-dev - 5.48-0ubuntu3.8 No subscription required Medium CVE-2022-0204 Ubuntu 18.04 LTS It was discovered that the NVIDIA graphics drivers incorrectly handled permissions in the kernel mode layer. A local attacker could use this issue to write to protected memory and cause a denial of service. Update Instructions: Run `sudo pro fix USN-5276-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnvidia-compute-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-ifr1-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-driver-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-decode-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-headless-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-gl-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-common-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-common-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-extra-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-utils-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-utils-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-headless-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-cfg1-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-kernel-common-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-encode-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-dkms-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-kernel-source-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-encode-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-driver-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-compute-utils-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-cfg1-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-fbc1-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-kernel-source-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-kernel-common-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440-server - 450.172.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440-server - 450.172.01-0ubuntu0.18.04.1 nvidia-dkms-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-ifr1-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-fbc1-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450-server - 450.172.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450-server - 450.172.01-0ubuntu0.18.04.1 nvidia-compute-utils-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-compute-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-decode-450-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-extra-440-server - 450.172.01-0ubuntu0.18.04.1 libnvidia-gl-440-server - 450.172.01-0ubuntu0.18.04.1 No subscription required libnvidia-common-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-driver-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-common-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-gl-460-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-gl-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-cfg1-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-ifr1-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-utils-460-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-ifr1-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-gl-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-compute-460-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-decode-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-gl-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-gl-465 - 470.103.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-utils-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-cfg1-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-cfg1-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-fbc1-460 - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-compute-utils-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-compute-utils-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-compute-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-common-465 - 470.103.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460 - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-common-460 - 470.103.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-utils-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-encode-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-encode-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-source-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-decode-460-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-compute-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-compute-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-compute-utils-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-ifr1-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-common-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-fbc1-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-utils-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-cfg1-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-extra-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-encode-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-source-460 - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-source-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-encode-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-common-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460 - 470.103.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-common-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-fbc1-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-common-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-dkms-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-dkms-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-encode-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-dkms-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-extra-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-extra-460 - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-source-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-compute-utils-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-dkms-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-driver-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-extra-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-dkms-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-fbc1-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-compute-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-extra-470 - 470.103.01-0ubuntu0.18.04.1 nvidia-utils-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-compute-utils-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-driver-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-decode-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-driver-465 - 470.103.01-0ubuntu0.18.04.1 libnvidia-decode-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-fbc1-470 - 470.103.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-common-470-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-470-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-common-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-cfg1-460-server - 470.103.01-0ubuntu0.18.04.1 libnvidia-decode-470 - 470.103.01-0ubuntu0.18.04.1 libnvidia-ifr1-460 - 470.103.01-0ubuntu0.18.04.1 libnvidia-ifr1-465 - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-kernel-source-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-driver-460-server - 470.103.01-0ubuntu0.18.04.1 nvidia-headless-470-server - 470.103.01-0ubuntu0.18.04.1 No subscription required libnvidia-fbc1-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-common-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-utils-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-decode-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-kernel-common-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-compute-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-headless-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-cfg1-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-dkms-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-encode-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-extra-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-fbc1-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-driver-510 - 510.47.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-kernel-source-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-utils-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-compute-utils-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-decode-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-kernel-source-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-kernel-common-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-gl-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-gl-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-common-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-compute-utils-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-encode-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-compute-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-dkms-510 - 510.47.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-495 - 510.47.03-0ubuntu0.18.04.1 libnvidia-extra-510 - 510.47.03-0ubuntu0.18.04.1 nvidia-driver-495 - 510.47.03-0ubuntu0.18.04.1 nvidia-headless-510 - 510.47.03-0ubuntu0.18.04.1 libnvidia-cfg1-495 - 510.47.03-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21813 CVE-2022-21814 Ubuntu 18.04 LTS It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: speex - 1.2~rc1.2-1ubuntu2.1 libspeexdsp-dev - 1.2~rc1.2-1ubuntu2.1 libspeex-dev - 1.2~rc1.2-1ubuntu2.1 libspeexdsp1 - 1.2~rc1.2-1ubuntu2.1 speex-doc - 1.2~rc1.2-1ubuntu2.1 libspeex1 - 1.2~rc1.2-1ubuntu2.1 No subscription required Medium CVE-2020-23903 Ubuntu 18.04 LTS It was discovered that some OpenSC smart card drivers mishandled memory when performing certain decoding operations. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-15945, CVE-2019-15946) It was discovered that some OpenSC smart card drivers had buffer overflow vulnerabilities. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2020-26570, CVE-2020-26571, CVE-2020-26572) Update Instructions: Run `sudo pro fix USN-5281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opensc-pkcs11 - 0.17.0-3ubuntu0.1~esm1 opensc - 0.17.0-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15945 CVE-2019-15946 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 Ubuntu 18.04 LTS It was discovered that PDFResurrect was incorrectly handling corrupted PDF files. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14267) It was discovered that PDFResurrect incorrectly handled memory when loading PDF pages. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14934) It was discovered that PDFResurrect was incorrectly validating header data in input PDF files. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-20740) Carter Yagemann discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service (system crash) or arbitrary code execution. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-9549) It was discovered that PDFResurrect was incorrectly processing data when performing trailer search operations. An attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2021-3508) Update Instructions: Run `sudo pro fix USN-5282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pdfresurrect - 0.14-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-14267 CVE-2019-14934 CVE-2020-20740 CVE-2020-9549 CVE-2021-3508 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0511, CVE-2022-22755, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22764) It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions. (CVE-2022-22754) It was discovered that dragging and dropping an image into a folder could result in it being marked as executable. If a user were tricked into dragging and dropping a specially crafted image, an attacker could potentially exploit this to execute arbitrary code. (CVE-2022-22756) It was discovered that Remote Agent, used in WebDriver, did not validate Host or Origin headers. If a user were tricked into opening a specially crafted website with WebDriver enabled, an attacker could potentially exploit this to connect back to the user's browser in order to control it. (CVE-2022-22757) Update Instructions: Run `sudo pro fix USN-5284-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 97.0+build2-0ubuntu0.18.04.1 firefox - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 97.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 97.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 97.0+build2-0ubuntu0.18.04.1 firefox-dev - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 97.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 97.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-22754 CVE-2022-22755 CVE-2022-22756 CVE-2022-22757 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22764 CVE-2022-0511 Ubuntu 18.04 LTS It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.2.5-3ubuntu0.4 libexpat1-dev - 2.2.5-3ubuntu0.4 libexpat1 - 2.2.5-3ubuntu0.4 No subscription required High CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 Ubuntu 18.04 LTS James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this issue to enumerate users. (CVE-2021-21424) It was discovered that Symfony incorrectly handled certain specially crafted CSV files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 ESM. (CVE-2021-41270) Update Instructions: Run `sudo pro fix USN-5290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-symfony-framework-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security-core - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-ldap - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-browser-kit - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-filesystem - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-twig-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-web-profiler-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-asset - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security-http - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-phpunit-bridge - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-yaml - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-web-server-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-http-kernel - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-templating - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-property-access - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-doctrine-bridge - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-intl - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-twig-bridge - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security-guard - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-process - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-serializer - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-class-loader - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-debug-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-css-selector - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-expression-language - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-var-dumper - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-property-info - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-routing - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security-bundle - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-finder - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-lock - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-validator - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-debug - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-inflector - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-form - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-cache - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-monolog-bridge - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-workflow - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-dependency-injection - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-security-csrf - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-proxy-manager-bridge - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-http-foundation - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-event-dispatcher - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-options-resolver - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-dotenv - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-web-link - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-translation - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-dom-crawler - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-stopwatch - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-config - 3.4.6+dfsg-1ubuntu0.1+esm2 php-symfony-console - 3.4.6+dfsg-1ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-21424 CVE-2021-41270 Ubuntu 18.04 LTS James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+18.04 ubuntu-core-launcher - 2.54.3+18.04 snap-confine - 2.54.3+18.04 ubuntu-snappy-cli - 2.54.3+18.04 golang-github-snapcore-snapd-dev - 2.54.3+18.04 snapd-xdg-open - 2.54.3+18.04 snapd - 2.54.3+18.04 golang-github-ubuntu-core-snappy-dev - 2.54.3+18.04 ubuntu-snappy - 2.54.3+18.04 No subscription required High CVE-2021-3155 CVE-2021-4120 CVE-2021-44730 CVE-2021-44731 Ubuntu 18.04 LTS USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. (CVE-2021-44731) Update Instructions: Run `sudo pro fix USN-5292-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.54.3+18.04.2ubuntu0.2 ubuntu-core-launcher - 2.54.3+18.04.2ubuntu0.2 snap-confine - 2.54.3+18.04.2ubuntu0.2 ubuntu-snappy-cli - 2.54.3+18.04.2ubuntu0.2 golang-github-snapcore-snapd-dev - 2.54.3+18.04.2ubuntu0.2 snapd-xdg-open - 2.54.3+18.04.2ubuntu0.2 snapd - 2.54.3+18.04.2ubuntu0.2 golang-github-ubuntu-core-snappy-dev - 2.54.3+18.04.2ubuntu0.2 ubuntu-snappy - 2.54.3+18.04.2ubuntu0.2 No subscription required None https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961365 https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961791 Ubuntu 18.04 LTS Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service. Update Instructions: Run `sudo pro fix USN-5293-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc3p0-java-doc - 0.9.1.2-9+deb8u1ubuntu0.18.04.1 libc3p0-java - 0.9.1.2-9+deb8u1ubuntu0.18.04.1 No subscription required Medium CVE-2019-5427 Ubuntu 18.04 LTS It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update Instructions: Run `sudo pro fix USN-5294-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-hwe-5.4-tools-5.4.0-100 - 5.4.0-100.113~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-100.113~18.04.1 linux-modules-5.4.0-100-generic-lpae - 5.4.0-100.113~18.04.1 linux-headers-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-tools-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-image-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-buildinfo-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-100 - 5.4.0-100.113~18.04.1 linux-modules-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-hwe-5.4-headers-5.4.0-100 - 5.4.0-100.113~18.04.1 linux-tools-5.4.0-100-generic-lpae - 5.4.0-100.113~18.04.1 linux-tools-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-image-5.4.0-100-generic-lpae - 5.4.0-100.113~18.04.1 linux-buildinfo-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-headers-5.4.0-100-generic-lpae - 5.4.0-100.113~18.04.1 linux-image-unsigned-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-headers-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-modules-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-100.113~18.04.1 linux-image-unsigned-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-100.113~18.04.1 linux-cloud-tools-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-cloud-tools-5.4.0-100-lowlatency - 5.4.0-100.113~18.04.1 linux-modules-extra-5.4.0-100-generic - 5.4.0-100.113~18.04.1 linux-buildinfo-5.4.0-100-generic-lpae - 5.4.0-100.113~18.04.1 linux-image-5.4.0-100-generic - 5.4.0-100.113~18.04.1 No subscription required linux-tools-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-image-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-buildinfo-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-ibm-5.4-tools-5.4.0-1015 - 5.4.0-1015.16~18.04.1 linux-modules-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-ibm-5.4-headers-5.4.0-1015 - 5.4.0-1015.16~18.04.1 linux-modules-extra-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-headers-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1015.16~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1015.16~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1015.16~18.04.1 linux-image-unsigned-5.4.0-1015-ibm - 5.4.0-1015.16~18.04.1 No subscription required linux-gkeop-5.4-headers-5.4.0-1034 - 5.4.0-1034.35~18.04.1 linux-modules-extra-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-gkeop-5.4-tools-5.4.0-1034 - 5.4.0-1034.35~18.04.1 linux-image-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-tools-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-headers-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-cloud-tools-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-modules-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1034.35~18.04.1 linux-buildinfo-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-image-unsigned-5.4.0-1034-gkeop - 5.4.0-1034.35~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1034 - 5.4.0-1034.35~18.04.1 No subscription required linux-image-5.4.0-1053-raspi - 5.4.0-1053.60~18.04.1 linux-buildinfo-5.4.0-1053-raspi - 5.4.0-1053.60~18.04.1 linux-modules-5.4.0-1053-raspi - 5.4.0-1053.60~18.04.1 linux-tools-5.4.0-1053-raspi - 5.4.0-1053.60~18.04.1 linux-headers-5.4.0-1053-raspi - 5.4.0-1053.60~18.04.1 linux-raspi-5.4-headers-5.4.0-1053 - 5.4.0-1053.60~18.04.1 linux-raspi-5.4-tools-5.4.0-1053 - 5.4.0-1053.60~18.04.1 No subscription required linux-headers-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-modules-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-tools-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-image-unsigned-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-modules-extra-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-image-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 linux-oracle-5.4-tools-5.4.0-1064 - 5.4.0-1064.68~18.04.1 linux-oracle-5.4-headers-5.4.0-1064 - 5.4.0-1064.68~18.04.1 linux-buildinfo-5.4.0-1064-oracle - 5.4.0-1064.68~18.04.1 No subscription required linux-modules-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-image-unsigned-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-gcp-5.4-tools-5.4.0-1065 - 5.4.0-1065.69~18.04.1 linux-image-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-modules-extra-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-buildinfo-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-gcp-5.4-headers-5.4.0-1065 - 5.4.0-1065.69~18.04.1 linux-tools-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 linux-headers-5.4.0-1065-gcp - 5.4.0-1065.69~18.04.1 No subscription required linux-tools-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-aws-5.4-headers-5.4.0-1066 - 5.4.0-1066.69~18.04.1 linux-aws-5.4-tools-5.4.0-1066 - 5.4.0-1066.69~18.04.1 linux-modules-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-headers-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-image-unsigned-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-modules-extra-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-cloud-tools-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1066 - 5.4.0-1066.69~18.04.1 linux-buildinfo-5.4.0-1066-aws - 5.4.0-1066.69~18.04.1 No subscription required linux-modules-extra-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-modules-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-azure-5.4-headers-5.4.0-1070 - 5.4.0-1070.73~18.04.1 linux-cloud-tools-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-headers-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1070 - 5.4.0-1070.73~18.04.1 linux-image-unsigned-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-azure-5.4-tools-5.4.0-1070 - 5.4.0-1070.73~18.04.1 linux-image-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-buildinfo-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 linux-tools-5.4.0-1070-azure - 5.4.0-1070.73~18.04.1 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-headers-snapdragon-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-generic-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-generic-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-snapdragon-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-oem - 5.4.0.100.113~18.04.87 linux-tools-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-lowlatency-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-oem-osp1 - 5.4.0.100.113~18.04.87 linux-headers-lowlatency-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-lowlatency-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-snapdragon-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-image-generic-lpae-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-tools-lowlatency-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-generic-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-oem-osp1 - 5.4.0.100.113~18.04.87 linux-tools-snapdragon-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-snapdragon-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-generic-lpae-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-extra-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-oem - 5.4.0.100.113~18.04.87 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-generic-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-oem - 5.4.0.100.113~18.04.87 linux-image-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-image-generic-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-image-oem-osp1 - 5.4.0.100.113~18.04.87 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-oem - 5.4.0.100.113~18.04.87 linux-headers-oem-osp1 - 5.4.0.100.113~18.04.87 linux-tools-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-tools-generic-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-generic-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-generic-lpae-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-lowlatency-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.100.113~18.04.87 linux-generic-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.100.113~18.04.87 linux-image-virtual-hwe-18.04-edge - 5.4.0.100.113~18.04.87 No subscription required linux-modules-extra-ibm - 5.4.0.1015.32 linux-image-ibm - 5.4.0.1015.32 linux-tools-ibm-edge - 5.4.0.1015.32 linux-headers-ibm-edge - 5.4.0.1015.32 linux-modules-extra-ibm-edge - 5.4.0.1015.32 linux-ibm - 5.4.0.1015.32 linux-ibm-edge - 5.4.0.1015.32 linux-headers-ibm - 5.4.0.1015.32 linux-tools-ibm - 5.4.0.1015.32 linux-image-ibm-edge - 5.4.0.1015.32 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1034.35~18.04.34 linux-modules-extra-gkeop-5.4 - 5.4.0.1034.35~18.04.34 linux-gkeop-5.4 - 5.4.0.1034.35~18.04.34 linux-image-gkeop-5.4 - 5.4.0.1034.35~18.04.34 linux-headers-gkeop-5.4 - 5.4.0.1034.35~18.04.34 linux-tools-gkeop-5.4 - 5.4.0.1034.35~18.04.34 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1053.55 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1053.55 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1053.55 linux-raspi-hwe-18.04 - 5.4.0.1053.55 linux-tools-raspi-hwe-18.04 - 5.4.0.1053.55 linux-headers-raspi-hwe-18.04 - 5.4.0.1053.55 linux-image-raspi-hwe-18.04-edge - 5.4.0.1053.55 linux-raspi-hwe-18.04-edge - 5.4.0.1053.55 No subscription required linux-signed-image-oracle - 5.4.0.1064.68~18.04.43 linux-headers-oracle - 5.4.0.1064.68~18.04.43 linux-tools-oracle-edge - 5.4.0.1064.68~18.04.43 linux-signed-oracle - 5.4.0.1064.68~18.04.43 linux-oracle-edge - 5.4.0.1064.68~18.04.43 linux-modules-extra-oracle-edge - 5.4.0.1064.68~18.04.43 linux-image-oracle-edge - 5.4.0.1064.68~18.04.43 linux-oracle - 5.4.0.1064.68~18.04.43 linux-modules-extra-oracle - 5.4.0.1064.68~18.04.43 linux-signed-oracle-edge - 5.4.0.1064.68~18.04.43 linux-signed-image-oracle-edge - 5.4.0.1064.68~18.04.43 linux-headers-oracle-edge - 5.4.0.1064.68~18.04.43 linux-image-oracle - 5.4.0.1064.68~18.04.43 linux-tools-oracle - 5.4.0.1064.68~18.04.43 No subscription required linux-image-gcp-edge - 5.4.0.1065.50 linux-tools-gcp-edge - 5.4.0.1065.50 linux-headers-gcp-edge - 5.4.0.1065.50 linux-modules-extra-gcp - 5.4.0.1065.50 linux-tools-gcp - 5.4.0.1065.50 linux-modules-extra-gcp-edge - 5.4.0.1065.50 linux-gcp - 5.4.0.1065.50 linux-headers-gcp - 5.4.0.1065.50 linux-image-gcp - 5.4.0.1065.50 linux-gcp-edge - 5.4.0.1065.50 No subscription required linux-headers-aws - 5.4.0.1066.48 linux-image-aws - 5.4.0.1066.48 linux-modules-extra-aws-edge - 5.4.0.1066.48 linux-aws-edge - 5.4.0.1066.48 linux-aws - 5.4.0.1066.48 linux-tools-aws - 5.4.0.1066.48 linux-headers-aws-edge - 5.4.0.1066.48 linux-image-aws-edge - 5.4.0.1066.48 linux-modules-extra-aws - 5.4.0.1066.48 linux-tools-aws-edge - 5.4.0.1066.48 No subscription required linux-signed-azure - 5.4.0.1070.49 linux-cloud-tools-azure - 5.4.0.1070.49 linux-tools-azure - 5.4.0.1070.49 linux-image-azure-edge - 5.4.0.1070.49 linux-cloud-tools-azure-edge - 5.4.0.1070.49 linux-modules-extra-azure - 5.4.0.1070.49 linux-azure - 5.4.0.1070.49 linux-signed-image-azure-edge - 5.4.0.1070.49 linux-image-azure - 5.4.0.1070.49 linux-signed-image-azure - 5.4.0.1070.49 linux-headers-azure-edge - 5.4.0.1070.49 linux-azure-edge - 5.4.0.1070.49 linux-modules-extra-azure-edge - 5.4.0.1070.49 linux-signed-azure-edge - 5.4.0.1070.49 linux-tools-azure-edge - 5.4.0.1070.49 linux-headers-azure - 5.4.0.1070.49 No subscription required Medium CVE-2021-22600 CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2021-43975 CVE-2022-0330 CVE-2022-22942 Ubuntu 18.04 LTS Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update Instructions: Run `sudo pro fix USN-5297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-gke-5.4-headers-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-modules-extra-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-buildinfo-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-image-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-tools-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-headers-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-modules-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 linux-gke-5.4-tools-5.4.0-1063 - 5.4.0-1063.66~18.04.1 linux-image-unsigned-5.4.0-1063-gke - 5.4.0-1063.66~18.04.1 No subscription required linux-gke-5.4 - 5.4.0.1063.66~18.04.27 linux-headers-gke-5.4 - 5.4.0.1063.66~18.04.27 linux-image-gke-5.4 - 5.4.0.1063.66~18.04.27 linux-tools-gke-5.4 - 5.4.0.1063.66~18.04.27 linux-modules-extra-gke-5.4 - 5.4.0.1063.66~18.04.27 No subscription required Medium CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2021-43975 CVE-2022-0330 CVE-2022-22942 Ubuntu 18.04 LTS It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update Instructions: Run `sudo pro fix USN-5298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1035 - 4.15.0-1035.40 linux-image-unsigned-4.15.0-1035-dell300x - 4.15.0-1035.40 linux-image-4.15.0-1035-dell300x - 4.15.0-1035.40 linux-modules-4.15.0-1035-dell300x - 4.15.0-1035.40 linux-dell300x-headers-4.15.0-1035 - 4.15.0-1035.40 linux-headers-4.15.0-1035-dell300x - 4.15.0-1035.40 linux-buildinfo-4.15.0-1035-dell300x - 4.15.0-1035.40 linux-tools-4.15.0-1035-dell300x - 4.15.0-1035.40 No subscription required linux-headers-4.15.0-1087-oracle - 4.15.0-1087.95 linux-modules-extra-4.15.0-1087-oracle - 4.15.0-1087.95 linux-image-unsigned-4.15.0-1087-oracle - 4.15.0-1087.95 linux-tools-4.15.0-1087-oracle - 4.15.0-1087.95 linux-buildinfo-4.15.0-1087-oracle - 4.15.0-1087.95 linux-modules-4.15.0-1087-oracle - 4.15.0-1087.95 linux-image-4.15.0-1087-oracle - 4.15.0-1087.95 linux-oracle-tools-4.15.0-1087 - 4.15.0-1087.95 linux-oracle-headers-4.15.0-1087 - 4.15.0-1087.95 No subscription required linux-image-4.15.0-1103-raspi2 - 4.15.0-1103.110 linux-modules-4.15.0-1103-raspi2 - 4.15.0-1103.110 linux-raspi2-headers-4.15.0-1103 - 4.15.0-1103.110 linux-raspi2-tools-4.15.0-1103 - 4.15.0-1103.110 linux-buildinfo-4.15.0-1103-raspi2 - 4.15.0-1103.110 linux-tools-4.15.0-1103-raspi2 - 4.15.0-1103.110 linux-headers-4.15.0-1103-raspi2 - 4.15.0-1103.110 No subscription required linux-buildinfo-4.15.0-1107-kvm - 4.15.0-1107.109 linux-kvm-tools-4.15.0-1107 - 4.15.0-1107.109 linux-kvm-headers-4.15.0-1107 - 4.15.0-1107.109 linux-modules-4.15.0-1107-kvm - 4.15.0-1107.109 linux-tools-4.15.0-1107-kvm - 4.15.0-1107.109 linux-headers-4.15.0-1107-kvm - 4.15.0-1107.109 linux-image-4.15.0-1107-kvm - 4.15.0-1107.109 No subscription required linux-gcp-4.15-headers-4.15.0-1116 - 4.15.0-1116.130 linux-headers-4.15.0-1116-gcp - 4.15.0-1116.130 linux-buildinfo-4.15.0-1116-gcp - 4.15.0-1116.130 linux-modules-4.15.0-1116-gcp - 4.15.0-1116.130 linux-image-4.15.0-1116-gcp - 4.15.0-1116.130 linux-tools-4.15.0-1116-gcp - 4.15.0-1116.130 linux-modules-extra-4.15.0-1116-gcp - 4.15.0-1116.130 linux-gcp-4.15-tools-4.15.0-1116 - 4.15.0-1116.130 linux-image-unsigned-4.15.0-1116-gcp - 4.15.0-1116.130 No subscription required linux-headers-4.15.0-1120-snapdragon - 4.15.0-1120.129 linux-tools-4.15.0-1120-snapdragon - 4.15.0-1120.129 linux-image-4.15.0-1120-snapdragon - 4.15.0-1120.129 linux-buildinfo-4.15.0-1120-snapdragon - 4.15.0-1120.129 linux-snapdragon-tools-4.15.0-1120 - 4.15.0-1120.129 linux-snapdragon-headers-4.15.0-1120 - 4.15.0-1120.129 linux-modules-4.15.0-1120-snapdragon - 4.15.0-1120.129 No subscription required linux-aws-tools-4.15.0-1121 - 4.15.0-1121.129 linux-modules-extra-4.15.0-1121-aws - 4.15.0-1121.129 linux-buildinfo-4.15.0-1121-aws - 4.15.0-1121.129 linux-aws-cloud-tools-4.15.0-1121 - 4.15.0-1121.129 linux-aws-headers-4.15.0-1121 - 4.15.0-1121.129 linux-tools-4.15.0-1121-aws - 4.15.0-1121.129 linux-cloud-tools-4.15.0-1121-aws - 4.15.0-1121.129 linux-image-unsigned-4.15.0-1121-aws - 4.15.0-1121.129 linux-headers-4.15.0-1121-aws - 4.15.0-1121.129 linux-modules-4.15.0-1121-aws - 4.15.0-1121.129 No subscription required linux-modules-extra-4.15.0-1131-azure - 4.15.0-1131.144 linux-headers-4.15.0-1131-azure - 4.15.0-1131.144 linux-azure-4.15-tools-4.15.0-1131 - 4.15.0-1131.144 linux-buildinfo-4.15.0-1131-azure - 4.15.0-1131.144 linux-modules-4.15.0-1131-azure - 4.15.0-1131.144 linux-azure-4.15-headers-4.15.0-1131 - 4.15.0-1131.144 linux-azure-4.15-cloud-tools-4.15.0-1131 - 4.15.0-1131.144 linux-cloud-tools-4.15.0-1131-azure - 4.15.0-1131.144 linux-image-4.15.0-1131-azure - 4.15.0-1131.144 linux-image-unsigned-4.15.0-1131-azure - 4.15.0-1131.144 linux-tools-4.15.0-1131-azure - 4.15.0-1131.144 No subscription required linux-tools-common - 4.15.0-169.177 linux-modules-extra-4.15.0-169-generic - 4.15.0-169.177 linux-buildinfo-4.15.0-169-lowlatency - 4.15.0-169.177 linux-image-4.15.0-169-generic-lpae - 4.15.0-169.177 linux-tools-host - 4.15.0-169.177 linux-image-4.15.0-169-generic - 4.15.0-169.177 linux-headers-4.15.0-169-lowlatency - 4.15.0-169.177 linux-doc - 4.15.0-169.177 linux-image-4.15.0-169-lowlatency - 4.15.0-169.177 linux-buildinfo-4.15.0-169-generic-lpae - 4.15.0-169.177 linux-cloud-tools-4.15.0-169-lowlatency - 4.15.0-169.177 linux-libc-dev - 4.15.0-169.177 linux-modules-4.15.0-169-generic-lpae - 4.15.0-169.177 linux-tools-4.15.0-169 - 4.15.0-169.177 linux-modules-4.15.0-169-lowlatency - 4.15.0-169.177 linux-headers-4.15.0-169 - 4.15.0-169.177 linux-modules-4.15.0-169-generic - 4.15.0-169.177 linux-image-unsigned-4.15.0-169-lowlatency - 4.15.0-169.177 linux-tools-4.15.0-169-generic - 4.15.0-169.177 linux-headers-4.15.0-169-generic - 4.15.0-169.177 linux-tools-4.15.0-169-lowlatency - 4.15.0-169.177 linux-image-unsigned-4.15.0-169-generic - 4.15.0-169.177 linux-headers-4.15.0-169-generic-lpae - 4.15.0-169.177 linux-cloud-tools-4.15.0-169 - 4.15.0-169.177 linux-tools-4.15.0-169-generic-lpae - 4.15.0-169.177 linux-cloud-tools-common - 4.15.0-169.177 linux-cloud-tools-4.15.0-169-generic - 4.15.0-169.177 linux-buildinfo-4.15.0-169-generic - 4.15.0-169.177 linux-source-4.15.0 - 4.15.0-169.177 No subscription required linux-tools-dell300x - 4.15.0.1035.37 linux-headers-dell300x - 4.15.0.1035.37 linux-image-dell300x - 4.15.0.1035.37 linux-dell300x - 4.15.0.1035.37 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1087.97 linux-signed-image-oracle-lts-18.04 - 4.15.0.1087.97 linux-oracle-lts-18.04 - 4.15.0.1087.97 linux-signed-oracle-lts-18.04 - 4.15.0.1087.97 linux-tools-oracle-lts-18.04 - 4.15.0.1087.97 linux-headers-oracle-lts-18.04 - 4.15.0.1087.97 No subscription required linux-raspi2 - 4.15.0.1103.101 linux-headers-raspi2 - 4.15.0.1103.101 linux-image-raspi2 - 4.15.0.1103.101 linux-tools-raspi2 - 4.15.0.1103.101 No subscription required linux-kvm - 4.15.0.1107.103 linux-headers-kvm - 4.15.0.1107.103 linux-image-kvm - 4.15.0.1107.103 linux-tools-kvm - 4.15.0.1107.103 No subscription required linux-headers-gcp-lts-18.04 - 4.15.0.1116.135 linux-gcp-lts-18.04 - 4.15.0.1116.135 linux-tools-gcp-lts-18.04 - 4.15.0.1116.135 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1116.135 linux-image-gcp-lts-18.04 - 4.15.0.1116.135 No subscription required linux-snapdragon - 4.15.0.1120.123 linux-headers-snapdragon - 4.15.0.1120.123 linux-tools-snapdragon - 4.15.0.1120.123 linux-image-snapdragon - 4.15.0.1120.123 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1121.124 linux-headers-aws-lts-18.04 - 4.15.0.1121.124 linux-modules-extra-aws-lts-18.04 - 4.15.0.1121.124 linux-tools-aws-lts-18.04 - 4.15.0.1121.124 linux-aws-lts-18.04 - 4.15.0.1121.124 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1131.104 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1131.104 linux-headers-azure-lts-18.04 - 4.15.0.1131.104 linux-azure-lts-18.04 - 4.15.0.1131.104 linux-signed-azure-lts-18.04 - 4.15.0.1131.104 linux-image-azure-lts-18.04 - 4.15.0.1131.104 linux-tools-azure-lts-18.04 - 4.15.0.1131.104 linux-signed-image-azure-lts-18.04 - 4.15.0.1131.104 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-signed-generic-hwe-16.04-edge - 4.15.0.169.158 linux-headers-generic-lpae - 4.15.0.169.158 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-image-extra-virtual-hwe-16.04 - 4.15.0.169.158 linux-image-virtual - 4.15.0.169.158 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.169.158 linux-signed-lowlatency - 4.15.0.169.158 linux-image-generic - 4.15.0.169.158 linux-tools-lowlatency - 4.15.0.169.158 linux-headers-generic-hwe-16.04-edge - 4.15.0.169.158 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.169.158 linux-generic-lpae-hwe-16.04 - 4.15.0.169.158 linux-cloud-tools-virtual - 4.15.0.169.158 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-generic-lpae-hwe-16.04-edge - 4.15.0.169.158 linux-signed-image-lowlatency - 4.15.0.169.158 linux-signed-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-crashdump - 4.15.0.169.158 linux-signed-image-generic - 4.15.0.169.158 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.169.158 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.169.158 linux-lowlatency - 4.15.0.169.158 linux-tools-generic-lpae - 4.15.0.169.158 linux-cloud-tools-generic - 4.15.0.169.158 linux-generic-hwe-16.04-edge - 4.15.0.169.158 linux-virtual - 4.15.0.169.158 linux-headers-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-tools-virtual-hwe-16.04 - 4.15.0.169.158 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.169.158 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-tools-generic-hwe-16.04 - 4.15.0.169.158 linux-tools-virtual - 4.15.0.169.158 linux-image-generic-lpae - 4.15.0.169.158 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-generic-lpae - 4.15.0.169.158 linux-generic - 4.15.0.169.158 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.169.158 linux-signed-generic-hwe-16.04 - 4.15.0.169.158 linux-signed-image-generic-hwe-16.04 - 4.15.0.169.158 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.169.158 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-headers-lowlatency - 4.15.0.169.158 linux-headers-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-headers-generic-hwe-16.04 - 4.15.0.169.158 linux-generic-hwe-16.04 - 4.15.0.169.158 linux-tools-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-tools-generic - 4.15.0.169.158 linux-source - 4.15.0.169.158 linux-virtual-hwe-16.04 - 4.15.0.169.158 linux-image-extra-virtual - 4.15.0.169.158 linux-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-cloud-tools-lowlatency - 4.15.0.169.158 linux-image-generic-hwe-16.04 - 4.15.0.169.158 linux-image-generic-hwe-16.04-edge - 4.15.0.169.158 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-image-generic-lpae-hwe-16.04 - 4.15.0.169.158 linux-tools-lowlatency-hwe-16.04 - 4.15.0.169.158 linux-signed-generic - 4.15.0.169.158 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.169.158 linux-headers-generic - 4.15.0.169.158 linux-headers-virtual-hwe-16.04 - 4.15.0.169.158 linux-image-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-virtual-hwe-16.04-edge - 4.15.0.169.158 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.169.158 linux-image-virtual-hwe-16.04 - 4.15.0.169.158 linux-headers-virtual - 4.15.0.169.158 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.169.158 linux-image-lowlatency - 4.15.0.169.158 linux-tools-generic-hwe-16.04-edge - 4.15.0.169.158 No subscription required Medium CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-4083 CVE-2021-4155 CVE-2021-4202 CVE-2022-0330 CVE-2022-22942 Ubuntu 18.04 LTS USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Update Instructions: Run `sudo pro fix USN-5300-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.11 php7.2-enchant - 7.2.24-0ubuntu0.18.04.11 php7.2-ldap - 7.2.24-0ubuntu0.18.04.11 php7.2-fpm - 7.2.24-0ubuntu0.18.04.11 php7.2-recode - 7.2.24-0ubuntu0.18.04.11 php7.2-cli - 7.2.24-0ubuntu0.18.04.11 php7.2-json - 7.2.24-0ubuntu0.18.04.11 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.11 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.11 php7.2 - 7.2.24-0ubuntu0.18.04.11 php7.2-pspell - 7.2.24-0ubuntu0.18.04.11 php7.2-dev - 7.2.24-0ubuntu0.18.04.11 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.11 php7.2-gmp - 7.2.24-0ubuntu0.18.04.11 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.11 php7.2-opcache - 7.2.24-0ubuntu0.18.04.11 php7.2-gd - 7.2.24-0ubuntu0.18.04.11 php7.2-soap - 7.2.24-0ubuntu0.18.04.11 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.11 php7.2-intl - 7.2.24-0ubuntu0.18.04.11 php7.2-odbc - 7.2.24-0ubuntu0.18.04.11 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.11 php7.2-tidy - 7.2.24-0ubuntu0.18.04.11 php7.2-imap - 7.2.24-0ubuntu0.18.04.11 php7.2-readline - 7.2.24-0ubuntu0.18.04.11 php7.2-mysql - 7.2.24-0ubuntu0.18.04.11 php7.2-dba - 7.2.24-0ubuntu0.18.04.11 php7.2-xml - 7.2.24-0ubuntu0.18.04.11 php7.2-interbase - 7.2.24-0ubuntu0.18.04.11 php7.2-xsl - 7.2.24-0ubuntu0.18.04.11 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.11 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.11 php7.2-sybase - 7.2.24-0ubuntu0.18.04.11 php7.2-curl - 7.2.24-0ubuntu0.18.04.11 php7.2-common - 7.2.24-0ubuntu0.18.04.11 php7.2-cgi - 7.2.24-0ubuntu0.18.04.11 php7.2-snmp - 7.2.24-0ubuntu0.18.04.11 php7.2-zip - 7.2.24-0ubuntu0.18.04.11 No subscription required Medium CVE-2017-8923 CVE-2017-9118 CVE-2017-9119 CVE-2017-9120 CVE-2021-21707 Ubuntu 18.04 LTS It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update Instructions: Run `sudo pro fix USN-5301-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsasl2-2 - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-gssapi-heimdal - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 sasl2-bin - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-db - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-gssapi-mit - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-dev - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-sql - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-otp - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 libsasl2-modules-ldap - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 cyrus-sasl2-doc - 2.1.27~101-g0780600+dfsg-3ubuntu2.4 No subscription required High CVE-2022-24407 Ubuntu 18.04 LTS Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20196) Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203) It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3682) It was discovered that the QEMU UAS device emulation incorrectly handled certain stream numbers. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3713) It was discovered that the QEMU virtio-net device incorrectly handled certain buffer addresses. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3748) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-3930) It was discovered that the QEMU ACPI logic incorrectly handled certain values. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.10. (CVE-2021-4158) Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that the QEMU virtiofsd device incorrectly handled permissions when creating files. An attacker inside the guest could use this issue to create files inside the directory shared by virtiofs with unintended permissions, possibly allowing privilege escalation. This issue only affected Ubuntu 21.10. (CVE-2022-0358) Update Instructions: Run `sudo pro fix USN-5307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.39 qemu-user-static - 1:2.11+dfsg-1ubuntu7.39 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.39 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.39 qemu-kvm - 1:2.11+dfsg-1ubuntu7.39 qemu-user - 1:2.11+dfsg-1ubuntu7.39 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.39 qemu-system - 1:2.11+dfsg-1ubuntu7.39 qemu-utils - 1:2.11+dfsg-1ubuntu7.39 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.39 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.39 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.39 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.39 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.39 qemu - 1:2.11+dfsg-1ubuntu7.39 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.39 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.39 No subscription required Medium CVE-2021-20196 CVE-2021-20203 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 CVE-2021-3930 CVE-2021-4158 CVE-2022-0358 Ubuntu 18.04 LTS Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2021-3326) Jason Royes and Samuel Dytrych discovered that the GNU C Library incorrectly handled signed comparisons on ARMv7 targets. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-6096) It was discovered that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-27645) It was discovered that the GNU C Library wordexp function incorrectly handled certain patterns. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-35942) It was discovered that the GNU C Library realpath function incorrectly handled return values. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 21.10. (CVE-2021-3998) It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3999) It was discovered that the GNU C Library sunrpc module incorrectly handled buffer lengths. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2022-23218, CVE-2022-23219) Update Instructions: Run `sudo pro fix USN-5310-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 - 2.27-3ubuntu1.5 libc6-dev-s390 - 2.27-3ubuntu1.5 glibc-source - 2.27-3ubuntu1.5 libc-bin - 2.27-3ubuntu1.5 libc6-x32 - 2.27-3ubuntu1.5 libc6-s390 - 2.27-3ubuntu1.5 libc6-armel - 2.27-3ubuntu1.5 libc6-pic - 2.27-3ubuntu1.5 libc6-dev-armel - 2.27-3ubuntu1.5 glibc-doc - 2.27-3ubuntu1.5 multiarch-support - 2.27-3ubuntu1.5 libc6-dev - 2.27-3ubuntu1.5 libc6-amd64 - 2.27-3ubuntu1.5 libc6-dev-amd64 - 2.27-3ubuntu1.5 libc6 - 2.27-3ubuntu1.5 locales-all - 2.27-3ubuntu1.5 libc6-dev-x32 - 2.27-3ubuntu1.5 locales - 2.27-3ubuntu1.5 libc6-lse - 2.27-3ubuntu1.5 libc6-dev-i386 - 2.27-3ubuntu1.5 libc-dev-bin - 2.27-3ubuntu1.5 nscd - 2.27-3ubuntu1.5 No subscription required Medium CVE-2016-10228 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-6096 CVE-2021-27645 CVE-2021-3326 CVE-2021-35942 CVE-2021-3998 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 Ubuntu 18.04 LTS It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5311-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.5.5-0ubuntu3~18.04.2 golang-github-containerd-containerd-dev - 1.5.5-0ubuntu3~18.04.2 No subscription required Medium CVE-2022-23648 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions in the Pattern class implementation. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21283) It was discovered that OpenJDK incorrectly handled specially crafted Java class files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21291) Markus Loewe discovered that OpenJDK incorrectly validated attributes during object deserialization. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21293, CVE-2022-21294) Dan Rabe discovered that OpenJDK incorrectly verified access permissions in the JAXP component. An attacker could possibly use this to specially craft an XML file to obtain sensitive information. (CVE-2022-21296) It was discovered that OpenJDK incorrectly handled XML entities. An attacker could use this to specially craft an XML file that, when parsed, would possibly cause a denial of service. (CVE-2022-21299) Zhiqiang Zang discovered that OpenJDK incorrectly handled array indexes. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21305) It was discovered that OpenJDK incorrectly read very long attributes values in JAR file manifests. An attacker could possibly use this to specially craft JAR file to cause a denial of service. (CVE-2022-21340) It was discovered that OpenJDK incorrectly validated input from serialized streams. An attacker cold possibly use this issue to bypass sandbox restrictions. (CVE-2022-21341) Fabian Meumertzheim discovered that OpenJDK incorrectly handled certain specially crafted BMP or TIFF files. An attacker could possibly use this to cause a denial of service. (CVE-2022-21360, CVE-2022-21366) It was discovered that an integer overflow could be triggered in OpenJDK BMPImageReader class implementation. An attacker could possibly use this to specially craft a BMP file to cause a denial of service. (CVE-2022-21365) Update Instructions: Run `sudo pro fix USN-5313-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.14+9-0ubuntu2~18.04 openjdk-11-doc - 11.0.14+9-0ubuntu2~18.04 openjdk-11-jre-zero - 11.0.14+9-0ubuntu2~18.04 openjdk-11-jre-headless - 11.0.14+9-0ubuntu2~18.04 openjdk-11-jdk - 11.0.14+9-0ubuntu2~18.04 openjdk-11-jdk-headless - 11.0.14+9-0ubuntu2~18.04 openjdk-11-jre - 11.0.14+9-0ubuntu2~18.04 openjdk-11-demo - 11.0.14+9-0ubuntu2~18.04 No subscription required openjdk-17-demo - 17.0.2+8-1~18.04 openjdk-17-jdk - 17.0.2+8-1~18.04 openjdk-17-jre-zero - 17.0.2+8-1~18.04 openjdk-17-jdk-headless - 17.0.2+8-1~18.04 openjdk-17-source - 17.0.2+8-1~18.04 openjdk-17-jre-headless - 17.0.2+8-1~18.04 openjdk-17-jre - 17.0.2+8-1~18.04 openjdk-17-doc - 17.0.2+8-1~18.04 No subscription required Medium CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 Ubuntu 18.04 LTS USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions in the Pattern class implementation. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21283) It was discovered that OpenJDK incorrectly handled specially crafted Java class files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21291) Markus Loewe discovered that OpenJDK incorrectly validated attributes during object deserialization. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21293, CVE-2022-21294) Dan Rabe discovered that OpenJDK incorrectly verified access permissions in the JAXP component. An attacker could possibly use this to specially craft an XML file to obtain sensitive information. (CVE-2022-21296) It was discovered that OpenJDK incorrectly handled XML entities. An attacker could use this to specially craft an XML file that, when parsed, would possibly cause a denial of service. (CVE-2022-21299) Zhiqiang Zang discovered that OpenJDK incorrectly handled array indexes. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21305) It was discovered that OpenJDK incorrectly read very long attributes values in JAR file manifests. An attacker could possibly use this to specially craft JAR file to cause a denial of service. (CVE-2022-21340) It was discovered that OpenJDK incorrectly validated input from serialized streams. An attacker cold possibly use this issue to bypass sandbox restrictions. (CVE-2022-21341) Fabian Meumertzheim discovered that OpenJDK incorrectly handled certain specially crafted BMP or TIFF files. An attacker could possibly use this to cause a denial of service. (CVE-2022-21360, CVE-2022-21366) It was discovered that an integer overflow could be triggered in OpenJDK BMPImageReader class implementation. An attacker could possibly use this to specially craft a BMP file to cause a denial of service. (CVE-2022-21365) Update Instructions: Run `sudo pro fix USN-5313-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-doc - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jdk - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-jre - 11.0.14.1+1-0ubuntu1~18.04 openjdk-11-demo - 11.0.14.1+1-0ubuntu1~18.04 No subscription required None https://launchpad.net/bugs/1966338 Ubuntu 18.04 LTS A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26485) A use-after-free was discovered in the WebGPU IPC framework. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26486) Update Instructions: Run `sudo pro fix USN-5314-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 97.0.2+build1-0ubuntu0.18.04.1 firefox - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 97.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 97.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 97.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 97.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 97.0.2+build1-0ubuntu0.18.04.1 No subscription required High CVE-2022-26485 CVE-2022-26486 Ubuntu 18.04 LTS It was discovered that Ansible did not properly manage directory permissions when running playbooks with an unprivileged become user. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-1733) It was discovered that the fix to address CVE-2020-1733 in Ansible was incomplete on systems using ACLs and FUSE filesystems. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-10744) It was discovered that Ansible did not properly manage multi-line YAML strings and special template characters. A local attacker could possibly use this issue to cause a template injection, resulting in the disclosure of sensitive information or other unspecified impact. (CVE-2021-3583) It was discovered that the ansible-connection module in Ansible did not properly manage certain error messages. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3620) Update Instructions: Run `sudo pro fix USN-5315-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ansible - 2.5.1+dfsg-1ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-10744 CVE-2020-1733 CVE-2021-3583 CVE-2021-3620 Ubuntu 18.04 LTS Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-25636) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-23960) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-0001, CVE-2022-0002) Update Instructions: Run `sudo pro fix USN-5318-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-image-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-headers-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-buildinfo-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-ibm-5.4-tools-5.4.0-1017 - 5.4.0-1017.19~18.04.1 linux-modules-extra-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-ibm-5.4-headers-5.4.0-1017 - 5.4.0-1017.19~18.04.1 linux-modules-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1017.19~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1017.19~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1017.19~18.04.1 linux-tools-5.4.0-1017-ibm - 5.4.0-1017.19~18.04.1 No subscription required linux-modules-extra-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-buildinfo-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-gkeop-5.4-headers-5.4.0-1036 - 5.4.0-1036.37~18.04.1 linux-gkeop-5.4-tools-5.4.0-1036 - 5.4.0-1036.37~18.04.1 linux-cloud-tools-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-tools-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-image-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1036.37~18.04.1 linux-headers-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1036 - 5.4.0-1036.37~18.04.1 linux-image-unsigned-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 linux-modules-5.4.0-1036-gkeop - 5.4.0-1036.37~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-104.118~18.04.1 linux-tools-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-hwe-5.4-tools-5.4.0-104 - 5.4.0-104.118~18.04.1 linux-buildinfo-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-headers-5.4.0-104-generic-lpae - 5.4.0-104.118~18.04.1 linux-image-unsigned-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-cloud-tools-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-104 - 5.4.0-104.118~18.04.1 linux-hwe-5.4-headers-5.4.0-104 - 5.4.0-104.118~18.04.1 linux-headers-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-modules-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-tools-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-buildinfo-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-modules-5.4.0-104-generic-lpae - 5.4.0-104.118~18.04.1 linux-tools-5.4.0-104-generic-lpae - 5.4.0-104.118~18.04.1 linux-headers-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-image-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-104.118~18.04.1 linux-image-5.4.0-104-generic-lpae - 5.4.0-104.118~18.04.1 linux-cloud-tools-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-image-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-image-unsigned-5.4.0-104-lowlatency - 5.4.0-104.118~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-104.118~18.04.1 linux-modules-5.4.0-104-generic - 5.4.0-104.118~18.04.1 linux-buildinfo-5.4.0-104-generic-lpae - 5.4.0-104.118~18.04.1 linux-modules-extra-5.4.0-104-generic - 5.4.0-104.118~18.04.1 No subscription required linux-headers-5.4.0-1055-raspi - 5.4.0-1055.62~18.04.1 linux-modules-5.4.0-1055-raspi - 5.4.0-1055.62~18.04.1 linux-tools-5.4.0-1055-raspi - 5.4.0-1055.62~18.04.1 linux-raspi-5.4-headers-5.4.0-1055 - 5.4.0-1055.62~18.04.1 linux-image-5.4.0-1055-raspi - 5.4.0-1055.62~18.04.1 linux-buildinfo-5.4.0-1055-raspi - 5.4.0-1055.62~18.04.1 linux-raspi-5.4-tools-5.4.0-1055 - 5.4.0-1055.62~18.04.1 No subscription required linux-gke-5.4-headers-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-modules-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-gke-5.4-tools-5.4.0-1065 - 5.4.0-1065.68~18.04.1 linux-modules-extra-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-image-unsigned-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-tools-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-headers-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-buildinfo-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 linux-image-5.4.0-1065-gke - 5.4.0-1065.68~18.04.1 No subscription required linux-image-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-buildinfo-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-modules-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-image-unsigned-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-headers-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-oracle-5.4-headers-5.4.0-1066 - 5.4.0-1066.71~18.04.1 linux-tools-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 linux-oracle-5.4-tools-5.4.0-1066 - 5.4.0-1066.71~18.04.1 linux-modules-extra-5.4.0-1066-oracle - 5.4.0-1066.71~18.04.1 No subscription required linux-gcp-5.4-tools-5.4.0-1067 - 5.4.0-1067.71~18.04.1 linux-headers-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-buildinfo-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-image-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-gcp-5.4-headers-5.4.0-1067 - 5.4.0-1067.71~18.04.1 linux-modules-extra-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-modules-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-tools-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 linux-image-unsigned-5.4.0-1067-gcp - 5.4.0-1067.71~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1068 - 5.4.0-1068.72~18.04.1 linux-cloud-tools-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-modules-extra-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-headers-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-aws-5.4-tools-5.4.0-1068 - 5.4.0-1068.72~18.04.1 linux-tools-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-buildinfo-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-image-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-image-unsigned-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-modules-5.4.0-1068-aws - 5.4.0-1068.72~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1068 - 5.4.0-1068.72~18.04.1 No subscription required linux-image-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-headers-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-cloud-tools-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-azure-5.4-headers-5.4.0-1072 - 5.4.0-1072.75~18.04.1 linux-image-unsigned-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1072 - 5.4.0-1072.75~18.04.1 linux-buildinfo-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-modules-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-modules-extra-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 linux-azure-5.4-tools-5.4.0-1072 - 5.4.0-1072.75~18.04.1 linux-tools-5.4.0-1072-azure - 5.4.0-1072.75~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1017.34 linux-image-ibm - 5.4.0.1017.34 linux-tools-ibm-edge - 5.4.0.1017.34 linux-modules-extra-ibm-edge - 5.4.0.1017.34 linux-ibm - 5.4.0.1017.34 linux-headers-ibm-edge - 5.4.0.1017.34 linux-ibm-edge - 5.4.0.1017.34 linux-headers-ibm - 5.4.0.1017.34 linux-tools-ibm - 5.4.0.1017.34 linux-image-ibm-edge - 5.4.0.1017.34 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1036.37~18.04.36 linux-modules-extra-gkeop-5.4 - 5.4.0.1036.37~18.04.36 linux-gkeop-5.4 - 5.4.0.1036.37~18.04.36 linux-headers-gkeop-5.4 - 5.4.0.1036.37~18.04.36 linux-image-gkeop-5.4 - 5.4.0.1036.37~18.04.36 linux-tools-gkeop-5.4 - 5.4.0.1036.37~18.04.36 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-headers-snapdragon-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-generic-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-image-snapdragon-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-image-oem - 5.4.0.104.118~18.04.89 linux-tools-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-lowlatency-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-snapdragon-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-extra-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-oem-osp1 - 5.4.0.104.118~18.04.89 linux-snapdragon-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-image-generic-lpae-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-lowlatency-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-generic-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-snapdragon-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-oem-osp1 - 5.4.0.104.118~18.04.89 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-generic-lpae-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-lowlatency-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-tools-oem-osp1 - 5.4.0.104.118~18.04.89 linux-headers-oem - 5.4.0.104.118~18.04.89 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-generic-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-image-generic-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-generic-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-generic-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-oem - 5.4.0.104.118~18.04.89 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-oem - 5.4.0.104.118~18.04.89 linux-tools-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-generic-lpae-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-generic-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-oem-osp1 - 5.4.0.104.118~18.04.89 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-lowlatency-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-lowlatency-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-generic-hwe-18.04 - 5.4.0.104.118~18.04.89 linux-image-virtual-hwe-18.04-edge - 5.4.0.104.118~18.04.89 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.104.118~18.04.89 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1055.57 linux-headers-raspi-hwe-18.04 - 5.4.0.1055.57 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1055.57 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1055.57 linux-raspi-hwe-18.04 - 5.4.0.1055.57 linux-image-raspi-hwe-18.04-edge - 5.4.0.1055.57 linux-tools-raspi-hwe-18.04 - 5.4.0.1055.57 linux-raspi-hwe-18.04-edge - 5.4.0.1055.57 No subscription required linux-headers-gke-5.4 - 5.4.0.1065.68~18.04.29 linux-tools-gke-5.4 - 5.4.0.1065.68~18.04.29 linux-modules-extra-gke-5.4 - 5.4.0.1065.68~18.04.29 linux-gke-5.4 - 5.4.0.1065.68~18.04.29 linux-image-gke-5.4 - 5.4.0.1065.68~18.04.29 No subscription required linux-headers-oracle - 5.4.0.1066.71~18.04.45 linux-tools-oracle - 5.4.0.1066.71~18.04.45 linux-signed-image-oracle - 5.4.0.1066.71~18.04.45 linux-tools-oracle-edge - 5.4.0.1066.71~18.04.45 linux-signed-oracle - 5.4.0.1066.71~18.04.45 linux-oracle-edge - 5.4.0.1066.71~18.04.45 linux-modules-extra-oracle-edge - 5.4.0.1066.71~18.04.45 linux-image-oracle-edge - 5.4.0.1066.71~18.04.45 linux-modules-extra-oracle - 5.4.0.1066.71~18.04.45 linux-signed-oracle-edge - 5.4.0.1066.71~18.04.45 linux-signed-image-oracle-edge - 5.4.0.1066.71~18.04.45 linux-headers-oracle-edge - 5.4.0.1066.71~18.04.45 linux-image-oracle - 5.4.0.1066.71~18.04.45 linux-oracle - 5.4.0.1066.71~18.04.45 No subscription required linux-image-gcp-edge - 5.4.0.1067.52 linux-tools-gcp-edge - 5.4.0.1067.52 linux-modules-extra-gcp - 5.4.0.1067.52 linux-tools-gcp - 5.4.0.1067.52 linux-modules-extra-gcp-edge - 5.4.0.1067.52 linux-gcp - 5.4.0.1067.52 linux-headers-gcp - 5.4.0.1067.52 linux-image-gcp - 5.4.0.1067.52 linux-headers-gcp-edge - 5.4.0.1067.52 linux-gcp-edge - 5.4.0.1067.52 No subscription required linux-headers-aws - 5.4.0.1068.50 linux-image-aws - 5.4.0.1068.50 linux-aws-edge - 5.4.0.1068.50 linux-aws - 5.4.0.1068.50 linux-modules-extra-aws-edge - 5.4.0.1068.50 linux-headers-aws-edge - 5.4.0.1068.50 linux-tools-aws - 5.4.0.1068.50 linux-modules-extra-aws - 5.4.0.1068.50 linux-tools-aws-edge - 5.4.0.1068.50 linux-image-aws-edge - 5.4.0.1068.50 No subscription required linux-cloud-tools-azure - 5.4.0.1072.51 linux-image-azure-edge - 5.4.0.1072.51 linux-signed-image-azure-edge - 5.4.0.1072.51 linux-cloud-tools-azure-edge - 5.4.0.1072.51 linux-modules-extra-azure - 5.4.0.1072.51 linux-azure - 5.4.0.1072.51 linux-image-azure - 5.4.0.1072.51 linux-signed-image-azure - 5.4.0.1072.51 linux-signed-azure - 5.4.0.1072.51 linux-azure-edge - 5.4.0.1072.51 linux-tools-azure - 5.4.0.1072.51 linux-modules-extra-azure-edge - 5.4.0.1072.51 linux-headers-azure-edge - 5.4.0.1072.51 linux-signed-azure-edge - 5.4.0.1072.51 linux-tools-azure-edge - 5.4.0.1072.51 linux-headers-azure - 5.4.0.1072.51 No subscription required High CVE-2022-0001 CVE-2022-0002 CVE-2022-23960 CVE-2022-25636 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI Ubuntu 18.04 LTS Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1037 - 4.15.0-1037.42 linux-modules-4.15.0-1037-dell300x - 4.15.0-1037.42 linux-image-4.15.0-1037-dell300x - 4.15.0-1037.42 linux-buildinfo-4.15.0-1037-dell300x - 4.15.0-1037.42 linux-dell300x-headers-4.15.0-1037 - 4.15.0-1037.42 linux-tools-4.15.0-1037-dell300x - 4.15.0-1037.42 linux-headers-4.15.0-1037-dell300x - 4.15.0-1037.42 linux-image-unsigned-4.15.0-1037-dell300x - 4.15.0-1037.42 No subscription required linux-tools-4.15.0-1089-oracle - 4.15.0-1089.98 linux-buildinfo-4.15.0-1089-oracle - 4.15.0-1089.98 linux-oracle-headers-4.15.0-1089 - 4.15.0-1089.98 linux-modules-extra-4.15.0-1089-oracle - 4.15.0-1089.98 linux-headers-4.15.0-1089-oracle - 4.15.0-1089.98 linux-image-4.15.0-1089-oracle - 4.15.0-1089.98 linux-modules-4.15.0-1089-oracle - 4.15.0-1089.98 linux-oracle-tools-4.15.0-1089 - 4.15.0-1089.98 linux-image-unsigned-4.15.0-1089-oracle - 4.15.0-1089.98 No subscription required linux-modules-4.15.0-1105-raspi2 - 4.15.0-1105.112 linux-headers-4.15.0-1105-raspi2 - 4.15.0-1105.112 linux-raspi2-headers-4.15.0-1105 - 4.15.0-1105.112 linux-buildinfo-4.15.0-1105-raspi2 - 4.15.0-1105.112 linux-raspi2-tools-4.15.0-1105 - 4.15.0-1105.112 linux-image-4.15.0-1105-raspi2 - 4.15.0-1105.112 linux-tools-4.15.0-1105-raspi2 - 4.15.0-1105.112 No subscription required linux-kvm-tools-4.15.0-1109 - 4.15.0-1109.112 linux-modules-4.15.0-1109-kvm - 4.15.0-1109.112 linux-tools-4.15.0-1109-kvm - 4.15.0-1109.112 linux-image-4.15.0-1109-kvm - 4.15.0-1109.112 linux-kvm-headers-4.15.0-1109 - 4.15.0-1109.112 linux-headers-4.15.0-1109-kvm - 4.15.0-1109.112 linux-buildinfo-4.15.0-1109-kvm - 4.15.0-1109.112 No subscription required linux-modules-extra-4.15.0-1118-gcp - 4.15.0-1118.132 linux-tools-4.15.0-1118-gcp - 4.15.0-1118.132 linux-buildinfo-4.15.0-1118-gcp - 4.15.0-1118.132 linux-image-unsigned-4.15.0-1118-gcp - 4.15.0-1118.132 linux-gcp-4.15-tools-4.15.0-1118 - 4.15.0-1118.132 linux-modules-4.15.0-1118-gcp - 4.15.0-1118.132 linux-gcp-4.15-headers-4.15.0-1118 - 4.15.0-1118.132 linux-image-4.15.0-1118-gcp - 4.15.0-1118.132 linux-headers-4.15.0-1118-gcp - 4.15.0-1118.132 No subscription required linux-image-4.15.0-1122-snapdragon - 4.15.0-1122.131 linux-tools-4.15.0-1122-snapdragon - 4.15.0-1122.131 linux-snapdragon-headers-4.15.0-1122 - 4.15.0-1122.131 linux-snapdragon-tools-4.15.0-1122 - 4.15.0-1122.131 linux-buildinfo-4.15.0-1122-snapdragon - 4.15.0-1122.131 linux-modules-4.15.0-1122-snapdragon - 4.15.0-1122.131 linux-headers-4.15.0-1122-snapdragon - 4.15.0-1122.131 No subscription required linux-aws-tools-4.15.0-1123 - 4.15.0-1123.132 linux-buildinfo-4.15.0-1123-aws - 4.15.0-1123.132 linux-modules-extra-4.15.0-1123-aws - 4.15.0-1123.132 linux-aws-cloud-tools-4.15.0-1123 - 4.15.0-1123.132 linux-tools-4.15.0-1123-aws - 4.15.0-1123.132 linux-aws-headers-4.15.0-1123 - 4.15.0-1123.132 linux-headers-4.15.0-1123-aws - 4.15.0-1123.132 linux-image-4.15.0-1123-aws - 4.15.0-1123.132 linux-cloud-tools-4.15.0-1123-aws - 4.15.0-1123.132 linux-image-unsigned-4.15.0-1123-aws - 4.15.0-1123.132 linux-modules-4.15.0-1123-aws - 4.15.0-1123.132 No subscription required linux-modules-4.15.0-1133-azure - 4.15.0-1133.146 linux-image-4.15.0-1133-azure - 4.15.0-1133.146 linux-buildinfo-4.15.0-1133-azure - 4.15.0-1133.146 linux-modules-extra-4.15.0-1133-azure - 4.15.0-1133.146 linux-azure-4.15-tools-4.15.0-1133 - 4.15.0-1133.146 linux-azure-4.15-headers-4.15.0-1133 - 4.15.0-1133.146 linux-cloud-tools-4.15.0-1133-azure - 4.15.0-1133.146 linux-azure-4.15-cloud-tools-4.15.0-1133 - 4.15.0-1133.146 linux-image-unsigned-4.15.0-1133-azure - 4.15.0-1133.146 linux-tools-4.15.0-1133-azure - 4.15.0-1133.146 linux-headers-4.15.0-1133-azure - 4.15.0-1133.146 No subscription required linux-tools-common - 4.15.0-171.180 linux-tools-host - 4.15.0-171.180 linux-doc - 4.15.0-171.180 linux-image-4.15.0-171-generic-lpae - 4.15.0-171.180 linux-modules-4.15.0-171-generic-lpae - 4.15.0-171.180 linux-libc-dev - 4.15.0-171.180 linux-tools-4.15.0-171 - 4.15.0-171.180 linux-cloud-tools-4.15.0-171-lowlatency - 4.15.0-171.180 linux-image-4.15.0-171-generic - 4.15.0-171.180 linux-buildinfo-4.15.0-171-generic - 4.15.0-171.180 linux-modules-4.15.0-171-generic - 4.15.0-171.180 linux-image-4.15.0-171-lowlatency - 4.15.0-171.180 linux-tools-4.15.0-171-generic - 4.15.0-171.180 linux-headers-4.15.0-171 - 4.15.0-171.180 linux-buildinfo-4.15.0-171-lowlatency - 4.15.0-171.180 linux-cloud-tools-4.15.0-171-generic - 4.15.0-171.180 linux-cloud-tools-common - 4.15.0-171.180 linux-tools-4.15.0-171-lowlatency - 4.15.0-171.180 linux-image-unsigned-4.15.0-171-generic - 4.15.0-171.180 linux-cloud-tools-4.15.0-171 - 4.15.0-171.180 linux-modules-extra-4.15.0-171-generic - 4.15.0-171.180 linux-headers-4.15.0-171-generic - 4.15.0-171.180 linux-tools-4.15.0-171-generic-lpae - 4.15.0-171.180 linux-image-unsigned-4.15.0-171-lowlatency - 4.15.0-171.180 linux-buildinfo-4.15.0-171-generic-lpae - 4.15.0-171.180 linux-source-4.15.0 - 4.15.0-171.180 linux-headers-4.15.0-171-generic-lpae - 4.15.0-171.180 linux-headers-4.15.0-171-lowlatency - 4.15.0-171.180 linux-modules-4.15.0-171-lowlatency - 4.15.0-171.180 No subscription required linux-tools-dell300x - 4.15.0.1037.39 linux-headers-dell300x - 4.15.0.1037.39 linux-image-dell300x - 4.15.0.1037.39 linux-dell300x - 4.15.0.1037.39 No subscription required linux-oracle-lts-18.04 - 4.15.0.1089.99 linux-image-oracle-lts-18.04 - 4.15.0.1089.99 linux-signed-image-oracle-lts-18.04 - 4.15.0.1089.99 linux-tools-oracle-lts-18.04 - 4.15.0.1089.99 linux-signed-oracle-lts-18.04 - 4.15.0.1089.99 linux-headers-oracle-lts-18.04 - 4.15.0.1089.99 No subscription required linux-raspi2 - 4.15.0.1105.103 linux-image-raspi2 - 4.15.0.1105.103 linux-tools-raspi2 - 4.15.0.1105.103 linux-headers-raspi2 - 4.15.0.1105.103 No subscription required linux-kvm - 4.15.0.1109.105 linux-headers-kvm - 4.15.0.1109.105 linux-tools-kvm - 4.15.0.1109.105 linux-image-kvm - 4.15.0.1109.105 No subscription required linux-gcp-lts-18.04 - 4.15.0.1118.137 linux-tools-gcp-lts-18.04 - 4.15.0.1118.137 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1118.137 linux-image-gcp-lts-18.04 - 4.15.0.1118.137 linux-headers-gcp-lts-18.04 - 4.15.0.1118.137 No subscription required linux-headers-snapdragon - 4.15.0.1122.125 linux-tools-snapdragon - 4.15.0.1122.125 linux-snapdragon - 4.15.0.1122.125 linux-image-snapdragon - 4.15.0.1122.125 No subscription required linux-headers-aws-lts-18.04 - 4.15.0.1123.126 linux-aws-lts-18.04 - 4.15.0.1123.126 linux-modules-extra-aws-lts-18.04 - 4.15.0.1123.126 linux-tools-aws-lts-18.04 - 4.15.0.1123.126 linux-image-aws-lts-18.04 - 4.15.0.1123.126 No subscription required linux-cloud-tools-azure-lts-18.04 - 4.15.0.1133.106 linux-tools-azure-lts-18.04 - 4.15.0.1133.106 linux-image-azure-lts-18.04 - 4.15.0.1133.106 linux-modules-extra-azure-lts-18.04 - 4.15.0.1133.106 linux-headers-azure-lts-18.04 - 4.15.0.1133.106 linux-signed-image-azure-lts-18.04 - 4.15.0.1133.106 linux-azure-lts-18.04 - 4.15.0.1133.106 linux-signed-azure-lts-18.04 - 4.15.0.1133.106 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.171.160 linux-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-image-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-cloud-tools-virtual - 4.15.0.171.160 linux-headers-generic-lpae - 4.15.0.171.160 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-image-extra-virtual-hwe-16.04 - 4.15.0.171.160 linux-image-virtual - 4.15.0.171.160 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.171.160 linux-tools-lowlatency - 4.15.0.171.160 linux-tools-generic-hwe-16.04-edge - 4.15.0.171.160 linux-headers-generic-hwe-16.04-edge - 4.15.0.171.160 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.171.160 linux-generic-lpae-hwe-16.04 - 4.15.0.171.160 linux-signed-generic-hwe-16.04-edge - 4.15.0.171.160 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-image-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-generic-lpae-hwe-16.04-edge - 4.15.0.171.160 linux-signed-image-lowlatency - 4.15.0.171.160 linux-signed-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-crashdump - 4.15.0.171.160 linux-signed-image-generic - 4.15.0.171.160 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-lowlatency - 4.15.0.171.160 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.171.160 linux-source - 4.15.0.171.160 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.171.160 linux-cloud-tools-generic - 4.15.0.171.160 linux-generic-hwe-16.04-edge - 4.15.0.171.160 linux-virtual - 4.15.0.171.160 linux-headers-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-tools-generic-lpae - 4.15.0.171.160 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.171.160 linux-tools-generic-hwe-16.04 - 4.15.0.171.160 linux-tools-virtual - 4.15.0.171.160 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-generic-lpae - 4.15.0.171.160 linux-generic - 4.15.0.171.160 linux-signed-image-generic-hwe-16.04 - 4.15.0.171.160 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.171.160 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-headers-lowlatency - 4.15.0.171.160 linux-headers-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-headers-generic-hwe-16.04 - 4.15.0.171.160 linux-generic-hwe-16.04 - 4.15.0.171.160 linux-tools-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-image-generic-hwe-16.04 - 4.15.0.171.160 linux-tools-virtual-hwe-16.04 - 4.15.0.171.160 linux-virtual-hwe-16.04 - 4.15.0.171.160 linux-image-extra-virtual - 4.15.0.171.160 linux-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-tools-generic - 4.15.0.171.160 linux-cloud-tools-lowlatency - 4.15.0.171.160 linux-image-generic-hwe-16.04-edge - 4.15.0.171.160 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-tools-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-signed-generic - 4.15.0.171.160 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.171.160 linux-headers-generic - 4.15.0.171.160 linux-signed-lowlatency - 4.15.0.171.160 linux-image-generic-lpae-hwe-16.04 - 4.15.0.171.160 linux-virtual-hwe-16.04-edge - 4.15.0.171.160 linux-image-generic - 4.15.0.171.160 linux-image-virtual-hwe-16.04 - 4.15.0.171.160 linux-headers-virtual - 4.15.0.171.160 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.171.160 linux-signed-generic-hwe-16.04 - 4.15.0.171.160 linux-image-generic-lpae - 4.15.0.171.160 linux-headers-virtual-hwe-16.04 - 4.15.0.171.160 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.171.160 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.171.160 linux-image-lowlatency - 4.15.0.171.160 No subscription required High CVE-2022-0001 CVE-2022-0002 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI Ubuntu 18.04 LTS USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314) It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315) Original advisory details: It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-5320-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.2.5-3ubuntu0.7 libexpat1-dev - 2.2.5-3ubuntu0.7 libexpat1 - 2.2.5-3ubuntu0.7 No subscription required Medium CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 https://launchpad.net/bugs/1963903 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387) Update Instructions: Run `sudo pro fix USN-5321-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-nn - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ne - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-nb - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-fa - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-fi - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-fr - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-fy - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-or - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-kab - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-oc - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-cs - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ga - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-gd - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-gn - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-gl - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-gu - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-pa - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-pl - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-cy - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-pt - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-szl - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-hi - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ms - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-he - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-hy - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-hr - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-hu - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-it - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-as - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ar - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ia - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-az - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-id - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-mai - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-af - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-is - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-vi - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-an - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-bs - 98.0+build3-0ubuntu0.18.04.2 firefox - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ro - 98.0+build3-0ubuntu0.18.04.2 firefox-geckodriver - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ja - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ru - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-br - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-zh-hant - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-zh-hans - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-bn - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-be - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-bg - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sl - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sk - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-si - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sw - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sv - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sr - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-sq - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ko - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-kn - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-km - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-kk - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ka - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-xh - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ca - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ku - 98.0+build3-0ubuntu0.18.04.2 firefox-mozsymbols - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-lv - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-lt - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-th - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-hsb - 98.0+build3-0ubuntu0.18.04.2 firefox-dev - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-te - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-cak - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ta - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-lg - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-tr - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-nso - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-de - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-da - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-uk - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-mr - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-my - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-uz - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ml - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-mn - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-mk - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ur - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-eu - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-et - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-es - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-csb - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-el - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-eo - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-en - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-zu - 98.0+build3-0ubuntu0.18.04.2 firefox-locale-ast - 98.0+build3-0ubuntu0.18.04.2 No subscription required Medium CVE-2022-0843 CVE-2022-26381 CVE-2022-26382 CVE-2022-26383 CVE-2022-26384 CVE-2022-26385 CVE-2022-26387 Ubuntu 18.04 LTS USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down search menu. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387) Update Instructions: Run `sudo pro fix USN-5321-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-szl - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 98.0.1+build2-0ubuntu0.18.04.1 firefox - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 98.0.1+build2-0ubuntu0.18.04.1 firefox-geckodriver - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 98.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 98.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 98.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 98.0.1+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-0843 CVE-2022-26381 CVE-2022-26382 CVE-2022-26383 CVE-2022-26384 CVE-2022-26385 CVE-2022-26387 Ubuntu 18.04 LTS USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387) Update Instructions: Run `sudo pro fix USN-5321-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 98.0.2+build1-0ubuntu0.18.04.1 firefox - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 98.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 98.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 98.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 98.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 98.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1966306 Ubuntu 18.04 LTS It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5323-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nbd-server - 1:3.16.2-1ubuntu0.2 nbd-client - 1:3.16.2-1ubuntu0.2 No subscription required Medium CVE-2022-26495 CVE-2022-26496 Ubuntu 18.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5324-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.5 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.5 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.5 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.5 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.5 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.5 No subscription required Medium CVE-2022-23308 Ubuntu 18.04 LTS Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. (CVE-2019-20044) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444) Update Instructions: Run `sudo pro fix USN-5325-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zsh-static - 5.4.2-3ubuntu3.2 zsh-common - 5.4.2-3ubuntu3.2 zsh-dev - 5.4.2-3ubuntu3.2 zsh - 5.4.2-3ubuntu3.2 zsh-doc - 5.4.2-3ubuntu3.2 No subscription required Low CVE-2019-20044 CVE-2021-45444 Ubuntu 18.04 LTS Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions. Update Instructions: Run `sudo pro fix USN-5327-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsh-server - 0.17-17ubuntu0.1 rsh-client - 0.17-17ubuntu0.1 No subscription required Medium CVE-2019-7282 Ubuntu 18.04 LTS Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5328-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.8 libssl1.0-dev - 1.0.2n-1ubuntu5.8 openssl1.0 - 1.0.2n-1ubuntu5.8 No subscription required libssl-dev - 1.1.1-1ubuntu2.1~18.04.15 openssl - 1.1.1-1ubuntu2.1~18.04.15 libssl-doc - 1.1.1-1ubuntu2.1~18.04.15 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.15 No subscription required High CVE-2022-0778 Ubuntu 18.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.29b-2ubuntu0.3 tar - 1.29b-2ubuntu0.3 No subscription required Low CVE-2021-20193 Ubuntu 18.04 LTS It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations. Update Instructions: Run `sudo pro fix USN-5330-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.11 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.11 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.11 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.11 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.11 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.11 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.11 python3-uno - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.11 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.11 libreoffice - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.11 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.11 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.11 No subscription required ure - 6.0.7-0ubuntu0.18.04.11 uno-libs3 - 6.0.7-0ubuntu0.18.04.11 No subscription required Medium CVE-2021-25636 Ubuntu 18.04 LTS USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301) It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037) Update Instructions: Run `sudo pro fix USN-5331-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tcpdump - 4.9.3-0ubuntu0.18.04.2 No subscription required Low CVE-2018-16301 CVE-2020-8037 Ubuntu 18.04 LTS Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) It was discovered that Bind incorrectly handled certain crafted TCP streams. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 21.10. (CVE-2022-0396) Update Instructions: Run `sudo pro fix USN-5332-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.11.3+dfsg-1ubuntu1.17 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.17 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.17 bind9utils - 1:9.11.3+dfsg-1ubuntu1.17 bind9-host - 1:9.11.3+dfsg-1ubuntu1.17 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.17 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.17 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.17 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.17 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.17 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.17 libirs160 - 1:9.11.3+dfsg-1ubuntu1.17 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.17 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.17 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.17 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.17 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.17 bind9 - 1:9.11.3+dfsg-1ubuntu1.17 libisc169 - 1:9.11.3+dfsg-1ubuntu1.17 No subscription required Medium CVE-2021-25220 CVE-2022-0396 Ubuntu 18.04 LTS Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update Instructions: Run `sudo pro fix USN-5333-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.22 apache2-utils - 2.4.29-1ubuntu4.22 apache2-dev - 2.4.29-1ubuntu4.22 apache2-suexec-pristine - 2.4.29-1ubuntu4.22 apache2-suexec-custom - 2.4.29-1ubuntu4.22 apache2 - 2.4.29-1ubuntu4.22 apache2-doc - 2.4.29-1ubuntu4.22 apache2-ssl-dev - 2.4.29-1ubuntu4.22 apache2-bin - 2.4.29-1ubuntu4.22 No subscription required Medium CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 Ubuntu 18.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) Jürgen Groß discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) It was discovered that the simulated networking device driver for the Linux kernel did not properly initialize memory in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4135) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45480) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access. (CVE-2022-0516) Update Instructions: Run `sudo pro fix USN-5338-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1018 - 5.4.0-1018.20~18.04.1 linux-image-unsigned-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-buildinfo-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-image-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-modules-extra-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-modules-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-headers-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-tools-5.4.0-1018-ibm - 5.4.0-1018.20~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1018.20~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1018.20~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1018.20~18.04.1 linux-ibm-5.4-tools-5.4.0-1018 - 5.4.0-1018.20~18.04.1 No subscription required linux-image-unsigned-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-cloud-tools-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-gkeop-5.4-headers-5.4.0-1037 - 5.4.0-1037.38~18.04.1 linux-modules-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-gkeop-5.4-tools-5.4.0-1037 - 5.4.0-1037.38~18.04.1 linux-buildinfo-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-image-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-tools-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1037.38~18.04.1 linux-modules-extra-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1037 - 5.4.0-1037.38~18.04.1 linux-headers-5.4.0-1037-gkeop - 5.4.0-1037.38~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-105.119~18.04.1 linux-headers-5.4.0-105-generic-lpae - 5.4.0-105.119~18.04.1 linux-modules-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-hwe-5.4-tools-5.4.0-105 - 5.4.0-105.119~18.04.1 linux-headers-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-buildinfo-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-cloud-tools-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-image-unsigned-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-tools-5.4.0-105-generic-lpae - 5.4.0-105.119~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-105 - 5.4.0-105.119~18.04.1 linux-headers-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-hwe-5.4-headers-5.4.0-105 - 5.4.0-105.119~18.04.1 linux-buildinfo-5.4.0-105-generic-lpae - 5.4.0-105.119~18.04.1 linux-modules-5.4.0-105-generic-lpae - 5.4.0-105.119~18.04.1 linux-image-unsigned-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-cloud-tools-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-buildinfo-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-image-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-105.119~18.04.1 linux-image-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-105.119~18.04.1 linux-modules-extra-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-tools-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-tools-5.4.0-105-generic - 5.4.0-105.119~18.04.1 linux-modules-5.4.0-105-lowlatency - 5.4.0-105.119~18.04.1 linux-image-5.4.0-105-generic-lpae - 5.4.0-105.119~18.04.1 No subscription required linux-image-5.4.0-1056-raspi - 5.4.0-1056.63~18.04.1 linux-headers-5.4.0-1056-raspi - 5.4.0-1056.63~18.04.1 linux-buildinfo-5.4.0-1056-raspi - 5.4.0-1056.63~18.04.1 linux-modules-5.4.0-1056-raspi - 5.4.0-1056.63~18.04.1 linux-tools-5.4.0-1056-raspi - 5.4.0-1056.63~18.04.1 linux-raspi-5.4-headers-5.4.0-1056 - 5.4.0-1056.63~18.04.1 linux-raspi-5.4-tools-5.4.0-1056 - 5.4.0-1056.63~18.04.1 No subscription required linux-gke-5.4-headers-5.4.0-1066 - 5.4.0-1066.69~18.04.1 linux-modules-extra-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-modules-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-gke-5.4-tools-5.4.0-1066 - 5.4.0-1066.69~18.04.1 linux-image-unsigned-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-headers-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-buildinfo-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-image-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 linux-tools-5.4.0-1066-gke - 5.4.0-1066.69~18.04.1 No subscription required linux-modules-extra-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-image-unsigned-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-buildinfo-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-headers-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-modules-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-image-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-tools-5.4.0-1067-oracle - 5.4.0-1067.72~18.04.1 linux-oracle-5.4-tools-5.4.0-1067 - 5.4.0-1067.72~18.04.1 linux-oracle-5.4-headers-5.4.0-1067 - 5.4.0-1067.72~18.04.1 No subscription required linux-buildinfo-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-modules-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-gcp-5.4-tools-5.4.0-1068 - 5.4.0-1068.72~18.04.1 linux-image-unsigned-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-image-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-modules-extra-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-headers-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 linux-gcp-5.4-headers-5.4.0-1068 - 5.4.0-1068.72~18.04.1 linux-tools-5.4.0-1068-gcp - 5.4.0-1068.72~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1069 - 5.4.0-1069.73~18.04.1 linux-aws-5.4-tools-5.4.0-1069 - 5.4.0-1069.73~18.04.1 linux-modules-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-headers-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-image-unsigned-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-cloud-tools-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-modules-extra-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-tools-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-buildinfo-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1069 - 5.4.0-1069.73~18.04.1 linux-image-5.4.0-1069-aws - 5.4.0-1069.73~18.04.1 No subscription required linux-image-unsigned-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-azure-5.4-headers-5.4.0-1073 - 5.4.0-1073.76~18.04.1 linux-modules-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1073 - 5.4.0-1073.76~18.04.1 linux-cloud-tools-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-buildinfo-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-azure-5.4-tools-5.4.0-1073 - 5.4.0-1073.76~18.04.1 linux-headers-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-tools-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-modules-extra-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 linux-image-5.4.0-1073-azure - 5.4.0-1073.76~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1018.35 linux-image-ibm - 5.4.0.1018.35 linux-modules-extra-ibm-edge - 5.4.0.1018.35 linux-headers-ibm-edge - 5.4.0.1018.35 linux-tools-ibm-edge - 5.4.0.1018.35 linux-tools-ibm - 5.4.0.1018.35 linux-ibm - 5.4.0.1018.35 linux-ibm-edge - 5.4.0.1018.35 linux-headers-ibm - 5.4.0.1018.35 linux-image-ibm-edge - 5.4.0.1018.35 No subscription required linux-image-gkeop-5.4 - 5.4.0.1037.38~18.04.37 linux-cloud-tools-gkeop-5.4 - 5.4.0.1037.38~18.04.37 linux-modules-extra-gkeop-5.4 - 5.4.0.1037.38~18.04.37 linux-headers-gkeop-5.4 - 5.4.0.1037.38~18.04.37 linux-tools-gkeop-5.4 - 5.4.0.1037.38~18.04.37 linux-gkeop-5.4 - 5.4.0.1037.38~18.04.37 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-headers-snapdragon-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-image-generic-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-oem - 5.4.0.105.119~18.04.90 linux-tools-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-lowlatency-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-snapdragon-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-lowlatency-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-oem-osp1 - 5.4.0.105.119~18.04.90 linux-snapdragon-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-generic-lpae-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-generic-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-oem-osp1 - 5.4.0.105.119~18.04.90 linux-tools-snapdragon-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-image-snapdragon-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-image-lowlatency-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-generic-lpae-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-oem - 5.4.0.105.119~18.04.90 linux-image-extra-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-tools-generic-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-generic-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-generic-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-oem - 5.4.0.105.119~18.04.90 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-oem - 5.4.0.105.119~18.04.90 linux-headers-oem-osp1 - 5.4.0.105.119~18.04.90 linux-tools-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-tools-generic-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-generic-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-oem-osp1 - 5.4.0.105.119~18.04.90 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-generic-lpae-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-lowlatency-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-generic-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-image-virtual-hwe-18.04-edge - 5.4.0.105.119~18.04.90 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.105.119~18.04.90 linux-tools-lowlatency-hwe-18.04 - 5.4.0.105.119~18.04.90 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1056.58 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1056.58 linux-headers-raspi-hwe-18.04 - 5.4.0.1056.58 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1056.58 linux-raspi-hwe-18.04 - 5.4.0.1056.58 linux-raspi-hwe-18.04-edge - 5.4.0.1056.58 linux-image-raspi-hwe-18.04-edge - 5.4.0.1056.58 linux-tools-raspi-hwe-18.04 - 5.4.0.1056.58 No subscription required linux-headers-gke-5.4 - 5.4.0.1066.69~18.04.30 linux-tools-gke-5.4 - 5.4.0.1066.69~18.04.30 linux-modules-extra-gke-5.4 - 5.4.0.1066.69~18.04.30 linux-gke-5.4 - 5.4.0.1066.69~18.04.30 linux-image-gke-5.4 - 5.4.0.1066.69~18.04.30 No subscription required linux-signed-image-oracle - 5.4.0.1067.72~18.04.46 linux-signed-oracle - 5.4.0.1067.72~18.04.46 linux-tools-oracle-edge - 5.4.0.1067.72~18.04.46 linux-modules-extra-oracle-edge - 5.4.0.1067.72~18.04.46 linux-image-oracle-edge - 5.4.0.1067.72~18.04.46 linux-modules-extra-oracle - 5.4.0.1067.72~18.04.46 linux-signed-oracle-edge - 5.4.0.1067.72~18.04.46 linux-oracle-edge - 5.4.0.1067.72~18.04.46 linux-headers-oracle - 5.4.0.1067.72~18.04.46 linux-signed-image-oracle-edge - 5.4.0.1067.72~18.04.46 linux-headers-oracle-edge - 5.4.0.1067.72~18.04.46 linux-image-oracle - 5.4.0.1067.72~18.04.46 linux-tools-oracle - 5.4.0.1067.72~18.04.46 linux-oracle - 5.4.0.1067.72~18.04.46 No subscription required linux-image-gcp-edge - 5.4.0.1068.53 linux-tools-gcp-edge - 5.4.0.1068.53 linux-headers-gcp-edge - 5.4.0.1068.53 linux-modules-extra-gcp - 5.4.0.1068.53 linux-modules-extra-gcp-edge - 5.4.0.1068.53 linux-tools-gcp - 5.4.0.1068.53 linux-gcp - 5.4.0.1068.53 linux-headers-gcp - 5.4.0.1068.53 linux-image-gcp - 5.4.0.1068.53 linux-gcp-edge - 5.4.0.1068.53 No subscription required linux-headers-aws - 5.4.0.1069.51 linux-image-aws - 5.4.0.1069.51 linux-tools-aws-edge - 5.4.0.1069.51 linux-aws-edge - 5.4.0.1069.51 linux-aws - 5.4.0.1069.51 linux-modules-extra-aws - 5.4.0.1069.51 linux-headers-aws-edge - 5.4.0.1069.51 linux-tools-aws - 5.4.0.1069.51 linux-modules-extra-aws-edge - 5.4.0.1069.51 linux-image-aws-edge - 5.4.0.1069.51 No subscription required linux-signed-azure - 5.4.0.1073.52 linux-tools-azure-edge - 5.4.0.1073.52 linux-tools-azure - 5.4.0.1073.52 linux-image-azure-edge - 5.4.0.1073.52 linux-signed-image-azure-edge - 5.4.0.1073.52 linux-cloud-tools-azure-edge - 5.4.0.1073.52 linux-modules-extra-azure - 5.4.0.1073.52 linux-cloud-tools-azure - 5.4.0.1073.52 linux-azure - 5.4.0.1073.52 linux-image-azure - 5.4.0.1073.52 linux-signed-image-azure - 5.4.0.1073.52 linux-headers-azure-edge - 5.4.0.1073.52 linux-azure-edge - 5.4.0.1073.52 linux-modules-extra-azure-edge - 5.4.0.1073.52 linux-signed-azure-edge - 5.4.0.1073.52 linux-headers-azure - 5.4.0.1073.52 No subscription required High CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-4135 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45480 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 Ubuntu 18.04 LTS Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) Update Instructions: Run `sudo pro fix USN-5339-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-tools-4.15.0-1038 - 4.15.0-1038.43 linux-buildinfo-4.15.0-1038-dell300x - 4.15.0-1038.43 linux-image-unsigned-4.15.0-1038-dell300x - 4.15.0-1038.43 linux-headers-4.15.0-1038-dell300x - 4.15.0-1038.43 linux-dell300x-headers-4.15.0-1038 - 4.15.0-1038.43 linux-image-4.15.0-1038-dell300x - 4.15.0-1038.43 linux-modules-4.15.0-1038-dell300x - 4.15.0-1038.43 linux-tools-4.15.0-1038-dell300x - 4.15.0-1038.43 No subscription required linux-oracle-tools-4.15.0-1090 - 4.15.0-1090.99 linux-tools-4.15.0-1090-oracle - 4.15.0-1090.99 linux-buildinfo-4.15.0-1090-oracle - 4.15.0-1090.99 linux-headers-4.15.0-1090-oracle - 4.15.0-1090.99 linux-image-unsigned-4.15.0-1090-oracle - 4.15.0-1090.99 linux-image-4.15.0-1090-oracle - 4.15.0-1090.99 linux-oracle-headers-4.15.0-1090 - 4.15.0-1090.99 linux-modules-extra-4.15.0-1090-oracle - 4.15.0-1090.99 linux-modules-4.15.0-1090-oracle - 4.15.0-1090.99 No subscription required linux-headers-4.15.0-1106-raspi2 - 4.15.0-1106.113 linux-buildinfo-4.15.0-1106-raspi2 - 4.15.0-1106.113 linux-raspi2-headers-4.15.0-1106 - 4.15.0-1106.113 linux-raspi2-tools-4.15.0-1106 - 4.15.0-1106.113 linux-modules-4.15.0-1106-raspi2 - 4.15.0-1106.113 linux-image-4.15.0-1106-raspi2 - 4.15.0-1106.113 linux-tools-4.15.0-1106-raspi2 - 4.15.0-1106.113 No subscription required linux-headers-4.15.0-1110-kvm - 4.15.0-1110.113 linux-image-4.15.0-1110-kvm - 4.15.0-1110.113 linux-kvm-tools-4.15.0-1110 - 4.15.0-1110.113 linux-kvm-headers-4.15.0-1110 - 4.15.0-1110.113 linux-modules-4.15.0-1110-kvm - 4.15.0-1110.113 linux-tools-4.15.0-1110-kvm - 4.15.0-1110.113 linux-buildinfo-4.15.0-1110-kvm - 4.15.0-1110.113 No subscription required linux-buildinfo-4.15.0-1119-gcp - 4.15.0-1119.133 linux-image-4.15.0-1119-gcp - 4.15.0-1119.133 linux-gcp-4.15-tools-4.15.0-1119 - 4.15.0-1119.133 linux-modules-4.15.0-1119-gcp - 4.15.0-1119.133 linux-gcp-4.15-headers-4.15.0-1119 - 4.15.0-1119.133 linux-headers-4.15.0-1119-gcp - 4.15.0-1119.133 linux-tools-4.15.0-1119-gcp - 4.15.0-1119.133 linux-modules-extra-4.15.0-1119-gcp - 4.15.0-1119.133 linux-image-unsigned-4.15.0-1119-gcp - 4.15.0-1119.133 No subscription required linux-image-4.15.0-1123-snapdragon - 4.15.0-1123.132 linux-headers-4.15.0-1123-snapdragon - 4.15.0-1123.132 linux-buildinfo-4.15.0-1123-snapdragon - 4.15.0-1123.132 linux-snapdragon-headers-4.15.0-1123 - 4.15.0-1123.132 linux-snapdragon-tools-4.15.0-1123 - 4.15.0-1123.132 linux-modules-4.15.0-1123-snapdragon - 4.15.0-1123.132 linux-tools-4.15.0-1123-snapdragon - 4.15.0-1123.132 No subscription required linux-buildinfo-4.15.0-1124-aws - 4.15.0-1124.133 linux-aws-tools-4.15.0-1124 - 4.15.0-1124.133 linux-modules-4.15.0-1124-aws - 4.15.0-1124.133 linux-tools-4.15.0-1124-aws - 4.15.0-1124.133 linux-modules-extra-4.15.0-1124-aws - 4.15.0-1124.133 linux-aws-cloud-tools-4.15.0-1124 - 4.15.0-1124.133 linux-image-unsigned-4.15.0-1124-aws - 4.15.0-1124.133 linux-aws-headers-4.15.0-1124 - 4.15.0-1124.133 linux-cloud-tools-4.15.0-1124-aws - 4.15.0-1124.133 linux-image-4.15.0-1124-aws - 4.15.0-1124.133 linux-headers-4.15.0-1124-aws - 4.15.0-1124.133 No subscription required linux-modules-extra-4.15.0-1134-azure - 4.15.0-1134.147 linux-buildinfo-4.15.0-1134-azure - 4.15.0-1134.147 linux-headers-4.15.0-1134-azure - 4.15.0-1134.147 linux-tools-4.15.0-1134-azure - 4.15.0-1134.147 linux-azure-4.15-tools-4.15.0-1134 - 4.15.0-1134.147 linux-image-4.15.0-1134-azure - 4.15.0-1134.147 linux-cloud-tools-4.15.0-1134-azure - 4.15.0-1134.147 linux-modules-4.15.0-1134-azure - 4.15.0-1134.147 linux-azure-4.15-headers-4.15.0-1134 - 4.15.0-1134.147 linux-azure-4.15-cloud-tools-4.15.0-1134 - 4.15.0-1134.147 linux-image-unsigned-4.15.0-1134-azure - 4.15.0-1134.147 No subscription required linux-image-unsigned-4.15.0-173-lowlatency - 4.15.0-173.182 linux-tools-common - 4.15.0-173.182 linux-modules-extra-4.15.0-173-generic - 4.15.0-173.182 linux-buildinfo-4.15.0-173-lowlatency - 4.15.0-173.182 linux-doc - 4.15.0-173.182 linux-image-4.15.0-173-generic - 4.15.0-173.182 linux-headers-4.15.0-173-generic - 4.15.0-173.182 linux-tools-4.15.0-173-generic-lpae - 4.15.0-173.182 linux-tools-4.15.0-173-generic - 4.15.0-173.182 linux-modules-4.15.0-173-generic-lpae - 4.15.0-173.182 linux-libc-dev - 4.15.0-173.182 linux-image-unsigned-4.15.0-173-generic - 4.15.0-173.182 linux-headers-4.15.0-173-lowlatency - 4.15.0-173.182 linux-headers-4.15.0-173-generic-lpae - 4.15.0-173.182 linux-tools-4.15.0-173-lowlatency - 4.15.0-173.182 linux-buildinfo-4.15.0-173-generic-lpae - 4.15.0-173.182 linux-tools-host - 4.15.0-173.182 linux-modules-4.15.0-173-lowlatency - 4.15.0-173.182 linux-cloud-tools-4.15.0-173 - 4.15.0-173.182 linux-buildinfo-4.15.0-173-generic - 4.15.0-173.182 linux-cloud-tools-common - 4.15.0-173.182 linux-headers-4.15.0-173 - 4.15.0-173.182 linux-image-4.15.0-173-lowlatency - 4.15.0-173.182 linux-tools-4.15.0-173 - 4.15.0-173.182 linux-modules-4.15.0-173-generic - 4.15.0-173.182 linux-cloud-tools-4.15.0-173-generic - 4.15.0-173.182 linux-cloud-tools-4.15.0-173-lowlatency - 4.15.0-173.182 linux-image-4.15.0-173-generic-lpae - 4.15.0-173.182 linux-source-4.15.0 - 4.15.0-173.182 No subscription required linux-tools-dell300x - 4.15.0.1038.40 linux-headers-dell300x - 4.15.0.1038.40 linux-image-dell300x - 4.15.0.1038.40 linux-dell300x - 4.15.0.1038.40 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1090.100 linux-signed-image-oracle-lts-18.04 - 4.15.0.1090.100 linux-oracle-lts-18.04 - 4.15.0.1090.100 linux-signed-oracle-lts-18.04 - 4.15.0.1090.100 linux-headers-oracle-lts-18.04 - 4.15.0.1090.100 linux-tools-oracle-lts-18.04 - 4.15.0.1090.100 No subscription required linux-raspi2 - 4.15.0.1106.104 linux-headers-raspi2 - 4.15.0.1106.104 linux-image-raspi2 - 4.15.0.1106.104 linux-tools-raspi2 - 4.15.0.1106.104 No subscription required linux-kvm - 4.15.0.1110.106 linux-headers-kvm - 4.15.0.1110.106 linux-image-kvm - 4.15.0.1110.106 linux-tools-kvm - 4.15.0.1110.106 No subscription required linux-gcp-lts-18.04 - 4.15.0.1119.138 linux-tools-gcp-lts-18.04 - 4.15.0.1119.138 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1119.138 linux-image-gcp-lts-18.04 - 4.15.0.1119.138 linux-headers-gcp-lts-18.04 - 4.15.0.1119.138 No subscription required linux-snapdragon - 4.15.0.1123.126 linux-headers-snapdragon - 4.15.0.1123.126 linux-tools-snapdragon - 4.15.0.1123.126 linux-image-snapdragon - 4.15.0.1123.126 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1124.127 linux-headers-aws-lts-18.04 - 4.15.0.1124.127 linux-aws-lts-18.04 - 4.15.0.1124.127 linux-modules-extra-aws-lts-18.04 - 4.15.0.1124.127 linux-tools-aws-lts-18.04 - 4.15.0.1124.127 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1134.107 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1134.107 linux-tools-azure-lts-18.04 - 4.15.0.1134.107 linux-headers-azure-lts-18.04 - 4.15.0.1134.107 linux-signed-image-azure-lts-18.04 - 4.15.0.1134.107 linux-azure-lts-18.04 - 4.15.0.1134.107 linux-signed-azure-lts-18.04 - 4.15.0.1134.107 linux-image-azure-lts-18.04 - 4.15.0.1134.107 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-cloud-tools-virtual - 4.15.0.173.162 linux-headers-generic-lpae - 4.15.0.173.162 linux-image-extra-virtual-hwe-16.04 - 4.15.0.173.162 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.173.162 linux-signed-lowlatency - 4.15.0.173.162 linux-image-generic - 4.15.0.173.162 linux-tools-lowlatency - 4.15.0.173.162 linux-headers-generic-hwe-16.04-edge - 4.15.0.173.162 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.173.162 linux-generic-lpae-hwe-16.04 - 4.15.0.173.162 linux-signed-generic-hwe-16.04-edge - 4.15.0.173.162 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-image-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-generic-lpae-hwe-16.04-edge - 4.15.0.173.162 linux-signed-image-lowlatency - 4.15.0.173.162 linux-signed-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-crashdump - 4.15.0.173.162 linux-signed-image-generic - 4.15.0.173.162 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.173.162 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.173.162 linux-source - 4.15.0.173.162 linux-lowlatency - 4.15.0.173.162 linux-tools-generic-lpae - 4.15.0.173.162 linux-cloud-tools-generic - 4.15.0.173.162 linux-generic-hwe-16.04-edge - 4.15.0.173.162 linux-virtual - 4.15.0.173.162 linux-headers-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-tools-virtual-hwe-16.04 - 4.15.0.173.162 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.173.162 linux-tools-generic-hwe-16.04 - 4.15.0.173.162 linux-tools-virtual - 4.15.0.173.162 linux-image-generic-lpae - 4.15.0.173.162 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-generic-lpae - 4.15.0.173.162 linux-generic - 4.15.0.173.162 linux-image-virtual - 4.15.0.173.162 linux-signed-generic-hwe-16.04 - 4.15.0.173.162 linux-signed-image-generic-hwe-16.04 - 4.15.0.173.162 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.173.162 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-headers-lowlatency - 4.15.0.173.162 linux-headers-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-generic-hwe-16.04 - 4.15.0.173.162 linux-tools-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-tools-generic - 4.15.0.173.162 linux-virtual-hwe-16.04 - 4.15.0.173.162 linux-image-generic-hwe-16.04-edge - 4.15.0.173.162 linux-image-extra-virtual - 4.15.0.173.162 linux-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-cloud-tools-lowlatency - 4.15.0.173.162 linux-image-generic-hwe-16.04 - 4.15.0.173.162 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-image-generic-lpae-hwe-16.04 - 4.15.0.173.162 linux-tools-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-signed-generic - 4.15.0.173.162 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.173.162 linux-headers-generic - 4.15.0.173.162 linux-headers-virtual-hwe-16.04 - 4.15.0.173.162 linux-virtual-hwe-16.04-edge - 4.15.0.173.162 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.173.162 linux-image-virtual-hwe-16.04 - 4.15.0.173.162 linux-headers-generic-hwe-16.04 - 4.15.0.173.162 linux-headers-virtual - 4.15.0.173.162 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.173.162 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.173.162 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.173.162 linux-tools-generic-hwe-16.04-edge - 4.15.0.173.162 linux-image-lowlatency - 4.15.0.173.162 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.173.162 No subscription required High CVE-2021-3506 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2022-0435 CVE-2022-0492 Ubuntu 18.04 LTS Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. (CVE-2018-9861) Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9281) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 21.10. (CVE-2021-32808) Anton Subbotin discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. (CVE-2021-32809) Or Sahar discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33829) Mika Kulmala discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37695) Update Instructions: Run `sudo pro fix USN-5340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ckeditor - 4.5.7+dfsg-2ubuntu0.18.04.1 No subscription required Medium CVE-2018-9861 CVE-2020-9281 CVE-2021-32808 CVE-2021-32809 CVE-2021-33829 CVE-2021-37695 Ubuntu 18.04 LTS David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426) It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update Instructions: Run `sudo pro fix USN-5342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.7 python2.7-doc - 2.7.17-1~18.04ubuntu1.7 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.7 libpython2.7 - 2.7.17-1~18.04ubuntu1.7 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.7 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.7 python2.7 - 2.7.17-1~18.04ubuntu1.7 idle-python2.7 - 2.7.17-1~18.04ubuntu1.7 python2.7-examples - 2.7.17-1~18.04ubuntu1.7 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.7 python2.7-minimal - 2.7.17-1~18.04ubuntu1.7 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.7 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.7 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.7 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.7 python3.6-examples - 3.6.9-1~18.04ubuntu1.7 python3.6-venv - 3.6.9-1~18.04ubuntu1.7 python3.6-minimal - 3.6.9-1~18.04ubuntu1.7 python3.6 - 3.6.9-1~18.04ubuntu1.7 idle-python3.6 - 3.6.9-1~18.04ubuntu1.7 python3.6-doc - 3.6.9-1~18.04ubuntu1.7 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.7 libpython3.6 - 3.6.9-1~18.04ubuntu1.7 No subscription required Medium CVE-2021-3426 CVE-2021-4189 CVE-2022-0391 Ubuntu 18.04 LTS USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding fix for CVE-2021-3426 for Ubuntu 18.04 ESM. Original advisory details: David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426) It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2021-4189) It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0391) Update Instructions: Run `sudo pro fix USN-5342-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.7-doc - 3.7.5-2ubuntu1~18.04.2+esm1 libpython3.7-minimal - 3.7.5-2ubuntu1~18.04.2+esm1 libpython3.7-testsuite - 3.7.5-2ubuntu1~18.04.2+esm1 libpython3.7-stdlib - 3.7.5-2ubuntu1~18.04.2+esm1 python3.7-minimal - 3.7.5-2ubuntu1~18.04.2+esm1 python3.7 - 3.7.5-2ubuntu1~18.04.2+esm1 python3.7-venv - 3.7.5-2ubuntu1~18.04.2+esm1 libpython3.7-dev - 3.7.5-2ubuntu1~18.04.2+esm1 python3.7-examples - 3.7.5-2ubuntu1~18.04.2+esm1 python3.7-dev - 3.7.5-2ubuntu1~18.04.2+esm1 idle-python3.7 - 3.7.5-2ubuntu1~18.04.2+esm1 libpython3.7 - 3.7.5-2ubuntu1~18.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2021-3426 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined behaviour, spoof the browser UI, or execute arbitrary code. (CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384) It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions. (CVE-2022-22754) It was discovered that dragging and dropping an image into a folder could result in it being marked as executable. If a user were tricked into dragging and dropping a specially crafted image, an attacker could potentially exploit this to execute arbitrary code. (CVE-2022-22756) It was discovered that files downloaded to /tmp were accessible to other users. A local attacker could exploit this to obtain sensitive information. (CVE-2022-26386) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387) An out-of-bounds write by one byte was discovered when processing messages in some circumstances. If a user were tricked into opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service. (CVE-2022-0566) Update Instructions: Run `sudo pro fix USN-5345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:91.7.0+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:91.7.0+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:91.7.0+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:91.7.0+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:91.7.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 CVE-2022-0566 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 Ubuntu 18.04 LTS It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials. Update Instructions: Run `sudo pro fix USN-5347-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.4.4-2ubuntu1.7 No subscription required Medium CVE-2022-0547 Ubuntu 18.04 LTS David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-13982) It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-16831) It was discovered that Smarty was incorrectly validating security policy data, allowing the execution of static classes even when not permitted by the security settings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-21408) It was discovered that Smarty was incorrectly managing access control to template objects, which allowed users to perform a sandbox escape. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26119) It was discovered that Smarty was not checking for special characters when setting function names during plugin compile operations. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26120) It was discovered that Smarty was incorrectly sanitizing characters in math strings processed by the math function. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-29454) Update Instructions: Run `sudo pro fix USN-5348-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: smarty3 - 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 No subscription required High CVE-2018-13982 CVE-2018-16831 CVE-2021-21408 CVE-2021-26119 CVE-2021-26120 CVE-2021-29454 Ubuntu 18.04 LTS It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5350-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chromium-chromedriver - 99.0.4844.84-0ubuntu0.18.04.1 chromium-browser-l10n - 99.0.4844.84-0ubuntu0.18.04.1 chromium-codecs-ffmpeg-extra - 99.0.4844.84-0ubuntu0.18.04.1 chromium-codecs-ffmpeg - 99.0.4844.84-0ubuntu0.18.04.1 chromium-browser - 99.0.4844.84-0ubuntu0.18.04.1 No subscription required High CVE-2022-1096 Ubuntu 18.04 LTS Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys. Update Instructions: Run `sudo pro fix USN-5351-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-paramiko - 2.0.0-1ubuntu1.3 paramiko-doc - 2.0.0-1ubuntu1.3 python-paramiko - 2.0.0-1ubuntu1.3 No subscription required Medium CVE-2022-24302 Ubuntu 18.04 LTS It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. (CVE-2022-21712) It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service. (CVE-2022-21716) Update Instructions: Run `sudo pro fix USN-5354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: twisted-doc - 17.9.0-2ubuntu0.3 python-twisted-news - 17.9.0-2ubuntu0.3 python3-twisted - 17.9.0-2ubuntu0.3 python-twisted-names - 17.9.0-2ubuntu0.3 python-twisted-words - 17.9.0-2ubuntu0.3 python-twisted-runner - 17.9.0-2ubuntu0.3 python-twisted-core - 17.9.0-2ubuntu0.3 python3-twisted-bin - 17.9.0-2ubuntu0.3 python-twisted-web - 17.9.0-2ubuntu0.3 python-twisted - 17.9.0-2ubuntu0.3 python-twisted-mail - 17.9.0-2ubuntu0.3 python-twisted-bin - 17.9.0-2ubuntu0.3 No subscription required python-twisted-conch - 1:17.9.0-2ubuntu0.3 No subscription required Medium CVE-2022-21712 CVE-2022-21716 Ubuntu 18.04 LTS Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5355-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.11.dfsg-0ubuntu2.1 lib64z1 - 1:1.2.11.dfsg-0ubuntu2.1 libx32z1 - 1:1.2.11.dfsg-0ubuntu2.1 lib64z1-dev - 1:1.2.11.dfsg-0ubuntu2.1 lib32z1 - 1:1.2.11.dfsg-0ubuntu2.1 zlib1g - 1:1.2.11.dfsg-0ubuntu2.1 lib32z1-dev - 1:1.2.11.dfsg-0ubuntu2.1 zlib1g-dev - 1:1.2.11.dfsg-0ubuntu2.1 No subscription required Medium CVE-2018-25032 Ubuntu 18.04 LTS Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-7165) Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12594) Update Instructions: Run `sudo pro fix USN-5356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dosbox - 0.74-4.3ubuntu0.1 No subscription required Medium CVE-2019-12594 CVE-2019-7165 Ubuntu 18.04 LTS It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1040-dell300x - 4.15.0-1040.45 linux-dell300x-headers-4.15.0-1040 - 4.15.0-1040.45 linux-modules-4.15.0-1040-dell300x - 4.15.0-1040.45 linux-image-4.15.0-1040-dell300x - 4.15.0-1040.45 linux-dell300x-tools-4.15.0-1040 - 4.15.0-1040.45 linux-tools-4.15.0-1040-dell300x - 4.15.0-1040.45 linux-headers-4.15.0-1040-dell300x - 4.15.0-1040.45 linux-image-unsigned-4.15.0-1040-dell300x - 4.15.0-1040.45 No subscription required linux-kvm-tools-4.15.0-1112 - 4.15.0-1112.115 linux-buildinfo-4.15.0-1112-kvm - 4.15.0-1112.115 linux-headers-4.15.0-1112-kvm - 4.15.0-1112.115 linux-image-4.15.0-1112-kvm - 4.15.0-1112.115 linux-tools-4.15.0-1112-kvm - 4.15.0-1112.115 linux-kvm-headers-4.15.0-1112 - 4.15.0-1112.115 linux-modules-4.15.0-1112-kvm - 4.15.0-1112.115 No subscription required linux-tools-4.15.0-1125-snapdragon - 4.15.0-1125.134 linux-buildinfo-4.15.0-1125-snapdragon - 4.15.0-1125.134 linux-headers-4.15.0-1125-snapdragon - 4.15.0-1125.134 linux-snapdragon-headers-4.15.0-1125 - 4.15.0-1125.134 linux-image-4.15.0-1125-snapdragon - 4.15.0-1125.134 linux-snapdragon-tools-4.15.0-1125 - 4.15.0-1125.134 linux-modules-4.15.0-1125-snapdragon - 4.15.0-1125.134 No subscription required linux-tools-4.15.0-1126-aws - 4.15.0-1126.135 linux-image-4.15.0-1126-aws - 4.15.0-1126.135 linux-aws-tools-4.15.0-1126 - 4.15.0-1126.135 linux-modules-extra-4.15.0-1126-aws - 4.15.0-1126.135 linux-buildinfo-4.15.0-1126-aws - 4.15.0-1126.135 linux-cloud-tools-4.15.0-1126-aws - 4.15.0-1126.135 linux-modules-4.15.0-1126-aws - 4.15.0-1126.135 linux-aws-cloud-tools-4.15.0-1126 - 4.15.0-1126.135 linux-headers-4.15.0-1126-aws - 4.15.0-1126.135 linux-aws-headers-4.15.0-1126 - 4.15.0-1126.135 linux-image-unsigned-4.15.0-1126-aws - 4.15.0-1126.135 No subscription required linux-image-unsigned-4.15.0-1136-azure - 4.15.0-1136.149 linux-azure-4.15-tools-4.15.0-1136 - 4.15.0-1136.149 linux-cloud-tools-4.15.0-1136-azure - 4.15.0-1136.149 linux-tools-4.15.0-1136-azure - 4.15.0-1136.149 linux-azure-4.15-headers-4.15.0-1136 - 4.15.0-1136.149 linux-modules-extra-4.15.0-1136-azure - 4.15.0-1136.149 linux-buildinfo-4.15.0-1136-azure - 4.15.0-1136.149 linux-modules-4.15.0-1136-azure - 4.15.0-1136.149 linux-azure-4.15-cloud-tools-4.15.0-1136 - 4.15.0-1136.149 linux-image-4.15.0-1136-azure - 4.15.0-1136.149 linux-headers-4.15.0-1136-azure - 4.15.0-1136.149 No subscription required linux-tools-common - 4.15.0-175.184 linux-image-4.15.0-175-lowlatency - 4.15.0-175.184 linux-tools-4.15.0-175-lowlatency - 4.15.0-175.184 linux-cloud-tools-common - 4.15.0-175.184 linux-tools-host - 4.15.0-175.184 linux-doc - 4.15.0-175.184 linux-tools-4.15.0-175-generic-lpae - 4.15.0-175.184 linux-buildinfo-4.15.0-175-generic-lpae - 4.15.0-175.184 linux-buildinfo-4.15.0-175-lowlatency - 4.15.0-175.184 linux-headers-4.15.0-175-lowlatency - 4.15.0-175.184 linux-libc-dev - 4.15.0-175.184 linux-tools-4.15.0-175 - 4.15.0-175.184 linux-modules-4.15.0-175-generic - 4.15.0-175.184 linux-modules-4.15.0-175-lowlatency - 4.15.0-175.184 linux-buildinfo-4.15.0-175-generic - 4.15.0-175.184 linux-image-4.15.0-175-generic - 4.15.0-175.184 linux-cloud-tools-4.15.0-175-generic - 4.15.0-175.184 linux-headers-4.15.0-175-generic-lpae - 4.15.0-175.184 linux-headers-4.15.0-175 - 4.15.0-175.184 linux-cloud-tools-4.15.0-175 - 4.15.0-175.184 linux-image-unsigned-4.15.0-175-lowlatency - 4.15.0-175.184 linux-cloud-tools-4.15.0-175-lowlatency - 4.15.0-175.184 linux-tools-4.15.0-175-generic - 4.15.0-175.184 linux-image-4.15.0-175-generic-lpae - 4.15.0-175.184 linux-modules-extra-4.15.0-175-generic - 4.15.0-175.184 linux-image-unsigned-4.15.0-175-generic - 4.15.0-175.184 linux-modules-4.15.0-175-generic-lpae - 4.15.0-175.184 linux-source-4.15.0 - 4.15.0-175.184 linux-headers-4.15.0-175-generic - 4.15.0-175.184 No subscription required linux-tools-dell300x - 4.15.0.1040.42 linux-image-dell300x - 4.15.0.1040.42 linux-headers-dell300x - 4.15.0.1040.42 linux-dell300x - 4.15.0.1040.42 No subscription required linux-kvm - 4.15.0.1112.108 linux-headers-kvm - 4.15.0.1112.108 linux-image-kvm - 4.15.0.1112.108 linux-tools-kvm - 4.15.0.1112.108 No subscription required linux-snapdragon - 4.15.0.1125.128 linux-headers-snapdragon - 4.15.0.1125.128 linux-tools-snapdragon - 4.15.0.1125.128 linux-image-snapdragon - 4.15.0.1125.128 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1126.129 linux-headers-aws-lts-18.04 - 4.15.0.1126.129 linux-aws-lts-18.04 - 4.15.0.1126.129 linux-modules-extra-aws-lts-18.04 - 4.15.0.1126.129 linux-tools-aws-lts-18.04 - 4.15.0.1126.129 No subscription required linux-azure-lts-18.04 - 4.15.0.1136.109 linux-modules-extra-azure-lts-18.04 - 4.15.0.1136.109 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1136.109 linux-tools-azure-lts-18.04 - 4.15.0.1136.109 linux-headers-azure-lts-18.04 - 4.15.0.1136.109 linux-signed-azure-lts-18.04 - 4.15.0.1136.109 linux-image-azure-lts-18.04 - 4.15.0.1136.109 linux-signed-image-azure-lts-18.04 - 4.15.0.1136.109 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-signed-generic-hwe-16.04-edge - 4.15.0.175.164 linux-headers-generic-lpae - 4.15.0.175.164 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-image-extra-virtual-hwe-16.04 - 4.15.0.175.164 linux-image-virtual - 4.15.0.175.164 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.175.164 linux-signed-lowlatency - 4.15.0.175.164 linux-image-generic - 4.15.0.175.164 linux-headers-generic-hwe-16.04-edge - 4.15.0.175.164 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.175.164 linux-generic-lpae-hwe-16.04 - 4.15.0.175.164 linux-cloud-tools-virtual - 4.15.0.175.164 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-image-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-generic-lpae-hwe-16.04-edge - 4.15.0.175.164 linux-signed-image-lowlatency - 4.15.0.175.164 linux-signed-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-crashdump - 4.15.0.175.164 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-lowlatency - 4.15.0.175.164 linux-signed-image-generic - 4.15.0.175.164 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.175.164 linux-tools-generic-lpae - 4.15.0.175.164 linux-cloud-tools-generic - 4.15.0.175.164 linux-generic-hwe-16.04-edge - 4.15.0.175.164 linux-virtual - 4.15.0.175.164 linux-headers-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-tools-virtual-hwe-16.04 - 4.15.0.175.164 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.175.164 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-tools-generic-hwe-16.04 - 4.15.0.175.164 linux-tools-virtual - 4.15.0.175.164 linux-image-generic-lpae - 4.15.0.175.164 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-generic-lpae - 4.15.0.175.164 linux-generic - 4.15.0.175.164 linux-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-signed-image-generic-hwe-16.04 - 4.15.0.175.164 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.175.164 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-headers-lowlatency - 4.15.0.175.164 linux-headers-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-headers-generic-hwe-16.04 - 4.15.0.175.164 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-generic-hwe-16.04 - 4.15.0.175.164 linux-tools-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-tools-generic - 4.15.0.175.164 linux-virtual-hwe-16.04 - 4.15.0.175.164 linux-image-extra-virtual - 4.15.0.175.164 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-cloud-tools-lowlatency - 4.15.0.175.164 linux-image-generic-hwe-16.04 - 4.15.0.175.164 linux-image-generic-hwe-16.04-edge - 4.15.0.175.164 linux-image-generic-lpae-hwe-16.04 - 4.15.0.175.164 linux-virtual-hwe-16.04-edge - 4.15.0.175.164 linux-tools-lowlatency-hwe-16.04 - 4.15.0.175.164 linux-signed-generic - 4.15.0.175.164 linux-signed-generic-hwe-16.04 - 4.15.0.175.164 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-source - 4.15.0.175.164 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.175.164 linux-headers-generic - 4.15.0.175.164 linux-headers-virtual-hwe-16.04 - 4.15.0.175.164 linux-tools-lowlatency - 4.15.0.175.164 linux-image-virtual-hwe-16.04 - 4.15.0.175.164 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.175.164 linux-headers-virtual - 4.15.0.175.164 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.175.164 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.175.164 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.175.164 linux-tools-generic-hwe-16.04-edge - 4.15.0.175.164 linux-image-lowlatency - 4.15.0.175.164 No subscription required Medium CVE-2022-27666 Ubuntu 18.04 LTS It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5357-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1091-oracle - 4.15.0-1091.100 linux-tools-4.15.0-1091-oracle - 4.15.0-1091.100 linux-oracle-tools-4.15.0-1091 - 4.15.0-1091.100 linux-oracle-headers-4.15.0-1091 - 4.15.0-1091.100 linux-headers-4.15.0-1091-oracle - 4.15.0-1091.100 linux-modules-4.15.0-1091-oracle - 4.15.0-1091.100 linux-buildinfo-4.15.0-1091-oracle - 4.15.0-1091.100 linux-image-4.15.0-1091-oracle - 4.15.0-1091.100 linux-modules-extra-4.15.0-1091-oracle - 4.15.0-1091.100 No subscription required linux-headers-4.15.0-1107-raspi2 - 4.15.0-1107.114 linux-modules-4.15.0-1107-raspi2 - 4.15.0-1107.114 linux-raspi2-tools-4.15.0-1107 - 4.15.0-1107.114 linux-tools-4.15.0-1107-raspi2 - 4.15.0-1107.114 linux-raspi2-headers-4.15.0-1107 - 4.15.0-1107.114 linux-image-4.15.0-1107-raspi2 - 4.15.0-1107.114 linux-buildinfo-4.15.0-1107-raspi2 - 4.15.0-1107.114 No subscription required linux-image-4.15.0-1120-gcp - 4.15.0-1120.134 linux-gcp-4.15-headers-4.15.0-1120 - 4.15.0-1120.134 linux-headers-4.15.0-1120-gcp - 4.15.0-1120.134 linux-gcp-4.15-tools-4.15.0-1120 - 4.15.0-1120.134 linux-image-unsigned-4.15.0-1120-gcp - 4.15.0-1120.134 linux-tools-4.15.0-1120-gcp - 4.15.0-1120.134 linux-modules-4.15.0-1120-gcp - 4.15.0-1120.134 linux-buildinfo-4.15.0-1120-gcp - 4.15.0-1120.134 linux-modules-extra-4.15.0-1120-gcp - 4.15.0-1120.134 No subscription required linux-headers-oracle-lts-18.04 - 4.15.0.1091.101 linux-image-oracle-lts-18.04 - 4.15.0.1091.101 linux-oracle-lts-18.04 - 4.15.0.1091.101 linux-signed-image-oracle-lts-18.04 - 4.15.0.1091.101 linux-tools-oracle-lts-18.04 - 4.15.0.1091.101 linux-signed-oracle-lts-18.04 - 4.15.0.1091.101 No subscription required linux-raspi2 - 4.15.0.1107.105 linux-headers-raspi2 - 4.15.0.1107.105 linux-image-raspi2 - 4.15.0.1107.105 linux-tools-raspi2 - 4.15.0.1107.105 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1120.139 linux-gcp-lts-18.04 - 4.15.0.1120.139 linux-tools-gcp-lts-18.04 - 4.15.0.1120.139 linux-headers-gcp-lts-18.04 - 4.15.0.1120.139 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1120.139 No subscription required Medium CVE-2022-27666 Ubuntu 18.04 LTS It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055) It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666) Update Instructions: Run `sudo pro fix USN-5358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-modules-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-tools-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-buildinfo-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-image-unsigned-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-image-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-modules-extra-5.4.0-1069-oracle - 5.4.0-1069.75~18.04.1 linux-oracle-5.4-headers-5.4.0-1069 - 5.4.0-1069.75~18.04.1 linux-oracle-5.4-tools-5.4.0-1069 - 5.4.0-1069.75~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-107.121~18.04.1 linux-image-unsigned-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-hwe-5.4-tools-5.4.0-107 - 5.4.0-107.121~18.04.1 linux-image-5.4.0-107-generic-lpae - 5.4.0-107.121~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-107 - 5.4.0-107.121~18.04.1 linux-tools-5.4.0-107-generic-lpae - 5.4.0-107.121~18.04.1 linux-tools-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-hwe-5.4-headers-5.4.0-107 - 5.4.0-107.121~18.04.1 linux-image-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-headers-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-modules-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-modules-5.4.0-107-generic-lpae - 5.4.0-107.121~18.04.1 linux-modules-extra-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-tools-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-headers-5.4.0-107-generic-lpae - 5.4.0-107.121~18.04.1 linux-modules-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-107.121~18.04.1 linux-buildinfo-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-image-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-buildinfo-5.4.0-107-generic - 5.4.0-107.121~18.04.1 linux-buildinfo-5.4.0-107-generic-lpae - 5.4.0-107.121~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-107.121~18.04.1 linux-image-unsigned-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-cloud-tools-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-headers-5.4.0-107-lowlatency - 5.4.0-107.121~18.04.1 linux-cloud-tools-5.4.0-107-generic - 5.4.0-107.121~18.04.1 No subscription required linux-headers-oracle - 5.4.0.1069.75~18.04.48 linux-tools-oracle - 5.4.0.1069.75~18.04.48 linux-signed-image-oracle - 5.4.0.1069.75~18.04.48 linux-signed-oracle - 5.4.0.1069.75~18.04.48 linux-tools-oracle-edge - 5.4.0.1069.75~18.04.48 linux-oracle-edge - 5.4.0.1069.75~18.04.48 linux-modules-extra-oracle-edge - 5.4.0.1069.75~18.04.48 linux-image-oracle-edge - 5.4.0.1069.75~18.04.48 linux-modules-extra-oracle - 5.4.0.1069.75~18.04.48 linux-signed-oracle-edge - 5.4.0.1069.75~18.04.48 linux-signed-image-oracle-edge - 5.4.0.1069.75~18.04.48 linux-headers-oracle-edge - 5.4.0.1069.75~18.04.48 linux-image-oracle - 5.4.0.1069.75~18.04.48 linux-oracle - 5.4.0.1069.75~18.04.48 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-headers-snapdragon-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-image-generic-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-generic-lpae-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-snapdragon-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-oem - 5.4.0.107.121~18.04.92 linux-tools-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-generic-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-lowlatency-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-lowlatency-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-extra-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-oem - 5.4.0.107.121~18.04.92 linux-snapdragon-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-generic-lpae-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-lowlatency-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-headers-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-tools-snapdragon-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-headers-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-tools-oem - 5.4.0.107.121~18.04.92 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-oem-osp1 - 5.4.0.107.121~18.04.92 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-tools-generic-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-generic-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-oem - 5.4.0.107.121~18.04.92 linux-image-oem-osp1 - 5.4.0.107.121~18.04.92 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-snapdragon-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-oem-osp1 - 5.4.0.107.121~18.04.92 linux-generic-lpae-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-generic-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-generic-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-oem-osp1 - 5.4.0.107.121~18.04.92 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-image-lowlatency-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-lowlatency-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-generic-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.107.121~18.04.92 linux-image-generic-hwe-18.04-edge - 5.4.0.107.121~18.04.92 linux-image-virtual-hwe-18.04-edge - 5.4.0.107.121~18.04.92 No subscription required High CVE-2022-1055 CVE-2022-27666 Ubuntu 18.04 LTS It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055) It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666) Update Instructions: Run `sudo pro fix USN-5358-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-headers-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-tools-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-modules-extra-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-buildinfo-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-ibm-5.4-tools-5.4.0-1019 - 5.4.0-1019.21~18.04.1 linux-ibm-5.4-headers-5.4.0-1019 - 5.4.0-1019.21~18.04.1 linux-modules-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1019.21~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1019.21~18.04.1 linux-image-unsigned-5.4.0-1019-ibm - 5.4.0-1019.21~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1019.21~18.04.1 No subscription required linux-modules-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-buildinfo-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-gkeop-5.4-headers-5.4.0-1038 - 5.4.0-1038.39~18.04.1 linux-gkeop-5.4-tools-5.4.0-1038 - 5.4.0-1038.39~18.04.1 linux-image-unsigned-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-modules-extra-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-cloud-tools-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1038.39~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1038 - 5.4.0-1038.39~18.04.1 linux-tools-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-headers-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 linux-image-5.4.0-1038-gkeop - 5.4.0-1038.39~18.04.1 No subscription required linux-modules-5.4.0-1058-raspi - 5.4.0-1058.65~18.04.1 linux-tools-5.4.0-1058-raspi - 5.4.0-1058.65~18.04.1 linux-headers-5.4.0-1058-raspi - 5.4.0-1058.65~18.04.1 linux-image-5.4.0-1058-raspi - 5.4.0-1058.65~18.04.1 linux-raspi-5.4-headers-5.4.0-1058 - 5.4.0-1058.65~18.04.1 linux-raspi-5.4-tools-5.4.0-1058 - 5.4.0-1058.65~18.04.1 linux-buildinfo-5.4.0-1058-raspi - 5.4.0-1058.65~18.04.1 No subscription required linux-gke-5.4-headers-5.4.0-1067 - 5.4.0-1067.70~18.04.1 linux-gke-5.4-tools-5.4.0-1067 - 5.4.0-1067.70~18.04.1 linux-tools-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-modules-extra-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-modules-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-buildinfo-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-headers-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-image-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 linux-image-unsigned-5.4.0-1067-gke - 5.4.0-1067.70~18.04.1 No subscription required linux-headers-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-image-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-modules-extra-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-buildinfo-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-gcp-5.4-tools-5.4.0-1069 - 5.4.0-1069.73~18.04.1 linux-modules-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-gcp-5.4-headers-5.4.0-1069 - 5.4.0-1069.73~18.04.1 linux-image-unsigned-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 linux-tools-5.4.0-1069-gcp - 5.4.0-1069.73~18.04.1 No subscription required linux-buildinfo-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-image-unsigned-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-aws-5.4-tools-5.4.0-1071 - 5.4.0-1071.76~18.04.1 linux-tools-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-cloud-tools-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-modules-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-modules-extra-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-headers-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-image-5.4.0-1071-aws - 5.4.0-1071.76~18.04.1 linux-aws-5.4-headers-5.4.0-1071 - 5.4.0-1071.76~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1071 - 5.4.0-1071.76~18.04.1 No subscription required linux-buildinfo-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-image-unsigned-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-azure-5.4-headers-5.4.0-1074 - 5.4.0-1074.77~18.04.1 linux-modules-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1074 - 5.4.0-1074.77~18.04.1 linux-azure-5.4-tools-5.4.0-1074 - 5.4.0-1074.77~18.04.1 linux-headers-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-modules-extra-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-tools-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-image-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 linux-cloud-tools-5.4.0-1074-azure - 5.4.0-1074.77~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1019.36 linux-image-ibm - 5.4.0.1019.36 linux-tools-ibm-edge - 5.4.0.1019.36 linux-tools-ibm - 5.4.0.1019.36 linux-headers-ibm-edge - 5.4.0.1019.36 linux-modules-extra-ibm-edge - 5.4.0.1019.36 linux-ibm - 5.4.0.1019.36 linux-ibm-edge - 5.4.0.1019.36 linux-headers-ibm - 5.4.0.1019.36 linux-image-ibm-edge - 5.4.0.1019.36 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1038.39~18.04.38 linux-modules-extra-gkeop-5.4 - 5.4.0.1038.39~18.04.38 linux-image-gkeop-5.4 - 5.4.0.1038.39~18.04.38 linux-headers-gkeop-5.4 - 5.4.0.1038.39~18.04.38 linux-tools-gkeop-5.4 - 5.4.0.1038.39~18.04.38 linux-gkeop-5.4 - 5.4.0.1038.39~18.04.38 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1058.59 linux-headers-raspi-hwe-18.04 - 5.4.0.1058.59 linux-image-raspi-hwe-18.04-edge - 5.4.0.1058.59 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1058.59 linux-raspi-hwe-18.04 - 5.4.0.1058.59 linux-tools-raspi-hwe-18.04 - 5.4.0.1058.59 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1058.59 linux-raspi-hwe-18.04-edge - 5.4.0.1058.59 No subscription required linux-headers-gke-5.4 - 5.4.0.1067.70~18.04.31 linux-modules-extra-gke-5.4 - 5.4.0.1067.70~18.04.31 linux-gke-5.4 - 5.4.0.1067.70~18.04.31 linux-image-gke-5.4 - 5.4.0.1067.70~18.04.31 linux-tools-gke-5.4 - 5.4.0.1067.70~18.04.31 No subscription required linux-image-gcp-edge - 5.4.0.1069.54 linux-tools-gcp-edge - 5.4.0.1069.54 linux-headers-gcp-edge - 5.4.0.1069.54 linux-tools-gcp - 5.4.0.1069.54 linux-modules-extra-gcp-edge - 5.4.0.1069.54 linux-gcp - 5.4.0.1069.54 linux-headers-gcp - 5.4.0.1069.54 linux-image-gcp - 5.4.0.1069.54 linux-modules-extra-gcp - 5.4.0.1069.54 linux-gcp-edge - 5.4.0.1069.54 No subscription required linux-headers-aws - 5.4.0.1071.53 linux-image-aws - 5.4.0.1071.53 linux-modules-extra-aws-edge - 5.4.0.1071.53 linux-image-aws-edge - 5.4.0.1071.53 linux-aws-edge - 5.4.0.1071.53 linux-aws - 5.4.0.1071.53 linux-headers-aws-edge - 5.4.0.1071.53 linux-modules-extra-aws - 5.4.0.1071.53 linux-tools-aws - 5.4.0.1071.53 linux-tools-aws-edge - 5.4.0.1071.53 No subscription required linux-signed-azure - 5.4.0.1074.53 linux-tools-azure-edge - 5.4.0.1074.53 linux-cloud-tools-azure - 5.4.0.1074.53 linux-tools-azure - 5.4.0.1074.53 linux-image-azure-edge - 5.4.0.1074.53 linux-cloud-tools-azure-edge - 5.4.0.1074.53 linux-modules-extra-azure - 5.4.0.1074.53 linux-azure - 5.4.0.1074.53 linux-signed-image-azure-edge - 5.4.0.1074.53 linux-image-azure - 5.4.0.1074.53 linux-signed-image-azure - 5.4.0.1074.53 linux-headers-azure-edge - 5.4.0.1074.53 linux-azure-edge - 5.4.0.1074.53 linux-modules-extra-azure-edge - 5.4.0.1074.53 linux-signed-azure-edge - 5.4.0.1074.53 linux-headers-azure - 5.4.0.1074.53 No subscription required High CVE-2022-1055 CVE-2022-27666 Ubuntu 18.04 LTS Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5359-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.2-2.1ubuntu1.4 No subscription required Medium CVE-2018-25032 Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640) It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484, CVE-2021-33037) It was discovered that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2021-25329, CVE-2021-41079) Update Instructions: Run `sudo pro fix USN-5360-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tomcat9-docs - 9.0.16-3ubuntu0.18.04.2 libtomcat9-embed-java - 9.0.16-3ubuntu0.18.04.2 tomcat9-admin - 9.0.16-3ubuntu0.18.04.2 tomcat9-common - 9.0.16-3ubuntu0.18.04.2 libtomcat9-java - 9.0.16-3ubuntu0.18.04.2 tomcat9-user - 9.0.16-3ubuntu0.18.04.2 tomcat9 - 9.0.16-3ubuntu0.18.04.2 tomcat9-examples - 9.0.16-3ubuntu0.18.04.2 No subscription required Medium CVE-2020-13943 CVE-2020-17527 CVE-2020-9484 CVE-2021-25122 CVE-2021-25329 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911 Ubuntu 18.04 LTS It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308) It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309) It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings, resulting in a crash. An attacker could use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310) Update Instructions: Run `sudo pro fix USN-5366-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfribidi-bin - 0.19.7-2ubuntu0.1 libfribidi0 - 0.19.7-2ubuntu0.1 libfribidi-dev - 0.19.7-2ubuntu0.1 No subscription required Medium CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 Ubuntu 18.04 LTS It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5369-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-oslo.utils - 3.35.0-0ubuntu1.1 python-oslo.utils-doc - 3.35.0-0ubuntu1.1 python3-oslo.utils - 3.35.0-0ubuntu1.1 No subscription required Medium CVE-2022-0718 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, execute script unexpectedly, obtain sensitive information, conduct spoofing attacks, or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286, CVE-2022-28288, CVE-2022-28289) A security issue was discovered with the sourceMapURL feature of devtools. An attacker could potentially exploit this to include local files that should have been inaccessible. (CVE-2022-28283) It was discovered that selecting text caused Firefox to crash in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2022-28287) Update Instructions: Run `sudo pro fix USN-5370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-nn - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ne - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-nb - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-fa - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-fi - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-fr - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-fy - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-or - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-kab - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-oc - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-cs - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ga - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-gd - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-gn - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-gl - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-gu - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-pa - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-pl - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-cy - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-pt - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-szl - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-hi - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ms - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-he - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-hy - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-hr - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-hu - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-as - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ar - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ia - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-az - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-id - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-mai - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-af - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-is - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-vi - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-an - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-bs - 99.0+build2-0ubuntu0.18.04.2 firefox - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ro - 99.0+build2-0ubuntu0.18.04.2 firefox-geckodriver - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ja - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ru - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-br - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hant - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-zh-hans - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-bn - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-be - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-bg - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sl - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sk - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-si - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sw - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sv - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sr - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-sq - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ko - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-kn - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-km - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-kk - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ka - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-xh - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ca - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ku - 99.0+build2-0ubuntu0.18.04.2 firefox-mozsymbols - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-lv - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-lt - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-th - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-hsb - 99.0+build2-0ubuntu0.18.04.2 firefox-dev - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-te - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-cak - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ta - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-lg - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-csb - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-tr - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-nso - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-de - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-da - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-uk - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-mr - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-my - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-uz - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ml - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-mn - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-mk - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ur - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-eu - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-et - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-es - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-it - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-el - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-eo - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-en - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-zu - 99.0+build2-0ubuntu0.18.04.2 firefox-locale-ast - 99.0+build2-0ubuntu0.18.04.2 No subscription required Medium CVE-2022-1097 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28283 CVE-2022-28284 CVE-2022-28285 CVE-2022-28286 CVE-2022-28287 CVE-2022-28288 CVE-2022-28289 Ubuntu 18.04 LTS It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Update Instructions: Run `sudo pro fix USN-5371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.10 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.10 nginx-doc - 1.14.0-0ubuntu1.10 libnginx-mod-mail - 1.14.0-0ubuntu1.10 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.10 libnginx-mod-http-echo - 1.14.0-0ubuntu1.10 libnginx-mod-rtmp - 1.14.0-0ubuntu1.10 libnginx-mod-nchan - 1.14.0-0ubuntu1.10 nginx-common - 1.14.0-0ubuntu1.10 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.10 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.10 nginx-light - 1.14.0-0ubuntu1.10 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.10 nginx-extras - 1.14.0-0ubuntu1.10 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.10 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.10 libnginx-mod-http-lua - 1.14.0-0ubuntu1.10 libnginx-mod-http-perl - 1.14.0-0ubuntu1.10 nginx-core - 1.14.0-0ubuntu1.10 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.10 nginx - 1.14.0-0ubuntu1.10 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.10 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.10 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.10 nginx-full - 1.14.0-0ubuntu1.10 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.10 No subscription required Medium CVE-2020-11724 CVE-2020-36309 CVE-2021-3618 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that Django incorrectly handled certain option names in the QuerySet.explain() method. A remote attacker could possibly use this issue to perform an SQL injection attack. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-28347) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-32052) Update Instructions: Run `sudo pro fix USN-5373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.17 python-django-doc - 1:1.11.11-1ubuntu1.17 python-django-common - 1:1.11.11-1ubuntu1.17 python-django - 1:1.11.11-1ubuntu1.17 No subscription required High CVE-2021-32052 CVE-2022-28346 CVE-2022-28347 Ubuntu 18.04 LTS It was discovered that GNU cflow was incorrectly handling memory cleanup operations at the end of a compilation module. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5375-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cflow - 1:1.4+dfsg1-3ubuntu1.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16165 Ubuntu 18.04 LTS 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update Instructions: Run `sudo pro fix USN-5376-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.10 gitweb - 1:2.17.1-1ubuntu0.10 git-gui - 1:2.17.1-1ubuntu0.10 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.10 git-el - 1:2.17.1-1ubuntu0.10 gitk - 1:2.17.1-1ubuntu0.10 git-all - 1:2.17.1-1ubuntu0.10 git-mediawiki - 1:2.17.1-1ubuntu0.10 git-daemon-run - 1:2.17.1-1ubuntu0.10 git-man - 1:2.17.1-1ubuntu0.10 git-doc - 1:2.17.1-1ubuntu0.10 git-svn - 1:2.17.1-1ubuntu0.10 git-cvs - 1:2.17.1-1ubuntu0.10 git-email - 1:2.17.1-1ubuntu0.10 No subscription required Medium CVE-2022-24765 Ubuntu 18.04 LTS USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update Instructions: Run `sudo pro fix USN-5376-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.11 gitweb - 1:2.17.1-1ubuntu0.11 git-all - 1:2.17.1-1ubuntu0.11 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.11 git-el - 1:2.17.1-1ubuntu0.11 gitk - 1:2.17.1-1ubuntu0.11 git-gui - 1:2.17.1-1ubuntu0.11 git-mediawiki - 1:2.17.1-1ubuntu0.11 git-daemon-run - 1:2.17.1-1ubuntu0.11 git-man - 1:2.17.1-1ubuntu0.11 git-doc - 1:2.17.1-1ubuntu0.11 git-svn - 1:2.17.1-1ubuntu0.11 git-cvs - 1:2.17.1-1ubuntu0.11 git-email - 1:2.17.1-1ubuntu0.11 No subscription required None https://launchpad.net/bugs/1970260 Ubuntu 18.04 LTS Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gzip - 1.6-5ubuntu1.2 gzip-win32 - 1.6-5ubuntu1.2 No subscription required Medium CVE-2022-1271 Ubuntu 18.04 LTS Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-5378-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblzma5 - 5.2.2-1.3ubuntu0.1 liblzma-doc - 5.2.2-1.3ubuntu0.1 liblzma-dev - 5.2.2-1.3ubuntu0.1 xz-utils - 5.2.2-1.3ubuntu0.1 xzdec - 5.2.2-1.3ubuntu0.1 No subscription required Medium CVE-2022-1271 Ubuntu 18.04 LTS It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870) It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871) It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872) It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873) Update Instructions: Run `sudo pro fix USN-5379-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.4-9ubuntu2.1 libklibc - 2.0.4-9ubuntu2.1 libklibc-dev - 2.0.4-9ubuntu2.1 No subscription required Low CVE-2021-31870 CVE-2021-31871 CVE-2021-31872 CVE-2021-31873 Ubuntu 18.04 LTS It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bash-builtins - 4.4.18-2ubuntu1.3 bash-doc - 4.4.18-2ubuntu1.3 bash - 4.4.18-2ubuntu1.3 bash-static - 4.4.18-2ubuntu1.3 No subscription required Low CVE-2019-18276 Ubuntu 18.04 LTS Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information. Update Instructions: Run `sudo pro fix USN-5382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libinput-dev - 1.10.4-1ubuntu0.18.04.3 libinput-bin - 1.10.4-1ubuntu0.18.04.3 libinput10 - 1.10.4-1ubuntu0.18.04.3 libinput-tools - 1.10.4-1ubuntu0.18.04.3 No subscription required Medium CVE-2022-1215 Ubuntu 18.04 LTS It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448) It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959) Update Instructions: Run `sudo pro fix USN-5384-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-image-unsigned-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-ibm-5.4-headers-5.4.0-1020 - 5.4.0-1020.22~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1020.22~18.04.1 linux-tools-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-modules-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-modules-extra-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1020.22~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1020.22~18.04.1 linux-headers-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 linux-ibm-5.4-tools-5.4.0-1020 - 5.4.0-1020.22~18.04.1 linux-image-5.4.0-1020-ibm - 5.4.0-1020.22~18.04.1 No subscription required linux-gkeop-5.4-headers-5.4.0-1039 - 5.4.0-1039.40~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1039.40~18.04.1 linux-gkeop-5.4-tools-5.4.0-1039 - 5.4.0-1039.40~18.04.1 linux-cloud-tools-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-image-unsigned-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-buildinfo-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-image-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-modules-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-tools-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-modules-extra-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1039 - 5.4.0-1039.40~18.04.1 linux-headers-5.4.0-1039-gkeop - 5.4.0-1039.40~18.04.1 No subscription required linux-buildinfo-5.4.0-1059-raspi - 5.4.0-1059.66~18.04.1 linux-raspi-5.4-headers-5.4.0-1059 - 5.4.0-1059.66~18.04.1 linux-modules-5.4.0-1059-raspi - 5.4.0-1059.66~18.04.1 linux-image-5.4.0-1059-raspi - 5.4.0-1059.66~18.04.1 linux-headers-5.4.0-1059-raspi - 5.4.0-1059.66~18.04.1 linux-tools-5.4.0-1059-raspi - 5.4.0-1059.66~18.04.1 linux-raspi-5.4-tools-5.4.0-1059 - 5.4.0-1059.66~18.04.1 No subscription required linux-gke-5.4-headers-5.4.0-1068 - 5.4.0-1068.71~18.04.1 linux-tools-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-buildinfo-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-modules-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-modules-extra-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-image-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-image-unsigned-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-headers-5.4.0-1068-gke - 5.4.0-1068.71~18.04.1 linux-gke-5.4-tools-5.4.0-1068 - 5.4.0-1068.71~18.04.1 No subscription required linux-headers-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-image-unsigned-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-modules-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-tools-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-modules-extra-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-image-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-buildinfo-5.4.0-1070-oracle - 5.4.0-1070.76~18.04.1 linux-oracle-5.4-tools-5.4.0-1070 - 5.4.0-1070.76~18.04.1 linux-oracle-5.4-headers-5.4.0-1070 - 5.4.0-1070.76~18.04.1 No subscription required linux-image-unsigned-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-modules-extra-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-modules-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-gcp-5.4-tools-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-headers-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-image-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-tools-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-aws-5.4-tools-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-buildinfo-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-cloud-tools-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-image-unsigned-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-modules-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-gcp-5.4-headers-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-image-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-modules-extra-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-headers-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 linux-buildinfo-5.4.0-1072-gcp - 5.4.0-1072.77~18.04.1 linux-aws-5.4-headers-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-tools-5.4.0-1072-aws - 5.4.0-1072.77~18.04.1 No subscription required linux-image-unsigned-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-modules-extra-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-tools-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-buildinfo-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-azure-5.4-headers-5.4.0-1077 - 5.4.0-1077.80~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1077 - 5.4.0-1077.80~18.04.1 linux-headers-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-image-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-azure-5.4-tools-5.4.0-1077 - 5.4.0-1077.80~18.04.1 linux-cloud-tools-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 linux-modules-5.4.0-1077-azure - 5.4.0-1077.80~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-109.123~18.04.1 linux-buildinfo-5.4.0-109-generic-lpae - 5.4.0-109.123~18.04.1 linux-hwe-5.4-tools-5.4.0-109 - 5.4.0-109.123~18.04.1 linux-cloud-tools-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-headers-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-buildinfo-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-cloud-tools-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-image-unsigned-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-headers-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-109 - 5.4.0-109.123~18.04.1 linux-image-5.4.0-109-generic-lpae - 5.4.0-109.123~18.04.1 linux-hwe-5.4-headers-5.4.0-109 - 5.4.0-109.123~18.04.1 linux-headers-5.4.0-109-generic-lpae - 5.4.0-109.123~18.04.1 linux-modules-5.4.0-109-generic-lpae - 5.4.0-109.123~18.04.1 linux-modules-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-tools-5.4.0-109-generic-lpae - 5.4.0-109.123~18.04.1 linux-image-unsigned-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-tools-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-image-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-109.123~18.04.1 linux-modules-extra-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-109.123~18.04.1 linux-tools-5.4.0-109-lowlatency - 5.4.0-109.123~18.04.1 linux-image-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-modules-5.4.0-109-generic - 5.4.0-109.123~18.04.1 linux-buildinfo-5.4.0-109-generic - 5.4.0-109.123~18.04.1 No subscription required linux-headers-ibm-edge - 5.4.0.1020.37 linux-modules-extra-ibm-edge - 5.4.0.1020.37 linux-modules-extra-ibm - 5.4.0.1020.37 linux-image-ibm - 5.4.0.1020.37 linux-tools-ibm-edge - 5.4.0.1020.37 linux-ibm - 5.4.0.1020.37 linux-ibm-edge - 5.4.0.1020.37 linux-headers-ibm - 5.4.0.1020.37 linux-tools-ibm - 5.4.0.1020.37 linux-image-ibm-edge - 5.4.0.1020.37 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1039.40~18.04.39 linux-modules-extra-gkeop-5.4 - 5.4.0.1039.40~18.04.39 linux-gkeop-5.4 - 5.4.0.1039.40~18.04.39 linux-image-gkeop-5.4 - 5.4.0.1039.40~18.04.39 linux-headers-gkeop-5.4 - 5.4.0.1039.40~18.04.39 linux-tools-gkeop-5.4 - 5.4.0.1039.40~18.04.39 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1059.60 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1059.60 linux-headers-raspi-hwe-18.04 - 5.4.0.1059.60 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1059.60 linux-raspi-hwe-18.04 - 5.4.0.1059.60 linux-tools-raspi-hwe-18.04 - 5.4.0.1059.60 linux-image-raspi-hwe-18.04-edge - 5.4.0.1059.60 linux-raspi-hwe-18.04-edge - 5.4.0.1059.60 No subscription required linux-headers-gke-5.4 - 5.4.0.1068.71~18.04.32 linux-modules-extra-gke-5.4 - 5.4.0.1068.71~18.04.32 linux-gke-5.4 - 5.4.0.1068.71~18.04.32 linux-image-gke-5.4 - 5.4.0.1068.71~18.04.32 linux-tools-gke-5.4 - 5.4.0.1068.71~18.04.32 No subscription required linux-headers-oracle - 5.4.0.1070.76~18.04.49 linux-signed-image-oracle - 5.4.0.1070.76~18.04.49 linux-signed-oracle - 5.4.0.1070.76~18.04.49 linux-tools-oracle-edge - 5.4.0.1070.76~18.04.49 linux-oracle-edge - 5.4.0.1070.76~18.04.49 linux-modules-extra-oracle-edge - 5.4.0.1070.76~18.04.49 linux-image-oracle-edge - 5.4.0.1070.76~18.04.49 linux-modules-extra-oracle - 5.4.0.1070.76~18.04.49 linux-signed-oracle-edge - 5.4.0.1070.76~18.04.49 linux-signed-image-oracle-edge - 5.4.0.1070.76~18.04.49 linux-headers-oracle-edge - 5.4.0.1070.76~18.04.49 linux-image-oracle - 5.4.0.1070.76~18.04.49 linux-tools-oracle - 5.4.0.1070.76~18.04.49 linux-oracle - 5.4.0.1070.76~18.04.49 No subscription required linux-headers-aws - 5.4.0.1072.54 linux-image-aws - 5.4.0.1072.54 linux-aws-edge - 5.4.0.1072.54 linux-aws - 5.4.0.1072.54 linux-modules-extra-aws-edge - 5.4.0.1072.54 linux-headers-aws-edge - 5.4.0.1072.54 linux-image-aws-edge - 5.4.0.1072.54 linux-modules-extra-aws - 5.4.0.1072.54 linux-tools-aws - 5.4.0.1072.54 linux-tools-aws-edge - 5.4.0.1072.54 No subscription required linux-image-gcp-edge - 5.4.0.1072.56 linux-headers-gcp-edge - 5.4.0.1072.56 linux-modules-extra-gcp - 5.4.0.1072.56 linux-modules-extra-gcp-edge - 5.4.0.1072.56 linux-tools-gcp - 5.4.0.1072.56 linux-gcp - 5.4.0.1072.56 linux-headers-gcp - 5.4.0.1072.56 linux-image-gcp - 5.4.0.1072.56 linux-tools-gcp-edge - 5.4.0.1072.56 linux-gcp-edge - 5.4.0.1072.56 No subscription required linux-signed-azure - 5.4.0.1077.56 linux-tools-azure-edge - 5.4.0.1077.56 linux-cloud-tools-azure - 5.4.0.1077.56 linux-image-azure-edge - 5.4.0.1077.56 linux-image-azure - 5.4.0.1077.56 linux-cloud-tools-azure-edge - 5.4.0.1077.56 linux-modules-extra-azure - 5.4.0.1077.56 linux-azure - 5.4.0.1077.56 linux-signed-image-azure-edge - 5.4.0.1077.56 linux-signed-image-azure - 5.4.0.1077.56 linux-headers-azure-edge - 5.4.0.1077.56 linux-azure-edge - 5.4.0.1077.56 linux-tools-azure - 5.4.0.1077.56 linux-modules-extra-azure-edge - 5.4.0.1077.56 linux-signed-azure-edge - 5.4.0.1077.56 linux-headers-azure - 5.4.0.1077.56 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-headers-snapdragon-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-image-generic-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-snapdragon-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-oem - 5.4.0.109.123~18.04.94 linux-lowlatency-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-lowlatency-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-lowlatency-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-extra-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-oem - 5.4.0.109.123~18.04.94 linux-snapdragon-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-generic-lpae-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-lowlatency-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-generic-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-snapdragon-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-generic-lpae-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-oem-osp1 - 5.4.0.109.123~18.04.94 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-generic-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-image-generic-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-generic-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-oem - 5.4.0.109.123~18.04.94 linux-image-oem-osp1 - 5.4.0.109.123~18.04.94 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-snapdragon-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-oem - 5.4.0.109.123~18.04.94 linux-headers-oem-osp1 - 5.4.0.109.123~18.04.94 linux-generic-lpae-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-generic-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-oem-osp1 - 5.4.0.109.123~18.04.94 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-image-lowlatency-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-tools-virtual-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-image-virtual-hwe-18.04-edge - 5.4.0.109.123~18.04.94 linux-generic-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.109.123~18.04.94 linux-tools-generic-hwe-18.04 - 5.4.0.109.123~18.04.94 No subscription required Medium CVE-2022-0617 CVE-2022-24448 CVE-2022-24959 Ubuntu 18.04 LTS Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617) Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448) It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959) Update Instructions: Run `sudo pro fix USN-5385-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-headers-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-tools-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-dell300x-tools-4.15.0-1041 - 4.15.0-1041.46 linux-image-unsigned-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-modules-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-image-4.15.0-1041-dell300x - 4.15.0-1041.46 linux-dell300x-headers-4.15.0-1041 - 4.15.0-1041.46 No subscription required linux-oracle-tools-4.15.0-1092 - 4.15.0-1092.101 linux-image-unsigned-4.15.0-1092-oracle - 4.15.0-1092.101 linux-modules-extra-4.15.0-1092-oracle - 4.15.0-1092.101 linux-buildinfo-4.15.0-1092-oracle - 4.15.0-1092.101 linux-modules-4.15.0-1092-oracle - 4.15.0-1092.101 linux-tools-4.15.0-1092-oracle - 4.15.0-1092.101 linux-image-4.15.0-1092-oracle - 4.15.0-1092.101 linux-oracle-headers-4.15.0-1092 - 4.15.0-1092.101 linux-headers-4.15.0-1092-oracle - 4.15.0-1092.101 No subscription required linux-modules-4.15.0-1113-kvm - 4.15.0-1113.116 linux-buildinfo-4.15.0-1113-kvm - 4.15.0-1113.116 linux-kvm-tools-4.15.0-1113 - 4.15.0-1113.116 linux-kvm-headers-4.15.0-1113 - 4.15.0-1113.116 linux-image-4.15.0-1113-kvm - 4.15.0-1113.116 linux-tools-4.15.0-1113-kvm - 4.15.0-1113.116 linux-headers-4.15.0-1113-kvm - 4.15.0-1113.116 No subscription required linux-gcp-4.15-headers-4.15.0-1121 - 4.15.0-1121.135 linux-headers-4.15.0-1121-gcp - 4.15.0-1121.135 linux-image-unsigned-4.15.0-1121-gcp - 4.15.0-1121.135 linux-tools-4.15.0-1121-gcp - 4.15.0-1121.135 linux-modules-extra-4.15.0-1121-gcp - 4.15.0-1121.135 linux-gcp-4.15-tools-4.15.0-1121 - 4.15.0-1121.135 linux-modules-4.15.0-1121-gcp - 4.15.0-1121.135 linux-image-4.15.0-1121-gcp - 4.15.0-1121.135 linux-buildinfo-4.15.0-1121-gcp - 4.15.0-1121.135 No subscription required linux-modules-4.15.0-1126-snapdragon - 4.15.0-1126.135 linux-headers-4.15.0-1126-snapdragon - 4.15.0-1126.135 linux-tools-4.15.0-1126-snapdragon - 4.15.0-1126.135 linux-snapdragon-headers-4.15.0-1126 - 4.15.0-1126.135 linux-buildinfo-4.15.0-1126-snapdragon - 4.15.0-1126.135 linux-image-4.15.0-1126-snapdragon - 4.15.0-1126.135 linux-snapdragon-tools-4.15.0-1126 - 4.15.0-1126.135 No subscription required linux-buildinfo-4.15.0-1127-aws - 4.15.0-1127.136 linux-aws-tools-4.15.0-1127 - 4.15.0-1127.136 linux-image-unsigned-4.15.0-1127-aws - 4.15.0-1127.136 linux-image-4.15.0-1127-aws - 4.15.0-1127.136 linux-headers-4.15.0-1127-aws - 4.15.0-1127.136 linux-modules-extra-4.15.0-1127-aws - 4.15.0-1127.136 linux-cloud-tools-4.15.0-1127-aws - 4.15.0-1127.136 linux-tools-4.15.0-1127-aws - 4.15.0-1127.136 linux-modules-4.15.0-1127-aws - 4.15.0-1127.136 linux-aws-cloud-tools-4.15.0-1127 - 4.15.0-1127.136 linux-aws-headers-4.15.0-1127 - 4.15.0-1127.136 No subscription required linux-buildinfo-4.15.0-1137-azure - 4.15.0-1137.150 linux-azure-4.15-tools-4.15.0-1137 - 4.15.0-1137.150 linux-image-unsigned-4.15.0-1137-azure - 4.15.0-1137.150 linux-modules-4.15.0-1137-azure - 4.15.0-1137.150 linux-azure-4.15-headers-4.15.0-1137 - 4.15.0-1137.150 linux-image-4.15.0-1137-azure - 4.15.0-1137.150 linux-cloud-tools-4.15.0-1137-azure - 4.15.0-1137.150 linux-headers-4.15.0-1137-azure - 4.15.0-1137.150 linux-azure-4.15-cloud-tools-4.15.0-1137 - 4.15.0-1137.150 linux-modules-extra-4.15.0-1137-azure - 4.15.0-1137.150 linux-tools-4.15.0-1137-azure - 4.15.0-1137.150 No subscription required linux-tools-common - 4.15.0-176.185 linux-image-unsigned-4.15.0-176-generic - 4.15.0-176.185 linux-tools-4.15.0-176-lowlatency - 4.15.0-176.185 linux-tools-host - 4.15.0-176.185 linux-doc - 4.15.0-176.185 linux-cloud-tools-4.15.0-176-lowlatency - 4.15.0-176.185 linux-buildinfo-4.15.0-176-generic - 4.15.0-176.185 linux-headers-4.15.0-176-generic - 4.15.0-176.185 linux-image-4.15.0-176-generic - 4.15.0-176.185 linux-image-unsigned-4.15.0-176-lowlatency - 4.15.0-176.185 linux-libc-dev - 4.15.0-176.185 linux-tools-4.15.0-176-generic-lpae - 4.15.0-176.185 linux-tools-4.15.0-176 - 4.15.0-176.185 linux-modules-4.15.0-176-lowlatency - 4.15.0-176.185 linux-headers-4.15.0-176-lowlatency - 4.15.0-176.185 linux-tools-4.15.0-176-generic - 4.15.0-176.185 linux-headers-4.15.0-176 - 4.15.0-176.185 linux-source-4.15.0 - 4.15.0-176.185 linux-cloud-tools-4.15.0-176 - 4.15.0-176.185 linux-cloud-tools-common - 4.15.0-176.185 linux-image-4.15.0-176-lowlatency - 4.15.0-176.185 linux-buildinfo-4.15.0-176-generic-lpae - 4.15.0-176.185 linux-buildinfo-4.15.0-176-lowlatency - 4.15.0-176.185 linux-headers-4.15.0-176-generic-lpae - 4.15.0-176.185 linux-modules-extra-4.15.0-176-generic - 4.15.0-176.185 linux-modules-4.15.0-176-generic-lpae - 4.15.0-176.185 linux-image-4.15.0-176-generic-lpae - 4.15.0-176.185 linux-cloud-tools-4.15.0-176-generic - 4.15.0-176.185 linux-modules-4.15.0-176-generic - 4.15.0-176.185 No subscription required linux-tools-dell300x - 4.15.0.1041.43 linux-headers-dell300x - 4.15.0.1041.43 linux-image-dell300x - 4.15.0.1041.43 linux-dell300x - 4.15.0.1041.43 No subscription required linux-oracle-lts-18.04 - 4.15.0.1092.102 linux-image-oracle-lts-18.04 - 4.15.0.1092.102 linux-signed-image-oracle-lts-18.04 - 4.15.0.1092.102 linux-tools-oracle-lts-18.04 - 4.15.0.1092.102 linux-signed-oracle-lts-18.04 - 4.15.0.1092.102 linux-headers-oracle-lts-18.04 - 4.15.0.1092.102 No subscription required linux-kvm - 4.15.0.1113.109 linux-headers-kvm - 4.15.0.1113.109 linux-tools-kvm - 4.15.0.1113.109 linux-image-kvm - 4.15.0.1113.109 No subscription required linux-gcp-lts-18.04 - 4.15.0.1121.140 linux-tools-gcp-lts-18.04 - 4.15.0.1121.140 linux-image-gcp-lts-18.04 - 4.15.0.1121.140 linux-headers-gcp-lts-18.04 - 4.15.0.1121.140 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1121.140 No subscription required linux-snapdragon - 4.15.0.1126.129 linux-headers-snapdragon - 4.15.0.1126.129 linux-tools-snapdragon - 4.15.0.1126.129 linux-image-snapdragon - 4.15.0.1126.129 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1127.130 linux-headers-aws-lts-18.04 - 4.15.0.1127.130 linux-tools-aws-lts-18.04 - 4.15.0.1127.130 linux-modules-extra-aws-lts-18.04 - 4.15.0.1127.130 linux-aws-lts-18.04 - 4.15.0.1127.130 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1137.110 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1137.110 linux-tools-azure-lts-18.04 - 4.15.0.1137.110 linux-image-azure-lts-18.04 - 4.15.0.1137.110 linux-headers-azure-lts-18.04 - 4.15.0.1137.110 linux-signed-image-azure-lts-18.04 - 4.15.0.1137.110 linux-azure-lts-18.04 - 4.15.0.1137.110 linux-signed-azure-lts-18.04 - 4.15.0.1137.110 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.176.165 linux-image-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-cloud-tools-virtual - 4.15.0.176.165 linux-headers-generic-lpae - 4.15.0.176.165 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-image-extra-virtual-hwe-16.04 - 4.15.0.176.165 linux-image-virtual - 4.15.0.176.165 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.176.165 linux-image-generic - 4.15.0.176.165 linux-tools-lowlatency - 4.15.0.176.165 linux-tools-generic-hwe-16.04-edge - 4.15.0.176.165 linux-headers-generic-hwe-16.04-edge - 4.15.0.176.165 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.176.165 linux-generic-lpae-hwe-16.04 - 4.15.0.176.165 linux-signed-generic-hwe-16.04-edge - 4.15.0.176.165 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-generic-lpae-hwe-16.04-edge - 4.15.0.176.165 linux-signed-image-lowlatency - 4.15.0.176.165 linux-signed-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-crashdump - 4.15.0.176.165 linux-signed-image-generic - 4.15.0.176.165 linux-lowlatency - 4.15.0.176.165 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.176.165 linux-source - 4.15.0.176.165 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.176.165 linux-cloud-tools-generic - 4.15.0.176.165 linux-generic-hwe-16.04-edge - 4.15.0.176.165 linux-virtual - 4.15.0.176.165 linux-headers-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-tools-generic-lpae - 4.15.0.176.165 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.176.165 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-tools-generic-hwe-16.04 - 4.15.0.176.165 linux-tools-virtual - 4.15.0.176.165 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-generic-lpae - 4.15.0.176.165 linux-generic - 4.15.0.176.165 linux-signed-image-generic-hwe-16.04 - 4.15.0.176.165 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.176.165 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-headers-lowlatency - 4.15.0.176.165 linux-headers-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-headers-generic-hwe-16.04 - 4.15.0.176.165 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-generic-hwe-16.04 - 4.15.0.176.165 linux-tools-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-tools-generic - 4.15.0.176.165 linux-tools-virtual-hwe-16.04 - 4.15.0.176.165 linux-virtual-hwe-16.04 - 4.15.0.176.165 linux-image-extra-virtual - 4.15.0.176.165 linux-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-cloud-tools-lowlatency - 4.15.0.176.165 linux-image-generic-hwe-16.04 - 4.15.0.176.165 linux-image-generic-hwe-16.04-edge - 4.15.0.176.165 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-image-generic-lpae-hwe-16.04 - 4.15.0.176.165 linux-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-signed-generic - 4.15.0.176.165 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.176.165 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.176.165 linux-headers-generic - 4.15.0.176.165 linux-headers-virtual-hwe-16.04 - 4.15.0.176.165 linux-image-virtual-hwe-16.04-edge - 4.15.0.176.165 linux-tools-lowlatency-hwe-16.04 - 4.15.0.176.165 linux-image-virtual-hwe-16.04 - 4.15.0.176.165 linux-headers-virtual - 4.15.0.176.165 linux-signed-generic-hwe-16.04 - 4.15.0.176.165 linux-image-generic-lpae - 4.15.0.176.165 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.176.165 linux-signed-lowlatency - 4.15.0.176.165 linux-image-lowlatency - 4.15.0.176.165 No subscription required Medium CVE-2021-43975 CVE-2022-0617 CVE-2022-24448 CVE-2022-24959 Ubuntu 18.04 LTS Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker could possibly use this issue to perform phishing attacks. Update Instructions: Run `sudo pro fix USN-5386-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-aiohttp - 3.0.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-21330 Ubuntu 18.04 LTS Douglas Mendizábal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue to consume protected resources and possibly cause a denial of service. (CVE-2022-23451, CVE-2022-23452) Update Instructions: Run `sudo pro fix USN-5387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: barbican-keystone-listener - 1:6.0.1-0ubuntu1.1 barbican-api - 1:6.0.1-0ubuntu1.1 barbican-worker - 1:6.0.1-0ubuntu1.1 python-barbican - 1:6.0.1-0ubuntu1.1 barbican-common - 1:6.0.1-0ubuntu1.1 barbican-doc - 1:6.0.1-0ubuntu1.1 No subscription required Medium CVE-2022-23451 CVE-2022-23452 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. (CVE-2022-21496) Update Instructions: Run `sudo pro fix USN-5388-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-source - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-zero - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-doc - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre-headless - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jdk - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jdk-headless - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-jre - 11.0.15+10-0ubuntu0.18.04.1 openjdk-11-demo - 11.0.15+10-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. (CVE-2022-21496) Update Instructions: Run `sudo pro fix USN-5388-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-demo - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-jdk - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-jre-zero - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-jdk-headless - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-source - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-jre-headless - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-doc - 17.0.3+7-0ubuntu0.18.04.1 openjdk-17-jre - 17.0.3+7-0ubuntu0.18.04.1 No subscription required High CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 Ubuntu 18.04 LTS Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36084) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36085) It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086) It was discovered that libsepol incorrectly validated certain data, leading to a heap overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36087) Update Instructions: Run `sudo pro fix USN-5391-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsepol1 - 2.7-1ubuntu0.1 libsepol1-dev - 2.7-1ubuntu0.1 sepol-utils - 2.7-1ubuntu0.1 No subscription required Low CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055) It was discovered that Mutt incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information. (CVE-2022-1328) Update Instructions: Run `sudo pro fix USN-5392-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.6 No subscription required Medium CVE-2021-32055 CVE-2022-1328 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct spoofing attacks, or execute arbitrary code. (CVE-2022-1097, CVE-2022-1196, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289) It was discovered that Thunderbird ignored OpenPGP revocation when importing a revoked key in some circumstances. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message or tricking them into use a revoked key to send an encrypted message. (CVE-2022-1197) Update Instructions: Run `sudo pro fix USN-5393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:91.8.1+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:91.8.1+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:91.8.1+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:91.8.1+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:91.8.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 Ubuntu 18.04 LTS It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. (CVE-2022-29799, CVE-2022-29800) Update Instructions: Run `sudo pro fix USN-5395-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: networkd-dispatcher - 1.7-0ubuntu3.4 No subscription required High CVE-2022-29799 CVE-2022-29800 Ubuntu 18.04 LTS USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. (CVE-2022-29799, CVE-2022-29800) Update Instructions: Run `sudo pro fix USN-5395-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: networkd-dispatcher - 1.7-0ubuntu3.5 No subscription required None https://launchpad.net/bugs/1971550 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-5396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.16 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.16 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.16 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.16 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.16 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.16 No subscription required Medium CVE-2019-25059 Ubuntu 18.04 LTS Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. (CVE-2022-22576) Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776) Update Instructions: Run `sudo pro fix USN-5397-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.17 libcurl4-openssl-dev - 7.58.0-2ubuntu3.17 libcurl3-gnutls - 7.58.0-2ubuntu3.17 libcurl4-doc - 7.58.0-2ubuntu3.17 libcurl3-nss - 7.58.0-2ubuntu3.17 libcurl4-nss-dev - 7.58.0-2ubuntu3.17 libcurl4 - 7.58.0-2ubuntu3.17 curl - 7.58.0-2ubuntu3.17 No subscription required Medium CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776 Ubuntu 18.04 LTS It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsdl1.2debian - 1.2.15+dfsg2-0.1ubuntu0.2 libsdl1.2-dev - 1.2.15+dfsg2-0.1ubuntu0.2 No subscription required Medium CVE-2021-33657 Ubuntu 18.04 LTS It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-3667) It was discovered that libvirt incorrectly handled threads during shutdown. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3975) It was discovered that libvirt incorrectly handled the libxl driver. An attacker inside a guest could possibly use this issue to cause libvirtd to crash or stop responding, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2021-4147) It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2022-0897) It was discovered that libvirt incorrectly handled the polkit access control driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-25637) It was discovered that libvirt incorrectly generated SELinux labels. In environments using SELinux, this issue could allow the sVirt confinement to be bypassed. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3631) Update Instructions: Run `sudo pro fix USN-5399-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvirt0 - 4.0.0-1ubuntu8.21 libvirt-dev - 4.0.0-1ubuntu8.21 libnss-libvirt - 4.0.0-1ubuntu8.21 libvirt-daemon - 4.0.0-1ubuntu8.21 libvirt-sanlock - 4.0.0-1ubuntu8.21 libvirt-wireshark - 4.0.0-1ubuntu8.21 libvirt-daemon-driver-storage-rbd - 4.0.0-1ubuntu8.21 libvirt-daemon-driver-storage-gluster - 4.0.0-1ubuntu8.21 libvirt-doc - 4.0.0-1ubuntu8.21 libvirt-daemon-system - 4.0.0-1ubuntu8.21 libvirt-clients - 4.0.0-1ubuntu8.21 libvirt-daemon-driver-storage-zfs - 4.0.0-1ubuntu8.21 libvirt-daemon-driver-storage-sheepdog - 4.0.0-1ubuntu8.21 libvirt-bin - 4.0.0-1ubuntu8.21 No subscription required Low CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2021-3975 CVE-2021-4147 CVE-2022-0897 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.29 in Ubuntu 20.04 LTS, Ubuntu 21.10, and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-29.html https://www.oracle.com/security-alerts/cpuapr2022.html Update Instructions: Run `sudo pro fix USN-5400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.38-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.38-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.38-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.38-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.38-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.38-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.38-0ubuntu0.18.04.1 mysql-server - 5.7.38-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.38-0ubuntu0.18.04.1 mysql-testsuite - 5.7.38-0ubuntu0.18.04.1 libmysqld-dev - 5.7.38-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.38-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21412 CVE-2022-21413 CVE-2022-21414 CVE-2022-21415 CVE-2022-21417 CVE-2022-21418 CVE-2022-21423 CVE-2022-21425 CVE-2022-21427 CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 CVE-2022-21438 CVE-2022-21440 CVE-2022-21444 CVE-2022-21451 CVE-2022-21452 CVE-2022-21454 CVE-2022-21457 CVE-2022-21459 CVE-2022-21460 CVE-2022-21462 CVE-2022-21478 Ubuntu 18.04 LTS Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. (CVE-2022-1292) Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote attacker could possibly use this issue to spoof certain response signing certificates. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1343) Tom Colley discovered that OpenSSL used the incorrect MAC key in the RC4-MD5 ciphersuite. In non-default configurations were RC4-MD5 is enabled, a remote attacker could possibly use this issue to modify encrypted communications. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1434) Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473) Update Instructions: Run `sudo pro fix USN-5402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.9 libssl1.0-dev - 1.0.2n-1ubuntu5.9 openssl1.0 - 1.0.2n-1ubuntu5.9 No subscription required libssl-dev - 1.1.1-1ubuntu2.1~18.04.17 openssl - 1.1.1-1ubuntu2.1~18.04.17 libssl-doc - 1.1.1-1ubuntu2.1~18.04.17 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.17 No subscription required Medium CVE-2022-1292 CVE-2022-1343 CVE-2022-1434 CVE-2022-1473 Ubuntu 18.04 LTS It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5403-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.5 sqlite3-doc - 3.22.0-1ubuntu0.5 libsqlite3-0 - 3.22.0-1ubuntu0.5 libsqlite3-tcl - 3.22.0-1ubuntu0.5 sqlite3 - 3.22.0-1ubuntu0.5 libsqlite3-dev - 3.22.0-1ubuntu0.5 No subscription required Negligible CVE-2021-36690 Ubuntu 18.04 LTS Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-5404-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsyslog-gssapi - 8.32.0-1ubuntu4.2 rsyslog-czmq - 8.32.0-1ubuntu4.2 rsyslog-pgsql - 8.32.0-1ubuntu4.2 rsyslog-hiredis - 8.32.0-1ubuntu4.2 rsyslog-mysql - 8.32.0-1ubuntu4.2 rsyslog-gnutls - 8.32.0-1ubuntu4.2 rsyslog-mongodb - 8.32.0-1ubuntu4.2 rsyslog - 8.32.0-1ubuntu4.2 rsyslog-relp - 8.32.0-1ubuntu4.2 rsyslog-elasticsearch - 8.32.0-1ubuntu4.2 rsyslog-kafka - 8.32.0-1ubuntu4.2 No subscription required Medium CVE-2022-24903 Ubuntu 18.04 LTS Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information. Update Instructions: Run `sudo pro fix USN-5408-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.6 dnsmasq-base-lua - 2.79-1ubuntu0.6 dnsmasq-utils - 2.79-1ubuntu0.6 dnsmasq-base - 2.79-1ubuntu0.6 No subscription required Medium CVE-2022-0934 Ubuntu 18.04 LTS Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5410-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.14 libnss3 - 2:3.35-2ubuntu2.14 libnss3-tools - 2:3.35-2ubuntu2.14 No subscription required Low CVE-2020-25648 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 100.0+build2-0ubuntu0.18.04.1 firefox - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 100.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 100.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 100.0+build2-0ubuntu0.18.04.1 firefox-dev - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 100.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 100.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29915 CVE-2022-29916 CVE-2022-29917 CVE-2022-29918 Ubuntu 18.04 LTS Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27780) Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. (CVE-2022-27781) Harry Sintonen discovered that curl incorrectly reused a previous connection when certain options had been changed, contrary to expectations. (CVE-2022-27782) Update Instructions: Run `sudo pro fix USN-5412-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.18 libcurl4-openssl-dev - 7.58.0-2ubuntu3.18 libcurl3-gnutls - 7.58.0-2ubuntu3.18 libcurl4-doc - 7.58.0-2ubuntu3.18 libcurl3-nss - 7.58.0-2ubuntu3.18 libcurl4-nss-dev - 7.58.0-2ubuntu3.18 libcurl4 - 7.58.0-2ubuntu3.18 curl - 7.58.0-2ubuntu3.18 No subscription required Medium CVE-2022-27780 CVE-2022-27781 CVE-2022-27782 Ubuntu 18.04 LTS Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2020-27820) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the MMC/SD subsystem in the Linux kernel did not properly handle read errors from SD cards in certain situations. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-20008) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) Update Instructions: Run `sudo pro fix USN-5415-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-tools-common - 5.4.0-1021.23~18.04.1 linux-buildinfo-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-image-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-ibm-5.4-headers-5.4.0-1021 - 5.4.0-1021.23~18.04.1 linux-image-unsigned-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-modules-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-modules-extra-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-tools-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-headers-5.4.0-1021-ibm - 5.4.0-1021.23~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1021.23~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1021.23~18.04.1 linux-ibm-5.4-tools-5.4.0-1021 - 5.4.0-1021.23~18.04.1 No subscription required linux-image-unsigned-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-modules-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1040 - 5.4.0-1040.41~18.04.1 linux-headers-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-gkeop-5.4-tools-5.4.0-1040 - 5.4.0-1040.41~18.04.1 linux-image-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-cloud-tools-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-gkeop-5.4-headers-5.4.0-1040 - 5.4.0-1040.41~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1040.41~18.04.1 linux-modules-extra-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-buildinfo-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 linux-tools-5.4.0-1040-gkeop - 5.4.0-1040.41~18.04.1 No subscription required linux-raspi-5.4-tools-5.4.0-1060 - 5.4.0-1060.68~18.04.1 linux-buildinfo-5.4.0-1060-raspi - 5.4.0-1060.68~18.04.1 linux-headers-5.4.0-1060-raspi - 5.4.0-1060.68~18.04.1 linux-modules-5.4.0-1060-raspi - 5.4.0-1060.68~18.04.1 linux-tools-5.4.0-1060-raspi - 5.4.0-1060.68~18.04.1 linux-image-5.4.0-1060-raspi - 5.4.0-1060.68~18.04.1 linux-raspi-5.4-headers-5.4.0-1060 - 5.4.0-1060.68~18.04.1 No subscription required linux-headers-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-tools-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-modules-extra-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-buildinfo-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-image-unsigned-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-oracle-5.4-tools-5.4.0-1071 - 5.4.0-1071.77~18.04.1 linux-oracle-5.4-headers-5.4.0-1071 - 5.4.0-1071.77~18.04.1 linux-modules-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 linux-image-5.4.0-1071-oracle - 5.4.0-1071.77~18.04.1 No subscription required linux-image-unsigned-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-gcp-5.4-tools-5.4.0-1073 - 5.4.0-1073.78~18.04.1 linux-image-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-modules-extra-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-modules-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-buildinfo-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-gcp-5.4-headers-5.4.0-1073 - 5.4.0-1073.78~18.04.1 linux-headers-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 linux-tools-5.4.0-1073-gcp - 5.4.0-1073.78~18.04.1 No subscription required linux-buildinfo-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-azure-5.4-headers-5.4.0-1078 - 5.4.0-1078.81~18.04.1 linux-cloud-tools-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-headers-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-image-unsigned-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1078 - 5.4.0-1078.81~18.04.1 linux-tools-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-modules-extra-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-azure-5.4-tools-5.4.0-1078 - 5.4.0-1078.81~18.04.1 linux-image-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 linux-modules-5.4.0-1078-azure - 5.4.0-1078.81~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-110.124~18.04.1 linux-headers-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-image-unsigned-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-modules-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-tools-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-110 - 5.4.0-110.124~18.04.1 linux-buildinfo-5.4.0-110-generic-lpae - 5.4.0-110.124~18.04.1 linux-image-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-cloud-tools-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-headers-5.4.0-110-generic-lpae - 5.4.0-110.124~18.04.1 linux-tools-5.4.0-110-generic-lpae - 5.4.0-110.124~18.04.1 linux-image-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-buildinfo-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-image-5.4.0-110-generic-lpae - 5.4.0-110.124~18.04.1 linux-hwe-5.4-headers-5.4.0-110 - 5.4.0-110.124~18.04.1 linux-modules-extra-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-cloud-tools-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-110.124~18.04.1 linux-modules-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-headers-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-110.124~18.04.1 linux-buildinfo-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 linux-image-unsigned-5.4.0-110-generic - 5.4.0-110.124~18.04.1 linux-hwe-5.4-tools-5.4.0-110 - 5.4.0-110.124~18.04.1 linux-modules-5.4.0-110-generic-lpae - 5.4.0-110.124~18.04.1 linux-tools-5.4.0-110-lowlatency - 5.4.0-110.124~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1021.38 linux-image-ibm - 5.4.0.1021.38 linux-tools-ibm-edge - 5.4.0.1021.38 linux-headers-ibm-edge - 5.4.0.1021.38 linux-modules-extra-ibm-edge - 5.4.0.1021.38 linux-ibm - 5.4.0.1021.38 linux-ibm-edge - 5.4.0.1021.38 linux-headers-ibm - 5.4.0.1021.38 linux-tools-ibm - 5.4.0.1021.38 linux-image-ibm-edge - 5.4.0.1021.38 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1040.41~18.04.40 linux-gkeop-5.4 - 5.4.0.1040.41~18.04.40 linux-image-gkeop-5.4 - 5.4.0.1040.41~18.04.40 linux-headers-gkeop-5.4 - 5.4.0.1040.41~18.04.40 linux-tools-gkeop-5.4 - 5.4.0.1040.41~18.04.40 linux-modules-extra-gkeop-5.4 - 5.4.0.1040.41~18.04.40 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1060.61 linux-headers-raspi-hwe-18.04 - 5.4.0.1060.61 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1060.61 linux-raspi-hwe-18.04 - 5.4.0.1060.61 linux-raspi-hwe-18.04-edge - 5.4.0.1060.61 linux-image-raspi-hwe-18.04-edge - 5.4.0.1060.61 linux-tools-raspi-hwe-18.04 - 5.4.0.1060.61 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1060.61 No subscription required linux-headers-oracle - 5.4.0.1071.77~18.04.50 linux-tools-oracle - 5.4.0.1071.77~18.04.50 linux-signed-image-oracle - 5.4.0.1071.77~18.04.50 linux-signed-oracle - 5.4.0.1071.77~18.04.50 linux-tools-oracle-edge - 5.4.0.1071.77~18.04.50 linux-oracle-edge - 5.4.0.1071.77~18.04.50 linux-modules-extra-oracle-edge - 5.4.0.1071.77~18.04.50 linux-image-oracle-edge - 5.4.0.1071.77~18.04.50 linux-modules-extra-oracle - 5.4.0.1071.77~18.04.50 linux-signed-oracle-edge - 5.4.0.1071.77~18.04.50 linux-signed-image-oracle-edge - 5.4.0.1071.77~18.04.50 linux-headers-oracle-edge - 5.4.0.1071.77~18.04.50 linux-image-oracle - 5.4.0.1071.77~18.04.50 linux-oracle - 5.4.0.1071.77~18.04.50 No subscription required linux-image-gcp-edge - 5.4.0.1073.57 linux-tools-gcp-edge - 5.4.0.1073.57 linux-gcp - 5.4.0.1073.57 linux-headers-gcp-edge - 5.4.0.1073.57 linux-modules-extra-gcp - 5.4.0.1073.57 linux-tools-gcp - 5.4.0.1073.57 linux-headers-gcp - 5.4.0.1073.57 linux-image-gcp - 5.4.0.1073.57 linux-modules-extra-gcp-edge - 5.4.0.1073.57 linux-gcp-edge - 5.4.0.1073.57 No subscription required linux-signed-azure - 5.4.0.1078.57 linux-tools-azure-edge - 5.4.0.1078.57 linux-cloud-tools-azure - 5.4.0.1078.57 linux-tools-azure - 5.4.0.1078.57 linux-image-azure-edge - 5.4.0.1078.57 linux-signed-image-azure-edge - 5.4.0.1078.57 linux-cloud-tools-azure-edge - 5.4.0.1078.57 linux-modules-extra-azure - 5.4.0.1078.57 linux-azure - 5.4.0.1078.57 linux-image-azure - 5.4.0.1078.57 linux-signed-image-azure - 5.4.0.1078.57 linux-headers-azure-edge - 5.4.0.1078.57 linux-azure-edge - 5.4.0.1078.57 linux-modules-extra-azure-edge - 5.4.0.1078.57 linux-signed-azure-edge - 5.4.0.1078.57 linux-headers-azure - 5.4.0.1078.57 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-headers-snapdragon-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-image-generic-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-snapdragon-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-snapdragon-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-image-oem - 5.4.0.110.124~18.04.95 linux-tools-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-lowlatency-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-lowlatency-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-oem-osp1 - 5.4.0.110.124~18.04.95 linux-snapdragon-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-generic-lpae-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-tools-lowlatency-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-generic-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-snapdragon-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-generic-lpae-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-oem - 5.4.0.110.124~18.04.95 linux-image-extra-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-tools-oem-osp1 - 5.4.0.110.124~18.04.95 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-generic-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-generic-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-generic-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-oem - 5.4.0.110.124~18.04.95 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-tools-oem - 5.4.0.110.124~18.04.95 linux-headers-oem-osp1 - 5.4.0.110.124~18.04.95 linux-generic-lpae-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-tools-generic-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-generic-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-oem-osp1 - 5.4.0.110.124~18.04.95 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-image-lowlatency-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-lowlatency-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.110.124~18.04.95 linux-generic-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.110.124~18.04.95 linux-image-virtual-hwe-18.04-edge - 5.4.0.110.124~18.04.95 No subscription required Medium CVE-2020-27820 CVE-2021-26401 CVE-2022-1016 CVE-2022-20008 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-27223 Ubuntu 18.04 LTS Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-25258) It was discovered that the Remote NDIS (RNDIS) USB gadget implementation in the Linux kernel did not properly validate the size of the RNDIS_MSG_SET command. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-25375) It was discovered that the ST21NFCA NFC driver in the Linux kernel did not properly validate the size of certain data in EVT_TRANSACTION events. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-26490) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) It was discovered that the Xilinx USB2 device gadget driver in the Linux kernel did not properly validate endpoint indices from the host. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-27223) Update Instructions: Run `sudo pro fix USN-5418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1042-dell300x - 4.15.0-1042.47 linux-dell300x-headers-4.15.0-1042 - 4.15.0-1042.47 linux-image-4.15.0-1042-dell300x - 4.15.0-1042.47 linux-modules-4.15.0-1042-dell300x - 4.15.0-1042.47 linux-image-unsigned-4.15.0-1042-dell300x - 4.15.0-1042.47 linux-dell300x-tools-4.15.0-1042 - 4.15.0-1042.47 linux-headers-4.15.0-1042-dell300x - 4.15.0-1042.47 linux-tools-4.15.0-1042-dell300x - 4.15.0-1042.47 No subscription required linux-oracle-tools-4.15.0-1093 - 4.15.0-1093.102 linux-modules-extra-4.15.0-1093-oracle - 4.15.0-1093.102 linux-modules-4.15.0-1093-oracle - 4.15.0-1093.102 linux-headers-4.15.0-1093-oracle - 4.15.0-1093.102 linux-image-unsigned-4.15.0-1093-oracle - 4.15.0-1093.102 linux-tools-4.15.0-1093-oracle - 4.15.0-1093.102 linux-oracle-headers-4.15.0-1093 - 4.15.0-1093.102 linux-image-4.15.0-1093-oracle - 4.15.0-1093.102 linux-buildinfo-4.15.0-1093-oracle - 4.15.0-1093.102 No subscription required linux-tools-4.15.0-1114-kvm - 4.15.0-1114.117 linux-kvm-tools-4.15.0-1114 - 4.15.0-1114.117 linux-modules-4.15.0-1114-kvm - 4.15.0-1114.117 linux-buildinfo-4.15.0-1114-kvm - 4.15.0-1114.117 linux-image-4.15.0-1114-kvm - 4.15.0-1114.117 linux-headers-4.15.0-1114-kvm - 4.15.0-1114.117 linux-kvm-headers-4.15.0-1114 - 4.15.0-1114.117 No subscription required linux-gcp-4.15-headers-4.15.0-1122 - 4.15.0-1122.136 linux-modules-extra-4.15.0-1122-gcp - 4.15.0-1122.136 linux-modules-4.15.0-1122-gcp - 4.15.0-1122.136 linux-gcp-4.15-tools-4.15.0-1122 - 4.15.0-1122.136 linux-buildinfo-4.15.0-1122-gcp - 4.15.0-1122.136 linux-image-4.15.0-1122-gcp - 4.15.0-1122.136 linux-headers-4.15.0-1122-gcp - 4.15.0-1122.136 linux-tools-4.15.0-1122-gcp - 4.15.0-1122.136 linux-image-unsigned-4.15.0-1122-gcp - 4.15.0-1122.136 No subscription required linux-headers-4.15.0-1127-snapdragon - 4.15.0-1127.136 linux-image-4.15.0-1127-snapdragon - 4.15.0-1127.136 linux-tools-4.15.0-1127-snapdragon - 4.15.0-1127.136 linux-snapdragon-tools-4.15.0-1127 - 4.15.0-1127.136 linux-snapdragon-headers-4.15.0-1127 - 4.15.0-1127.136 linux-buildinfo-4.15.0-1127-snapdragon - 4.15.0-1127.136 linux-modules-4.15.0-1127-snapdragon - 4.15.0-1127.136 No subscription required linux-tools-4.15.0-1128-aws - 4.15.0-1128.137 linux-aws-tools-4.15.0-1128 - 4.15.0-1128.137 linux-headers-4.15.0-1128-aws - 4.15.0-1128.137 linux-image-4.15.0-1128-aws - 4.15.0-1128.137 linux-aws-cloud-tools-4.15.0-1128 - 4.15.0-1128.137 linux-image-unsigned-4.15.0-1128-aws - 4.15.0-1128.137 linux-modules-4.15.0-1128-aws - 4.15.0-1128.137 linux-aws-headers-4.15.0-1128 - 4.15.0-1128.137 linux-modules-extra-4.15.0-1128-aws - 4.15.0-1128.137 linux-cloud-tools-4.15.0-1128-aws - 4.15.0-1128.137 linux-buildinfo-4.15.0-1128-aws - 4.15.0-1128.137 No subscription required linux-image-4.15.0-1138-azure - 4.15.0-1138.151 linux-headers-4.15.0-1138-azure - 4.15.0-1138.151 linux-azure-4.15-tools-4.15.0-1138 - 4.15.0-1138.151 linux-azure-4.15-headers-4.15.0-1138 - 4.15.0-1138.151 linux-modules-4.15.0-1138-azure - 4.15.0-1138.151 linux-cloud-tools-4.15.0-1138-azure - 4.15.0-1138.151 linux-image-unsigned-4.15.0-1138-azure - 4.15.0-1138.151 linux-azure-4.15-cloud-tools-4.15.0-1138 - 4.15.0-1138.151 linux-buildinfo-4.15.0-1138-azure - 4.15.0-1138.151 linux-tools-4.15.0-1138-azure - 4.15.0-1138.151 linux-modules-extra-4.15.0-1138-azure - 4.15.0-1138.151 No subscription required linux-tools-common - 4.15.0-177.186 linux-tools-host - 4.15.0-177.186 linux-headers-4.15.0-177-lowlatency - 4.15.0-177.186 linux-doc - 4.15.0-177.186 linux-buildinfo-4.15.0-177-generic - 4.15.0-177.186 linux-image-unsigned-4.15.0-177-generic - 4.15.0-177.186 linux-cloud-tools-4.15.0-177-generic - 4.15.0-177.186 linux-headers-4.15.0-177-generic-lpae - 4.15.0-177.186 linux-libc-dev - 4.15.0-177.186 linux-tools-4.15.0-177 - 4.15.0-177.186 linux-image-4.15.0-177-generic-lpae - 4.15.0-177.186 linux-tools-4.15.0-177-generic-lpae - 4.15.0-177.186 linux-headers-4.15.0-177-generic - 4.15.0-177.186 linux-modules-4.15.0-177-lowlatency - 4.15.0-177.186 linux-image-unsigned-4.15.0-177-lowlatency - 4.15.0-177.186 linux-cloud-tools-4.15.0-177-lowlatency - 4.15.0-177.186 linux-modules-extra-4.15.0-177-generic - 4.15.0-177.186 linux-buildinfo-4.15.0-177-lowlatency - 4.15.0-177.186 linux-headers-4.15.0-177 - 4.15.0-177.186 linux-cloud-tools-4.15.0-177 - 4.15.0-177.186 linux-modules-4.15.0-177-generic - 4.15.0-177.186 linux-tools-4.15.0-177-generic - 4.15.0-177.186 linux-buildinfo-4.15.0-177-generic-lpae - 4.15.0-177.186 linux-cloud-tools-common - 4.15.0-177.186 linux-tools-4.15.0-177-lowlatency - 4.15.0-177.186 linux-image-4.15.0-177-generic - 4.15.0-177.186 linux-source-4.15.0 - 4.15.0-177.186 linux-modules-4.15.0-177-generic-lpae - 4.15.0-177.186 linux-image-4.15.0-177-lowlatency - 4.15.0-177.186 No subscription required linux-tools-dell300x - 4.15.0.1042.44 linux-headers-dell300x - 4.15.0.1042.44 linux-dell300x - 4.15.0.1042.44 linux-image-dell300x - 4.15.0.1042.44 No subscription required linux-oracle-lts-18.04 - 4.15.0.1093.103 linux-image-oracle-lts-18.04 - 4.15.0.1093.103 linux-signed-image-oracle-lts-18.04 - 4.15.0.1093.103 linux-tools-oracle-lts-18.04 - 4.15.0.1093.103 linux-signed-oracle-lts-18.04 - 4.15.0.1093.103 linux-headers-oracle-lts-18.04 - 4.15.0.1093.103 No subscription required linux-kvm - 4.15.0.1114.110 linux-headers-kvm - 4.15.0.1114.110 linux-tools-kvm - 4.15.0.1114.110 linux-image-kvm - 4.15.0.1114.110 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1122.141 linux-gcp-lts-18.04 - 4.15.0.1122.141 linux-tools-gcp-lts-18.04 - 4.15.0.1122.141 linux-image-gcp-lts-18.04 - 4.15.0.1122.141 linux-headers-gcp-lts-18.04 - 4.15.0.1122.141 No subscription required linux-headers-snapdragon - 4.15.0.1127.130 linux-tools-snapdragon - 4.15.0.1127.130 linux-snapdragon - 4.15.0.1127.130 linux-image-snapdragon - 4.15.0.1127.130 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1128.131 linux-headers-aws-lts-18.04 - 4.15.0.1128.131 linux-aws-lts-18.04 - 4.15.0.1128.131 linux-modules-extra-aws-lts-18.04 - 4.15.0.1128.131 linux-tools-aws-lts-18.04 - 4.15.0.1128.131 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1138.111 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1138.111 linux-headers-azure-lts-18.04 - 4.15.0.1138.111 linux-tools-azure-lts-18.04 - 4.15.0.1138.111 linux-azure-lts-18.04 - 4.15.0.1138.111 linux-signed-azure-lts-18.04 - 4.15.0.1138.111 linux-image-azure-lts-18.04 - 4.15.0.1138.111 linux-signed-image-azure-lts-18.04 - 4.15.0.1138.111 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-cloud-tools-virtual - 4.15.0.177.166 linux-headers-generic-lpae - 4.15.0.177.166 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-image-extra-virtual-hwe-16.04 - 4.15.0.177.166 linux-image-virtual - 4.15.0.177.166 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.177.166 linux-signed-lowlatency - 4.15.0.177.166 linux-image-generic - 4.15.0.177.166 linux-tools-lowlatency - 4.15.0.177.166 linux-headers-generic-hwe-16.04-edge - 4.15.0.177.166 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.177.166 linux-generic-lpae-hwe-16.04 - 4.15.0.177.166 linux-generic-hwe-16.04 - 4.15.0.177.166 linux-signed-generic-hwe-16.04-edge - 4.15.0.177.166 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-image-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-generic-lpae-hwe-16.04-edge - 4.15.0.177.166 linux-signed-image-lowlatency - 4.15.0.177.166 linux-signed-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-crashdump - 4.15.0.177.166 linux-signed-image-generic - 4.15.0.177.166 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-lowlatency - 4.15.0.177.166 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.177.166 linux-source - 4.15.0.177.166 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.177.166 linux-tools-generic-lpae - 4.15.0.177.166 linux-generic-hwe-16.04-edge - 4.15.0.177.166 linux-virtual - 4.15.0.177.166 linux-headers-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-tools-virtual-hwe-16.04 - 4.15.0.177.166 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.177.166 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.177.166 linux-tools-virtual - 4.15.0.177.166 linux-image-generic-lpae - 4.15.0.177.166 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-generic-lpae - 4.15.0.177.166 linux-generic - 4.15.0.177.166 linux-signed-generic-hwe-16.04 - 4.15.0.177.166 linux-signed-image-generic-hwe-16.04 - 4.15.0.177.166 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.177.166 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-headers-lowlatency - 4.15.0.177.166 linux-headers-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-headers-generic-hwe-16.04 - 4.15.0.177.166 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-tools-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-tools-generic - 4.15.0.177.166 linux-virtual-hwe-16.04 - 4.15.0.177.166 linux-image-generic-hwe-16.04-edge - 4.15.0.177.166 linux-image-extra-virtual - 4.15.0.177.166 linux-cloud-tools-generic - 4.15.0.177.166 linux-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-cloud-tools-lowlatency - 4.15.0.177.166 linux-image-generic-hwe-16.04 - 4.15.0.177.166 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-image-generic-lpae-hwe-16.04 - 4.15.0.177.166 linux-virtual-hwe-16.04-edge - 4.15.0.177.166 linux-tools-lowlatency-hwe-16.04 - 4.15.0.177.166 linux-signed-generic - 4.15.0.177.166 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.177.166 linux-headers-generic - 4.15.0.177.166 linux-headers-virtual-hwe-16.04 - 4.15.0.177.166 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.177.166 linux-image-virtual-hwe-16.04 - 4.15.0.177.166 linux-headers-virtual - 4.15.0.177.166 linux-tools-generic-hwe-16.04 - 4.15.0.177.166 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.177.166 linux-tools-generic-hwe-16.04-edge - 4.15.0.177.166 linux-image-lowlatency - 4.15.0.177.166 No subscription required Medium CVE-2021-26401 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23042 CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27223 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35522) Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891) It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865) Update Instructions: Run `sudo pro fix USN-5421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.5 libtiffxx5 - 4.0.9-5ubuntu0.5 libtiff5-dev - 4.0.9-5ubuntu0.5 libtiff-dev - 4.0.9-5ubuntu0.5 libtiff5 - 4.0.9-5ubuntu0.5 libtiff-tools - 4.0.9-5ubuntu0.5 libtiff-doc - 4.0.9-5ubuntu0.5 No subscription required Medium CVE-2020-35522 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 Ubuntu 18.04 LTS Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Update Instructions: Run `sudo pro fix USN-5422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.6 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.6 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.6 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.6 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.6 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.6 No subscription required Medium CVE-2022-23308 CVE-2022-29824 Ubuntu 18.04 LTS Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770) Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771) Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785) Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792) Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796) Update Instructions: Run `sudo pro fix USN-5423-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-base - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.103.6+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.103.6+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.103.6+dfsg-0ubuntu0.18.04.1 clamdscan - 0.103.6+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 Ubuntu 18.04 LTS It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. Update Instructions: Run `sudo pro fix USN-5424-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.11 libldap-common - 2.4.45+dfsg-1ubuntu1.11 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.11 ldap-utils - 2.4.45+dfsg-1ubuntu1.11 libldap2-dev - 2.4.45+dfsg-1ubuntu1.11 slapd - 2.4.45+dfsg-1ubuntu1.11 No subscription required Medium CVE-2022-29155 Ubuntu 18.04 LTS Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2019-20838) It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14155) Update Instructions: Run `sudo pro fix USN-5425-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pcregrep - 2:8.39-9ubuntu0.1 libpcre3-dev - 2:8.39-9ubuntu0.1 libpcre3 - 2:8.39-9ubuntu0.1 libpcrecpp0v5 - 2:8.39-9ubuntu0.1 libpcre16-3 - 2:8.39-9ubuntu0.1 libpcre32-3 - 2:8.39-9ubuntu0.1 No subscription required Low CVE-2019-20838 CVE-2020-14155 Ubuntu 18.04 LTS Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5426-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: needrestart - 3.1-1ubuntu0.1 No subscription required Medium CVE-2022-30688 Ubuntu 18.04 LTS Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. (CVE-2021-3899) Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user. (CVE-2022-1242) Gerrit Venema discovered that Apport incorrectly handled user settings files. A local attacker could possibly use this issue to cause Apport to consume resources, leading to a denial of service. (CVE-2022-28652) Gerrit Venema discovered that Apport did not limit the amount of logging from D-Bus connections. A local attacker could possibly use this issue to fill up the Apport log file, leading to denial of service. (CVE-2022-28654) Gerrit Venema discovered that Apport did not filter D-Bus connection strings. A local attacker could possibly use this issue to cause Apport to make arbitrary network connections. (CVE-2022-28655) Gerrit Venema discovered that Apport did not limit the amount of memory being consumed during D-Bus connections. A local attacker could possibly use this issue to cause Apport to consume memory, leading to a denial of service. (CVE-2022-28656) Gerrit Venema discovered that Apport did not disable the python crash handler before chrooting into a container. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2022-28657) Gerrit Venema discovered that Apport incorrectly handled filename argument whitespace. A local attacker could possibly use this issue to spoof arguments to the Apport daemon. (CVE-2022-28658) Update Instructions: Run `sudo pro fix USN-5427-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apport - 2.20.9-0ubuntu7.28 python3-problem-report - 2.20.9-0ubuntu7.28 apport-kde - 2.20.9-0ubuntu7.28 apport-retrace - 2.20.9-0ubuntu7.28 apport-valgrind - 2.20.9-0ubuntu7.28 python3-apport - 2.20.9-0ubuntu7.28 dh-apport - 2.20.9-0ubuntu7.28 apport-gtk - 2.20.9-0ubuntu7.28 python-apport - 2.20.9-0ubuntu7.28 python-problem-report - 2.20.9-0ubuntu7.28 apport-noui - 2.20.9-0ubuntu7.28 No subscription required Medium CVE-2021-3899 CVE-2022-1242 CVE-2022-28652 CVE-2022-28654 CVE-2022-28655 CVE-2022-28656 CVE-2022-28657 CVE-2022-28658 Ubuntu 18.04 LTS It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.4-1ubuntu1.5 gpgv-static - 2.2.4-1ubuntu1.5 gnupg - 2.2.4-1ubuntu1.5 scdaemon - 2.2.4-1ubuntu1.5 gpgsm - 2.2.4-1ubuntu1.5 gpgv - 2.2.4-1ubuntu1.5 gpg - 2.2.4-1ubuntu1.5 gnupg-agent - 2.2.4-1ubuntu1.5 gnupg2 - 2.2.4-1ubuntu1.5 gnupg-l10n - 2.2.4-1ubuntu1.5 gpg-wks-client - 2.2.4-1ubuntu1.5 gpgconf - 2.2.4-1ubuntu1.5 gpg-wks-server - 2.2.4-1ubuntu1.5 gpg-agent - 2.2.4-1ubuntu1.5 gpgv-win32 - 2.2.4-1ubuntu1.5 gnupg-utils - 2.2.4-1ubuntu1.5 gpgv2 - 2.2.4-1ubuntu1.5 No subscription required Low CVE-2019-13050 Ubuntu 18.04 LTS It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context. Update Instructions: Run `sudo pro fix USN-5434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 100.0.2+build1-0ubuntu0.18.04.1 firefox - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 100.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 100.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 100.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 100.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 100.0.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1529 CVE-2022-1802 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. (CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917) It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message. (CVE-2022-1520) It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit this to execute JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802) Update Instructions: Run `sudo pro fix USN-5435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:91.9.1+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:91.9.1+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:91.9.1+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:91.9.1+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:91.9.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1520 CVE-2022-1529 CVE-2022-1802 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Ubuntu 18.04 LTS It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5438-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: htmldoc - 1.9.2-1ubuntu0.2 htmldoc-common - 1.9.2-1ubuntu0.2 No subscription required Medium CVE-2021-23165 Ubuntu 18.04 LTS Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser. Update Instructions: Run `sudo pro fix USN-5440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.21-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.21-0ubuntu0.18.04.1 libecpg6 - 10.21-0ubuntu0.18.04.1 libpq-dev - 10.21-0ubuntu0.18.04.1 libpgtypes3 - 10.21-0ubuntu0.18.04.1 postgresql-10 - 10.21-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.21-0ubuntu0.18.04.1 libecpg-dev - 10.21-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.21-0ubuntu0.18.04.1 libpq5 - 10.21-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.21-0ubuntu0.18.04.1 postgresql-doc-10 - 10.21-0ubuntu0.18.04.1 postgresql-client-10 - 10.21-0ubuntu0.18.04.1 libecpg-compat3 - 10.21-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1552 Ubuntu 18.04 LTS Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1116) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5442-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-image-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-modules-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-gke-5.4-tools-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-headers-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-tools-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-gke-5.4-headers-5.4.0-1072 - 5.4.0-1072.77~18.04.1 linux-modules-extra-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 linux-buildinfo-5.4.0-1072-gke - 5.4.0-1072.77~18.04.1 No subscription required linux-modules-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-image-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-aws-5.4-tools-5.4.0-1075 - 5.4.0-1075.80~18.04.1 linux-image-unsigned-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-tools-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-modules-extra-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-cloud-tools-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-headers-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-buildinfo-5.4.0-1075-aws - 5.4.0-1075.80~18.04.1 linux-aws-5.4-headers-5.4.0-1075 - 5.4.0-1075.80~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1075 - 5.4.0-1075.80~18.04.1 No subscription required linux-azure-5.4-cloud-tools-5.4.0-1080 - 5.4.0-1080.83~18.04.2 linux-image-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-image-unsigned-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-buildinfo-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-headers-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-azure-5.4-tools-5.4.0-1080 - 5.4.0-1080.83~18.04.2 linux-cloud-tools-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-azure-5.4-headers-5.4.0-1080 - 5.4.0-1080.83~18.04.2 linux-tools-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-modules-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 linux-modules-extra-5.4.0-1080-azure - 5.4.0-1080.83~18.04.2 No subscription required linux-modules-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-buildinfo-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-113.127~18.04.1 linux-cloud-tools-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-image-5.4.0-113-generic-lpae - 5.4.0-113.127~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-113 - 5.4.0-113.127~18.04.1 linux-image-unsigned-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-image-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-tools-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-image-unsigned-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-buildinfo-5.4.0-113-generic-lpae - 5.4.0-113.127~18.04.1 linux-modules-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-hwe-5.4-headers-5.4.0-113 - 5.4.0-113.127~18.04.1 linux-tools-5.4.0-113-generic-lpae - 5.4.0-113.127~18.04.1 linux-tools-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-113.127~18.04.1 linux-cloud-tools-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-modules-extra-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-headers-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-buildinfo-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-headers-5.4.0-113-generic - 5.4.0-113.127~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-113.127~18.04.1 linux-image-5.4.0-113-lowlatency - 5.4.0-113.127~18.04.1 linux-hwe-5.4-tools-5.4.0-113 - 5.4.0-113.127~18.04.1 linux-headers-5.4.0-113-generic-lpae - 5.4.0-113.127~18.04.1 linux-modules-5.4.0-113-generic-lpae - 5.4.0-113.127~18.04.1 No subscription required linux-headers-gke-5.4 - 5.4.0.1072.77~18.04.35 linux-tools-gke-5.4 - 5.4.0.1072.77~18.04.35 linux-modules-extra-gke-5.4 - 5.4.0.1072.77~18.04.35 linux-gke-5.4 - 5.4.0.1072.77~18.04.35 linux-image-gke-5.4 - 5.4.0.1072.77~18.04.35 No subscription required linux-headers-aws - 5.4.0.1075.57 linux-image-aws - 5.4.0.1075.57 linux-image-aws-edge - 5.4.0.1075.57 linux-aws-edge - 5.4.0.1075.57 linux-aws - 5.4.0.1075.57 linux-modules-extra-aws - 5.4.0.1075.57 linux-modules-extra-aws-edge - 5.4.0.1075.57 linux-headers-aws-edge - 5.4.0.1075.57 linux-tools-aws - 5.4.0.1075.57 linux-tools-aws-edge - 5.4.0.1075.57 No subscription required linux-signed-azure - 5.4.0.1080.59 linux-tools-azure-edge - 5.4.0.1080.59 linux-cloud-tools-azure - 5.4.0.1080.59 linux-tools-azure - 5.4.0.1080.59 linux-image-azure-edge - 5.4.0.1080.59 linux-signed-image-azure-edge - 5.4.0.1080.59 linux-cloud-tools-azure-edge - 5.4.0.1080.59 linux-modules-extra-azure - 5.4.0.1080.59 linux-azure - 5.4.0.1080.59 linux-image-azure - 5.4.0.1080.59 linux-signed-image-azure - 5.4.0.1080.59 linux-azure-edge - 5.4.0.1080.59 linux-modules-extra-azure-edge - 5.4.0.1080.59 linux-headers-azure-edge - 5.4.0.1080.59 linux-signed-azure-edge - 5.4.0.1080.59 linux-headers-azure - 5.4.0.1080.59 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-headers-snapdragon-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-image-generic-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-snapdragon-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-oem - 5.4.0.113.127~18.04.97 linux-tools-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-lowlatency-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-lowlatency-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-lowlatency-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-extra-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-snapdragon-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-generic-lpae-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-tools-lowlatency-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-generic-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-tools-snapdragon-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-oem - 5.4.0.113.127~18.04.97 linux-headers-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-generic-lpae-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-oem - 5.4.0.113.127~18.04.97 linux-tools-oem-osp1 - 5.4.0.113.127~18.04.97 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-tools-generic-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-generic-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-generic-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-tools-generic-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-oem-osp1 - 5.4.0.113.127~18.04.97 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-snapdragon-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-tools-oem - 5.4.0.113.127~18.04.97 linux-headers-oem-osp1 - 5.4.0.113.127~18.04.97 linux-tools-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-generic-lpae-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-generic-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-oem-osp1 - 5.4.0.113.127~18.04.97 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-image-lowlatency-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.113.127~18.04.97 linux-generic-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.113.127~18.04.97 linux-image-virtual-hwe-18.04-edge - 5.4.0.113.127~18.04.97 No subscription required High CVE-2022-1116 CVE-2022-29581 CVE-2022-30594 Ubuntu 18.04 LTS Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1116) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5442-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-tools-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-buildinfo-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-ibm-5.4-headers-5.4.0-1023 - 5.4.0-1023.25~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1023.25~18.04.1 linux-modules-extra-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-modules-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1023.25~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1023.25~18.04.1 linux-image-unsigned-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 linux-ibm-5.4-tools-5.4.0-1023 - 5.4.0-1023.25~18.04.1 linux-image-5.4.0-1023-ibm - 5.4.0-1023.25~18.04.1 No subscription required linux-headers-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-buildinfo-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-image-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-tools-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-modules-extra-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1043 - 5.4.0-1043.44~18.04.1 linux-cloud-tools-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-gkeop-5.4-tools-5.4.0-1043 - 5.4.0-1043.44~18.04.1 linux-modules-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-gkeop-5.4-headers-5.4.0-1043 - 5.4.0-1043.44~18.04.1 linux-image-unsigned-5.4.0-1043-gkeop - 5.4.0-1043.44~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1043.44~18.04.1 No subscription required linux-tools-5.4.0-1062-raspi - 5.4.0-1062.70~18.04.1 linux-raspi-5.4-tools-5.4.0-1062 - 5.4.0-1062.70~18.04.1 linux-buildinfo-5.4.0-1062-raspi - 5.4.0-1062.70~18.04.1 linux-image-5.4.0-1062-raspi - 5.4.0-1062.70~18.04.1 linux-modules-5.4.0-1062-raspi - 5.4.0-1062.70~18.04.1 linux-headers-5.4.0-1062-raspi - 5.4.0-1062.70~18.04.1 linux-raspi-5.4-headers-5.4.0-1062 - 5.4.0-1062.70~18.04.1 No subscription required linux-modules-extra-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-headers-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-tools-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-image-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-modules-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-image-unsigned-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 linux-oracle-5.4-tools-5.4.0-1073 - 5.4.0-1073.79~18.04.1 linux-oracle-5.4-headers-5.4.0-1073 - 5.4.0-1073.79~18.04.1 linux-buildinfo-5.4.0-1073-oracle - 5.4.0-1073.79~18.04.1 No subscription required linux-gcp-5.4-tools-5.4.0-1075 - 5.4.0-1075.80~18.04.1 linux-tools-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-image-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-buildinfo-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-headers-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-modules-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-modules-extra-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 linux-gcp-5.4-headers-5.4.0-1075 - 5.4.0-1075.80~18.04.1 linux-image-unsigned-5.4.0-1075-gcp - 5.4.0-1075.80~18.04.1 No subscription required linux-modules-extra-ibm-edge - 5.4.0.1023.39 linux-modules-extra-ibm - 5.4.0.1023.39 linux-image-ibm - 5.4.0.1023.39 linux-tools-ibm - 5.4.0.1023.39 linux-headers-ibm-edge - 5.4.0.1023.39 linux-tools-ibm-edge - 5.4.0.1023.39 linux-ibm - 5.4.0.1023.39 linux-ibm-edge - 5.4.0.1023.39 linux-headers-ibm - 5.4.0.1023.39 linux-image-ibm-edge - 5.4.0.1023.39 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1043.44~18.04.42 linux-modules-extra-gkeop-5.4 - 5.4.0.1043.44~18.04.42 linux-gkeop-5.4 - 5.4.0.1043.44~18.04.42 linux-image-gkeop-5.4 - 5.4.0.1043.44~18.04.42 linux-headers-gkeop-5.4 - 5.4.0.1043.44~18.04.42 linux-tools-gkeop-5.4 - 5.4.0.1043.44~18.04.42 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1062.63 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1062.63 linux-headers-raspi-hwe-18.04 - 5.4.0.1062.63 linux-image-raspi-hwe-18.04-edge - 5.4.0.1062.63 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1062.63 linux-raspi-hwe-18.04 - 5.4.0.1062.63 linux-tools-raspi-hwe-18.04 - 5.4.0.1062.63 linux-raspi-hwe-18.04-edge - 5.4.0.1062.63 No subscription required linux-headers-oracle - 5.4.0.1073.79~18.04.52 linux-tools-oracle - 5.4.0.1073.79~18.04.52 linux-signed-image-oracle - 5.4.0.1073.79~18.04.52 linux-signed-oracle - 5.4.0.1073.79~18.04.52 linux-tools-oracle-edge - 5.4.0.1073.79~18.04.52 linux-oracle-edge - 5.4.0.1073.79~18.04.52 linux-modules-extra-oracle-edge - 5.4.0.1073.79~18.04.52 linux-image-oracle-edge - 5.4.0.1073.79~18.04.52 linux-modules-extra-oracle - 5.4.0.1073.79~18.04.52 linux-signed-oracle-edge - 5.4.0.1073.79~18.04.52 linux-signed-image-oracle-edge - 5.4.0.1073.79~18.04.52 linux-headers-oracle-edge - 5.4.0.1073.79~18.04.52 linux-image-oracle - 5.4.0.1073.79~18.04.52 linux-oracle - 5.4.0.1073.79~18.04.52 No subscription required linux-image-gcp-edge - 5.4.0.1075.58 linux-tools-gcp-edge - 5.4.0.1075.58 linux-headers-gcp-edge - 5.4.0.1075.58 linux-modules-extra-gcp - 5.4.0.1075.58 linux-tools-gcp - 5.4.0.1075.58 linux-modules-extra-gcp-edge - 5.4.0.1075.58 linux-gcp - 5.4.0.1075.58 linux-headers-gcp - 5.4.0.1075.58 linux-image-gcp - 5.4.0.1075.58 linux-gcp-edge - 5.4.0.1075.58 No subscription required High CVE-2022-1116 CVE-2022-29581 CVE-2022-30594 Ubuntu 18.04 LTS Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-29581) Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions. (CVE-2022-30594) Update Instructions: Run `sudo pro fix USN-5443-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1095-oracle - 4.15.0-1095.104 linux-oracle-tools-4.15.0-1095 - 4.15.0-1095.104 linux-tools-4.15.0-1095-oracle - 4.15.0-1095.104 linux-buildinfo-4.15.0-1095-oracle - 4.15.0-1095.104 linux-image-4.15.0-1095-oracle - 4.15.0-1095.104 linux-headers-4.15.0-1095-oracle - 4.15.0-1095.104 linux-modules-4.15.0-1095-oracle - 4.15.0-1095.104 linux-oracle-headers-4.15.0-1095 - 4.15.0-1095.104 linux-modules-extra-4.15.0-1095-oracle - 4.15.0-1095.104 No subscription required linux-tools-4.15.0-1111-raspi2 - 4.15.0-1111.118 linux-buildinfo-4.15.0-1111-raspi2 - 4.15.0-1111.118 linux-image-4.15.0-1111-raspi2 - 4.15.0-1111.118 linux-headers-4.15.0-1111-raspi2 - 4.15.0-1111.118 linux-raspi2-headers-4.15.0-1111 - 4.15.0-1111.118 linux-raspi2-tools-4.15.0-1111 - 4.15.0-1111.118 linux-modules-4.15.0-1111-raspi2 - 4.15.0-1111.118 No subscription required linux-kvm-tools-4.15.0-1116 - 4.15.0-1116.119 linux-image-4.15.0-1116-kvm - 4.15.0-1116.119 linux-headers-4.15.0-1116-kvm - 4.15.0-1116.119 linux-buildinfo-4.15.0-1116-kvm - 4.15.0-1116.119 linux-tools-4.15.0-1116-kvm - 4.15.0-1116.119 linux-kvm-headers-4.15.0-1116 - 4.15.0-1116.119 linux-modules-4.15.0-1116-kvm - 4.15.0-1116.119 No subscription required linux-gcp-4.15-headers-4.15.0-1124 - 4.15.0-1124.138 linux-image-4.15.0-1124-gcp - 4.15.0-1124.138 linux-gcp-4.15-tools-4.15.0-1124 - 4.15.0-1124.138 linux-modules-extra-4.15.0-1124-gcp - 4.15.0-1124.138 linux-headers-4.15.0-1124-gcp - 4.15.0-1124.138 linux-buildinfo-4.15.0-1124-gcp - 4.15.0-1124.138 linux-tools-4.15.0-1124-gcp - 4.15.0-1124.138 linux-modules-4.15.0-1124-gcp - 4.15.0-1124.138 linux-image-unsigned-4.15.0-1124-gcp - 4.15.0-1124.138 No subscription required linux-headers-4.15.0-1129-snapdragon - 4.15.0-1129.138 linux-image-4.15.0-1129-snapdragon - 4.15.0-1129.138 linux-buildinfo-4.15.0-1129-snapdragon - 4.15.0-1129.138 linux-snapdragon-headers-4.15.0-1129 - 4.15.0-1129.138 linux-tools-4.15.0-1129-snapdragon - 4.15.0-1129.138 linux-snapdragon-tools-4.15.0-1129 - 4.15.0-1129.138 linux-modules-4.15.0-1129-snapdragon - 4.15.0-1129.138 No subscription required linux-modules-4.15.0-1130-aws - 4.15.0-1130.139 linux-headers-4.15.0-1130-aws - 4.15.0-1130.139 linux-image-unsigned-4.15.0-1130-aws - 4.15.0-1130.139 linux-modules-extra-4.15.0-1130-aws - 4.15.0-1130.139 linux-aws-headers-4.15.0-1130 - 4.15.0-1130.139 linux-image-4.15.0-1130-aws - 4.15.0-1130.139 linux-aws-cloud-tools-4.15.0-1130 - 4.15.0-1130.139 linux-cloud-tools-4.15.0-1130-aws - 4.15.0-1130.139 linux-aws-tools-4.15.0-1130 - 4.15.0-1130.139 linux-buildinfo-4.15.0-1130-aws - 4.15.0-1130.139 linux-tools-4.15.0-1130-aws - 4.15.0-1130.139 No subscription required linux-buildinfo-4.15.0-1139-azure - 4.15.0-1139.152 linux-image-4.15.0-1139-azure - 4.15.0-1139.152 linux-azure-4.15-tools-4.15.0-1139 - 4.15.0-1139.152 linux-headers-4.15.0-1139-azure - 4.15.0-1139.152 linux-image-unsigned-4.15.0-1139-azure - 4.15.0-1139.152 linux-tools-4.15.0-1139-azure - 4.15.0-1139.152 linux-azure-4.15-headers-4.15.0-1139 - 4.15.0-1139.152 linux-modules-4.15.0-1139-azure - 4.15.0-1139.152 linux-modules-extra-4.15.0-1139-azure - 4.15.0-1139.152 linux-azure-4.15-cloud-tools-4.15.0-1139 - 4.15.0-1139.152 linux-cloud-tools-4.15.0-1139-azure - 4.15.0-1139.152 No subscription required linux-tools-common - 4.15.0-180.189 linux-modules-4.15.0-180-generic - 4.15.0-180.189 linux-tools-host - 4.15.0-180.189 linux-cloud-tools-4.15.0-180 - 4.15.0-180.189 linux-doc - 4.15.0-180.189 linux-buildinfo-4.15.0-180-generic - 4.15.0-180.189 linux-tools-4.15.0-180-lowlatency - 4.15.0-180.189 linux-cloud-tools-4.15.0-180-generic - 4.15.0-180.189 linux-buildinfo-4.15.0-180-lowlatency - 4.15.0-180.189 linux-libc-dev - 4.15.0-180.189 linux-modules-extra-4.15.0-180-generic - 4.15.0-180.189 linux-modules-4.15.0-180-generic-lpae - 4.15.0-180.189 linux-tools-4.15.0-180 - 4.15.0-180.189 linux-headers-4.15.0-180-generic - 4.15.0-180.189 linux-modules-4.15.0-180-lowlatency - 4.15.0-180.189 linux-image-4.15.0-180-lowlatency - 4.15.0-180.189 linux-cloud-tools-4.15.0-180-lowlatency - 4.15.0-180.189 linux-image-4.15.0-180-generic - 4.15.0-180.189 linux-tools-4.15.0-180-generic-lpae - 4.15.0-180.189 linux-image-unsigned-4.15.0-180-generic - 4.15.0-180.189 linux-image-unsigned-4.15.0-180-lowlatency - 4.15.0-180.189 linux-headers-4.15.0-180 - 4.15.0-180.189 linux-cloud-tools-common - 4.15.0-180.189 linux-buildinfo-4.15.0-180-generic-lpae - 4.15.0-180.189 linux-headers-4.15.0-180-lowlatency - 4.15.0-180.189 linux-image-4.15.0-180-generic-lpae - 4.15.0-180.189 linux-source-4.15.0 - 4.15.0-180.189 linux-headers-4.15.0-180-generic-lpae - 4.15.0-180.189 linux-tools-4.15.0-180-generic - 4.15.0-180.189 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1095.105 linux-signed-image-oracle-lts-18.04 - 4.15.0.1095.105 linux-oracle-lts-18.04 - 4.15.0.1095.105 linux-signed-oracle-lts-18.04 - 4.15.0.1095.105 linux-headers-oracle-lts-18.04 - 4.15.0.1095.105 linux-tools-oracle-lts-18.04 - 4.15.0.1095.105 No subscription required linux-raspi2 - 4.15.0.1111.109 linux-headers-raspi2 - 4.15.0.1111.109 linux-image-raspi2 - 4.15.0.1111.109 linux-tools-raspi2 - 4.15.0.1111.109 No subscription required linux-kvm - 4.15.0.1116.112 linux-headers-kvm - 4.15.0.1116.112 linux-image-kvm - 4.15.0.1116.112 linux-tools-kvm - 4.15.0.1116.112 No subscription required linux-gcp-lts-18.04 - 4.15.0.1124.143 linux-tools-gcp-lts-18.04 - 4.15.0.1124.143 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1124.143 linux-image-gcp-lts-18.04 - 4.15.0.1124.143 linux-headers-gcp-lts-18.04 - 4.15.0.1124.143 No subscription required linux-snapdragon - 4.15.0.1129.131 linux-headers-snapdragon - 4.15.0.1129.131 linux-tools-snapdragon - 4.15.0.1129.131 linux-image-snapdragon - 4.15.0.1129.131 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1130.133 linux-headers-aws-lts-18.04 - 4.15.0.1130.133 linux-modules-extra-aws-lts-18.04 - 4.15.0.1130.133 linux-tools-aws-lts-18.04 - 4.15.0.1130.133 linux-aws-lts-18.04 - 4.15.0.1130.133 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1139.112 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1139.112 linux-tools-azure-lts-18.04 - 4.15.0.1139.112 linux-headers-azure-lts-18.04 - 4.15.0.1139.112 linux-azure-lts-18.04 - 4.15.0.1139.112 linux-signed-azure-lts-18.04 - 4.15.0.1139.112 linux-image-azure-lts-18.04 - 4.15.0.1139.112 linux-signed-image-azure-lts-18.04 - 4.15.0.1139.112 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-cloud-tools-virtual - 4.15.0.180.169 linux-headers-generic-lpae - 4.15.0.180.169 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-image-extra-virtual-hwe-16.04 - 4.15.0.180.169 linux-image-virtual - 4.15.0.180.169 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.180.169 linux-image-generic - 4.15.0.180.169 linux-tools-lowlatency - 4.15.0.180.169 linux-headers-generic-hwe-16.04-edge - 4.15.0.180.169 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.180.169 linux-signed-generic-hwe-16.04-edge - 4.15.0.180.169 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-generic-lpae-hwe-16.04-edge - 4.15.0.180.169 linux-signed-image-lowlatency - 4.15.0.180.169 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.180.169 linux-generic-lpae-hwe-16.04 - 4.15.0.180.169 linux-signed-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-crashdump - 4.15.0.180.169 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-lowlatency - 4.15.0.180.169 linux-source - 4.15.0.180.169 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.180.169 linux-tools-generic-lpae - 4.15.0.180.169 linux-cloud-tools-generic - 4.15.0.180.169 linux-signed-lowlatency - 4.15.0.180.169 linux-generic-hwe-16.04-edge - 4.15.0.180.169 linux-virtual - 4.15.0.180.169 linux-headers-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-generic - 4.15.0.180.169 linux-tools-virtual-hwe-16.04 - 4.15.0.180.169 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.180.169 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-tools-generic-hwe-16.04 - 4.15.0.180.169 linux-tools-virtual - 4.15.0.180.169 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-generic-lpae - 4.15.0.180.169 linux-signed-image-generic - 4.15.0.180.169 linux-image-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.180.169 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-headers-lowlatency - 4.15.0.180.169 linux-headers-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-headers-generic-hwe-16.04 - 4.15.0.180.169 linux-generic-hwe-16.04 - 4.15.0.180.169 linux-tools-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-image-generic-hwe-16.04 - 4.15.0.180.169 linux-signed-image-generic-hwe-16.04 - 4.15.0.180.169 linux-image-generic-lpae - 4.15.0.180.169 linux-tools-generic - 4.15.0.180.169 linux-virtual-hwe-16.04 - 4.15.0.180.169 linux-image-extra-virtual - 4.15.0.180.169 linux-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-cloud-tools-lowlatency - 4.15.0.180.169 linux-image-generic-hwe-16.04-edge - 4.15.0.180.169 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-image-generic-lpae-hwe-16.04 - 4.15.0.180.169 linux-virtual-hwe-16.04-edge - 4.15.0.180.169 linux-tools-lowlatency-hwe-16.04 - 4.15.0.180.169 linux-signed-generic - 4.15.0.180.169 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.180.169 linux-headers-generic - 4.15.0.180.169 linux-headers-virtual-hwe-16.04 - 4.15.0.180.169 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.180.169 linux-image-virtual-hwe-16.04 - 4.15.0.180.169 linux-headers-virtual - 4.15.0.180.169 linux-signed-generic-hwe-16.04 - 4.15.0.180.169 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.180.169 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.180.169 linux-tools-generic-hwe-16.04-edge - 4.15.0.180.169 linux-image-lowlatency - 4.15.0.180.169 No subscription required High CVE-2022-29581 CVE-2022-30594 Ubuntu 18.04 LTS Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11782) Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-0203) Thomas Åkesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-17525) Update Instructions: Run `sudo pro fix USN-5445-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvn-dev - 1.9.7-4ubuntu1.1 ruby-svn - 1.9.7-4ubuntu1.1 subversion-tools - 1.9.7-4ubuntu1.1 libapache2-mod-svn - 1.9.7-4ubuntu1.1 python-subversion - 1.9.7-4ubuntu1.1 libsvn1 - 1.9.7-4ubuntu1.1 subversion - 1.9.7-4ubuntu1.1 libsvn-doc - 1.9.7-4ubuntu1.1 libsvn-java - 1.9.7-4ubuntu1.1 libsvn-perl - 1.9.7-4ubuntu1.1 No subscription required Medium CVE-2018-11782 CVE-2019-0203 CVE-2020-17525 Ubuntu 18.04 LTS Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Update Instructions: Run `sudo pro fix USN-5446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg-dev - 1.19.0.5ubuntu2.4 dselect - 1.19.0.5ubuntu2.4 dpkg - 1.19.0.5ubuntu2.4 libdpkg-dev - 1.19.0.5ubuntu2.4 libdpkg-perl - 1.19.0.5ubuntu2.4 No subscription required Medium CVE-2022-1664 Ubuntu 18.04 LTS Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user. Update Instructions: Run `sudo pro fix USN-5451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: influxdb-dev - 1.1.1+dfsg1-4+deb9u1ubuntu1 golang-github-influxdb-influxdb-dev - 1.1.1+dfsg1-4+deb9u1ubuntu1 influxdb - 1.1.1+dfsg1-4+deb9u1ubuntu1 influxdb-client - 1.1.1+dfsg1-4+deb9u1ubuntu1 No subscription required Medium CVE-2019-20933 Ubuntu 18.04 LTS Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update Instructions: Run `sudo pro fix USN-5454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.9 libcups2-dev - 2.2.7-1ubuntu2.9 cups-bsd - 2.2.7-1ubuntu2.9 cups-common - 2.2.7-1ubuntu2.9 cups-core-drivers - 2.2.7-1ubuntu2.9 cups-server-common - 2.2.7-1ubuntu2.9 libcupsimage2 - 2.2.7-1ubuntu2.9 cups-client - 2.2.7-1ubuntu2.9 libcupsimage2-dev - 2.2.7-1ubuntu2.9 cups-ipp-utils - 2.2.7-1ubuntu2.9 libcups2 - 2.2.7-1ubuntu2.9 cups-ppdc - 2.2.7-1ubuntu2.9 libcupsppdc1 - 2.2.7-1ubuntu2.9 libcupsmime1 - 2.2.7-1ubuntu2.9 cups - 2.2.7-1ubuntu2.9 cups-daemon - 2.2.7-1ubuntu2.9 No subscription required Medium CVE-2019-8842 CVE-2020-10001 CVE-2022-26691 Ubuntu 18.04 LTS Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25235) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled namespace URIs of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-5455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxmltok1 - 1.2-4ubuntu0.18.04.1~esm1 libxmltok1-dev - 1.2-4ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2012-1148 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2018-20843 CVE-2019-15903 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-25235 CVE-2022-25236 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. Update Instructions: Run `sudo pro fix USN-5456-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.13 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.13 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.13 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.13 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.13 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.13 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.13 No subscription required Medium CVE-2022-28463 Ubuntu 18.04 LTS Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14342) It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-20208) It was discovered that cifs-utils incorrectly handled certain command-line arguments. A local attacker could possibly use this issue to obtain root privileges. (CVE-2022-27239) It was discovered that cifs-utils incorrectly handled verbose logging. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2022-29869) Update Instructions: Run `sudo pro fix USN-5459-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cifs-utils - 2:6.8-1ubuntu1.2 No subscription required Medium CVE-2020-14342 CVE-2021-20208 CVE-2022-27239 CVE-2022-29869 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled empty password values. A remote attacker could use this issue to bypass server authentication. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-24882) It was discovered that FreeRDP incorrectly handled server configurations with an invalid SAM file path. A remote attacker could use this issue to bypass server authentication. (CVE-2022-24883) Update Instructions: Run `sudo pro fix USN-5461-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.3 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.3 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.3 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.3 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.3 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.3 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.3 No subscription required Medium CVE-2022-24882 CVE-2022-24883 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739) Update Instructions: Run `sudo pro fix USN-5462-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.12 ruby2.5 - 2.5.1-1ubuntu1.12 ruby2.5-doc - 2.5.1-1ubuntu1.12 libruby2.5 - 2.5.1-1ubuntu1.12 No subscription required Medium CVE-2022-28738 CVE-2022-28739 Ubuntu 18.04 LTS It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on a specially crafted disk image, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-46790) Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel. (CVE-2022-30783) It was discovered that NTFS-3G incorrectly handled certain NTFS disk images. If a user or automated system were tricked into mounting a specially crafted disk image, a remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789) Roman Fiedler discovered that NTFS-3G incorrectly handled certain file handles. A local attacker could possibly use this issue to read and write arbitrary memory. (CVE-2022-30785, CVE-2022-30787) Update Instructions: Run `sudo pro fix USN-5463-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.4 libntfs-3g88 - 1:2017.3.23-2ubuntu0.18.04.4 ntfs-3g-dev - 1:2017.3.23-2ubuntu0.18.04.4 No subscription required Medium CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 Ubuntu 18.04 LTS Nils Bars discovered that e2fsprogs incorrectly handled certain file systems. A local attacker could use this issue with a crafted file system image to possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libss2 - 1.44.1-1ubuntu1.4 e2fslibs-dev - 1.44.1-1ubuntu1.4 libcomerr2 - 1.44.1-1ubuntu1.4 libcom-err2 - 1.44.1-1ubuntu1.4 e2fsprogs - 1.44.1-1ubuntu1.4 e2fsck-static - 1.44.1-1ubuntu1.4 e2fslibs - 1.44.1-1ubuntu1.4 e2fsprogs-l10n - 1.44.1-1ubuntu1.4 libext2fs-dev - 1.44.1-1ubuntu1.4 libext2fs2 - 1.44.1-1ubuntu1.4 fuse2fs - 1.44.1-1ubuntu1.4 No subscription required ss-dev - 2.0-1.44.1-1ubuntu1.4 No subscription required comerr-dev - 2.1-1.44.1-1ubuntu1.4 No subscription required Medium CVE-2022-1304 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle locking in certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2021-4149) David Bouman discovered that the netfilter subsystem in the Linux kernel did not initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1016) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5466-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-tools-4.15.0-1098 - 4.15.0-1098.108 linux-headers-4.15.0-1098-oracle - 4.15.0-1098.108 linux-modules-extra-4.15.0-1098-oracle - 4.15.0-1098.108 linux-buildinfo-4.15.0-1098-oracle - 4.15.0-1098.108 linux-tools-4.15.0-1098-oracle - 4.15.0-1098.108 linux-modules-4.15.0-1098-oracle - 4.15.0-1098.108 linux-oracle-headers-4.15.0-1098 - 4.15.0-1098.108 linux-image-unsigned-4.15.0-1098-oracle - 4.15.0-1098.108 linux-image-4.15.0-1098-oracle - 4.15.0-1098.108 No subscription required linux-raspi2-headers-4.15.0-1114 - 4.15.0-1114.122 linux-headers-4.15.0-1114-raspi2 - 4.15.0-1114.122 linux-buildinfo-4.15.0-1114-raspi2 - 4.15.0-1114.122 linux-modules-4.15.0-1114-raspi2 - 4.15.0-1114.122 linux-raspi2-tools-4.15.0-1114 - 4.15.0-1114.122 linux-image-4.15.0-1114-raspi2 - 4.15.0-1114.122 linux-tools-4.15.0-1114-raspi2 - 4.15.0-1114.122 No subscription required linux-image-4.15.0-1119-kvm - 4.15.0-1119.123 linux-modules-4.15.0-1119-kvm - 4.15.0-1119.123 linux-buildinfo-4.15.0-1119-kvm - 4.15.0-1119.123 linux-kvm-tools-4.15.0-1119 - 4.15.0-1119.123 linux-headers-4.15.0-1119-kvm - 4.15.0-1119.123 linux-kvm-headers-4.15.0-1119 - 4.15.0-1119.123 linux-tools-4.15.0-1119-kvm - 4.15.0-1119.123 No subscription required linux-gcp-4.15-headers-4.15.0-1127 - 4.15.0-1127.142 linux-modules-extra-4.15.0-1127-gcp - 4.15.0-1127.142 linux-headers-4.15.0-1127-gcp - 4.15.0-1127.142 linux-modules-4.15.0-1127-gcp - 4.15.0-1127.142 linux-image-unsigned-4.15.0-1127-gcp - 4.15.0-1127.142 linux-buildinfo-4.15.0-1127-gcp - 4.15.0-1127.142 linux-gcp-4.15-tools-4.15.0-1127 - 4.15.0-1127.142 linux-image-4.15.0-1127-gcp - 4.15.0-1127.142 linux-tools-4.15.0-1127-gcp - 4.15.0-1127.142 No subscription required linux-headers-4.15.0-1132-snapdragon - 4.15.0-1132.142 linux-modules-4.15.0-1132-snapdragon - 4.15.0-1132.142 linux-tools-4.15.0-1132-snapdragon - 4.15.0-1132.142 linux-buildinfo-4.15.0-1132-snapdragon - 4.15.0-1132.142 linux-image-4.15.0-1132-snapdragon - 4.15.0-1132.142 linux-snapdragon-tools-4.15.0-1132 - 4.15.0-1132.142 linux-snapdragon-headers-4.15.0-1132 - 4.15.0-1132.142 No subscription required linux-image-4.15.0-1133-aws - 4.15.0-1133.143 linux-image-unsigned-4.15.0-1133-aws - 4.15.0-1133.143 linux-aws-tools-4.15.0-1133 - 4.15.0-1133.143 linux-buildinfo-4.15.0-1133-aws - 4.15.0-1133.143 linux-modules-extra-4.15.0-1133-aws - 4.15.0-1133.143 linux-aws-headers-4.15.0-1133 - 4.15.0-1133.143 linux-cloud-tools-4.15.0-1133-aws - 4.15.0-1133.143 linux-modules-4.15.0-1133-aws - 4.15.0-1133.143 linux-aws-cloud-tools-4.15.0-1133 - 4.15.0-1133.143 linux-tools-4.15.0-1133-aws - 4.15.0-1133.143 linux-headers-4.15.0-1133-aws - 4.15.0-1133.143 No subscription required linux-azure-4.15-tools-4.15.0-1142 - 4.15.0-1142.156 linux-azure-4.15-headers-4.15.0-1142 - 4.15.0-1142.156 linux-buildinfo-4.15.0-1142-azure - 4.15.0-1142.156 linux-azure-4.15-cloud-tools-4.15.0-1142 - 4.15.0-1142.156 linux-cloud-tools-4.15.0-1142-azure - 4.15.0-1142.156 linux-tools-4.15.0-1142-azure - 4.15.0-1142.156 linux-image-4.15.0-1142-azure - 4.15.0-1142.156 linux-modules-extra-4.15.0-1142-azure - 4.15.0-1142.156 linux-modules-4.15.0-1142-azure - 4.15.0-1142.156 linux-headers-4.15.0-1142-azure - 4.15.0-1142.156 linux-image-unsigned-4.15.0-1142-azure - 4.15.0-1142.156 No subscription required linux-modules-4.15.0-184-generic - 4.15.0-184.194 linux-tools-common - 4.15.0-184.194 linux-buildinfo-4.15.0-184-generic-lpae - 4.15.0-184.194 linux-tools-host - 4.15.0-184.194 linux-buildinfo-4.15.0-184-generic - 4.15.0-184.194 linux-doc - 4.15.0-184.194 linux-image-4.15.0-184-generic-lpae - 4.15.0-184.194 linux-cloud-tools-4.15.0-184 - 4.15.0-184.194 linux-cloud-tools-4.15.0-184-generic - 4.15.0-184.194 linux-tools-4.15.0-184-generic - 4.15.0-184.194 linux-libc-dev - 4.15.0-184.194 linux-cloud-tools-4.15.0-184-lowlatency - 4.15.0-184.194 linux-tools-4.15.0-184 - 4.15.0-184.194 linux-tools-4.15.0-184-generic-lpae - 4.15.0-184.194 linux-headers-4.15.0-184-generic - 4.15.0-184.194 linux-modules-extra-4.15.0-184-generic - 4.15.0-184.194 linux-buildinfo-4.15.0-184-lowlatency - 4.15.0-184.194 linux-image-unsigned-4.15.0-184-lowlatency - 4.15.0-184.194 linux-headers-4.15.0-184 - 4.15.0-184.194 linux-cloud-tools-common - 4.15.0-184.194 linux-image-unsigned-4.15.0-184-generic - 4.15.0-184.194 linux-modules-4.15.0-184-generic-lpae - 4.15.0-184.194 linux-modules-4.15.0-184-lowlatency - 4.15.0-184.194 linux-image-4.15.0-184-lowlatency - 4.15.0-184.194 linux-headers-4.15.0-184-lowlatency - 4.15.0-184.194 linux-tools-4.15.0-184-lowlatency - 4.15.0-184.194 linux-source-4.15.0 - 4.15.0-184.194 linux-image-4.15.0-184-generic - 4.15.0-184.194 linux-headers-4.15.0-184-generic-lpae - 4.15.0-184.194 No subscription required linux-oracle-lts-18.04 - 4.15.0.1098.107 linux-image-oracle-lts-18.04 - 4.15.0.1098.107 linux-signed-image-oracle-lts-18.04 - 4.15.0.1098.107 linux-tools-oracle-lts-18.04 - 4.15.0.1098.107 linux-signed-oracle-lts-18.04 - 4.15.0.1098.107 linux-headers-oracle-lts-18.04 - 4.15.0.1098.107 No subscription required linux-raspi2 - 4.15.0.1114.111 linux-headers-raspi2 - 4.15.0.1114.111 linux-image-raspi2 - 4.15.0.1114.111 linux-tools-raspi2 - 4.15.0.1114.111 No subscription required linux-kvm - 4.15.0.1119.114 linux-headers-kvm - 4.15.0.1119.114 linux-image-kvm - 4.15.0.1119.114 linux-tools-kvm - 4.15.0.1119.114 No subscription required linux-gcp-lts-18.04 - 4.15.0.1127.145 linux-tools-gcp-lts-18.04 - 4.15.0.1127.145 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1127.145 linux-image-gcp-lts-18.04 - 4.15.0.1127.145 linux-headers-gcp-lts-18.04 - 4.15.0.1127.145 No subscription required linux-snapdragon - 4.15.0.1132.133 linux-headers-snapdragon - 4.15.0.1132.133 linux-tools-snapdragon - 4.15.0.1132.133 linux-image-snapdragon - 4.15.0.1132.133 No subscription required linux-headers-aws-lts-18.04 - 4.15.0.1133.135 linux-image-aws-lts-18.04 - 4.15.0.1133.135 linux-aws-lts-18.04 - 4.15.0.1133.135 linux-modules-extra-aws-lts-18.04 - 4.15.0.1133.135 linux-tools-aws-lts-18.04 - 4.15.0.1133.135 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1142.114 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1142.114 linux-headers-azure-lts-18.04 - 4.15.0.1142.114 linux-tools-azure-lts-18.04 - 4.15.0.1142.114 linux-azure-lts-18.04 - 4.15.0.1142.114 linux-signed-azure-lts-18.04 - 4.15.0.1142.114 linux-image-azure-lts-18.04 - 4.15.0.1142.114 linux-signed-image-azure-lts-18.04 - 4.15.0.1142.114 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-virtual - 4.15.0.184.172 linux-headers-generic-lpae - 4.15.0.184.172 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-image-extra-virtual-hwe-16.04 - 4.15.0.184.172 linux-headers-generic - 4.15.0.184.172 linux-image-virtual - 4.15.0.184.172 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.184.172 linux-signed-lowlatency - 4.15.0.184.172 linux-image-generic - 4.15.0.184.172 linux-tools-lowlatency - 4.15.0.184.172 linux-headers-generic-hwe-16.04-edge - 4.15.0.184.172 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.184.172 linux-generic-lpae-hwe-16.04 - 4.15.0.184.172 linux-image-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-generic-lpae-hwe-16.04-edge - 4.15.0.184.172 linux-signed-image-lowlatency - 4.15.0.184.172 linux-signed-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-crashdump - 4.15.0.184.172 linux-signed-image-generic - 4.15.0.184.172 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-lowlatency - 4.15.0.184.172 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.184.172 linux-source - 4.15.0.184.172 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.184.172 linux-tools-generic-lpae - 4.15.0.184.172 linux-tools-virtual - 4.15.0.184.172 linux-generic-hwe-16.04-edge - 4.15.0.184.172 linux-headers-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-tools-virtual-hwe-16.04 - 4.15.0.184.172 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.184.172 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-tools-generic-hwe-16.04 - 4.15.0.184.172 linux-signed-generic-hwe-16.04-edge - 4.15.0.184.172 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-generic-lpae - 4.15.0.184.172 linux-image-extra-virtual - 4.15.0.184.172 linux-generic - 4.15.0.184.172 linux-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-virtual - 4.15.0.184.172 linux-signed-image-generic-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.184.172 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-headers-lowlatency - 4.15.0.184.172 linux-headers-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-headers-generic-hwe-16.04 - 4.15.0.184.172 linux-generic-hwe-16.04 - 4.15.0.184.172 linux-tools-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-image-generic-lpae - 4.15.0.184.172 linux-tools-generic - 4.15.0.184.172 linux-virtual-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-generic - 4.15.0.184.172 linux-cloud-tools-lowlatency - 4.15.0.184.172 linux-image-generic-hwe-16.04 - 4.15.0.184.172 linux-image-generic-hwe-16.04-edge - 4.15.0.184.172 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-virtual-hwe-16.04-edge - 4.15.0.184.172 linux-tools-lowlatency-hwe-16.04 - 4.15.0.184.172 linux-signed-generic-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.184.172 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.184.172 linux-image-generic-lpae-hwe-16.04 - 4.15.0.184.172 linux-image-virtual-hwe-16.04 - 4.15.0.184.172 linux-headers-virtual - 4.15.0.184.172 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.184.172 linux-signed-generic - 4.15.0.184.172 linux-headers-virtual-hwe-16.04 - 4.15.0.184.172 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.184.172 linux-image-lowlatency - 4.15.0.184.172 linux-tools-generic-hwe-16.04-edge - 4.15.0.184.172 No subscription required High CVE-2021-3772 CVE-2021-4149 CVE-2022-1016 CVE-2022-1419 CVE-2022-21499 CVE-2022-28356 CVE-2022-28390 Ubuntu 18.04 LTS It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update Instructions: Run `sudo pro fix USN-5467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-ibm-5.4-headers-5.4.0-1026 - 5.4.0-1026.29~18.04.1 linux-image-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-headers-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-tools-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1026.29~18.04.1 linux-buildinfo-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-modules-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1026.29~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1026.29~18.04.1 linux-image-unsigned-5.4.0-1026-ibm - 5.4.0-1026.29~18.04.1 linux-ibm-5.4-tools-5.4.0-1026 - 5.4.0-1026.29~18.04.1 No subscription required linux-modules-extra-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-buildinfo-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1046 - 5.4.0-1046.48~18.04.1 linux-headers-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-modules-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1046.48~18.04.1 linux-cloud-tools-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-tools-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-gkeop-5.4-headers-5.4.0-1046 - 5.4.0-1046.48~18.04.1 linux-image-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 linux-gkeop-5.4-tools-5.4.0-1046 - 5.4.0-1046.48~18.04.1 linux-image-unsigned-5.4.0-1046-gkeop - 5.4.0-1046.48~18.04.1 No subscription required linux-raspi-5.4-tools-5.4.0-1065 - 5.4.0-1065.75~18.04.1 linux-image-5.4.0-1065-raspi - 5.4.0-1065.75~18.04.1 linux-modules-5.4.0-1065-raspi - 5.4.0-1065.75~18.04.1 linux-buildinfo-5.4.0-1065-raspi - 5.4.0-1065.75~18.04.1 linux-raspi-5.4-headers-5.4.0-1065 - 5.4.0-1065.75~18.04.1 linux-tools-5.4.0-1065-raspi - 5.4.0-1065.75~18.04.1 linux-headers-5.4.0-1065-raspi - 5.4.0-1065.75~18.04.1 No subscription required linux-modules-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-image-unsigned-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-tools-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-buildinfo-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-gke-5.4-tools-5.4.0-1074 - 5.4.0-1074.79~18.04.1 linux-modules-extra-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-image-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 linux-gke-5.4-headers-5.4.0-1074 - 5.4.0-1074.79~18.04.1 linux-headers-5.4.0-1074-gke - 5.4.0-1074.79~18.04.1 No subscription required linux-image-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-buildinfo-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-headers-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-tools-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-image-unsigned-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-modules-extra-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 linux-oracle-5.4-headers-5.4.0-1076 - 5.4.0-1076.83~18.04.1 linux-oracle-5.4-tools-5.4.0-1076 - 5.4.0-1076.83~18.04.1 linux-modules-5.4.0-1076-oracle - 5.4.0-1076.83~18.04.1 No subscription required linux-buildinfo-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-image-unsigned-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-gcp-5.4-tools-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-cloud-tools-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-aws-5.4-tools-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-headers-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-image-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-modules-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-buildinfo-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-modules-extra-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-tools-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-tools-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-headers-5.4.0-1078-gcp - 5.4.0-1078.84~18.04.1 linux-modules-extra-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-gcp-5.4-headers-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-image-unsigned-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-image-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 linux-aws-5.4-headers-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-modules-5.4.0-1078-aws - 5.4.0-1078.84~18.04.1 No subscription required linux-modules-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-modules-extra-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1083 - 5.4.0-1083.87~18.04.1 linux-image-unsigned-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-azure-5.4-tools-5.4.0-1083 - 5.4.0-1083.87~18.04.1 linux-image-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-buildinfo-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-tools-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-azure-5.4-headers-5.4.0-1083 - 5.4.0-1083.87~18.04.1 linux-headers-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 linux-cloud-tools-5.4.0-1083-azure - 5.4.0-1083.87~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-117.132~18.04.1 linux-cloud-tools-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-tools-5.4.0-117-generic-lpae - 5.4.0-117.132~18.04.1 linux-cloud-tools-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-buildinfo-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-headers-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-117 - 5.4.0-117.132~18.04.1 linux-modules-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-tools-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-buildinfo-5.4.0-117-generic-lpae - 5.4.0-117.132~18.04.1 linux-headers-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-modules-extra-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-generic-lpae - 5.4.0-117.132~18.04.1 linux-headers-5.4.0-117-generic-lpae - 5.4.0-117.132~18.04.1 linux-modules-5.4.0-117-generic-lpae - 5.4.0-117.132~18.04.1 linux-hwe-5.4-headers-5.4.0-117 - 5.4.0-117.132~18.04.1 linux-buildinfo-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-image-unsigned-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-image-unsigned-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-modules-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-tools-5.4.0-117-lowlatency - 5.4.0-117.132~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-generic - 5.4.0-117.132~18.04.1 linux-hwe-5.4-tools-5.4.0-117 - 5.4.0-117.132~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1026.41 linux-image-ibm - 5.4.0.1026.41 linux-tools-ibm-edge - 5.4.0.1026.41 linux-headers-ibm-edge - 5.4.0.1026.41 linux-modules-extra-ibm-edge - 5.4.0.1026.41 linux-tools-ibm - 5.4.0.1026.41 linux-ibm - 5.4.0.1026.41 linux-ibm-edge - 5.4.0.1026.41 linux-headers-ibm - 5.4.0.1026.41 linux-image-ibm-edge - 5.4.0.1026.41 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1046.48~18.04.44 linux-modules-extra-gkeop-5.4 - 5.4.0.1046.48~18.04.44 linux-gkeop-5.4 - 5.4.0.1046.48~18.04.44 linux-image-gkeop-5.4 - 5.4.0.1046.48~18.04.44 linux-tools-gkeop-5.4 - 5.4.0.1046.48~18.04.44 linux-headers-gkeop-5.4 - 5.4.0.1046.48~18.04.44 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1065.65 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1065.65 linux-raspi-hwe-18.04 - 5.4.0.1065.65 linux-image-raspi-hwe-18.04-edge - 5.4.0.1065.65 linux-tools-raspi-hwe-18.04 - 5.4.0.1065.65 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1065.65 linux-headers-raspi-hwe-18.04 - 5.4.0.1065.65 linux-raspi-hwe-18.04-edge - 5.4.0.1065.65 No subscription required linux-headers-gke-5.4 - 5.4.0.1074.79~18.04.37 linux-modules-extra-gke-5.4 - 5.4.0.1074.79~18.04.37 linux-gke-5.4 - 5.4.0.1074.79~18.04.37 linux-tools-gke-5.4 - 5.4.0.1074.79~18.04.37 linux-image-gke-5.4 - 5.4.0.1074.79~18.04.37 No subscription required linux-headers-oracle - 5.4.0.1076.83~18.04.54 linux-tools-oracle - 5.4.0.1076.83~18.04.54 linux-signed-image-oracle - 5.4.0.1076.83~18.04.54 linux-signed-oracle - 5.4.0.1076.83~18.04.54 linux-tools-oracle-edge - 5.4.0.1076.83~18.04.54 linux-oracle-edge - 5.4.0.1076.83~18.04.54 linux-modules-extra-oracle-edge - 5.4.0.1076.83~18.04.54 linux-image-oracle-edge - 5.4.0.1076.83~18.04.54 linux-oracle - 5.4.0.1076.83~18.04.54 linux-modules-extra-oracle - 5.4.0.1076.83~18.04.54 linux-signed-oracle-edge - 5.4.0.1076.83~18.04.54 linux-signed-image-oracle-edge - 5.4.0.1076.83~18.04.54 linux-headers-oracle-edge - 5.4.0.1076.83~18.04.54 linux-image-oracle - 5.4.0.1076.83~18.04.54 No subscription required linux-headers-aws - 5.4.0.1078.59 linux-image-aws - 5.4.0.1078.59 linux-aws-edge - 5.4.0.1078.59 linux-aws - 5.4.0.1078.59 linux-modules-extra-aws-edge - 5.4.0.1078.59 linux-headers-aws-edge - 5.4.0.1078.59 linux-modules-extra-aws - 5.4.0.1078.59 linux-tools-aws - 5.4.0.1078.59 linux-tools-aws-edge - 5.4.0.1078.59 linux-image-aws-edge - 5.4.0.1078.59 No subscription required linux-image-gcp-edge - 5.4.0.1078.60 linux-tools-gcp-edge - 5.4.0.1078.60 linux-headers-gcp-edge - 5.4.0.1078.60 linux-modules-extra-gcp-edge - 5.4.0.1078.60 linux-tools-gcp - 5.4.0.1078.60 linux-gcp - 5.4.0.1078.60 linux-headers-gcp - 5.4.0.1078.60 linux-image-gcp - 5.4.0.1078.60 linux-modules-extra-gcp - 5.4.0.1078.60 linux-gcp-edge - 5.4.0.1078.60 No subscription required linux-signed-azure - 5.4.0.1083.61 linux-cloud-tools-azure - 5.4.0.1083.61 linux-tools-azure - 5.4.0.1083.61 linux-signed-image-azure-edge - 5.4.0.1083.61 linux-cloud-tools-azure-edge - 5.4.0.1083.61 linux-modules-extra-azure - 5.4.0.1083.61 linux-azure - 5.4.0.1083.61 linux-image-azure - 5.4.0.1083.61 linux-signed-image-azure - 5.4.0.1083.61 linux-headers-azure-edge - 5.4.0.1083.61 linux-azure-edge - 5.4.0.1083.61 linux-modules-extra-azure-edge - 5.4.0.1083.61 linux-signed-azure-edge - 5.4.0.1083.61 linux-image-azure-edge - 5.4.0.1083.61 linux-tools-azure-edge - 5.4.0.1083.61 linux-headers-azure - 5.4.0.1083.61 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-headers-snapdragon-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-generic-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-image-snapdragon-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-snapdragon-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-oem - 5.4.0.117.132~18.04.99 linux-tools-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-lowlatency-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-lowlatency-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-image-extra-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-oem-osp1 - 5.4.0.117.132~18.04.99 linux-snapdragon-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-image-generic-lpae-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-tools-lowlatency-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-generic-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-tools-oem - 5.4.0.117.132~18.04.99 linux-headers-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-tools-oem-osp1 - 5.4.0.117.132~18.04.99 linux-tools-snapdragon-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-headers-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-generic-lpae-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-oem - 5.4.0.117.132~18.04.99 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-tools-generic-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-oem - 5.4.0.117.132~18.04.99 linux-image-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-image-generic-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-generic-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-headers-oem-osp1 - 5.4.0.117.132~18.04.99 linux-tools-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-generic-lpae-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-generic-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-oem-osp1 - 5.4.0.117.132~18.04.99 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-lowlatency-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-lowlatency-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.117.132~18.04.99 linux-generic-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-tools-generic-hwe-18.04 - 5.4.0.117.132~18.04.99 linux-image-virtual-hwe-18.04-edge - 5.4.0.117.132~18.04.99 No subscription required High CVE-2021-3772 CVE-2021-4197 CVE-2022-1011 CVE-2022-1158 CVE-2022-1198 CVE-2022-1353 CVE-2022-1516 CVE-2022-21499 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24958 CVE-2022-26966 CVE-2022-28356 CVE-2022-28389 CVE-2022-28390 Ubuntu 18.04 LTS It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding (LPC) or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446, CVE-2020-20453) It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20450) It was discovered that FFmpeg incorrectly handled file conversion to APNG format. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21041) It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21688) It was discovered that FFmpeg incorrectly handled certain specially crafted AVI files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21697) It was discovered that FFmpeg incorrectly handled writing MOV video tags. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015) It was discovered that FFmpeg incorrectly handled writing MOV files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016) It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022, CVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031, CVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042) It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021, CVE-2020-22033) It was discovered that FFmpeg incorrectly handled memory when using certain filters. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 21.10. (CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035) It was discovered that FFmpeg incorrectly handled certain specially crafted JPEG files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22037) It was discovered that FFmpeg incorrectly performed calculations in EXR codec. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965) It was discovered that FFmpeg did not verify return values of functions init_vlc and init_get_bits. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114, CVE-2021-38171) It was discovered that FFmpeg incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475) Update Instructions: Run `sudo pro fix USN-5472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libavresample-dev - 7:3.4.11-0ubuntu0.1 libavcodec-extra - 7:3.4.11-0ubuntu0.1 libavutil55 - 7:3.4.11-0ubuntu0.1 libavresample3 - 7:3.4.11-0ubuntu0.1 libavcodec-dev - 7:3.4.11-0ubuntu0.1 libavutil-dev - 7:3.4.11-0ubuntu0.1 libavfilter-extra - 7:3.4.11-0ubuntu0.1 libswscale-dev - 7:3.4.11-0ubuntu0.1 libswresample-dev - 7:3.4.11-0ubuntu0.1 libswresample2 - 7:3.4.11-0ubuntu0.1 libavdevice-dev - 7:3.4.11-0ubuntu0.1 libswscale4 - 7:3.4.11-0ubuntu0.1 libavfilter-dev - 7:3.4.11-0ubuntu0.1 libpostproc54 - 7:3.4.11-0ubuntu0.1 libpostproc-dev - 7:3.4.11-0ubuntu0.1 libavdevice57 - 7:3.4.11-0ubuntu0.1 libavformat57 - 7:3.4.11-0ubuntu0.1 libavformat-dev - 7:3.4.11-0ubuntu0.1 libavfilter-extra6 - 7:3.4.11-0ubuntu0.1 libavfilter6 - 7:3.4.11-0ubuntu0.1 libavcodec-extra57 - 7:3.4.11-0ubuntu0.1 libavcodec57 - 7:3.4.11-0ubuntu0.1 ffmpeg - 7:3.4.11-0ubuntu0.1 ffmpeg-doc - 7:3.4.11-0ubuntu0.1 No subscription required Medium CVE-2020-20445 CVE-2020-20446 CVE-2020-20450 CVE-2020-20453 CVE-2020-21041 CVE-2020-21688 CVE-2020-21697 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-22037 CVE-2020-22042 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 CVE-2022-1475 Ubuntu 18.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-5473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20211016~18.04.1 No subscription required None https://launchpad.net/bugs/1976631 Ubuntu 18.04 LTS It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request within the same connection. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2019-20637) It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote attacker could possibly use this issue to restart the daemon and cause a performance loss. (CVE-2020-11653) It was discovered that Varnish Cache allowed request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-36740) It was discovered that Varnish Cache allowed request smuggling for HTTP/1 connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-23959) Update Instructions: Run `sudo pro fix USN-5474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: varnish - 5.2.1-1ubuntu0.1 varnish-doc - 5.2.1-1ubuntu0.1 libvarnishapi-dev - 5.2.1-1ubuntu0.1 libvarnishapi1 - 5.2.1-1ubuntu0.1 No subscription required Medium CVE-2019-20637 CVE-2020-11653 CVE-2021-36740 CVE-2022-23959 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the browser UI, conduct cross-site scripting (XSS) attacks, bypass content security policy (CSP) restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5475-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-szl - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 101.0.1+build1-0ubuntu0.18.04.1 firefox - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 101.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 101.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 101.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 101.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 101.0.1+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1919 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31743 CVE-2022-31744 CVE-2022-31745 CVE-2022-31747 CVE-2022-31748 Ubuntu 18.04 LTS Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981) It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-31783) Update Instructions: Run `sudo pro fix USN-5476-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 3.5.0-1ubuntu0.4 liblouis14 - 3.5.0-1ubuntu0.4 python-louis - 3.5.0-1ubuntu0.4 liblouis-dev - 3.5.0-1ubuntu0.4 python3-louis - 3.5.0-1ubuntu0.4 liblouis-data - 3.5.0-1ubuntu0.4 No subscription required Medium CVE-2022-26981 CVE-2022-31783 Ubuntu 18.04 LTS Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31625) Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31626) Update Instructions: Run `sudo pro fix USN-5479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.12 php7.2-enchant - 7.2.24-0ubuntu0.18.04.12 php7.2-ldap - 7.2.24-0ubuntu0.18.04.12 php7.2-fpm - 7.2.24-0ubuntu0.18.04.12 php7.2-recode - 7.2.24-0ubuntu0.18.04.12 php7.2-cli - 7.2.24-0ubuntu0.18.04.12 php7.2-json - 7.2.24-0ubuntu0.18.04.12 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.12 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.12 php7.2 - 7.2.24-0ubuntu0.18.04.12 php7.2-pspell - 7.2.24-0ubuntu0.18.04.12 php7.2-dev - 7.2.24-0ubuntu0.18.04.12 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.12 php7.2-gmp - 7.2.24-0ubuntu0.18.04.12 php7.2-opcache - 7.2.24-0ubuntu0.18.04.12 php7.2-gd - 7.2.24-0ubuntu0.18.04.12 php7.2-soap - 7.2.24-0ubuntu0.18.04.12 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.12 php7.2-intl - 7.2.24-0ubuntu0.18.04.12 php7.2-cgi - 7.2.24-0ubuntu0.18.04.12 php7.2-odbc - 7.2.24-0ubuntu0.18.04.12 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.12 php7.2-tidy - 7.2.24-0ubuntu0.18.04.12 php7.2-imap - 7.2.24-0ubuntu0.18.04.12 php7.2-readline - 7.2.24-0ubuntu0.18.04.12 php7.2-mysql - 7.2.24-0ubuntu0.18.04.12 php7.2-dba - 7.2.24-0ubuntu0.18.04.12 php7.2-xml - 7.2.24-0ubuntu0.18.04.12 php7.2-interbase - 7.2.24-0ubuntu0.18.04.12 php7.2-xsl - 7.2.24-0ubuntu0.18.04.12 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.12 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.12 php7.2-sybase - 7.2.24-0ubuntu0.18.04.12 php7.2-curl - 7.2.24-0ubuntu0.18.04.12 php7.2-common - 7.2.24-0ubuntu0.18.04.12 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.12 php7.2-snmp - 7.2.24-0ubuntu0.18.04.12 php7.2-zip - 7.2.24-0ubuntu0.18.04.12 No subscription required Medium CVE-2022-31625 CVE-2022-31626 Ubuntu 18.04 LTS USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31625) Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-31626) Update Instructions: Run `sudo pro fix USN-5479-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.13 php7.2-enchant - 7.2.24-0ubuntu0.18.04.13 php7.2-ldap - 7.2.24-0ubuntu0.18.04.13 php7.2-fpm - 7.2.24-0ubuntu0.18.04.13 php7.2-recode - 7.2.24-0ubuntu0.18.04.13 php7.2-cli - 7.2.24-0ubuntu0.18.04.13 php7.2-json - 7.2.24-0ubuntu0.18.04.13 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.13 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.13 php7.2 - 7.2.24-0ubuntu0.18.04.13 php7.2-pspell - 7.2.24-0ubuntu0.18.04.13 php7.2-dev - 7.2.24-0ubuntu0.18.04.13 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.13 php7.2-gmp - 7.2.24-0ubuntu0.18.04.13 php7.2-opcache - 7.2.24-0ubuntu0.18.04.13 php7.2-gd - 7.2.24-0ubuntu0.18.04.13 php7.2-soap - 7.2.24-0ubuntu0.18.04.13 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.13 php7.2-intl - 7.2.24-0ubuntu0.18.04.13 php7.2-cgi - 7.2.24-0ubuntu0.18.04.13 php7.2-odbc - 7.2.24-0ubuntu0.18.04.13 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.13 php7.2-tidy - 7.2.24-0ubuntu0.18.04.13 php7.2-imap - 7.2.24-0ubuntu0.18.04.13 php7.2-readline - 7.2.24-0ubuntu0.18.04.13 php7.2-mysql - 7.2.24-0ubuntu0.18.04.13 php7.2-dba - 7.2.24-0ubuntu0.18.04.13 php7.2-xml - 7.2.24-0ubuntu0.18.04.13 php7.2-interbase - 7.2.24-0ubuntu0.18.04.13 php7.2-xsl - 7.2.24-0ubuntu0.18.04.13 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.13 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.13 php7.2-sybase - 7.2.24-0ubuntu0.18.04.13 php7.2-curl - 7.2.24-0ubuntu0.18.04.13 php7.2-common - 7.2.24-0ubuntu0.18.04.13 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.13 php7.2-snmp - 7.2.24-0ubuntu0.18.04.13 php7.2-zip - 7.2.24-0ubuntu0.18.04.13 No subscription required Medium CVE-2022-31625 Ubuntu 18.04 LTS It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbluetooth3 - 5.48-0ubuntu3.9 bluez-tests - 5.48-0ubuntu3.9 bluez-obexd - 5.48-0ubuntu3.9 bluetooth - 5.48-0ubuntu3.9 bluez - 5.48-0ubuntu3.9 bluez-hcidump - 5.48-0ubuntu3.9 bluez-cups - 5.48-0ubuntu3.9 libbluetooth-dev - 5.48-0ubuntu3.9 No subscription required None https://launchpad.net/bugs/1977968 Ubuntu 18.04 LTS It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984) Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting (XSS). If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123) It was discovered that SPIP incorrectly handled certain forms. A remote authenticated editor could possibly use this issue to execute arbitrary code, and a remote unauthenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2022-26846, CVE-2022-26847) Update Instructions: Run `sudo pro fix USN-5482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: spip - 3.1.4-4~deb9u5build0.18.04.1 No subscription required Medium CVE-2020-28984 CVE-2021-44118 CVE-2021-44120 CVE-2021-44122 CVE-2021-44123 CVE-2022-26846 CVE-2022-26847 Ubuntu 18.04 LTS It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exempi - 2.4.5-2ubuntu0.1 libexempi3 - 2.4.5-2ubuntu0.1 libexempi-dev - 2.4.5-2ubuntu0.1 No subscription required Medium CVE-2018-12648 CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532 Ubuntu 18.04 LTS It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update Instructions: Run `sudo pro fix USN-5485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-tools-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-image-unsigned-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-dell300x-headers-4.15.0-1048 - 4.15.0-1048.53 linux-image-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-modules-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-headers-4.15.0-1048-dell300x - 4.15.0-1048.53 linux-dell300x-tools-4.15.0-1048 - 4.15.0-1048.53 No subscription required linux-oracle-tools-4.15.0-1101 - 4.15.0-1101.112 linux-tools-4.15.0-1101-oracle - 4.15.0-1101.112 linux-modules-4.15.0-1101-oracle - 4.15.0-1101.112 linux-buildinfo-4.15.0-1101-oracle - 4.15.0-1101.112 linux-oracle-headers-4.15.0-1101 - 4.15.0-1101.112 linux-image-unsigned-4.15.0-1101-oracle - 4.15.0-1101.112 linux-headers-4.15.0-1101-oracle - 4.15.0-1101.112 linux-modules-extra-4.15.0-1101-oracle - 4.15.0-1101.112 linux-image-4.15.0-1101-oracle - 4.15.0-1101.112 No subscription required linux-tools-4.15.0-1122-kvm - 4.15.0-1122.127 linux-kvm-headers-4.15.0-1122 - 4.15.0-1122.127 linux-kvm-tools-4.15.0-1122 - 4.15.0-1122.127 linux-image-4.15.0-1122-kvm - 4.15.0-1122.127 linux-modules-4.15.0-1122-kvm - 4.15.0-1122.127 linux-headers-4.15.0-1122-kvm - 4.15.0-1122.127 linux-buildinfo-4.15.0-1122-kvm - 4.15.0-1122.127 No subscription required linux-gcp-4.15-headers-4.15.0-1130 - 4.15.0-1130.146 linux-image-4.15.0-1130-gcp - 4.15.0-1130.146 linux-buildinfo-4.15.0-1130-gcp - 4.15.0-1130.146 linux-gcp-4.15-tools-4.15.0-1130 - 4.15.0-1130.146 linux-modules-extra-4.15.0-1130-gcp - 4.15.0-1130.146 linux-headers-4.15.0-1130-gcp - 4.15.0-1130.146 linux-image-unsigned-4.15.0-1130-gcp - 4.15.0-1130.146 linux-modules-4.15.0-1130-gcp - 4.15.0-1130.146 linux-tools-4.15.0-1130-gcp - 4.15.0-1130.146 No subscription required linux-cloud-tools-4.15.0-1136-aws - 4.15.0-1136.147 linux-aws-cloud-tools-4.15.0-1136 - 4.15.0-1136.147 linux-buildinfo-4.15.0-1136-aws - 4.15.0-1136.147 linux-headers-4.15.0-1136-aws - 4.15.0-1136.147 linux-aws-tools-4.15.0-1136 - 4.15.0-1136.147 linux-aws-headers-4.15.0-1136 - 4.15.0-1136.147 linux-image-4.15.0-1136-aws - 4.15.0-1136.147 linux-modules-extra-4.15.0-1136-aws - 4.15.0-1136.147 linux-image-unsigned-4.15.0-1136-aws - 4.15.0-1136.147 linux-tools-4.15.0-1136-aws - 4.15.0-1136.147 linux-modules-4.15.0-1136-aws - 4.15.0-1136.147 No subscription required linux-azure-4.15-tools-4.15.0-1145 - 4.15.0-1145.160 linux-image-unsigned-4.15.0-1145-azure - 4.15.0-1145.160 linux-modules-4.15.0-1145-azure - 4.15.0-1145.160 linux-image-4.15.0-1145-azure - 4.15.0-1145.160 linux-azure-4.15-headers-4.15.0-1145 - 4.15.0-1145.160 linux-headers-4.15.0-1145-azure - 4.15.0-1145.160 linux-cloud-tools-4.15.0-1145-azure - 4.15.0-1145.160 linux-tools-4.15.0-1145-azure - 4.15.0-1145.160 linux-azure-4.15-cloud-tools-4.15.0-1145 - 4.15.0-1145.160 linux-modules-extra-4.15.0-1145-azure - 4.15.0-1145.160 linux-buildinfo-4.15.0-1145-azure - 4.15.0-1145.160 No subscription required linux-modules-4.15.0-187-generic-lpae - 4.15.0-187.198 linux-image-unsigned-4.15.0-187-lowlatency - 4.15.0-187.198 linux-modules-4.15.0-187-lowlatency - 4.15.0-187.198 linux-cloud-tools-4.15.0-187-lowlatency - 4.15.0-187.198 linux-cloud-tools-4.15.0-187 - 4.15.0-187.198 linux-tools-4.15.0-187-generic-lpae - 4.15.0-187.198 linux-cloud-tools-common - 4.15.0-187.198 linux-image-unsigned-4.15.0-187-generic - 4.15.0-187.198 linux-tools-4.15.0-187-generic - 4.15.0-187.198 linux-modules-extra-4.15.0-187-generic - 4.15.0-187.198 linux-modules-4.15.0-187-generic - 4.15.0-187.198 linux-libc-dev - 4.15.0-187.198 linux-buildinfo-4.15.0-187-generic-lpae - 4.15.0-187.198 linux-tools-4.15.0-187-lowlatency - 4.15.0-187.198 linux-headers-4.15.0-187 - 4.15.0-187.198 linux-headers-4.15.0-187-generic - 4.15.0-187.198 linux-buildinfo-4.15.0-187-generic - 4.15.0-187.198 linux-source-4.15.0 - 4.15.0-187.198 linux-tools-host - 4.15.0-187.198 linux-cloud-tools-4.15.0-187-generic - 4.15.0-187.198 linux-image-4.15.0-187-lowlatency - 4.15.0-187.198 linux-tools-common - 4.15.0-187.198 linux-doc - 4.15.0-187.198 linux-headers-4.15.0-187-generic-lpae - 4.15.0-187.198 linux-tools-4.15.0-187 - 4.15.0-187.198 linux-headers-4.15.0-187-lowlatency - 4.15.0-187.198 linux-buildinfo-4.15.0-187-lowlatency - 4.15.0-187.198 linux-image-4.15.0-187-generic-lpae - 4.15.0-187.198 linux-image-4.15.0-187-generic - 4.15.0-187.198 No subscription required linux-image-dell300x - 4.15.0.1048.48 linux-tools-dell300x - 4.15.0.1048.48 linux-headers-dell300x - 4.15.0.1048.48 linux-dell300x - 4.15.0.1048.48 No subscription required linux-signed-oracle-lts-18.04 - 4.15.0.1101.108 linux-signed-image-oracle-lts-18.04 - 4.15.0.1101.108 linux-oracle-lts-18.04 - 4.15.0.1101.108 linux-tools-oracle-lts-18.04 - 4.15.0.1101.108 linux-headers-oracle-lts-18.04 - 4.15.0.1101.108 linux-image-oracle-lts-18.04 - 4.15.0.1101.108 No subscription required linux-kvm - 4.15.0.1122.115 linux-image-kvm - 4.15.0.1122.115 linux-tools-kvm - 4.15.0.1122.115 linux-headers-kvm - 4.15.0.1122.115 No subscription required linux-gcp-lts-18.04 - 4.15.0.1130.146 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1130.146 linux-image-gcp-lts-18.04 - 4.15.0.1130.146 linux-headers-gcp-lts-18.04 - 4.15.0.1130.146 linux-tools-gcp-lts-18.04 - 4.15.0.1130.146 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1136.136 linux-headers-aws-lts-18.04 - 4.15.0.1136.136 linux-tools-aws-lts-18.04 - 4.15.0.1136.136 linux-aws-lts-18.04 - 4.15.0.1136.136 linux-modules-extra-aws-lts-18.04 - 4.15.0.1136.136 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1145.115 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1145.115 linux-headers-azure-lts-18.04 - 4.15.0.1145.115 linux-azure-lts-18.04 - 4.15.0.1145.115 linux-tools-azure-lts-18.04 - 4.15.0.1145.115 linux-signed-image-azure-lts-18.04 - 4.15.0.1145.115 linux-image-azure-lts-18.04 - 4.15.0.1145.115 linux-signed-azure-lts-18.04 - 4.15.0.1145.115 No subscription required linux-signed-generic-hwe-16.04-edge - 4.15.0.187.173 linux-image-extra-virtual-hwe-16.04 - 4.15.0.187.173 linux-image-virtual - 4.15.0.187.173 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.187.173 linux-tools-lowlatency - 4.15.0.187.173 linux-source - 4.15.0.187.173 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.187.173 linux-cloud-tools-generic - 4.15.0.187.173 linux-headers-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-generic - 4.15.0.187.173 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-tools-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-tools-generic-hwe-16.04-edge - 4.15.0.187.173 linux-image-lowlatency - 4.15.0.187.173 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.187.173 linux-signed-image-lowlatency - 4.15.0.187.173 linux-crashdump - 4.15.0.187.173 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.187.173 linux-generic-hwe-16.04-edge - 4.15.0.187.173 linux-generic-lpae - 4.15.0.187.173 linux-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-headers-generic-hwe-16.04 - 4.15.0.187.173 linux-tools-generic - 4.15.0.187.173 linux-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-image-generic-hwe-16.04 - 4.15.0.187.173 linux-image-generic-hwe-16.04-edge - 4.15.0.187.173 linux-image-generic-lpae-hwe-16.04 - 4.15.0.187.173 linux-signed-generic - 4.15.0.187.173 linux-headers-virtual - 4.15.0.187.173 linux-image-generic-lpae - 4.15.0.187.173 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.187.173 linux-image-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-generic-lpae-hwe-16.04 - 4.15.0.187.173 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-image-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-generic-lpae-hwe-16.04-edge - 4.15.0.187.173 linux-signed-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-signed-image-generic - 4.15.0.187.173 linux-lowlatency - 4.15.0.187.173 linux-tools-virtual - 4.15.0.187.173 linux-tools-generic-hwe-16.04 - 4.15.0.187.173 linux-image-extra-virtual - 4.15.0.187.173 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-virtual - 4.15.0.187.173 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.187.173 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-headers-lowlatency - 4.15.0.187.173 linux-headers-virtual-hwe-16.04-edge - 4.15.0.187.173 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-virtual-hwe-16.04 - 4.15.0.187.173 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-headers-virtual-hwe-16.04 - 4.15.0.187.173 linux-cloud-tools-virtual - 4.15.0.187.173 linux-headers-generic-lpae - 4.15.0.187.173 linux-image-generic - 4.15.0.187.173 linux-headers-generic-hwe-16.04-edge - 4.15.0.187.173 linux-tools-virtual-hwe-16.04 - 4.15.0.187.173 linux-image-virtual-hwe-16.04 - 4.15.0.187.173 linux-tools-generic-lpae - 4.15.0.187.173 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.187.173 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.187.173 linux-signed-image-generic-hwe-16.04 - 4.15.0.187.173 linux-generic-hwe-16.04 - 4.15.0.187.173 linux-cloud-tools-lowlatency - 4.15.0.187.173 linux-tools-lowlatency-hwe-16.04 - 4.15.0.187.173 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.187.173 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.187.173 linux-headers-generic - 4.15.0.187.173 linux-signed-generic-hwe-16.04 - 4.15.0.187.173 linux-signed-lowlatency - 4.15.0.187.173 No subscription required linux-buildinfo-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-modules-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-ibm-5.4-tools-5.4.0-1028 - 5.4.0-1028.32~18.04.1 linux-image-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-tools-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-ibm-5.4-headers-5.4.0-1028 - 5.4.0-1028.32~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1028.32~18.04.1 linux-modules-extra-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1028.32~18.04.1 linux-headers-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-image-unsigned-5.4.0-1028-ibm - 5.4.0-1028.32~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1028.32~18.04.1 No subscription required linux-modules-extra-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-headers-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-modules-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-image-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-gkeop-5.4-tools-5.4.0-1048 - 5.4.0-1048.51~18.04.1 linux-cloud-tools-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1048.51~18.04.1 linux-tools-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-gkeop-5.4-headers-5.4.0-1048 - 5.4.0-1048.51~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1048 - 5.4.0-1048.51~18.04.1 linux-image-unsigned-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 linux-buildinfo-5.4.0-1048-gkeop - 5.4.0-1048.51~18.04.1 No subscription required linux-image-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-headers-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-image-unsigned-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-tools-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-modules-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-gke-5.4-tools-5.4.0-1076 - 5.4.0-1076.82~18.04.1 linux-buildinfo-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-modules-extra-5.4.0-1076-gke - 5.4.0-1076.82~18.04.1 linux-gke-5.4-headers-5.4.0-1076 - 5.4.0-1076.82~18.04.1 No subscription required linux-image-unsigned-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-oracle-5.4-tools-5.4.0-1078 - 5.4.0-1078.86~18.04.1 linux-oracle-5.4-headers-5.4.0-1078 - 5.4.0-1078.86~18.04.1 linux-modules-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-tools-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-buildinfo-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-headers-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-modules-extra-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 linux-image-5.4.0-1078-oracle - 5.4.0-1078.86~18.04.1 No subscription required linux-image-unsigned-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-image-unsigned-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-buildinfo-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-headers-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1080 - 5.4.0-1080.87~18.04.1 linux-image-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-tools-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-modules-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-cloud-tools-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-tools-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-modules-extra-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-aws-5.4-tools-5.4.0-1080 - 5.4.0-1080.87~18.04.1 linux-image-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-gcp-5.4-headers-5.4.0-1080 - 5.4.0-1080.87~18.04.1 linux-buildinfo-5.4.0-1080-gcp - 5.4.0-1080.87~18.04.1 linux-headers-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-modules-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-modules-extra-5.4.0-1080-aws - 5.4.0-1080.87~18.04.1 linux-gcp-5.4-tools-5.4.0-1080 - 5.4.0-1080.87~18.04.1 linux-aws-5.4-headers-5.4.0-1080 - 5.4.0-1080.87~18.04.1 No subscription required linux-headers-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-modules-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-modules-extra-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1085 - 5.4.0-1085.90~18.04.1 linux-cloud-tools-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-tools-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-image-unsigned-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-image-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-azure-5.4-headers-5.4.0-1085 - 5.4.0-1085.90~18.04.1 linux-buildinfo-5.4.0-1085-azure - 5.4.0-1085.90~18.04.1 linux-azure-5.4-tools-5.4.0-1085 - 5.4.0-1085.90~18.04.1 No subscription required linux-cloud-tools-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-modules-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-buildinfo-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-tools-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-tools-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-120.136~18.04.1 linux-buildinfo-5.4.0-120-generic-lpae - 5.4.0-120.136~18.04.1 linux-headers-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-headers-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-image-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-120 - 5.4.0-120.136~18.04.1 linux-image-unsigned-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-modules-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-image-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-hwe-5.4-headers-5.4.0-120 - 5.4.0-120.136~18.04.1 linux-headers-5.4.0-120-generic-lpae - 5.4.0-120.136~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-120.136~18.04.1 linux-image-unsigned-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-cloud-tools-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-modules-extra-5.4.0-120-generic - 5.4.0-120.136~18.04.1 linux-hwe-5.4-tools-5.4.0-120 - 5.4.0-120.136~18.04.1 linux-image-5.4.0-120-generic-lpae - 5.4.0-120.136~18.04.1 linux-buildinfo-5.4.0-120-lowlatency - 5.4.0-120.136~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-120.136~18.04.1 linux-tools-5.4.0-120-generic-lpae - 5.4.0-120.136~18.04.1 linux-modules-5.4.0-120-generic-lpae - 5.4.0-120.136~18.04.1 No subscription required linux-tools-ibm - 5.4.0.1028.42 linux-modules-extra-ibm - 5.4.0.1028.42 linux-tools-ibm-edge - 5.4.0.1028.42 linux-headers-ibm-edge - 5.4.0.1028.42 linux-ibm - 5.4.0.1028.42 linux-headers-ibm - 5.4.0.1028.42 linux-image-ibm - 5.4.0.1028.42 linux-ibm-edge - 5.4.0.1028.42 linux-modules-extra-ibm-edge - 5.4.0.1028.42 linux-image-ibm-edge - 5.4.0.1028.42 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1048.51~18.04.45 linux-gkeop-5.4 - 5.4.0.1048.51~18.04.45 linux-image-gkeop-5.4 - 5.4.0.1048.51~18.04.45 linux-tools-gkeop-5.4 - 5.4.0.1048.51~18.04.45 linux-headers-gkeop-5.4 - 5.4.0.1048.51~18.04.45 linux-modules-extra-gkeop-5.4 - 5.4.0.1048.51~18.04.45 No subscription required linux-tools-gke-5.4 - 5.4.0.1076.82~18.04.38 linux-image-gke-5.4 - 5.4.0.1076.82~18.04.38 linux-headers-gke-5.4 - 5.4.0.1076.82~18.04.38 linux-modules-extra-gke-5.4 - 5.4.0.1076.82~18.04.38 linux-gke-5.4 - 5.4.0.1076.82~18.04.38 No subscription required linux-headers-oracle - 5.4.0.1078.86~18.04.55 linux-signed-image-oracle - 5.4.0.1078.86~18.04.55 linux-signed-oracle - 5.4.0.1078.86~18.04.55 linux-signed-image-oracle-edge - 5.4.0.1078.86~18.04.55 linux-modules-extra-oracle-edge - 5.4.0.1078.86~18.04.55 linux-tools-oracle - 5.4.0.1078.86~18.04.55 linux-tools-oracle-edge - 5.4.0.1078.86~18.04.55 linux-oracle-edge - 5.4.0.1078.86~18.04.55 linux-image-oracle-edge - 5.4.0.1078.86~18.04.55 linux-headers-oracle-edge - 5.4.0.1078.86~18.04.55 linux-image-oracle - 5.4.0.1078.86~18.04.55 linux-modules-extra-oracle - 5.4.0.1078.86~18.04.55 linux-signed-oracle-edge - 5.4.0.1078.86~18.04.55 linux-oracle - 5.4.0.1078.86~18.04.55 No subscription required linux-image-aws - 5.4.0.1080.60 linux-aws-edge - 5.4.0.1080.60 linux-aws - 5.4.0.1080.60 linux-headers-aws - 5.4.0.1080.60 linux-modules-extra-aws-edge - 5.4.0.1080.60 linux-image-aws-edge - 5.4.0.1080.60 linux-headers-aws-edge - 5.4.0.1080.60 linux-modules-extra-aws - 5.4.0.1080.60 linux-tools-aws - 5.4.0.1080.60 linux-tools-aws-edge - 5.4.0.1080.60 No subscription required linux-image-gcp-edge - 5.4.0.1080.61 linux-modules-extra-gcp - 5.4.0.1080.61 linux-gcp - 5.4.0.1080.61 linux-modules-extra-gcp-edge - 5.4.0.1080.61 linux-image-gcp - 5.4.0.1080.61 linux-headers-gcp-edge - 5.4.0.1080.61 linux-tools-gcp-edge - 5.4.0.1080.61 linux-tools-gcp - 5.4.0.1080.61 linux-headers-gcp - 5.4.0.1080.61 linux-gcp-edge - 5.4.0.1080.61 No subscription required linux-cloud-tools-azure - 5.4.0.1085.62 linux-modules-extra-azure - 5.4.0.1085.62 linux-azure - 5.4.0.1085.62 linux-image-azure - 5.4.0.1085.62 linux-headers-azure-edge - 5.4.0.1085.62 linux-headers-azure - 5.4.0.1085.62 linux-tools-azure-edge - 5.4.0.1085.62 linux-modules-extra-azure-edge - 5.4.0.1085.62 linux-signed-azure-edge - 5.4.0.1085.62 linux-signed-azure - 5.4.0.1085.62 linux-signed-image-azure-edge - 5.4.0.1085.62 linux-signed-image-azure - 5.4.0.1085.62 linux-tools-azure - 5.4.0.1085.62 linux-image-azure-edge - 5.4.0.1085.62 linux-cloud-tools-azure-edge - 5.4.0.1085.62 linux-azure-edge - 5.4.0.1085.62 No subscription required linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-snapdragon-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-tools-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-headers-lowlatency-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-lowlatency-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-generic-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-generic-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-generic-lpae-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-generic-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-oem-osp1 - 5.4.0.120.136~18.04.100 linux-snapdragon-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-tools-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-generic-lpae-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-tools-oem-osp1 - 5.4.0.120.136~18.04.100 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-generic-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-oem - 5.4.0.120.136~18.04.100 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-lowlatency-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-image-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-generic-lpae-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-image-generic-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-image-oem - 5.4.0.120.136~18.04.100 linux-tools-lowlatency-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-tools-generic-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-snapdragon-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-oem-osp1 - 5.4.0.120.136~18.04.100 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-image-lowlatency-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-snapdragon-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-image-extra-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-headers-oem - 5.4.0.120.136~18.04.100 linux-tools-snapdragon-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-tools-oem - 5.4.0.120.136~18.04.100 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-headers-oem-osp1 - 5.4.0.120.136~18.04.100 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.120.136~18.04.100 linux-generic-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.120.136~18.04.100 linux-tools-generic-hwe-18.04 - 5.4.0.120.136~18.04.100 No subscription required Medium CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 Ubuntu 18.04 LTS It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. (CVE-2021-0127) Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges. (CVE-2021-0146) It was discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information. (CVE-2021-33117) Brandon Miller discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information or a remote attacker could use this to cause a denial of service. (CVE-2021-33120) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123, CVE-2022-21127) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21151) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update Instructions: Run `sudo pro fix USN-5486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20220510.0ubuntu0.18.04.1 No subscription required Medium CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33117 CVE-2021-33120 CVE-2022-21123 CVE-2022-21127 CVE-2022-21151 CVE-2022-21166 Ubuntu 18.04 LTS It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.24 apache2-utils - 2.4.29-1ubuntu4.24 apache2-dev - 2.4.29-1ubuntu4.24 apache2-suexec-pristine - 2.4.29-1ubuntu4.24 apache2-suexec-custom - 2.4.29-1ubuntu4.24 apache2 - 2.4.29-1ubuntu4.24 apache2-doc - 2.4.29-1ubuntu4.24 apache2-ssl-dev - 2.4.29-1ubuntu4.24 apache2-bin - 2.4.29-1ubuntu4.24 No subscription required Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 Ubuntu 18.04 LTS USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-26377) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-28614) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28615) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-29404) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash. (CVE-2022-30522) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-30556) It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to bypass IP based authentication. (CVE-2022-31813) Update Instructions: Run `sudo pro fix USN-5487-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.25 apache2-utils - 2.4.29-1ubuntu4.25 apache2-dev - 2.4.29-1ubuntu4.25 apache2-suexec-pristine - 2.4.29-1ubuntu4.25 apache2-suexec-custom - 2.4.29-1ubuntu4.25 apache2 - 2.4.29-1ubuntu4.25 apache2-doc - 2.4.29-1ubuntu4.25 apache2-ssl-dev - 2.4.29-1ubuntu4.25 apache2-bin - 2.4.29-1ubuntu4.25 No subscription required Medium CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 https://launchpad.net/bugs/1979577 https://launchpad.net/bugs/1979641 Ubuntu 18.04 LTS Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Update Instructions: Run `sudo pro fix USN-5488-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.10 libssl1.0-dev - 1.0.2n-1ubuntu5.10 openssl1.0 - 1.0.2n-1ubuntu5.10 No subscription required libssl-dev - 1.1.1-1ubuntu2.1~18.04.19 openssl - 1.1.1-1ubuntu2.1~18.04.19 libssl-doc - 1.1.1-1ubuntu2.1~18.04.19 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.19 No subscription required Medium CVE-2022-2068 Ubuntu 18.04 LTS Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. (CVE-2021-3507) It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929) It was discovered that QEMU incorrectly handled QXL display device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-4206, CVE-2021-4207) Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that QEMU incorrectly handled the virtiofsd shared file system daemon. An attacker inside the guest could use this issue to create files with incorrect ownership, possibly leading to privilege escalation. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-0358) It was discovered that QEMU incorrectly handled virtio-net devices. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-26353) It was discovered that QEMU incorrectly handled vhost-vsock devices. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-26354) Update Instructions: Run `sudo pro fix USN-5489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.40 qemu-user-static - 1:2.11+dfsg-1ubuntu7.40 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.40 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.40 qemu-kvm - 1:2.11+dfsg-1ubuntu7.40 qemu-user - 1:2.11+dfsg-1ubuntu7.40 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.40 qemu-system - 1:2.11+dfsg-1ubuntu7.40 qemu-utils - 1:2.11+dfsg-1ubuntu7.40 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.40 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.40 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.40 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.40 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.40 qemu - 1:2.11+dfsg-1ubuntu7.40 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.40 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.40 No subscription required Medium CVE-2021-3507 CVE-2021-3929 CVE-2021-4206 CVE-2021-4207 CVE-2022-0358 CVE-2022-26353 CVE-2022-26354 Ubuntu 18.04 LTS Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5491-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.13 squid - 3.5.27-1ubuntu1.13 squid-cgi - 3.5.27-1ubuntu1.13 squid-purge - 3.5.27-1ubuntu1.13 squidclient - 3.5.27-1ubuntu1.13 squid3 - 3.5.27-1ubuntu1.13 No subscription required Medium CVE-2021-46784 Ubuntu 18.04 LTS It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-5493-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-common - 4.15.0-188.199 linux-image-4.15.0-188-generic-lpae - 4.15.0-188.199 linux-tools-host - 4.15.0-188.199 linux-doc - 4.15.0-188.199 linux-modules-4.15.0-188-generic-lpae - 4.15.0-188.199 linux-cloud-tools-4.15.0-188-generic - 4.15.0-188.199 linux-headers-4.15.0-188-lowlatency - 4.15.0-188.199 linux-modules-extra-4.15.0-188-generic - 4.15.0-188.199 linux-tools-4.15.0-188-lowlatency - 4.15.0-188.199 linux-image-4.15.0-188-lowlatency - 4.15.0-188.199 linux-libc-dev - 4.15.0-188.199 linux-image-4.15.0-188-generic - 4.15.0-188.199 linux-modules-4.15.0-188-generic - 4.15.0-188.199 linux-tools-4.15.0-188 - 4.15.0-188.199 linux-buildinfo-4.15.0-188-generic-lpae - 4.15.0-188.199 linux-cloud-tools-4.15.0-188 - 4.15.0-188.199 linux-tools-4.15.0-188-generic-lpae - 4.15.0-188.199 linux-tools-4.15.0-188-generic - 4.15.0-188.199 linux-cloud-tools-4.15.0-188-lowlatency - 4.15.0-188.199 linux-headers-4.15.0-188-generic-lpae - 4.15.0-188.199 linux-buildinfo-4.15.0-188-generic - 4.15.0-188.199 linux-image-unsigned-4.15.0-188-lowlatency - 4.15.0-188.199 linux-buildinfo-4.15.0-188-lowlatency - 4.15.0-188.199 linux-cloud-tools-common - 4.15.0-188.199 linux-headers-4.15.0-188 - 4.15.0-188.199 linux-modules-4.15.0-188-lowlatency - 4.15.0-188.199 linux-image-unsigned-4.15.0-188-generic - 4.15.0-188.199 linux-headers-4.15.0-188-generic - 4.15.0-188.199 linux-source-4.15.0 - 4.15.0-188.199 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-signed-generic-hwe-16.04-edge - 4.15.0.188.173 linux-headers-generic-lpae - 4.15.0.188.173 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-image-extra-virtual-hwe-16.04 - 4.15.0.188.173 linux-image-virtual - 4.15.0.188.173 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.188.173 linux-image-generic - 4.15.0.188.173 linux-tools-lowlatency - 4.15.0.188.173 linux-headers-generic-hwe-16.04-edge - 4.15.0.188.173 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.188.173 linux-generic-lpae-hwe-16.04 - 4.15.0.188.173 linux-cloud-tools-virtual - 4.15.0.188.173 linux-tools-virtual-hwe-16.04 - 4.15.0.188.173 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-image-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-generic-lpae-hwe-16.04-edge - 4.15.0.188.173 linux-signed-image-lowlatency - 4.15.0.188.173 linux-signed-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-crashdump - 4.15.0.188.173 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-lowlatency - 4.15.0.188.173 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.188.173 linux-source - 4.15.0.188.173 linux-signed-image-generic - 4.15.0.188.173 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.188.173 linux-tools-generic-lpae - 4.15.0.188.173 linux-cloud-tools-generic - 4.15.0.188.173 linux-signed-lowlatency - 4.15.0.188.173 linux-generic-hwe-16.04-edge - 4.15.0.188.173 linux-virtual - 4.15.0.188.173 linux-headers-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.188.173 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.188.173 linux-tools-virtual - 4.15.0.188.173 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-generic-lpae - 4.15.0.188.173 linux-generic - 4.15.0.188.173 linux-signed-image-generic-hwe-16.04 - 4.15.0.188.173 linux-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-headers-lowlatency - 4.15.0.188.173 linux-headers-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-headers-generic-hwe-16.04 - 4.15.0.188.173 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-generic-hwe-16.04 - 4.15.0.188.173 linux-tools-virtual-hwe-16.04-edge - 4.15.0.188.173 linux-image-generic-lpae - 4.15.0.188.173 linux-tools-generic - 4.15.0.188.173 linux-virtual-hwe-16.04 - 4.15.0.188.173 linux-image-extra-virtual - 4.15.0.188.173 linux-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-cloud-tools-lowlatency - 4.15.0.188.173 linux-image-generic-hwe-16.04 - 4.15.0.188.173 linux-image-generic-hwe-16.04-edge - 4.15.0.188.173 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-image-generic-lpae-hwe-16.04 - 4.15.0.188.173 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.188.173 linux-tools-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-signed-generic - 4.15.0.188.173 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.188.173 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.188.173 linux-headers-generic - 4.15.0.188.173 linux-headers-virtual-hwe-16.04 - 4.15.0.188.173 linux-image-virtual-hwe-16.04 - 4.15.0.188.173 linux-headers-virtual - 4.15.0.188.173 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.188.173 linux-signed-generic-hwe-16.04 - 4.15.0.188.173 linux-tools-generic-hwe-16.04 - 4.15.0.188.173 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.188.173 linux-tools-generic-hwe-16.04-edge - 4.15.0.188.173 linux-image-lowlatency - 4.15.0.188.173 No subscription required Medium CVE-2022-28388 Ubuntu 18.04 LTS It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-5493-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-hwe-5.4-cloud-tools-common - 5.4.0-121.137~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-121 - 5.4.0-121.137~18.04.1 linux-modules-extra-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-121.137~18.04.1 linux-headers-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-modules-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-headers-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-tools-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-tools-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-121.137~18.04.1 linux-hwe-5.4-headers-5.4.0-121 - 5.4.0-121.137~18.04.1 linux-headers-5.4.0-121-generic-lpae - 5.4.0-121.137~18.04.1 linux-modules-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-buildinfo-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-image-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-cloud-tools-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-tools-5.4.0-121-generic-lpae - 5.4.0-121.137~18.04.1 linux-image-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-buildinfo-5.4.0-121-generic-lpae - 5.4.0-121.137~18.04.1 linux-cloud-tools-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-image-unsigned-5.4.0-121-lowlatency - 5.4.0-121.137~18.04.1 linux-image-unsigned-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-hwe-5.4-tools-5.4.0-121 - 5.4.0-121.137~18.04.1 linux-image-5.4.0-121-generic-lpae - 5.4.0-121.137~18.04.1 linux-buildinfo-5.4.0-121-generic - 5.4.0-121.137~18.04.1 linux-modules-5.4.0-121-generic-lpae - 5.4.0-121.137~18.04.1 No subscription required linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-lowlatency-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-generic-lpae-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-snapdragon-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-oem - 5.4.0.121.137~18.04.101 linux-headers-generic-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-oem-osp1 - 5.4.0.121.137~18.04.101 linux-headers-oem-osp1 - 5.4.0.121.137~18.04.101 linux-headers-snapdragon-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-image-generic-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-oem - 5.4.0.121.137~18.04.101 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-extra-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-generic-lpae-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-image-snapdragon-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-image-generic-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-snapdragon-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-generic-lpae-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-generic-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-tools-lowlatency-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-headers-generic-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-oem-osp1 - 5.4.0.121.137~18.04.101 linux-headers-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-oem-osp1 - 5.4.0.121.137~18.04.101 linux-image-lowlatency-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-image-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-tools-snapdragon-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-generic-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-lowlatency-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-generic-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-generic-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-headers-lowlatency-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.121.137~18.04.101 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-image-oem - 5.4.0.121.137~18.04.101 linux-oem - 5.4.0.121.137~18.04.101 linux-image-virtual-hwe-18.04-edge - 5.4.0.121.137~18.04.101 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.121.137~18.04.101 No subscription required Medium CVE-2022-28388 Ubuntu 18.04 LTS Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208) Update Instructions: Run `sudo pro fix USN-5495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.19 libcurl4-openssl-dev - 7.58.0-2ubuntu3.19 libcurl3-gnutls - 7.58.0-2ubuntu3.19 libcurl4-doc - 7.58.0-2ubuntu3.19 libcurl3-nss - 7.58.0-2ubuntu3.19 libcurl4-nss-dev - 7.58.0-2ubuntu3.19 libcurl4 - 7.58.0-2ubuntu3.19 curl - 7.58.0-2ubuntu3.19 No subscription required Medium CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 Ubuntu 18.04 LTS Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs could potentially use this to gain user credentials. Update Instructions: Run `sudo pro fix USN-5496-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cloud-init - 22.2-0ubuntu1~18.04.3 No subscription required Medium CVE-2022-2084 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.18 python-django-doc - 1:1.11.11-1ubuntu1.18 python-django-common - 1:1.11.11-1ubuntu1.18 python-django - 1:1.11.11-1ubuntu1.18 No subscription required Medium CVE-2022-34265 Ubuntu 18.04 LTS Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-5502-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.1 - 1.1.1-1ubuntu2.1~18.04.20 libssl-dev - 1.1.1-1ubuntu2.1~18.04.20 openssl - 1.1.1-1ubuntu2.1~18.04.20 libssl-doc - 1.1.1-1ubuntu2.1~18.04.20 No subscription required Medium CVE-2022-2097 Ubuntu 18.04 LTS Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures. Update Instructions: Run `sudo pro fix USN-5503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.4-1ubuntu1.6 gpgv-static - 2.2.4-1ubuntu1.6 gpgv-win32 - 2.2.4-1ubuntu1.6 scdaemon - 2.2.4-1ubuntu1.6 gpgsm - 2.2.4-1ubuntu1.6 gpgv - 2.2.4-1ubuntu1.6 gpg - 2.2.4-1ubuntu1.6 gnupg-agent - 2.2.4-1ubuntu1.6 gnupg2 - 2.2.4-1ubuntu1.6 gpgconf - 2.2.4-1ubuntu1.6 gpgv2 - 2.2.4-1ubuntu1.6 gnupg-utils - 2.2.4-1ubuntu1.6 gpg-wks-server - 2.2.4-1ubuntu1.6 gpg-agent - 2.2.4-1ubuntu1.6 gnupg - 2.2.4-1ubuntu1.6 gpg-wks-client - 2.2.4-1ubuntu1.6 gnupg-l10n - 2.2.4-1ubuntu1.6 No subscription required Medium CVE-2022-34903 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass CSP restrictions, bypass sandboxed iframe restrictions, obtain sensitive information, bypass the HTML sanitizer, or execute arbitrary code. (CVE-2022-2200, CVE-2022-34468, CVE-2022-34470, CVE-2022-34473, CVE-2022-34474, CVE-2022-34475, CVE-2022-34476, CVE-2022-34477, CVE-2022-34479, CVE-2022-34480, CVE-2022-34481, CVE-2022-34484, CVE-2022-34485) It was discovered that Firefox could be made to save an image with an executable extension in the filename when dragging and dropping an image in some circumstances. If a user were tricked into dragging and dropping a specially crafted image, an attacker could potentially exploit this to trick the user into executing arbitrary code. (CVE-2022-34482, CVE-2022-34483) It was discovered that a compromised server could trick Firefox into an addon downgrade in some circumstances. An attacker could potentially exploit this to trick the browser into downgrading an addon to a prior version. (CVE-2022-34471) It was discovered that an unavailable PAC file caused OCSP requests to be blocked, resulting in incorrect error pages being displayed. (CVE-2022-34472) Update Instructions: Run `sudo pro fix USN-5504-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 102.0+build2-0ubuntu0.18.04.1 firefox - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 102.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 102.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 102.0+build2-0ubuntu0.18.04.1 firefox-dev - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 102.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 102.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-2200 CVE-2022-34468 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 Ubuntu 18.04 LTS Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-22747) Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-34480) Update Instructions: Run `sudo pro fix USN-5506-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.15 libnss3 - 2:3.35-2ubuntu2.15 libnss3-tools - 2:3.35-2ubuntu2.15 No subscription required Medium CVE-2022-22747 CVE-2022-34480 Ubuntu 18.04 LTS It was discovered that Python LDAP incorrectly handled certain regular expressions. An remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pyldap - 3.0.0-1ubuntu0.2 python-pyldap - 3.0.0-1ubuntu0.2 python3-ldap - 3.0.0-1ubuntu0.2 python-ldap - 3.0.0-1ubuntu0.2 No subscription required Medium CVE-2021-46823 Ubuntu 18.04 LTS Julian Brook discovered that Dovecot incorrectly handled multiple passdb configuration entries. In certain configurations, a remote attacker could possibly use this issue to escalate privileges. Update Instructions: Run `sudo pro fix USN-5509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dovecot-pgsql - 1:2.2.33.2-1ubuntu4.8 dovecot-mysql - 1:2.2.33.2-1ubuntu4.8 dovecot-core - 1:2.2.33.2-1ubuntu4.8 dovecot-sieve - 1:2.2.33.2-1ubuntu4.8 dovecot-ldap - 1:2.2.33.2-1ubuntu4.8 dovecot-sqlite - 1:2.2.33.2-1ubuntu4.8 dovecot-dev - 1:2.2.33.2-1ubuntu4.8 dovecot-pop3d - 1:2.2.33.2-1ubuntu4.8 dovecot-imapd - 1:2.2.33.2-1ubuntu4.8 dovecot-managesieved - 1:2.2.33.2-1ubuntu4.8 mail-stack-delivery - 1:2.2.33.2-1ubuntu4.8 dovecot-gssapi - 1:2.2.33.2-1ubuntu4.8 dovecot-lmtpd - 1:2.2.33.2-1ubuntu4.8 dovecot-solr - 1:2.2.33.2-1ubuntu4.8 No subscription required Medium CVE-2022-30550 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. Update Instructions: Run `sudo pro fix USN-5510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.11 xmir - 2:1.19.6-1ubuntu4.11 xwayland - 2:1.19.6-1ubuntu4.11 xorg-server-source - 2:1.19.6-1ubuntu4.11 xserver-xephyr - 2:1.19.6-1ubuntu4.11 xdmx - 2:1.19.6-1ubuntu4.11 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.11 xserver-xorg-dev - 2:1.19.6-1ubuntu4.11 xvfb - 2:1.19.6-1ubuntu4.11 xnest - 2:1.19.6-1ubuntu4.11 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.11 xserver-common - 2:1.19.6-1ubuntu4.11 xdmx-tools - 2:1.19.6-1ubuntu4.11 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.7 No subscription required Medium CVE-2022-2319 CVE-2022-2320 Ubuntu 18.04 LTS Carlo Marcelo Arenas Belón discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187) Update Instructions: Run `sudo pro fix USN-5511-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.12 gitweb - 1:2.17.1-1ubuntu0.12 git-all - 1:2.17.1-1ubuntu0.12 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.12 git-el - 1:2.17.1-1ubuntu0.12 gitk - 1:2.17.1-1ubuntu0.12 git-gui - 1:2.17.1-1ubuntu0.12 git-mediawiki - 1:2.17.1-1ubuntu0.12 git-daemon-run - 1:2.17.1-1ubuntu0.12 git-man - 1:2.17.1-1ubuntu0.12 git-doc - 1:2.17.1-1ubuntu0.12 git-svn - 1:2.17.1-1ubuntu0.12 git-cvs - 1:2.17.1-1ubuntu0.12 git-email - 1:2.17.1-1ubuntu0.12 No subscription required Medium CVE-2022-29187 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484) It was discovered that an unavailable PAC file caused OCSP requests to be blocked, resulting in incorrect error pages being displayed. (CVE-2022-34472) It was discovered that the Braille space character could be used to cause Thunderbird to display the wrong sender address for signed messages. An attacker could potentially exploit this to trick the user into believing a message had been sent from somebody they trusted. (CVE-2022-1834) It was discovered that Thunderbird would consider an email with a mismatched OpenPGP signature date as valid. An attacker could potentially exploit this by replaying an older message in order to trick the user into believing that the statements in the message are current. (CVE-2022-2226) Update Instructions: Run `sudo pro fix USN-5512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:91.11.0+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:91.11.0+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:91.11.0+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:91.11.0+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:91.11.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 CVE-2022-2226 Ubuntu 18.04 LTS It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1789) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981) Update Instructions: Run `sudo pro fix USN-5514-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-tools-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-modules-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1029.33~18.04.1 linux-buildinfo-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-ibm-5.4-headers-5.4.0-1029 - 5.4.0-1029.33~18.04.1 linux-headers-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1029.33~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1029.33~18.04.1 linux-modules-extra-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-image-5.4.0-1029-ibm - 5.4.0-1029.33~18.04.1 linux-ibm-5.4-tools-5.4.0-1029 - 5.4.0-1029.33~18.04.1 No subscription required linux-headers-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-cloud-tools-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-image-unsigned-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1049 - 5.4.0-1049.52~18.04.1 linux-image-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-tools-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-modules-extra-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-gkeop-5.4-tools-5.4.0-1049 - 5.4.0-1049.52~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1049.52~18.04.1 linux-buildinfo-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 linux-gkeop-5.4-headers-5.4.0-1049 - 5.4.0-1049.52~18.04.1 linux-modules-5.4.0-1049-gkeop - 5.4.0-1049.52~18.04.1 No subscription required linux-raspi-5.4-tools-5.4.0-1066 - 5.4.0-1066.76~18.04.1 linux-headers-5.4.0-1066-raspi - 5.4.0-1066.76~18.04.1 linux-tools-5.4.0-1066-raspi - 5.4.0-1066.76~18.04.1 linux-modules-5.4.0-1066-raspi - 5.4.0-1066.76~18.04.1 linux-buildinfo-5.4.0-1066-raspi - 5.4.0-1066.76~18.04.1 linux-image-5.4.0-1066-raspi - 5.4.0-1066.76~18.04.1 linux-raspi-5.4-headers-5.4.0-1066 - 5.4.0-1066.76~18.04.1 No subscription required linux-oracle-5.4-headers-5.4.0-1079 - 5.4.0-1079.87~18.04.1 linux-image-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-headers-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-modules-extra-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-image-unsigned-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-tools-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-oracle-5.4-tools-5.4.0-1079 - 5.4.0-1079.87~18.04.1 linux-modules-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 linux-buildinfo-5.4.0-1079-oracle - 5.4.0-1079.87~18.04.1 No subscription required linux-buildinfo-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1081 - 5.4.0-1081.88~18.04.1 linux-modules-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-aws-5.4-tools-5.4.0-1081 - 5.4.0-1081.88~18.04.1 linux-modules-extra-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-tools-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-image-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-headers-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-aws-5.4-headers-5.4.0-1081 - 5.4.0-1081.88~18.04.1 linux-image-unsigned-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 linux-cloud-tools-5.4.0-1081-aws - 5.4.0-1081.88~18.04.1 No subscription required linux-azure-5.4-cloud-tools-5.4.0-1086 - 5.4.0-1086.91~18.04.1 linux-headers-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-modules-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-azure-5.4-tools-5.4.0-1086 - 5.4.0-1086.91~18.04.1 linux-buildinfo-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-modules-extra-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-tools-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-azure-5.4-headers-5.4.0-1086 - 5.4.0-1086.91~18.04.1 linux-image-unsigned-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-image-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 linux-cloud-tools-5.4.0-1086-azure - 5.4.0-1086.91~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-122.138~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-122 - 5.4.0-122.138~18.04.1 linux-headers-5.4.0-122-generic-lpae - 5.4.0-122.138~18.04.1 linux-modules-extra-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-image-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-tools-5.4.0-122-generic-lpae - 5.4.0-122.138~18.04.1 linux-tools-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-headers-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-modules-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-cloud-tools-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-hwe-5.4-tools-5.4.0-122 - 5.4.0-122.138~18.04.1 linux-cloud-tools-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-hwe-5.4-headers-5.4.0-122 - 5.4.0-122.138~18.04.1 linux-modules-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-buildinfo-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-modules-5.4.0-122-generic-lpae - 5.4.0-122.138~18.04.1 linux-image-unsigned-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-122.138~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-122.138~18.04.1 linux-buildinfo-5.4.0-122-generic-lpae - 5.4.0-122.138~18.04.1 linux-buildinfo-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-image-5.4.0-122-generic-lpae - 5.4.0-122.138~18.04.1 linux-tools-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-image-unsigned-5.4.0-122-generic - 5.4.0-122.138~18.04.1 linux-image-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 linux-headers-5.4.0-122-lowlatency - 5.4.0-122.138~18.04.1 No subscription required linux-image-ibm - 5.4.0.1029.43 linux-tools-ibm-edge - 5.4.0.1029.43 linux-headers-ibm-edge - 5.4.0.1029.43 linux-modules-extra-ibm - 5.4.0.1029.43 linux-modules-extra-ibm-edge - 5.4.0.1029.43 linux-ibm - 5.4.0.1029.43 linux-ibm-edge - 5.4.0.1029.43 linux-headers-ibm - 5.4.0.1029.43 linux-tools-ibm - 5.4.0.1029.43 linux-image-ibm-edge - 5.4.0.1029.43 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1049.52~18.04.46 linux-modules-extra-gkeop-5.4 - 5.4.0.1049.52~18.04.46 linux-gkeop-5.4 - 5.4.0.1049.52~18.04.46 linux-image-gkeop-5.4 - 5.4.0.1049.52~18.04.46 linux-headers-gkeop-5.4 - 5.4.0.1049.52~18.04.46 linux-tools-gkeop-5.4 - 5.4.0.1049.52~18.04.46 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1066.66 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1066.66 linux-raspi-hwe-18.04 - 5.4.0.1066.66 linux-image-raspi-hwe-18.04-edge - 5.4.0.1066.66 linux-tools-raspi-hwe-18.04 - 5.4.0.1066.66 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1066.66 linux-headers-raspi-hwe-18.04 - 5.4.0.1066.66 linux-raspi-hwe-18.04-edge - 5.4.0.1066.66 No subscription required linux-headers-oracle - 5.4.0.1079.87~18.04.56 linux-tools-oracle - 5.4.0.1079.87~18.04.56 linux-signed-image-oracle - 5.4.0.1079.87~18.04.56 linux-signed-oracle - 5.4.0.1079.87~18.04.56 linux-tools-oracle-edge - 5.4.0.1079.87~18.04.56 linux-oracle-edge - 5.4.0.1079.87~18.04.56 linux-modules-extra-oracle-edge - 5.4.0.1079.87~18.04.56 linux-image-oracle-edge - 5.4.0.1079.87~18.04.56 linux-modules-extra-oracle - 5.4.0.1079.87~18.04.56 linux-signed-oracle-edge - 5.4.0.1079.87~18.04.56 linux-signed-image-oracle-edge - 5.4.0.1079.87~18.04.56 linux-headers-oracle-edge - 5.4.0.1079.87~18.04.56 linux-image-oracle - 5.4.0.1079.87~18.04.56 linux-oracle - 5.4.0.1079.87~18.04.56 No subscription required linux-headers-aws - 5.4.0.1081.61 linux-image-aws - 5.4.0.1081.61 linux-modules-extra-aws-edge - 5.4.0.1081.61 linux-aws-edge - 5.4.0.1081.61 linux-tools-aws - 5.4.0.1081.61 linux-headers-aws-edge - 5.4.0.1081.61 linux-aws - 5.4.0.1081.61 linux-modules-extra-aws - 5.4.0.1081.61 linux-tools-aws-edge - 5.4.0.1081.61 linux-image-aws-edge - 5.4.0.1081.61 No subscription required linux-tools-azure-edge - 5.4.0.1086.63 linux-cloud-tools-azure - 5.4.0.1086.63 linux-tools-azure - 5.4.0.1086.63 linux-image-azure-edge - 5.4.0.1086.63 linux-signed-image-azure-edge - 5.4.0.1086.63 linux-cloud-tools-azure-edge - 5.4.0.1086.63 linux-modules-extra-azure - 5.4.0.1086.63 linux-azure - 5.4.0.1086.63 linux-image-azure - 5.4.0.1086.63 linux-signed-image-azure - 5.4.0.1086.63 linux-signed-azure - 5.4.0.1086.63 linux-headers-azure-edge - 5.4.0.1086.63 linux-azure-edge - 5.4.0.1086.63 linux-modules-extra-azure-edge - 5.4.0.1086.63 linux-signed-azure-edge - 5.4.0.1086.63 linux-headers-azure - 5.4.0.1086.63 No subscription required linux-headers-snapdragon-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-generic-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-snapdragon-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-tools-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-lowlatency-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-lowlatency-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-extra-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-oem - 5.4.0.122.138~18.04.102 linux-image-oem-osp1 - 5.4.0.122.138~18.04.102 linux-snapdragon-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-generic-lpae-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-image-lowlatency-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-lowlatency-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-generic-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-tools-snapdragon-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-tools-oem - 5.4.0.122.138~18.04.102 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-image-generic-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-headers-oem - 5.4.0.122.138~18.04.102 linux-tools-oem-osp1 - 5.4.0.122.138~18.04.102 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-generic-lpae-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-lowlatency-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-snapdragon-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-generic-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-headers-oem-osp1 - 5.4.0.122.138~18.04.102 linux-tools-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-generic-lpae-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-generic-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-generic-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-oem-osp1 - 5.4.0.122.138~18.04.102 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-oem - 5.4.0.122.138~18.04.102 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-generic-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.122.138~18.04.102 linux-tools-generic-hwe-18.04-edge - 5.4.0.122.138~18.04.102 linux-image-virtual-hwe-18.04-edge - 5.4.0.122.138~18.04.102 No subscription required Medium CVE-2022-1195 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1789 CVE-2022-33981 Ubuntu 18.04 LTS Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the Linux kernel did not properly handle very small reads. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2380) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) Update Instructions: Run `sudo pro fix USN-5515-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-headers-4.15.0-1049 - 4.15.0-1049.54 linux-buildinfo-4.15.0-1049-dell300x - 4.15.0-1049.54 linux-image-4.15.0-1049-dell300x - 4.15.0-1049.54 linux-image-unsigned-4.15.0-1049-dell300x - 4.15.0-1049.54 linux-dell300x-tools-4.15.0-1049 - 4.15.0-1049.54 linux-tools-4.15.0-1049-dell300x - 4.15.0-1049.54 linux-headers-4.15.0-1049-dell300x - 4.15.0-1049.54 linux-modules-4.15.0-1049-dell300x - 4.15.0-1049.54 No subscription required linux-modules-4.15.0-1102-oracle - 4.15.0-1102.113 linux-image-4.15.0-1102-oracle - 4.15.0-1102.113 linux-headers-4.15.0-1102-oracle - 4.15.0-1102.113 linux-modules-extra-4.15.0-1102-oracle - 4.15.0-1102.113 linux-buildinfo-4.15.0-1102-oracle - 4.15.0-1102.113 linux-oracle-headers-4.15.0-1102 - 4.15.0-1102.113 linux-oracle-tools-4.15.0-1102 - 4.15.0-1102.113 linux-image-unsigned-4.15.0-1102-oracle - 4.15.0-1102.113 linux-tools-4.15.0-1102-oracle - 4.15.0-1102.113 No subscription required linux-modules-4.15.0-1115-raspi2 - 4.15.0-1115.123 linux-raspi2-headers-4.15.0-1115 - 4.15.0-1115.123 linux-buildinfo-4.15.0-1115-raspi2 - 4.15.0-1115.123 linux-headers-4.15.0-1115-raspi2 - 4.15.0-1115.123 linux-raspi2-tools-4.15.0-1115 - 4.15.0-1115.123 linux-image-4.15.0-1115-raspi2 - 4.15.0-1115.123 linux-tools-4.15.0-1115-raspi2 - 4.15.0-1115.123 No subscription required linux-image-4.15.0-1123-kvm - 4.15.0-1123.128 linux-tools-4.15.0-1123-kvm - 4.15.0-1123.128 linux-headers-4.15.0-1123-kvm - 4.15.0-1123.128 linux-kvm-headers-4.15.0-1123 - 4.15.0-1123.128 linux-modules-4.15.0-1123-kvm - 4.15.0-1123.128 linux-buildinfo-4.15.0-1123-kvm - 4.15.0-1123.128 linux-kvm-tools-4.15.0-1123 - 4.15.0-1123.128 No subscription required linux-image-unsigned-4.15.0-1131-gcp - 4.15.0-1131.147 linux-gcp-4.15-tools-4.15.0-1131 - 4.15.0-1131.147 linux-image-4.15.0-1131-gcp - 4.15.0-1131.147 linux-modules-extra-4.15.0-1131-gcp - 4.15.0-1131.147 linux-buildinfo-4.15.0-1131-gcp - 4.15.0-1131.147 linux-modules-4.15.0-1131-gcp - 4.15.0-1131.147 linux-headers-4.15.0-1131-gcp - 4.15.0-1131.147 linux-tools-4.15.0-1131-gcp - 4.15.0-1131.147 linux-gcp-4.15-headers-4.15.0-1131 - 4.15.0-1131.147 No subscription required linux-tools-4.15.0-1133-snapdragon - 4.15.0-1133.143 linux-snapdragon-headers-4.15.0-1133 - 4.15.0-1133.143 linux-modules-4.15.0-1133-snapdragon - 4.15.0-1133.143 linux-image-4.15.0-1133-snapdragon - 4.15.0-1133.143 linux-headers-4.15.0-1133-snapdragon - 4.15.0-1133.143 linux-buildinfo-4.15.0-1133-snapdragon - 4.15.0-1133.143 linux-snapdragon-tools-4.15.0-1133 - 4.15.0-1133.143 No subscription required linux-headers-4.15.0-1137-aws - 4.15.0-1137.148 linux-image-4.15.0-1137-aws - 4.15.0-1137.148 linux-aws-tools-4.15.0-1137 - 4.15.0-1137.148 linux-modules-extra-4.15.0-1137-aws - 4.15.0-1137.148 linux-buildinfo-4.15.0-1137-aws - 4.15.0-1137.148 linux-aws-headers-4.15.0-1137 - 4.15.0-1137.148 linux-aws-cloud-tools-4.15.0-1137 - 4.15.0-1137.148 linux-tools-4.15.0-1137-aws - 4.15.0-1137.148 linux-modules-4.15.0-1137-aws - 4.15.0-1137.148 linux-image-unsigned-4.15.0-1137-aws - 4.15.0-1137.148 linux-cloud-tools-4.15.0-1137-aws - 4.15.0-1137.148 No subscription required linux-image-unsigned-4.15.0-1146-azure - 4.15.0-1146.161 linux-tools-4.15.0-1146-azure - 4.15.0-1146.161 linux-azure-4.15-tools-4.15.0-1146 - 4.15.0-1146.161 linux-azure-4.15-headers-4.15.0-1146 - 4.15.0-1146.161 linux-headers-4.15.0-1146-azure - 4.15.0-1146.161 linux-buildinfo-4.15.0-1146-azure - 4.15.0-1146.161 linux-modules-4.15.0-1146-azure - 4.15.0-1146.161 linux-azure-4.15-cloud-tools-4.15.0-1146 - 4.15.0-1146.161 linux-cloud-tools-4.15.0-1146-azure - 4.15.0-1146.161 linux-modules-extra-4.15.0-1146-azure - 4.15.0-1146.161 linux-image-4.15.0-1146-azure - 4.15.0-1146.161 No subscription required linux-tools-common - 4.15.0-189.200 linux-tools-host - 4.15.0-189.200 linux-image-4.15.0-189-generic - 4.15.0-189.200 linux-modules-4.15.0-189-generic-lpae - 4.15.0-189.200 linux-doc - 4.15.0-189.200 linux-modules-4.15.0-189-lowlatency - 4.15.0-189.200 linux-cloud-tools-4.15.0-189-lowlatency - 4.15.0-189.200 linux-image-4.15.0-189-generic-lpae - 4.15.0-189.200 linux-cloud-tools-4.15.0-189-generic - 4.15.0-189.200 linux-image-4.15.0-189-lowlatency - 4.15.0-189.200 linux-libc-dev - 4.15.0-189.200 linux-tools-4.15.0-189 - 4.15.0-189.200 linux-headers-4.15.0-189-lowlatency - 4.15.0-189.200 linux-buildinfo-4.15.0-189-generic - 4.15.0-189.200 linux-headers-4.15.0-189 - 4.15.0-189.200 linux-headers-4.15.0-189-generic-lpae - 4.15.0-189.200 linux-cloud-tools-4.15.0-189 - 4.15.0-189.200 linux-headers-4.15.0-189-generic - 4.15.0-189.200 linux-buildinfo-4.15.0-189-lowlatency - 4.15.0-189.200 linux-image-unsigned-4.15.0-189-generic - 4.15.0-189.200 linux-modules-extra-4.15.0-189-generic - 4.15.0-189.200 linux-buildinfo-4.15.0-189-generic-lpae - 4.15.0-189.200 linux-modules-4.15.0-189-generic - 4.15.0-189.200 linux-tools-4.15.0-189-generic-lpae - 4.15.0-189.200 linux-tools-4.15.0-189-generic - 4.15.0-189.200 linux-tools-4.15.0-189-lowlatency - 4.15.0-189.200 linux-cloud-tools-common - 4.15.0-189.200 linux-image-unsigned-4.15.0-189-lowlatency - 4.15.0-189.200 linux-source-4.15.0 - 4.15.0-189.200 No subscription required linux-tools-dell300x - 4.15.0.1049.49 linux-headers-dell300x - 4.15.0.1049.49 linux-image-dell300x - 4.15.0.1049.49 linux-dell300x - 4.15.0.1049.49 No subscription required linux-signed-oracle-lts-18.04 - 4.15.0.1102.109 linux-oracle-lts-18.04 - 4.15.0.1102.109 linux-image-oracle-lts-18.04 - 4.15.0.1102.109 linux-signed-image-oracle-lts-18.04 - 4.15.0.1102.109 linux-tools-oracle-lts-18.04 - 4.15.0.1102.109 linux-headers-oracle-lts-18.04 - 4.15.0.1102.109 No subscription required linux-raspi2 - 4.15.0.1115.112 linux-headers-raspi2 - 4.15.0.1115.112 linux-image-raspi2 - 4.15.0.1115.112 linux-tools-raspi2 - 4.15.0.1115.112 No subscription required linux-kvm - 4.15.0.1123.116 linux-headers-kvm - 4.15.0.1123.116 linux-tools-kvm - 4.15.0.1123.116 linux-image-kvm - 4.15.0.1123.116 No subscription required linux-gcp-lts-18.04 - 4.15.0.1131.147 linux-tools-gcp-lts-18.04 - 4.15.0.1131.147 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1131.147 linux-image-gcp-lts-18.04 - 4.15.0.1131.147 linux-headers-gcp-lts-18.04 - 4.15.0.1131.147 No subscription required linux-headers-snapdragon - 4.15.0.1133.134 linux-snapdragon - 4.15.0.1133.134 linux-tools-snapdragon - 4.15.0.1133.134 linux-image-snapdragon - 4.15.0.1133.134 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1137.137 linux-headers-aws-lts-18.04 - 4.15.0.1137.137 linux-aws-lts-18.04 - 4.15.0.1137.137 linux-tools-aws-lts-18.04 - 4.15.0.1137.137 linux-modules-extra-aws-lts-18.04 - 4.15.0.1137.137 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1146.116 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1146.116 linux-tools-azure-lts-18.04 - 4.15.0.1146.116 linux-headers-azure-lts-18.04 - 4.15.0.1146.116 linux-signed-image-azure-lts-18.04 - 4.15.0.1146.116 linux-azure-lts-18.04 - 4.15.0.1146.116 linux-image-azure-lts-18.04 - 4.15.0.1146.116 linux-signed-azure-lts-18.04 - 4.15.0.1146.116 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.189.174 linux-image-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-cloud-tools-virtual - 4.15.0.189.174 linux-headers-generic-lpae - 4.15.0.189.174 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-image-extra-virtual-hwe-16.04 - 4.15.0.189.174 linux-image-virtual - 4.15.0.189.174 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.189.174 linux-image-generic - 4.15.0.189.174 linux-tools-lowlatency - 4.15.0.189.174 linux-tools-generic-hwe-16.04-edge - 4.15.0.189.174 linux-headers-generic-hwe-16.04-edge - 4.15.0.189.174 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.189.174 linux-generic-lpae-hwe-16.04 - 4.15.0.189.174 linux-generic-lpae - 4.15.0.189.174 linux-cloud-tools-generic - 4.15.0.189.174 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-image-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-generic-lpae-hwe-16.04-edge - 4.15.0.189.174 linux-signed-image-lowlatency - 4.15.0.189.174 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.189.174 linux-signed-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-crashdump - 4.15.0.189.174 linux-signed-image-generic - 4.15.0.189.174 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.189.174 linux-source - 4.15.0.189.174 linux-lowlatency - 4.15.0.189.174 linux-tools-generic-lpae - 4.15.0.189.174 linux-generic-hwe-16.04-edge - 4.15.0.189.174 linux-virtual - 4.15.0.189.174 linux-headers-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.189.174 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-tools-generic-hwe-16.04 - 4.15.0.189.174 linux-tools-virtual - 4.15.0.189.174 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-generic - 4.15.0.189.174 linux-signed-image-generic-hwe-16.04 - 4.15.0.189.174 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-headers-lowlatency - 4.15.0.189.174 linux-headers-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-headers-generic-hwe-16.04 - 4.15.0.189.174 linux-generic-hwe-16.04 - 4.15.0.189.174 linux-tools-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-image-generic-hwe-16.04 - 4.15.0.189.174 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-tools-generic - 4.15.0.189.174 linux-tools-virtual-hwe-16.04 - 4.15.0.189.174 linux-virtual-hwe-16.04 - 4.15.0.189.174 linux-image-extra-virtual - 4.15.0.189.174 linux-signed-generic-hwe-16.04-edge - 4.15.0.189.174 linux-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-cloud-tools-lowlatency - 4.15.0.189.174 linux-image-generic-hwe-16.04-edge - 4.15.0.189.174 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.189.174 linux-image-generic-lpae-hwe-16.04 - 4.15.0.189.174 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.189.174 linux-tools-lowlatency-hwe-16.04 - 4.15.0.189.174 linux-signed-generic - 4.15.0.189.174 linux-virtual-hwe-16.04-edge - 4.15.0.189.174 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.189.174 linux-headers-generic - 4.15.0.189.174 linux-headers-virtual-hwe-16.04 - 4.15.0.189.174 linux-image-virtual-hwe-16.04 - 4.15.0.189.174 linux-headers-virtual - 4.15.0.189.174 linux-signed-generic-hwe-16.04 - 4.15.0.189.174 linux-image-generic-lpae - 4.15.0.189.174 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.189.174 linux-image-lowlatency - 4.15.0.189.174 linux-signed-lowlatency - 4.15.0.189.174 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.189.174 No subscription required Medium CVE-2021-4197 CVE-2022-1011 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-2380 CVE-2022-28389 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.8 python2.7-doc - 2.7.17-1~18.04ubuntu1.8 libpython2.7 - 2.7.17-1~18.04ubuntu1.8 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.8 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.8 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.8 python2.7 - 2.7.17-1~18.04ubuntu1.8 idle-python2.7 - 2.7.17-1~18.04ubuntu1.8 python2.7-examples - 2.7.17-1~18.04ubuntu1.8 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.8 python2.7-minimal - 2.7.17-1~18.04ubuntu1.8 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.8 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.8 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.8 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.8 python3.6-examples - 3.6.9-1~18.04ubuntu1.8 python3.6-venv - 3.6.9-1~18.04ubuntu1.8 python3.6-minimal - 3.6.9-1~18.04ubuntu1.8 python3.6 - 3.6.9-1~18.04ubuntu1.8 idle-python3.6 - 3.6.9-1~18.04ubuntu1.8 python3.6-doc - 3.6.9-1~18.04ubuntu1.8 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.8 libpython3.6 - 3.6.9-1~18.04ubuntu1.8 No subscription required Low CVE-2015-20107 Ubuntu 18.04 LTS It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Update Instructions: Run `sudo pro fix USN-5520-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttp-daemon-perl - 6.01-1ubuntu0.1 No subscription required Medium CVE-2022-31081 Ubuntu 18.04 LTS USN-5523-1 fixed several vulnerabilities in LibTIFF. This update provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that LibTIFF was not properly perf orming checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0907, CVE-2022-0908) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0909) It was discovered that LibTIFF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-0924) It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bounds checking operations, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2020-19144) It was discovered that LibTIFF was not properly performing checks when setting the value for data later used as reference during memory access, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-22844) Update Instructions: Run `sudo pro fix USN-5523-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.6 libtiff-tools - 4.0.9-5ubuntu0.6 libtiff5-dev - 4.0.9-5ubuntu0.6 libtiff-dev - 4.0.9-5ubuntu0.6 libtiff5 - 4.0.9-5ubuntu0.6 libtiffxx5 - 4.0.9-5ubuntu0.6 libtiff-doc - 4.0.9-5ubuntu0.6 No subscription required Medium CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844 Ubuntu 18.04 LTS It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information. Update Instructions: Run `sudo pro fix USN-5525-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml-security-java-doc - 2.0.10-2~18.04.1 libxml-security-java - 2.0.10-2~18.04.1 No subscription required Medium CVE-2021-40690 Ubuntu 18.04 LTS Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature. Update Instructions: Run `sudo pro fix USN-5526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jwt - 1.5.3+ds1-1ubuntu0.1 python3-jwt - 1.5.3+ds1-1ubuntu0.1 No subscription required Medium CVE-2022-29217 Ubuntu 18.04 LTS It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955) It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565) Update Instructions: Run `sudo pro fix USN-5527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: check-mk-config-icinga - 1.2.8p16-1ubuntu0.2 check-mk-multisite - 1.2.8p16-1ubuntu0.2 check-mk-server - 1.2.8p16-1ubuntu0.2 check-mk-doc - 1.2.8p16-1ubuntu0.2 check-mk-livestatus - 1.2.8p16-1ubuntu0.2 check-mk-agent-logwatch - 1.2.8p16-1ubuntu0.2 check-mk-agent - 1.2.8p16-1ubuntu0.2 No subscription required Medium CVE-2017-14955 CVE-2017-9781 CVE-2021-36563 CVE-2021-40906 CVE-2022-24565 Ubuntu 18.04 LTS It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreetype6-dev - 2.8.1-2ubuntu2.2 freetype2-demos - 2.8.1-2ubuntu2.2 libfreetype6 - 2.8.1-2ubuntu2.2 No subscription required Medium CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-31782 Ubuntu 18.04 LTS It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information. (CVE-2022-31799) Update Instructions: Run `sudo pro fix USN-5532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-bottle - 0.12.13-1ubuntu0.2 python-bottle - 0.12.13-1ubuntu0.2 python-bottle-doc - 0.12.13-1ubuntu0.2 No subscription required Medium CVE-2022-31799 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5536-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-nn - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ne - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-nb - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-fa - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-fi - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-fr - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-fy - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-or - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-kab - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-oc - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-cs - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ga - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-gd - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-gn - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-gl - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-gu - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-pa - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-pl - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-cy - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-pt - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-szl - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-hi - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ms - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-he - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-hy - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-hr - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-hu - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-as - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ar - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ia - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-az - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-id - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-mai - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-af - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-is - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-vi - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-an - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-bs - 103.0+build1-0ubuntu0.18.04.1 firefox - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ro - 103.0+build1-0ubuntu0.18.04.1 firefox-geckodriver - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ja - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ru - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-br - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-bn - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-be - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-bg - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sl - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sk - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-si - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sw - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sv - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sr - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-sq - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ko - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-kn - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-km - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-kk - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ka - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-xh - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ca - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ku - 103.0+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-lv - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-lt - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-th - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 103.0+build1-0ubuntu0.18.04.1 firefox-dev - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-te - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-cak - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ta - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-lg - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-csb - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-tr - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-nso - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-de - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-da - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-uk - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-mr - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-my - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-uz - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ml - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-mn - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-mk - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ur - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-eu - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-et - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-es - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-it - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-el - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-eo - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-en - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-zu - 103.0+build1-0ubuntu0.18.04.1 firefox-locale-ast - 103.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-2505 CVE-2022-36315 CVE-2022-36316 CVE-2022-36318 CVE-2022-36319 CVE-2022-36320 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-39.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-30.html https://www.oracle.com/security-alerts/cpujul2022.html Update Instructions: Run `sudo pro fix USN-5537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.39-0ubuntu0.18.04.2 mysql-source-5.7 - 5.7.39-0ubuntu0.18.04.2 libmysqlclient-dev - 5.7.39-0ubuntu0.18.04.2 mysql-client-core-5.7 - 5.7.39-0ubuntu0.18.04.2 mysql-client-5.7 - 5.7.39-0ubuntu0.18.04.2 libmysqlclient20 - 5.7.39-0ubuntu0.18.04.2 mysql-server-5.7 - 5.7.39-0ubuntu0.18.04.2 mysql-server - 5.7.39-0ubuntu0.18.04.2 mysql-server-core-5.7 - 5.7.39-0ubuntu0.18.04.2 mysql-testsuite - 5.7.39-0ubuntu0.18.04.2 libmysqld-dev - 5.7.39-0ubuntu0.18.04.2 mysql-testsuite-5.7 - 5.7.39-0ubuntu0.18.04.2 No subscription required Medium CVE-2022-21509 CVE-2022-21515 CVE-2022-21517 CVE-2022-21522 CVE-2022-21525 CVE-2022-21526 CVE-2022-21527 CVE-2022-21528 CVE-2022-21529 CVE-2022-21530 CVE-2022-21531 CVE-2022-21534 CVE-2022-21537 CVE-2022-21538 CVE-2022-21539 CVE-2022-21547 CVE-2022-21553 CVE-2022-21569 Ubuntu 18.04 LTS It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1789) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981) Update Instructions: Run `sudo pro fix USN-5539-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-image-unsigned-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-gke-5.4-tools-5.4.0-1078 - 5.4.0-1078.84~18.04.1 linux-image-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-tools-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-modules-extra-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-modules-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-buildinfo-5.4.0-1078-gke - 5.4.0-1078.84~18.04.1 linux-gke-5.4-headers-5.4.0-1078 - 5.4.0-1078.84~18.04.1 No subscription required linux-tools-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-modules-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-headers-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-gcp-5.4-tools-5.4.0-1084 - 5.4.0-1084.92~18.04.1 linux-gcp-5.4-headers-5.4.0-1084 - 5.4.0-1084.92~18.04.1 linux-image-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-buildinfo-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-image-unsigned-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 linux-modules-extra-5.4.0-1084-gcp - 5.4.0-1084.92~18.04.1 No subscription required linux-gke-5.4 - 5.4.0.1078.84~18.04.40 linux-headers-gke-5.4 - 5.4.0.1078.84~18.04.40 linux-image-gke-5.4 - 5.4.0.1078.84~18.04.40 linux-tools-gke-5.4 - 5.4.0.1078.84~18.04.40 linux-modules-extra-gke-5.4 - 5.4.0.1078.84~18.04.40 No subscription required linux-image-gcp - 5.4.0.1084.63 linux-tools-gcp-edge - 5.4.0.1084.63 linux-tools-gcp - 5.4.0.1084.63 linux-modules-extra-gcp-edge - 5.4.0.1084.63 linux-headers-gcp-edge - 5.4.0.1084.63 linux-gcp - 5.4.0.1084.63 linux-headers-gcp - 5.4.0.1084.63 linux-image-gcp-edge - 5.4.0.1084.63 linux-modules-extra-gcp - 5.4.0.1084.63 linux-gcp-edge - 5.4.0.1084.63 No subscription required Medium CVE-2022-1195 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1789 CVE-2022-28388 CVE-2022-33981 Ubuntu 18.04 LTS Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1.8ubuntu3.7 libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.7 libsnmp-dev - 5.7.3+dfsg-1.8ubuntu3.7 libsnmp-base - 5.7.3+dfsg-1.8ubuntu3.7 snmp - 5.7.3+dfsg-1.8ubuntu3.7 libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.7 tkmib - 5.7.3+dfsg-1.8ubuntu3.7 snmpd - 5.7.3+dfsg-1.8ubuntu3.7 python-netsnmp - 5.7.3+dfsg-1.8ubuntu3.7 No subscription required Medium CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 Ubuntu 18.04 LTS Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21496) It was discovered that OpenJDK incorrectly generated class code in the Hotspot component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21540) It was dicovered that OpenJDK incorrectly restricted access to the invokeBasic() method in the Hotspot component. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2022-21541) It was discovered that OpenJDK incorrectly computed exponentials. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2022-21549) It was discovered that OpenJDK includes a copy of Xalan that incorrectly handled integer truncation. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-34169) Update Instructions: Run `sudo pro fix USN-5546-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.16+8-0ubuntu1~18.04 openjdk-11-jdk - 11.0.16+8-0ubuntu1~18.04 openjdk-11-source - 11.0.16+8-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.16+8-0ubuntu1~18.04 openjdk-11-demo - 11.0.16+8-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.16+8-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.16+8-0ubuntu1~18.04 openjdk-11-jre - 11.0.16+8-0ubuntu1~18.04 No subscription required openjdk-17-jdk-headless - 17.0.4+8-1~18.04 openjdk-17-jre-headless - 17.0.4+8-1~18.04 openjdk-17-jre - 17.0.4+8-1~18.04 openjdk-17-jdk - 17.0.4+8-1~18.04 openjdk-17-jre-zero - 17.0.4+8-1~18.04 openjdk-17-source - 17.0.4+8-1~18.04 openjdk-17-demo - 17.0.4+8-1~18.04 openjdk-17-doc - 17.0.4+8-1~18.04 No subscription required openjdk-8-doc - 8u342-b07-0ubuntu1~18.04 openjdk-8-jre-headless - 8u342-b07-0ubuntu1~18.04 openjdk-8-jre - 8u342-b07-0ubuntu1~18.04 openjdk-8-demo - 8u342-b07-0ubuntu1~18.04 openjdk-8-jre-zero - 8u342-b07-0ubuntu1~18.04 openjdk-8-jdk - 8u342-b07-0ubuntu1~18.04 openjdk-8-source - 8u342-b07-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u342-b07-0ubuntu1~18.04 No subscription required High CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 Ubuntu 18.04 LTS Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-31607) Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2022-31615) Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-31608) Update Instructions: Run `sudo pro fix USN-5547-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nvidia-compute-utils-390 - 390.154-0ubuntu0.18.04.1 nvidia-kernel-common-390 - 390.154-0ubuntu0.18.04.1 libnvidia-decode-390 - 390.154-0ubuntu0.18.04.1 nvidia-utils-390 - 390.154-0ubuntu0.18.04.1 libnvidia-gl-390 - 390.154-0ubuntu0.18.04.1 libnvidia-compute-390 - 390.154-0ubuntu0.18.04.1 nvidia-384-dev - 390.154-0ubuntu0.18.04.1 nvidia-headless-no-dkms-390 - 390.154-0ubuntu0.18.04.1 libcuda1-384 - 390.154-0ubuntu0.18.04.1 nvidia-384 - 390.154-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-390 - 390.154-0ubuntu0.18.04.1 libnvidia-encode-390 - 390.154-0ubuntu0.18.04.1 nvidia-opencl-icd-384 - 390.154-0ubuntu0.18.04.1 libnvidia-common-390 - 390.154-0ubuntu0.18.04.1 nvidia-dkms-390 - 390.154-0ubuntu0.18.04.1 nvidia-libopencl1-384 - 390.154-0ubuntu0.18.04.1 libnvidia-fbc1-390 - 390.154-0ubuntu0.18.04.1 nvidia-driver-390 - 390.154-0ubuntu0.18.04.1 nvidia-kernel-source-390 - 390.154-0ubuntu0.18.04.1 libnvidia-cfg1-390 - 390.154-0ubuntu0.18.04.1 nvidia-headless-390 - 390.154-0ubuntu0.18.04.1 libnvidia-ifr1-390 - 390.154-0ubuntu0.18.04.1 No subscription required libnvidia-compute-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-ifr1-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-driver-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-decode-440-server - 450.203.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-headless-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-gl-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-common-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-common-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-extra-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-utils-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-utils-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-headless-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-cfg1-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-kernel-common-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-encode-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-dkms-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-kernel-source-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-encode-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-driver-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-compute-utils-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-cfg1-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-fbc1-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-kernel-common-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-440-server - 450.203.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-dkms-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-ifr1-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-gl-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-fbc1-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-450-server - 450.203.03-0ubuntu0.18.04.1 nvidia-compute-utils-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-compute-440-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-decode-450-server - 450.203.03-0ubuntu0.18.04.1 libnvidia-extra-440-server - 450.203.03-0ubuntu0.18.04.1 nvidia-kernel-source-440-server - 450.203.03-0ubuntu0.18.04.1 No subscription required libnvidia-common-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-common-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-gl-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-gl-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-cfg1-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-ifr1-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-utils-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-ifr1-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-gl-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-compute-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-decode-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-gl-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-gl-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-utils-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-cfg1-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-cfg1-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-compute-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-compute-utils-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-compute-utils-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-compute-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-common-465 - 470.141.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460 - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-common-460 - 470.141.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-encode-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-decode-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-compute-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-compute-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-compute-utils-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-ifr1-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-common-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-utils-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-cfg1-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-extra-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-encode-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-source-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-source-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-encode-460-server - 470.141.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-fbc1-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-driver-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-dkms-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-fbc1-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-common-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-dkms-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-dkms-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-encode-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-dkms-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-extra-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-extra-460 - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-source-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-compute-utils-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-driver-470-server - 470.141.03-0ubuntu0.18.04.1 nvidia-driver-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-extra-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-dkms-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-fbc1-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-fbc1-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-extra-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-utils-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-compute-utils-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-driver-460 - 470.141.03-0ubuntu0.18.04.1 nvidia-utils-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-decode-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-driver-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-decode-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-encode-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-fbc1-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-common-470-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-common-470-server - 470.141.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-470 - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-source-465 - 470.141.03-0ubuntu0.18.04.1 libnvidia-common-470 - 470.141.03-0ubuntu0.18.04.1 libnvidia-cfg1-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-decode-470 - 470.141.03-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-460-server - 470.141.03-0ubuntu0.18.04.1 libnvidia-ifr1-460 - 470.141.03-0ubuntu0.18.04.1 libnvidia-ifr1-465 - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-no-dkms-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-source-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-kernel-common-460-server - 470.141.03-0ubuntu0.18.04.1 nvidia-headless-470-server - 470.141.03-0ubuntu0.18.04.1 No subscription required libnvidia-fbc1-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-common-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-utils-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-decode-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-common-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-compute-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-cfg1-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-dkms-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-encode-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-driver-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-common-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-extra-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-gl-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-fbc1-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-driver-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-source-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-510-server - 510.85.02-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-510-server - 510.85.02-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-compute-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-source-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-gl-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-utils-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-fbc1-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-cfg1-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-encode-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-compute-utils-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-decode-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-source-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-common-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-decode-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-encode-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-kernel-common-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-no-dkms-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-dkms-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-extra-510-server - 510.85.02-0ubuntu0.18.04.1 libnvidia-common-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-compute-utils-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-utils-510-server - 510.85.02-0ubuntu0.18.04.1 nvidia-compute-utils-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-compute-510 - 510.85.02-0ubuntu0.18.04.1 nvidia-dkms-510 - 510.85.02-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-495 - 510.85.02-0ubuntu0.18.04.1 libnvidia-extra-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-gl-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-driver-495 - 510.85.02-0ubuntu0.18.04.1 nvidia-headless-510 - 510.85.02-0ubuntu0.18.04.1 libnvidia-cfg1-495 - 510.85.02-0ubuntu0.18.04.1 No subscription required nvidia-dkms-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-fbc1-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-compute-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-utils-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-common-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-cfg1-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-encode-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-encode-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-decode-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-driver-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-kernel-common-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-cfg1-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-decode-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-utils-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-extra-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-kernel-common-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-compute-utils-515-server - 515.65.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-kernel-source-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-dkms-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-headless-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-kernel-source-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-gl-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-compute-utils-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-headless-no-dkms-515-server - 515.65.01-0ubuntu0.18.04.1 xserver-xorg-video-nvidia-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-gl-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-compute-515 - 515.65.01-0ubuntu0.18.04.1 libnvidia-fbc1-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-common-515-server - 515.65.01-0ubuntu0.18.04.1 nvidia-driver-515-server - 515.65.01-0ubuntu0.18.04.1 libnvidia-extra-515 - 515.65.01-0ubuntu0.18.04.1 nvidia-headless-515 - 515.65.01-0ubuntu0.18.04.1 No subscription required High CVE-2022-31607 CVE-2022-31608 CVE-2022-31615 Ubuntu 18.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5548-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.7 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.7 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.7 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.7 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.7 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.7 No subscription required Medium CVE-2016-3709 Ubuntu 18.04 LTS It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-4209) It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-2509) Update Instructions: Run `sudo pro fix USN-5550-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.5.18-1ubuntu1.6 libgnutls28-dev - 3.5.18-1ubuntu1.6 libgnutls-openssl27 - 3.5.18-1ubuntu1.6 gnutls-doc - 3.5.18-1ubuntu1.6 libgnutls-dane0 - 3.5.18-1ubuntu1.6 gnutls-bin - 3.5.18-1ubuntu1.6 libgnutlsxx28 - 3.5.18-1ubuntu1.6 No subscription required Medium CVE-2021-4209 CVE-2022-2509 Ubuntu 18.04 LTS It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations. Update Instructions: Run `sudo pro fix USN-5551-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-wsgi - 4.5.17-1ubuntu1.1 libapache2-mod-wsgi-py3 - 4.5.17-1ubuntu1.1 No subscription required Medium CVE-2022-2255 Ubuntu 18.04 LTS It was discovered that phpLiteAdmin incorrectly handled certain GET requests. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-5552-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: phpliteadmin-themes - 1.9.7.1-1ubuntu0.3 phpliteadmin - 1.9.7.1-1ubuntu0.3 No subscription required Medium CVE-2021-46709 Ubuntu 18.04 LTS It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1920, CVE-2022-1921) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122) Update Instructions: Run `sudo pro fix USN-5555-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gstreamer1.0-gtk3 - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-pulseaudio - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-plugins-good-doc - 1.14.5-0ubuntu1~18.04.3 libgstreamer-plugins-good1.0-dev - 1.14.5-0ubuntu1~18.04.3 libgstreamer-plugins-good1.0-0 - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-plugins-good - 1.14.5-0ubuntu1~18.04.3 gstreamer1.0-qt5 - 1.14.5-0ubuntu1~18.04.3 No subscription required Medium CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 Ubuntu 18.04 LTS It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. (CVE-2022-24785) It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31129) Update Instructions: Run `sudo pro fix USN-5559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-moment - 2.20.1+ds-1ubuntu0.1 libjs-moment - 2.20.1+ds-1ubuntu0.1 No subscription required Medium CVE-2022-24785 CVE-2022-31129 Ubuntu 18.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-33981) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5560-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1051-dell300x - 4.15.0-1051.56 linux-dell300x-headers-4.15.0-1051 - 4.15.0-1051.56 linux-image-4.15.0-1051-dell300x - 4.15.0-1051.56 linux-headers-4.15.0-1051-dell300x - 4.15.0-1051.56 linux-tools-4.15.0-1051-dell300x - 4.15.0-1051.56 linux-image-unsigned-4.15.0-1051-dell300x - 4.15.0-1051.56 linux-dell300x-tools-4.15.0-1051 - 4.15.0-1051.56 linux-buildinfo-4.15.0-1051-dell300x - 4.15.0-1051.56 No subscription required linux-oracle-headers-4.15.0-1104 - 4.15.0-1104.115 linux-tools-4.15.0-1104-oracle - 4.15.0-1104.115 linux-image-unsigned-4.15.0-1104-oracle - 4.15.0-1104.115 linux-headers-4.15.0-1104-oracle - 4.15.0-1104.115 linux-modules-extra-4.15.0-1104-oracle - 4.15.0-1104.115 linux-modules-4.15.0-1104-oracle - 4.15.0-1104.115 linux-oracle-tools-4.15.0-1104 - 4.15.0-1104.115 linux-buildinfo-4.15.0-1104-oracle - 4.15.0-1104.115 linux-image-4.15.0-1104-oracle - 4.15.0-1104.115 No subscription required linux-modules-4.15.0-1117-raspi2 - 4.15.0-1117.125 linux-raspi2-headers-4.15.0-1117 - 4.15.0-1117.125 linux-buildinfo-4.15.0-1117-raspi2 - 4.15.0-1117.125 linux-raspi2-tools-4.15.0-1117 - 4.15.0-1117.125 linux-image-4.15.0-1117-raspi2 - 4.15.0-1117.125 linux-headers-4.15.0-1117-raspi2 - 4.15.0-1117.125 linux-tools-4.15.0-1117-raspi2 - 4.15.0-1117.125 No subscription required linux-tools-4.15.0-1125-kvm - 4.15.0-1125.130 linux-kvm-headers-4.15.0-1125 - 4.15.0-1125.130 linux-image-4.15.0-1125-kvm - 4.15.0-1125.130 linux-kvm-tools-4.15.0-1125 - 4.15.0-1125.130 linux-headers-4.15.0-1125-kvm - 4.15.0-1125.130 linux-modules-4.15.0-1125-kvm - 4.15.0-1125.130 linux-buildinfo-4.15.0-1125-kvm - 4.15.0-1125.130 No subscription required linux-image-4.15.0-1134-gcp - 4.15.0-1134.150 linux-tools-4.15.0-1134-gcp - 4.15.0-1134.150 linux-modules-4.15.0-1134-gcp - 4.15.0-1134.150 linux-buildinfo-4.15.0-1134-gcp - 4.15.0-1134.150 linux-modules-extra-4.15.0-1134-gcp - 4.15.0-1134.150 linux-gcp-4.15-headers-4.15.0-1134 - 4.15.0-1134.150 linux-gcp-4.15-tools-4.15.0-1134 - 4.15.0-1134.150 linux-image-unsigned-4.15.0-1134-gcp - 4.15.0-1134.150 linux-headers-4.15.0-1134-gcp - 4.15.0-1134.150 No subscription required linux-snapdragon-tools-4.15.0-1135 - 4.15.0-1135.145 linux-modules-4.15.0-1135-snapdragon - 4.15.0-1135.145 linux-image-4.15.0-1135-snapdragon - 4.15.0-1135.145 linux-headers-4.15.0-1135-snapdragon - 4.15.0-1135.145 linux-tools-4.15.0-1135-snapdragon - 4.15.0-1135.145 linux-snapdragon-headers-4.15.0-1135 - 4.15.0-1135.145 linux-buildinfo-4.15.0-1135-snapdragon - 4.15.0-1135.145 No subscription required linux-tools-4.15.0-1139-aws - 4.15.0-1139.150 linux-aws-tools-4.15.0-1139 - 4.15.0-1139.150 linux-modules-4.15.0-1139-aws - 4.15.0-1139.150 linux-aws-cloud-tools-4.15.0-1139 - 4.15.0-1139.150 linux-image-4.15.0-1139-aws - 4.15.0-1139.150 linux-image-unsigned-4.15.0-1139-aws - 4.15.0-1139.150 linux-cloud-tools-4.15.0-1139-aws - 4.15.0-1139.150 linux-buildinfo-4.15.0-1139-aws - 4.15.0-1139.150 linux-aws-headers-4.15.0-1139 - 4.15.0-1139.150 linux-modules-extra-4.15.0-1139-aws - 4.15.0-1139.150 linux-headers-4.15.0-1139-aws - 4.15.0-1139.150 No subscription required linux-tools-4.15.0-1149-azure - 4.15.0-1149.164 linux-headers-4.15.0-1149-azure - 4.15.0-1149.164 linux-image-4.15.0-1149-azure - 4.15.0-1149.164 linux-buildinfo-4.15.0-1149-azure - 4.15.0-1149.164 linux-azure-4.15-tools-4.15.0-1149 - 4.15.0-1149.164 linux-azure-4.15-headers-4.15.0-1149 - 4.15.0-1149.164 linux-image-unsigned-4.15.0-1149-azure - 4.15.0-1149.164 linux-modules-4.15.0-1149-azure - 4.15.0-1149.164 linux-azure-4.15-cloud-tools-4.15.0-1149 - 4.15.0-1149.164 linux-modules-extra-4.15.0-1149-azure - 4.15.0-1149.164 linux-cloud-tools-4.15.0-1149-azure - 4.15.0-1149.164 No subscription required linux-headers-4.15.0-191-lowlatency - 4.15.0-191.202 linux-tools-common - 4.15.0-191.202 linux-modules-4.15.0-191-lowlatency - 4.15.0-191.202 linux-buildinfo-4.15.0-191-generic - 4.15.0-191.202 linux-tools-host - 4.15.0-191.202 linux-headers-4.15.0-191 - 4.15.0-191.202 linux-doc - 4.15.0-191.202 linux-modules-4.15.0-191-generic - 4.15.0-191.202 linux-image-unsigned-4.15.0-191-generic - 4.15.0-191.202 linux-tools-4.15.0-191 - 4.15.0-191.202 linux-modules-4.15.0-191-generic-lpae - 4.15.0-191.202 linux-tools-4.15.0-191-lowlatency - 4.15.0-191.202 linux-headers-4.15.0-191-generic - 4.15.0-191.202 linux-image-4.15.0-191-lowlatency - 4.15.0-191.202 linux-cloud-tools-4.15.0-191-generic - 4.15.0-191.202 linux-buildinfo-4.15.0-191-generic-lpae - 4.15.0-191.202 linux-cloud-tools-4.15.0-191 - 4.15.0-191.202 linux-tools-4.15.0-191-generic - 4.15.0-191.202 linux-tools-4.15.0-191-generic-lpae - 4.15.0-191.202 linux-buildinfo-4.15.0-191-lowlatency - 4.15.0-191.202 linux-cloud-tools-common - 4.15.0-191.202 linux-image-unsigned-4.15.0-191-lowlatency - 4.15.0-191.202 linux-libc-dev - 4.15.0-191.202 linux-modules-extra-4.15.0-191-generic - 4.15.0-191.202 linux-cloud-tools-4.15.0-191-lowlatency - 4.15.0-191.202 linux-source-4.15.0 - 4.15.0-191.202 linux-image-4.15.0-191-generic - 4.15.0-191.202 linux-headers-4.15.0-191-generic-lpae - 4.15.0-191.202 linux-image-4.15.0-191-generic-lpae - 4.15.0-191.202 No subscription required linux-tools-dell300x - 4.15.0.1051.51 linux-headers-dell300x - 4.15.0.1051.51 linux-image-dell300x - 4.15.0.1051.51 linux-dell300x - 4.15.0.1051.51 No subscription required linux-oracle-lts-18.04 - 4.15.0.1104.111 linux-image-oracle-lts-18.04 - 4.15.0.1104.111 linux-signed-image-oracle-lts-18.04 - 4.15.0.1104.111 linux-tools-oracle-lts-18.04 - 4.15.0.1104.111 linux-signed-oracle-lts-18.04 - 4.15.0.1104.111 linux-headers-oracle-lts-18.04 - 4.15.0.1104.111 No subscription required linux-raspi2 - 4.15.0.1117.114 linux-headers-raspi2 - 4.15.0.1117.114 linux-image-raspi2 - 4.15.0.1117.114 linux-tools-raspi2 - 4.15.0.1117.114 No subscription required linux-kvm - 4.15.0.1125.118 linux-headers-kvm - 4.15.0.1125.118 linux-tools-kvm - 4.15.0.1125.118 linux-image-kvm - 4.15.0.1125.118 No subscription required linux-gcp-lts-18.04 - 4.15.0.1134.150 linux-tools-gcp-lts-18.04 - 4.15.0.1134.150 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1134.150 linux-image-gcp-lts-18.04 - 4.15.0.1134.150 linux-headers-gcp-lts-18.04 - 4.15.0.1134.150 No subscription required linux-snapdragon - 4.15.0.1135.136 linux-headers-snapdragon - 4.15.0.1135.136 linux-tools-snapdragon - 4.15.0.1135.136 linux-image-snapdragon - 4.15.0.1135.136 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1139.139 linux-headers-aws-lts-18.04 - 4.15.0.1139.139 linux-aws-lts-18.04 - 4.15.0.1139.139 linux-modules-extra-aws-lts-18.04 - 4.15.0.1139.139 linux-tools-aws-lts-18.04 - 4.15.0.1139.139 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1149.119 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1149.119 linux-headers-azure-lts-18.04 - 4.15.0.1149.119 linux-signed-image-azure-lts-18.04 - 4.15.0.1149.119 linux-tools-azure-lts-18.04 - 4.15.0.1149.119 linux-azure-lts-18.04 - 4.15.0.1149.119 linux-signed-azure-lts-18.04 - 4.15.0.1149.119 linux-image-azure-lts-18.04 - 4.15.0.1149.119 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.191.176 linux-image-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-cloud-tools-virtual - 4.15.0.191.176 linux-headers-generic-lpae - 4.15.0.191.176 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-image-extra-virtual-hwe-16.04 - 4.15.0.191.176 linux-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-image-virtual - 4.15.0.191.176 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.191.176 linux-image-generic - 4.15.0.191.176 linux-tools-lowlatency - 4.15.0.191.176 linux-tools-generic-hwe-16.04-edge - 4.15.0.191.176 linux-headers-generic-hwe-16.04-edge - 4.15.0.191.176 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.191.176 linux-generic-lpae-hwe-16.04 - 4.15.0.191.176 linux-signed-generic-hwe-16.04-edge - 4.15.0.191.176 linux-image-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-generic-lpae-hwe-16.04-edge - 4.15.0.191.176 linux-signed-image-lowlatency - 4.15.0.191.176 linux-signed-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-crashdump - 4.15.0.191.176 linux-signed-image-generic - 4.15.0.191.176 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-lowlatency - 4.15.0.191.176 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.191.176 linux-source - 4.15.0.191.176 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.191.176 linux-tools-generic-lpae - 4.15.0.191.176 linux-cloud-tools-generic - 4.15.0.191.176 linux-generic-hwe-16.04-edge - 4.15.0.191.176 linux-virtual - 4.15.0.191.176 linux-headers-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-tools-virtual-hwe-16.04 - 4.15.0.191.176 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.191.176 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-tools-generic-hwe-16.04 - 4.15.0.191.176 linux-tools-virtual - 4.15.0.191.176 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-generic-lpae - 4.15.0.191.176 linux-image-extra-virtual - 4.15.0.191.176 linux-generic - 4.15.0.191.176 linux-signed-generic-hwe-16.04 - 4.15.0.191.176 linux-signed-image-generic-hwe-16.04 - 4.15.0.191.176 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.191.176 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-headers-lowlatency - 4.15.0.191.176 linux-headers-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-headers-generic-hwe-16.04 - 4.15.0.191.176 linux-generic-hwe-16.04 - 4.15.0.191.176 linux-tools-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-tools-generic - 4.15.0.191.176 linux-virtual-hwe-16.04 - 4.15.0.191.176 linux-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-cloud-tools-lowlatency - 4.15.0.191.176 linux-image-generic-hwe-16.04 - 4.15.0.191.176 linux-image-generic-hwe-16.04-edge - 4.15.0.191.176 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-image-virtual-hwe-16.04 - 4.15.0.191.176 linux-image-generic-lpae-hwe-16.04 - 4.15.0.191.176 linux-tools-lowlatency-hwe-16.04 - 4.15.0.191.176 linux-signed-generic - 4.15.0.191.176 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.191.176 linux-headers-generic - 4.15.0.191.176 linux-headers-virtual-hwe-16.04 - 4.15.0.191.176 linux-virtual-hwe-16.04-edge - 4.15.0.191.176 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.191.176 linux-headers-virtual - 4.15.0.191.176 linux-image-generic-lpae - 4.15.0.191.176 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.191.176 linux-signed-lowlatency - 4.15.0.191.176 linux-image-lowlatency - 4.15.0.191.176 No subscription required High CVE-2022-0494 CVE-2022-1048 CVE-2022-1195 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2586 CVE-2022-2588 CVE-2022-33981 CVE-2022-34918 Ubuntu 18.04 LTS Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2588) It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-2586) It was discovered that the block layer subsystem in the Linux kernel did not properly initialize memory in some situations. A privileged local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0494) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1734) Duoming Zhou discovered a race condition in the NFC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1974) Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not properly prevent context switches from occurring during certain atomic context operations. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2022-1975) Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-28893) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Update Instructions: Run `sudo pro fix USN-5562-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-modules-extra-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-ibm-5.4-headers-5.4.0-1031 - 5.4.0-1031.35~18.04.1 linux-image-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-image-unsigned-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-ibm-5.4-tools-5.4.0-1031 - 5.4.0-1031.35~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1031.35~18.04.1 linux-modules-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-tools-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1031.35~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1031.35~18.04.1 linux-buildinfo-5.4.0-1031-ibm - 5.4.0-1031.35~18.04.1 No subscription required linux-gkeop-5.4-headers-5.4.0-1051 - 5.4.0-1051.54~18.04.1 linux-gkeop-5.4-cloud-tools-5.4.0-1051 - 5.4.0-1051.54~18.04.1 linux-image-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-gkeop-5.4-tools-5.4.0-1051 - 5.4.0-1051.54~18.04.1 linux-cloud-tools-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-buildinfo-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-headers-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-modules-extra-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-tools-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-gkeop-5.4-source-5.4.0 - 5.4.0-1051.54~18.04.1 linux-image-unsigned-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 linux-modules-5.4.0-1051-gkeop - 5.4.0-1051.54~18.04.1 No subscription required linux-image-5.4.0-1068-raspi - 5.4.0-1068.78~18.04.1 linux-raspi-5.4-tools-5.4.0-1068 - 5.4.0-1068.78~18.04.1 linux-buildinfo-5.4.0-1068-raspi - 5.4.0-1068.78~18.04.1 linux-headers-5.4.0-1068-raspi - 5.4.0-1068.78~18.04.1 linux-tools-5.4.0-1068-raspi - 5.4.0-1068.78~18.04.1 linux-raspi-5.4-headers-5.4.0-1068 - 5.4.0-1068.78~18.04.1 linux-modules-5.4.0-1068-raspi - 5.4.0-1068.78~18.04.1 No subscription required linux-tools-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-headers-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-modules-extra-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-image-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-gke-5.4-tools-5.4.0-1080 - 5.4.0-1080.86~18.04.1 linux-buildinfo-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-image-unsigned-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 linux-gke-5.4-headers-5.4.0-1080 - 5.4.0-1080.86~18.04.1 linux-modules-5.4.0-1080-gke - 5.4.0-1080.86~18.04.1 No subscription required linux-buildinfo-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-tools-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-image-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-modules-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-headers-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-oracle-5.4-headers-5.4.0-1081 - 5.4.0-1081.89~18.04.1 linux-image-unsigned-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 linux-oracle-5.4-tools-5.4.0-1081 - 5.4.0-1081.89~18.04.1 linux-modules-extra-5.4.0-1081-oracle - 5.4.0-1081.89~18.04.1 No subscription required linux-image-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1083 - 5.4.0-1083.90~18.04.1 linux-tools-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-buildinfo-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-aws-5.4-tools-5.4.0-1083 - 5.4.0-1083.90~18.04.1 linux-modules-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-cloud-tools-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-headers-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-image-unsigned-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 linux-aws-5.4-headers-5.4.0-1083 - 5.4.0-1083.90~18.04.1 linux-modules-extra-5.4.0-1083-aws - 5.4.0-1083.90~18.04.1 No subscription required linux-image-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-modules-extra-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-gcp-5.4-headers-5.4.0-1086 - 5.4.0-1086.94~18.04.1 linux-tools-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-gcp-5.4-tools-5.4.0-1086 - 5.4.0-1086.94~18.04.1 linux-image-unsigned-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-buildinfo-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-modules-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 linux-headers-5.4.0-1086-gcp - 5.4.0-1086.94~18.04.1 No subscription required linux-buildinfo-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-tools-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-image-unsigned-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-azure-5.4-headers-5.4.0-1089 - 5.4.0-1089.94~18.04.1 linux-cloud-tools-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-modules-extra-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-azure-5.4-tools-5.4.0-1089 - 5.4.0-1089.94~18.04.1 linux-modules-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-headers-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1089 - 5.4.0-1089.94~18.04.1 linux-image-5.4.0-1089-azure - 5.4.0-1089.94~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-124.140~18.04.1 linux-image-unsigned-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-buildinfo-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-tools-5.4.0-124-generic-lpae - 5.4.0-124.140~18.04.1 linux-image-5.4.0-124-generic-lpae - 5.4.0-124.140~18.04.1 linux-tools-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-hwe-5.4-headers-5.4.0-124 - 5.4.0-124.140~18.04.1 linux-modules-extra-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-buildinfo-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-hwe-5.4-tools-5.4.0-124 - 5.4.0-124.140~18.04.1 linux-headers-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-image-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-124 - 5.4.0-124.140~18.04.1 linux-cloud-tools-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-cloud-tools-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-headers-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-modules-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-headers-5.4.0-124-generic-lpae - 5.4.0-124.140~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-124.140~18.04.1 linux-buildinfo-5.4.0-124-generic-lpae - 5.4.0-124.140~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-124.140~18.04.1 linux-image-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-tools-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 linux-modules-5.4.0-124-generic-lpae - 5.4.0-124.140~18.04.1 linux-modules-5.4.0-124-generic - 5.4.0-124.140~18.04.1 linux-image-unsigned-5.4.0-124-lowlatency - 5.4.0-124.140~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1031.45 linux-image-ibm - 5.4.0.1031.45 linux-tools-ibm-edge - 5.4.0.1031.45 linux-headers-ibm-edge - 5.4.0.1031.45 linux-modules-extra-ibm-edge - 5.4.0.1031.45 linux-ibm - 5.4.0.1031.45 linux-ibm-edge - 5.4.0.1031.45 linux-headers-ibm - 5.4.0.1031.45 linux-tools-ibm - 5.4.0.1031.45 linux-image-ibm-edge - 5.4.0.1031.45 No subscription required linux-cloud-tools-gkeop-5.4 - 5.4.0.1051.54~18.04.48 linux-gkeop-5.4 - 5.4.0.1051.54~18.04.48 linux-headers-gkeop-5.4 - 5.4.0.1051.54~18.04.48 linux-image-gkeop-5.4 - 5.4.0.1051.54~18.04.48 linux-tools-gkeop-5.4 - 5.4.0.1051.54~18.04.48 linux-modules-extra-gkeop-5.4 - 5.4.0.1051.54~18.04.48 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1068.68 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1068.68 linux-raspi-hwe-18.04 - 5.4.0.1068.68 linux-tools-raspi-hwe-18.04 - 5.4.0.1068.68 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1068.68 linux-image-raspi-hwe-18.04-edge - 5.4.0.1068.68 linux-raspi-hwe-18.04-edge - 5.4.0.1068.68 linux-headers-raspi-hwe-18.04 - 5.4.0.1068.68 No subscription required linux-headers-gke-5.4 - 5.4.0.1080.86~18.04.42 linux-tools-gke-5.4 - 5.4.0.1080.86~18.04.42 linux-modules-extra-gke-5.4 - 5.4.0.1080.86~18.04.42 linux-gke-5.4 - 5.4.0.1080.86~18.04.42 linux-image-gke-5.4 - 5.4.0.1080.86~18.04.42 No subscription required linux-headers-oracle - 5.4.0.1081.89~18.04.58 linux-tools-oracle - 5.4.0.1081.89~18.04.58 linux-signed-oracle-edge - 5.4.0.1081.89~18.04.58 linux-signed-image-oracle - 5.4.0.1081.89~18.04.58 linux-tools-oracle-edge - 5.4.0.1081.89~18.04.58 linux-signed-oracle - 5.4.0.1081.89~18.04.58 linux-oracle-edge - 5.4.0.1081.89~18.04.58 linux-image-oracle-edge - 5.4.0.1081.89~18.04.58 linux-oracle - 5.4.0.1081.89~18.04.58 linux-modules-extra-oracle - 5.4.0.1081.89~18.04.58 linux-signed-image-oracle-edge - 5.4.0.1081.89~18.04.58 linux-modules-extra-oracle-edge - 5.4.0.1081.89~18.04.58 linux-headers-oracle-edge - 5.4.0.1081.89~18.04.58 linux-image-oracle - 5.4.0.1081.89~18.04.58 No subscription required linux-headers-aws - 5.4.0.1083.63 linux-image-aws - 5.4.0.1083.63 linux-aws-edge - 5.4.0.1083.63 linux-aws - 5.4.0.1083.63 linux-modules-extra-aws-edge - 5.4.0.1083.63 linux-headers-aws-edge - 5.4.0.1083.63 linux-modules-extra-aws - 5.4.0.1083.63 linux-tools-aws - 5.4.0.1083.63 linux-tools-aws-edge - 5.4.0.1083.63 linux-image-aws-edge - 5.4.0.1083.63 No subscription required linux-image-gcp-edge - 5.4.0.1086.65 linux-tools-gcp-edge - 5.4.0.1086.65 linux-headers-gcp-edge - 5.4.0.1086.65 linux-modules-extra-gcp - 5.4.0.1086.65 linux-tools-gcp - 5.4.0.1086.65 linux-modules-extra-gcp-edge - 5.4.0.1086.65 linux-gcp - 5.4.0.1086.65 linux-headers-gcp - 5.4.0.1086.65 linux-image-gcp - 5.4.0.1086.65 linux-gcp-edge - 5.4.0.1086.65 No subscription required linux-signed-azure - 5.4.0.1089.66 linux-tools-azure-edge - 5.4.0.1089.66 linux-cloud-tools-azure - 5.4.0.1089.66 linux-tools-azure - 5.4.0.1089.66 linux-image-azure-edge - 5.4.0.1089.66 linux-cloud-tools-azure-edge - 5.4.0.1089.66 linux-modules-extra-azure - 5.4.0.1089.66 linux-azure - 5.4.0.1089.66 linux-signed-image-azure-edge - 5.4.0.1089.66 linux-headers-azure-edge - 5.4.0.1089.66 linux-azure-edge - 5.4.0.1089.66 linux-modules-extra-azure-edge - 5.4.0.1089.66 linux-signed-azure-edge - 5.4.0.1089.66 linux-signed-image-azure - 5.4.0.1089.66 linux-image-azure - 5.4.0.1089.66 linux-headers-azure - 5.4.0.1089.66 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-headers-snapdragon-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-generic-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-snapdragon-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-snapdragon-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-oem - 5.4.0.124.140~18.04.104 linux-tools-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-lowlatency-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-extra-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-lowlatency-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-oem-osp1 - 5.4.0.124.140~18.04.104 linux-snapdragon-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-generic-lpae-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-tools-lowlatency-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-generic-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-generic-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-tools-snapdragon-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-generic-lpae-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-tools-oem-osp1 - 5.4.0.124.140~18.04.104 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-oem - 5.4.0.124.140~18.04.104 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-tools-generic-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-generic-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-oem - 5.4.0.124.140~18.04.104 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-tools-oem - 5.4.0.124.140~18.04.104 linux-headers-oem-osp1 - 5.4.0.124.140~18.04.104 linux-tools-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-generic-lpae-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-tools-generic-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-oem-osp1 - 5.4.0.124.140~18.04.104 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-lowlatency-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-lowlatency-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-generic-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.124.140~18.04.104 linux-image-generic-hwe-18.04-edge - 5.4.0.124.140~18.04.104 linux-image-virtual-hwe-18.04-edge - 5.4.0.124.140~18.04.104 No subscription required High CVE-2022-0494 CVE-2022-1048 CVE-2022-1652 CVE-2022-1679 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-2586 CVE-2022-2588 CVE-2022-28893 CVE-2022-34918 Ubuntu 18.04 LTS It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data. Update Instructions: Run `sudo pro fix USN-5563-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhttp-parser2.7.1 - 2.7.1-2ubuntu0.1 libhttp-parser-dev - 2.7.1-2ubuntu0.1 No subscription required Medium CVE-2020-8287 Ubuntu 18.04 LTS Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked. Update Instructions: Run `sudo pro fix USN-5569-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.6.7-1ubuntu2.5 unbound - 1.6.7-1ubuntu2.5 python3-unbound - 1.6.7-1ubuntu2.5 python-unbound - 1.6.7-1ubuntu2.5 unbound-anchor - 1.6.7-1ubuntu2.5 unbound-host - 1.6.7-1ubuntu2.5 libunbound-dev - 1.6.7-1ubuntu2.5 No subscription required Medium CVE-2022-30698 CVE-2022-30699 Ubuntu 18.04 LTS Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5570-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32z1-dev - 1:1.2.11.dfsg-0ubuntu2.2 lib64z1 - 1:1.2.11.dfsg-0ubuntu2.2 libx32z1 - 1:1.2.11.dfsg-0ubuntu2.2 lib64z1-dev - 1:1.2.11.dfsg-0ubuntu2.2 lib32z1 - 1:1.2.11.dfsg-0ubuntu2.2 zlib1g - 1:1.2.11.dfsg-0ubuntu2.2 lib32z1-dev - 1:1.2.11.dfsg-0ubuntu2.2 zlib1g-dev - 1:1.2.11.dfsg-0ubuntu2.2 No subscription required Medium CVE-2022-37434 Ubuntu 18.04 LTS Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated. Update Instructions: Run `sudo pro fix USN-5571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.22-0ubuntu0.18.04.1 postgresql-10 - 10.22-0ubuntu0.18.04.1 libecpg6 - 10.22-0ubuntu0.18.04.1 libpq5 - 10.22-0ubuntu0.18.04.1 libpgtypes3 - 10.22-0ubuntu0.18.04.1 postgresql-pltcl-10 - 10.22-0ubuntu0.18.04.1 postgresql-plperl-10 - 10.22-0ubuntu0.18.04.1 libecpg-dev - 10.22-0ubuntu0.18.04.1 postgresql-plpython3-10 - 10.22-0ubuntu0.18.04.1 libpq-dev - 10.22-0ubuntu0.18.04.1 postgresql-plpython-10 - 10.22-0ubuntu0.18.04.1 postgresql-doc-10 - 10.22-0ubuntu0.18.04.1 postgresql-client-10 - 10.22-0ubuntu0.18.04.1 libecpg-compat3 - 10.22-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-2625 Ubuntu 18.04 LTS Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5573-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.2-2.1ubuntu1.5 No subscription required Medium CVE-2022-37434 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5574-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.9 eximon4 - 4.90.1-1ubuntu1.9 exim4 - 4.90.1-1ubuntu1.9 exim4-daemon-light - 4.90.1-1ubuntu1.9 exim4-config - 4.90.1-1ubuntu1.9 exim4-daemon-heavy - 4.90.1-1ubuntu1.9 exim4-base - 4.90.1-1ubuntu1.9 No subscription required Medium CVE-2022-37452 Ubuntu 18.04 LTS Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Update Instructions: Run `sudo pro fix USN-5575-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxslt1 - 1.1.29-5ubuntu0.3 libxslt1-dev - 1.1.29-5ubuntu0.3 libxslt1.1 - 1.1.29-5ubuntu0.3 xsltproc - 1.1.29-5ubuntu0.3 No subscription required Medium CVE-2019-5815 CVE-2021-30560 Ubuntu 18.04 LTS It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine. Update Instructions: Run `sudo pro fix USN-5578-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:11.0.5-4ubuntu0.18.04.2 open-vm-tools-desktop - 2:11.0.5-4ubuntu0.18.04.2 open-vm-tools-dev - 2:11.0.5-4ubuntu0.18.04.2 No subscription required Medium CVE-2022-31676 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5581-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-szl - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 104.0+build3-0ubuntu0.18.04.1 firefox - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 104.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 104.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 104.0+build3-0ubuntu0.18.04.1 firefox-dev - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 104.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 104.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-38472 CVE-2022-38473 CVE-2022-38475 CVE-2022-38477 CVE-2022-38478 Ubuntu 18.04 LTS It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-2526) Update Instructions: Run `sudo pro fix USN-5583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.54 systemd-coredump - 237-3ubuntu10.54 systemd - 237-3ubuntu10.54 libsystemd0 - 237-3ubuntu10.54 systemd-container - 237-3ubuntu10.54 libnss-myhostname - 237-3ubuntu10.54 libudev1 - 237-3ubuntu10.54 libsystemd-dev - 237-3ubuntu10.54 libnss-systemd - 237-3ubuntu10.54 systemd-journal-remote - 237-3ubuntu10.54 libpam-systemd - 237-3ubuntu10.54 libnss-mymachines - 237-3ubuntu10.54 libnss-resolve - 237-3ubuntu10.54 systemd-sysv - 237-3ubuntu10.54 udev - 237-3ubuntu10.54 libudev-dev - 237-3ubuntu10.54 No subscription required Medium CVE-2022-2526 Ubuntu 18.04 LTS USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-2526) Update Instructions: Run `sudo pro fix USN-5583-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.56 systemd-coredump - 237-3ubuntu10.56 systemd - 237-3ubuntu10.56 libsystemd0 - 237-3ubuntu10.56 systemd-container - 237-3ubuntu10.56 libnss-myhostname - 237-3ubuntu10.56 libudev1 - 237-3ubuntu10.56 libsystemd-dev - 237-3ubuntu10.56 libnss-systemd - 237-3ubuntu10.56 systemd-journal-remote - 237-3ubuntu10.56 libpam-systemd - 237-3ubuntu10.56 libnss-mymachines - 237-3ubuntu10.56 libnss-resolve - 237-3ubuntu10.56 systemd-sysv - 237-3ubuntu10.56 udev - 237-3ubuntu10.56 libudev-dev - 237-3ubuntu10.56 No subscription required Medium CVE-2022-2526 https://launchpad.net/bugs/1988119 Ubuntu 18.04 LTS It was discovered that Schroot incorrectly handled certain Schroot names. An attacker could possibly use this issue to break schroot's internal state causing a denial of service. Update Instructions: Run `sudo pro fix USN-5584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: schroot - 1.6.10-4ubuntu0.1 schroot-common - 1.6.10-4ubuntu0.1 No subscription required Medium CVE-2022-2787 Ubuntu 18.04 LTS It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting (XSS) attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19351) It was discovered that Jupyter Notebook incorrectly handled certain SVG documents. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-21030) It was discovered that Jupyter Notebook incorrectly filtered certain URLs on the login page. An attacker could possibly use this issue to perform open-redirect attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-10255) It was discovered that Jupyter Notebook had an incomplete fix for CVE-2019-10255. An attacker could possibly use this issue to perform open-redirect attack using empty netloc. (CVE-2019-10856) It was discovered that Jupyter Notebook incorrectly handled the inclusion of remote pages on Jupyter server. An attacker could possibly use this issue to perform cross-site script inclusion (XSSI) attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-9644) It was discovered that Jupyter Notebook incorrectly filtered certain URLs to a notebook. An attacker could possibly use this issue to perform open-redirect attack. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-26215) It was discovered that Jupyter Notebook server access logs were not protected. An attacker having access to the notebook server could possibly use this issue to get access to steal sensitive information such as auth/cookies. (CVE-2022-24758) It was discovered that Jupyter Notebook incorrectly configured hidden files on the server. An authenticated attacker could possibly use this issue to see unwanted sensitive hidden files from the server which may result in getting full access to the server. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29238) Update Instructions: Run `sudo pro fix USN-5585-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-notebook - 5.2.2-1ubuntu0.1 python-notebook-doc - 5.2.2-1ubuntu0.1 python-notebook - 5.2.2-1ubuntu0.1 jupyter-notebook - 5.2.2-1ubuntu0.1 No subscription required Medium CVE-2018-19351 CVE-2018-21030 CVE-2019-10255 CVE-2019-10856 CVE-2019-9644 CVE-2020-26215 CVE-2022-24758 CVE-2022-29238 Ubuntu 18.04 LTS Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update Instructions: Run `sudo pro fix USN-5587-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.20 libcurl4-openssl-dev - 7.58.0-2ubuntu3.20 libcurl3-gnutls - 7.58.0-2ubuntu3.20 libcurl4-doc - 7.58.0-2ubuntu3.20 libcurl3-nss - 7.58.0-2ubuntu3.20 libcurl4-nss-dev - 7.58.0-2ubuntu3.20 libcurl4 - 7.58.0-2ubuntu3.20 curl - 7.58.0-2ubuntu3.20 No subscription required Low CVE-2022-35252 Ubuntu 18.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5591-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1052-dell300x - 4.15.0-1052.57 linux-dell300x-headers-4.15.0-1052 - 4.15.0-1052.57 linux-tools-4.15.0-1052-dell300x - 4.15.0-1052.57 linux-headers-4.15.0-1052-dell300x - 4.15.0-1052.57 linux-image-unsigned-4.15.0-1052-dell300x - 4.15.0-1052.57 linux-dell300x-tools-4.15.0-1052 - 4.15.0-1052.57 linux-buildinfo-4.15.0-1052-dell300x - 4.15.0-1052.57 linux-image-4.15.0-1052-dell300x - 4.15.0-1052.57 No subscription required linux-kvm-headers-4.15.0-1126 - 4.15.0-1126.131 linux-modules-4.15.0-1126-kvm - 4.15.0-1126.131 linux-headers-4.15.0-1126-kvm - 4.15.0-1126.131 linux-buildinfo-4.15.0-1126-kvm - 4.15.0-1126.131 linux-image-4.15.0-1126-kvm - 4.15.0-1126.131 linux-tools-4.15.0-1126-kvm - 4.15.0-1126.131 linux-kvm-tools-4.15.0-1126 - 4.15.0-1126.131 No subscription required linux-image-4.15.0-1135-gcp - 4.15.0-1135.151 linux-buildinfo-4.15.0-1135-gcp - 4.15.0-1135.151 linux-modules-extra-4.15.0-1135-gcp - 4.15.0-1135.151 linux-headers-4.15.0-1135-gcp - 4.15.0-1135.151 linux-modules-4.15.0-1135-gcp - 4.15.0-1135.151 linux-gcp-4.15-tools-4.15.0-1135 - 4.15.0-1135.151 linux-image-unsigned-4.15.0-1135-gcp - 4.15.0-1135.151 linux-gcp-4.15-headers-4.15.0-1135 - 4.15.0-1135.151 linux-tools-4.15.0-1135-gcp - 4.15.0-1135.151 No subscription required linux-buildinfo-4.15.0-1136-snapdragon - 4.15.0-1136.146 linux-modules-4.15.0-1136-snapdragon - 4.15.0-1136.146 linux-snapdragon-headers-4.15.0-1136 - 4.15.0-1136.146 linux-tools-4.15.0-1136-snapdragon - 4.15.0-1136.146 linux-headers-4.15.0-1136-snapdragon - 4.15.0-1136.146 linux-image-4.15.0-1136-snapdragon - 4.15.0-1136.146 linux-snapdragon-tools-4.15.0-1136 - 4.15.0-1136.146 No subscription required linux-buildinfo-4.15.0-1150-azure - 4.15.0-1150.165 linux-azure-4.15-tools-4.15.0-1150 - 4.15.0-1150.165 linux-headers-4.15.0-1150-azure - 4.15.0-1150.165 linux-tools-4.15.0-1150-azure - 4.15.0-1150.165 linux-image-unsigned-4.15.0-1150-azure - 4.15.0-1150.165 linux-modules-4.15.0-1150-azure - 4.15.0-1150.165 linux-azure-4.15-headers-4.15.0-1150 - 4.15.0-1150.165 linux-azure-4.15-cloud-tools-4.15.0-1150 - 4.15.0-1150.165 linux-cloud-tools-4.15.0-1150-azure - 4.15.0-1150.165 linux-image-4.15.0-1150-azure - 4.15.0-1150.165 linux-modules-extra-4.15.0-1150-azure - 4.15.0-1150.165 No subscription required linux-tools-common - 4.15.0-192.203 linux-headers-4.15.0-192-generic - 4.15.0-192.203 linux-cloud-tools-4.15.0-192-generic - 4.15.0-192.203 linux-modules-4.15.0-192-generic-lpae - 4.15.0-192.203 linux-tools-host - 4.15.0-192.203 linux-headers-4.15.0-192 - 4.15.0-192.203 linux-cloud-tools-4.15.0-192-lowlatency - 4.15.0-192.203 linux-buildinfo-4.15.0-192-generic - 4.15.0-192.203 linux-buildinfo-4.15.0-192-lowlatency - 4.15.0-192.203 linux-tools-4.15.0-192 - 4.15.0-192.203 linux-modules-extra-4.15.0-192-generic - 4.15.0-192.203 linux-libc-dev - 4.15.0-192.203 linux-cloud-tools-4.15.0-192 - 4.15.0-192.203 linux-image-unsigned-4.15.0-192-lowlatency - 4.15.0-192.203 linux-tools-4.15.0-192-lowlatency - 4.15.0-192.203 linux-image-unsigned-4.15.0-192-generic - 4.15.0-192.203 linux-image-4.15.0-192-lowlatency - 4.15.0-192.203 linux-headers-4.15.0-192-generic-lpae - 4.15.0-192.203 linux-modules-4.15.0-192-lowlatency - 4.15.0-192.203 linux-image-4.15.0-192-generic-lpae - 4.15.0-192.203 linux-doc - 4.15.0-192.203 linux-cloud-tools-common - 4.15.0-192.203 linux-headers-4.15.0-192-lowlatency - 4.15.0-192.203 linux-tools-4.15.0-192-generic - 4.15.0-192.203 linux-buildinfo-4.15.0-192-generic-lpae - 4.15.0-192.203 linux-image-4.15.0-192-generic - 4.15.0-192.203 linux-modules-4.15.0-192-generic - 4.15.0-192.203 linux-source-4.15.0 - 4.15.0-192.203 linux-tools-4.15.0-192-generic-lpae - 4.15.0-192.203 No subscription required linux-headers-dell300x - 4.15.0.1052.52 linux-image-dell300x - 4.15.0.1052.52 linux-tools-dell300x - 4.15.0.1052.52 linux-dell300x - 4.15.0.1052.52 No subscription required linux-kvm - 4.15.0.1126.119 linux-headers-kvm - 4.15.0.1126.119 linux-image-kvm - 4.15.0.1126.119 linux-tools-kvm - 4.15.0.1126.119 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1135.151 linux-headers-gcp-lts-18.04 - 4.15.0.1135.151 linux-gcp-lts-18.04 - 4.15.0.1135.151 linux-tools-gcp-lts-18.04 - 4.15.0.1135.151 linux-image-gcp-lts-18.04 - 4.15.0.1135.151 No subscription required linux-headers-snapdragon - 4.15.0.1136.137 linux-tools-snapdragon - 4.15.0.1136.137 linux-snapdragon - 4.15.0.1136.137 linux-image-snapdragon - 4.15.0.1136.137 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1150.120 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1150.120 linux-tools-azure-lts-18.04 - 4.15.0.1150.120 linux-headers-azure-lts-18.04 - 4.15.0.1150.120 linux-signed-image-azure-lts-18.04 - 4.15.0.1150.120 linux-azure-lts-18.04 - 4.15.0.1150.120 linux-signed-azure-lts-18.04 - 4.15.0.1150.120 linux-image-azure-lts-18.04 - 4.15.0.1150.120 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-cloud-tools-virtual - 4.15.0.192.177 linux-headers-generic-lpae - 4.15.0.192.177 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-image-extra-virtual-hwe-16.04 - 4.15.0.192.177 linux-image-virtual - 4.15.0.192.177 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.192.177 linux-signed-lowlatency - 4.15.0.192.177 linux-image-generic - 4.15.0.192.177 linux-tools-lowlatency - 4.15.0.192.177 linux-headers-generic-hwe-16.04-edge - 4.15.0.192.177 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.192.177 linux-generic-lpae-hwe-16.04 - 4.15.0.192.177 linux-signed-generic-hwe-16.04-edge - 4.15.0.192.177 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-image-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-generic-lpae-hwe-16.04-edge - 4.15.0.192.177 linux-signed-image-lowlatency - 4.15.0.192.177 linux-signed-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-crashdump - 4.15.0.192.177 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.192.177 linux-source - 4.15.0.192.177 linux-signed-image-generic - 4.15.0.192.177 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.192.177 linux-tools-generic-lpae - 4.15.0.192.177 linux-cloud-tools-generic - 4.15.0.192.177 linux-virtual - 4.15.0.192.177 linux-headers-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-tools-virtual-hwe-16.04 - 4.15.0.192.177 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.192.177 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-tools-generic-hwe-16.04 - 4.15.0.192.177 linux-tools-virtual - 4.15.0.192.177 linux-image-generic-lpae - 4.15.0.192.177 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-generic-lpae - 4.15.0.192.177 linux-generic - 4.15.0.192.177 linux-signed-generic-hwe-16.04 - 4.15.0.192.177 linux-signed-image-generic-hwe-16.04 - 4.15.0.192.177 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.192.177 linux-generic-hwe-16.04-edge - 4.15.0.192.177 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-headers-lowlatency - 4.15.0.192.177 linux-headers-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-headers-generic-hwe-16.04 - 4.15.0.192.177 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-generic-hwe-16.04 - 4.15.0.192.177 linux-tools-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-tools-generic - 4.15.0.192.177 linux-virtual-hwe-16.04 - 4.15.0.192.177 linux-image-extra-virtual - 4.15.0.192.177 linux-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-cloud-tools-lowlatency - 4.15.0.192.177 linux-image-generic-hwe-16.04 - 4.15.0.192.177 linux-image-generic-hwe-16.04-edge - 4.15.0.192.177 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-image-generic-lpae-hwe-16.04 - 4.15.0.192.177 linux-virtual-hwe-16.04-edge - 4.15.0.192.177 linux-tools-lowlatency-hwe-16.04 - 4.15.0.192.177 linux-signed-generic - 4.15.0.192.177 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.192.177 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.192.177 linux-headers-generic - 4.15.0.192.177 linux-headers-virtual-hwe-16.04 - 4.15.0.192.177 linux-image-virtual-hwe-16.04 - 4.15.0.192.177 linux-headers-virtual - 4.15.0.192.177 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.192.177 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.192.177 linux-tools-generic-hwe-16.04-edge - 4.15.0.192.177 linux-lowlatency - 4.15.0.192.177 linux-image-lowlatency - 4.15.0.192.177 No subscription required Medium CVE-2021-33656 Ubuntu 18.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5591-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-tools-4.15.0-1140 - 4.15.0-1140.151 linux-modules-4.15.0-1140-aws - 4.15.0-1140.151 linux-modules-extra-4.15.0-1140-aws - 4.15.0-1140.151 linux-buildinfo-4.15.0-1140-aws - 4.15.0-1140.151 linux-aws-headers-4.15.0-1140 - 4.15.0-1140.151 linux-tools-4.15.0-1140-aws - 4.15.0-1140.151 linux-image-unsigned-4.15.0-1140-aws - 4.15.0-1140.151 linux-aws-cloud-tools-4.15.0-1140 - 4.15.0-1140.151 linux-headers-4.15.0-1140-aws - 4.15.0-1140.151 linux-image-4.15.0-1140-aws - 4.15.0-1140.151 linux-cloud-tools-4.15.0-1140-aws - 4.15.0-1140.151 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1140.140 linux-tools-aws-lts-18.04 - 4.15.0.1140.140 linux-modules-extra-aws-lts-18.04 - 4.15.0.1140.140 linux-headers-aws-lts-18.04 - 4.15.0.1140.140 linux-aws-lts-18.04 - 4.15.0.1140.140 No subscription required Medium CVE-2021-33656 Ubuntu 18.04 LTS Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Update Instructions: Run `sudo pro fix USN-5592-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-tools-5.4.0-1032 - 5.4.0-1032.36~18.04.1 linux-tools-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-modules-extra-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1032.36~18.04.1 linux-image-unsigned-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-headers-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1032.36~18.04.1 linux-buildinfo-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1032.36~18.04.1 linux-image-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 linux-ibm-5.4-headers-5.4.0-1032 - 5.4.0-1032.36~18.04.1 linux-modules-5.4.0-1032-ibm - 5.4.0-1032.36~18.04.1 No subscription required linux-oracle-5.4-tools-5.4.0-1082 - 5.4.0-1082.90~18.04.1 linux-oracle-5.4-headers-5.4.0-1082 - 5.4.0-1082.90~18.04.1 linux-modules-extra-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-buildinfo-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-tools-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-image-unsigned-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-modules-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-image-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 linux-headers-5.4.0-1082-oracle - 5.4.0-1082.90~18.04.1 No subscription required linux-tools-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-image-unsigned-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-headers-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-modules-extra-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-gcp-5.4-headers-5.4.0-1087 - 5.4.0-1087.95~18.04.1 linux-modules-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-buildinfo-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 linux-gcp-5.4-tools-5.4.0-1087 - 5.4.0-1087.95~18.04.1 linux-image-5.4.0-1087-gcp - 5.4.0-1087.95~18.04.1 No subscription required linux-ibm - 5.4.0.1032.46 linux-tools-ibm - 5.4.0.1032.46 linux-ibm-edge - 5.4.0.1032.46 linux-headers-ibm-edge - 5.4.0.1032.46 linux-image-ibm - 5.4.0.1032.46 linux-headers-ibm - 5.4.0.1032.46 linux-modules-extra-ibm - 5.4.0.1032.46 linux-modules-extra-ibm-edge - 5.4.0.1032.46 linux-tools-ibm-edge - 5.4.0.1032.46 linux-image-ibm-edge - 5.4.0.1032.46 No subscription required linux-modules-extra-oracle - 5.4.0.1082.90~18.04.59 linux-signed-oracle-edge - 5.4.0.1082.90~18.04.59 linux-headers-oracle - 5.4.0.1082.90~18.04.59 linux-headers-oracle-edge - 5.4.0.1082.90~18.04.59 linux-tools-oracle - 5.4.0.1082.90~18.04.59 linux-image-oracle - 5.4.0.1082.90~18.04.59 linux-tools-oracle-edge - 5.4.0.1082.90~18.04.59 linux-signed-image-oracle-edge - 5.4.0.1082.90~18.04.59 linux-oracle - 5.4.0.1082.90~18.04.59 linux-signed-oracle - 5.4.0.1082.90~18.04.59 linux-oracle-edge - 5.4.0.1082.90~18.04.59 linux-modules-extra-oracle-edge - 5.4.0.1082.90~18.04.59 linux-signed-image-oracle - 5.4.0.1082.90~18.04.59 linux-image-oracle-edge - 5.4.0.1082.90~18.04.59 No subscription required linux-tools-gcp-edge - 5.4.0.1087.66 linux-tools-gcp - 5.4.0.1087.66 linux-modules-extra-gcp-edge - 5.4.0.1087.66 linux-gcp - 5.4.0.1087.66 linux-headers-gcp - 5.4.0.1087.66 linux-headers-gcp-edge - 5.4.0.1087.66 linux-image-gcp-edge - 5.4.0.1087.66 linux-image-gcp - 5.4.0.1087.66 linux-modules-extra-gcp - 5.4.0.1087.66 linux-gcp-edge - 5.4.0.1087.66 No subscription required Medium CVE-2021-33061 CVE-2021-33656 Ubuntu 18.04 LTS Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Update Instructions: Run `sudo pro fix USN-5595-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-5.4-headers-5.4.0-1084 - 5.4.0-1084.91~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1084 - 5.4.0-1084.91~18.04.1 linux-modules-extra-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-cloud-tools-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-headers-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-aws-5.4-tools-5.4.0-1084 - 5.4.0-1084.91~18.04.1 linux-modules-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-image-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-buildinfo-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-tools-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 linux-image-unsigned-5.4.0-1084-aws - 5.4.0-1084.91~18.04.1 No subscription required linux-image-unsigned-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-azure-5.4-tools-5.4.0-1090 - 5.4.0-1090.95~18.04.1 linux-azure-5.4-headers-5.4.0-1090 - 5.4.0-1090.95~18.04.1 linux-headers-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-image-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-tools-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1090 - 5.4.0-1090.95~18.04.1 linux-cloud-tools-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-buildinfo-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-modules-extra-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 linux-modules-5.4.0-1090-azure - 5.4.0-1090.95~18.04.1 No subscription required linux-modules-extra-aws - 5.4.0.1084.64 linux-modules-extra-aws-edge - 5.4.0.1084.64 linux-headers-aws - 5.4.0.1084.64 linux-headers-aws-edge - 5.4.0.1084.64 linux-aws-edge - 5.4.0.1084.64 linux-tools-aws-edge - 5.4.0.1084.64 linux-aws - 5.4.0.1084.64 linux-image-aws - 5.4.0.1084.64 linux-image-aws-edge - 5.4.0.1084.64 linux-tools-aws - 5.4.0.1084.64 No subscription required linux-signed-azure - 5.4.0.1090.67 linux-tools-azure-edge - 5.4.0.1090.67 linux-azure - 5.4.0.1090.67 linux-signed-image-azure-edge - 5.4.0.1090.67 linux-image-azure - 5.4.0.1090.67 linux-cloud-tools-azure - 5.4.0.1090.67 linux-cloud-tools-azure-edge - 5.4.0.1090.67 linux-tools-azure - 5.4.0.1090.67 linux-headers-azure-edge - 5.4.0.1090.67 linux-image-azure-edge - 5.4.0.1090.67 linux-headers-azure - 5.4.0.1090.67 linux-modules-extra-azure - 5.4.0.1090.67 linux-azure-edge - 5.4.0.1090.67 linux-modules-extra-azure-edge - 5.4.0.1090.67 linux-signed-azure-edge - 5.4.0.1090.67 linux-signed-image-azure - 5.4.0.1090.67 No subscription required Medium CVE-2021-33061 CVE-2021-33656 Ubuntu 18.04 LTS It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5598-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1105-oracle - 4.15.0-1105.116 linux-tools-4.15.0-1105-oracle - 4.15.0-1105.116 linux-oracle-tools-4.15.0-1105 - 4.15.0-1105.116 linux-modules-extra-4.15.0-1105-oracle - 4.15.0-1105.116 linux-modules-4.15.0-1105-oracle - 4.15.0-1105.116 linux-buildinfo-4.15.0-1105-oracle - 4.15.0-1105.116 linux-image-4.15.0-1105-oracle - 4.15.0-1105.116 linux-headers-4.15.0-1105-oracle - 4.15.0-1105.116 linux-oracle-headers-4.15.0-1105 - 4.15.0-1105.116 No subscription required linux-headers-oracle-lts-18.04 - 4.15.0.1105.112 linux-signed-image-oracle-lts-18.04 - 4.15.0.1105.112 linux-tools-oracle-lts-18.04 - 4.15.0.1105.112 linux-image-oracle-lts-18.04 - 4.15.0.1105.112 linux-signed-oracle-lts-18.04 - 4.15.0.1105.112 linux-oracle-lts-18.04 - 4.15.0.1105.112 No subscription required Medium CVE-2021-33656 Ubuntu 18.04 LTS Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Update Instructions: Run `sudo pro fix USN-5600-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-125.141~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-125 - 5.4.0-125.141~18.04.1 linux-cloud-tools-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-headers-5.4.0-125-generic-lpae - 5.4.0-125.141~18.04.1 linux-headers-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-modules-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-tools-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-image-5.4.0-125-generic-lpae - 5.4.0-125.141~18.04.1 linux-cloud-tools-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-modules-5.4.0-125-generic-lpae - 5.4.0-125.141~18.04.1 linux-hwe-5.4-headers-5.4.0-125 - 5.4.0-125.141~18.04.1 linux-image-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-125.141~18.04.1 linux-modules-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-image-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-tools-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-headers-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-buildinfo-5.4.0-125-generic-lpae - 5.4.0-125.141~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-125.141~18.04.1 linux-buildinfo-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-image-unsigned-5.4.0-125-generic - 5.4.0-125.141~18.04.1 linux-hwe-5.4-tools-5.4.0-125 - 5.4.0-125.141~18.04.1 linux-image-unsigned-5.4.0-125-lowlatency - 5.4.0-125.141~18.04.1 linux-tools-5.4.0-125-generic-lpae - 5.4.0-125.141~18.04.1 linux-buildinfo-5.4.0-125-generic - 5.4.0-125.141~18.04.1 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-image-extra-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-lowlatency-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-headers-lowlatency-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-oem-osp1 - 5.4.0.125.141~18.04.105 linux-headers-oem-osp1 - 5.4.0.125.141~18.04.105 linux-headers-snapdragon-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-generic-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-oem - 5.4.0.125.141~18.04.105 linux-generic-lpae-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-snapdragon-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-headers-oem - 5.4.0.125.141~18.04.105 linux-image-generic-lpae-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-headers-generic-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-generic-lpae-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-generic-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-headers-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-lowlatency-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-headers-generic-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-oem-osp1 - 5.4.0.125.141~18.04.105 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-tools-oem-osp1 - 5.4.0.125.141~18.04.105 linux-image-lowlatency-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-snapdragon-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-tools-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-generic-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-image-oem - 5.4.0.125.141~18.04.105 linux-generic-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-lowlatency-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-generic-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-tools-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-generic-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-snapdragon-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.125.141~18.04.105 linux-oem - 5.4.0.125.141~18.04.105 linux-headers-virtual-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-snapdragon-hwe-18.04 - 5.4.0.125.141~18.04.105 linux-image-virtual-hwe-18.04-edge - 5.4.0.125.141~18.04.105 No subscription required Medium CVE-2021-33061 CVE-2021-33656 Ubuntu 18.04 LTS Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Update Instructions: Run `sudo pro fix USN-5603-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1069-raspi - 5.4.0-1069.79~18.04.1 linux-raspi-5.4-tools-5.4.0-1069 - 5.4.0-1069.79~18.04.1 linux-buildinfo-5.4.0-1069-raspi - 5.4.0-1069.79~18.04.1 linux-tools-5.4.0-1069-raspi - 5.4.0-1069.79~18.04.1 linux-raspi-5.4-headers-5.4.0-1069 - 5.4.0-1069.79~18.04.1 linux-modules-5.4.0-1069-raspi - 5.4.0-1069.79~18.04.1 linux-image-5.4.0-1069-raspi - 5.4.0-1069.79~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1069.69 linux-tools-raspi-hwe-18.04 - 5.4.0.1069.69 linux-image-raspi-hwe-18.04 - 5.4.0.1069.69 linux-raspi-hwe-18.04-edge - 5.4.0.1069.69 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1069.69 linux-headers-raspi-hwe-18.04 - 5.4.0.1069.69 linux-raspi-hwe-18.04 - 5.4.0.1069.69 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1069.69 No subscription required Medium CVE-2021-33061 CVE-2021-33656 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5606-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.13 libpoppler-cpp-dev - 0.62.0-2ubuntu2.13 libpoppler-glib-doc - 0.62.0-2ubuntu2.13 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.13 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.13 libpoppler-glib8 - 0.62.0-2ubuntu2.13 libpoppler-private-dev - 0.62.0-2ubuntu2.13 libpoppler-glib-dev - 0.62.0-2ubuntu2.13 libpoppler-dev - 0.62.0-2ubuntu2.13 libpoppler-qt5-dev - 0.62.0-2ubuntu2.13 libpoppler-qt5-1 - 0.62.0-2ubuntu2.13 poppler-utils - 0.62.0-2ubuntu2.13 No subscription required Medium CVE-2022-38784 Ubuntu 18.04 LTS USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5606-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpoppler73 - 0.62.0-2ubuntu2.14 libpoppler-cpp-dev - 0.62.0-2ubuntu2.14 libpoppler-glib-doc - 0.62.0-2ubuntu2.14 gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.14 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.14 libpoppler-glib8 - 0.62.0-2ubuntu2.14 libpoppler-private-dev - 0.62.0-2ubuntu2.14 libpoppler-glib-dev - 0.62.0-2ubuntu2.14 libpoppler-dev - 0.62.0-2ubuntu2.14 libpoppler-qt5-dev - 0.62.0-2ubuntu2.14 libpoppler-qt5-1 - 0.62.0-2ubuntu2.14 poppler-utils - 0.62.0-2ubuntu2.14 No subscription required None https://launchpad.net/bugs/1989515 Ubuntu 18.04 LTS It was discovered that DPDK incorrectly handled certain Vhost headers. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5608-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librte-pmd-thunderx-nicvf17.11 - 17.11.10-0ubuntu0.2 dpdk-igb-uio-dkms - 17.11.10-0ubuntu0.2 librte-pmd-softnic17.11 - 17.11.10-0ubuntu0.2 librte-timer17.11 - 17.11.10-0ubuntu0.2 librte-pmd-nfp17.11 - 17.11.10-0ubuntu0.2 librte-pmd-sw-event17.11 - 17.11.10-0ubuntu0.2 librte-pmd-fm10k17.11 - 17.11.10-0ubuntu0.2 librte-pmd-bond17.11 - 17.11.10-0ubuntu0.2 librte-bitratestats17.11 - 17.11.10-0ubuntu0.2 librte-flow-classify17.11 - 17.11.10-0ubuntu0.2 librte-ring17.11 - 17.11.10-0ubuntu0.2 librte-pmd-sfc-efx17.11 - 17.11.10-0ubuntu0.2 librte-bus-pci17.11 - 17.11.10-0ubuntu0.2 dpdk-doc - 17.11.10-0ubuntu0.2 librte-distributor17.11 - 17.11.10-0ubuntu0.2 librte-pmd-pcap17.11 - 17.11.10-0ubuntu0.2 librte-net17.11 - 17.11.10-0ubuntu0.2 librte-ip-frag17.11 - 17.11.10-0ubuntu0.2 librte-jobstats17.11 - 17.11.10-0ubuntu0.2 librte-vhost17.11 - 17.11.10-0ubuntu0.2 dpdk-dev - 17.11.10-0ubuntu0.2 librte-member17.11 - 17.11.10-0ubuntu0.2 librte-pmd-e1000-17.11 - 17.11.10-0ubuntu0.2 librte-pmd-af-packet17.11 - 17.11.10-0ubuntu0.2 librte-pipeline17.11 - 17.11.10-0ubuntu0.2 librte-mempool-octeontx17.11 - 17.11.10-0ubuntu0.2 librte-pmd-crypto-scheduler17.11 - 17.11.10-0ubuntu0.2 librte-pmd-avp17.11 - 17.11.10-0ubuntu0.2 dpdk-rte-kni-dkms - 17.11.10-0ubuntu0.2 librte-latencystats17.11 - 17.11.10-0ubuntu0.2 librte-port17.11 - 17.11.10-0ubuntu0.2 librte-pmd-ixgbe17.11 - 17.11.10-0ubuntu0.2 librte-cryptodev17.11 - 17.11.10-0ubuntu0.2 librte-cmdline17.11 - 17.11.10-0ubuntu0.2 librte-pmd-lio17.11 - 17.11.10-0ubuntu0.2 librte-bus-vdev17.11 - 17.11.10-0ubuntu0.2 librte-pdump17.11 - 17.11.10-0ubuntu0.2 librte-pmd-skeleton-event17.11 - 17.11.10-0ubuntu0.2 librte-table17.11 - 17.11.10-0ubuntu0.2 librte-gso17.11 - 17.11.10-0ubuntu0.2 librte-pmd-i40e17.11 - 17.11.10-0ubuntu0.2 librte-eventdev17.11 - 17.11.10-0ubuntu0.2 librte-kvargs17.11 - 17.11.10-0ubuntu0.2 librte-mempool-stack17.11 - 17.11.10-0ubuntu0.2 librte-metrics17.11 - 17.11.10-0ubuntu0.2 librte-lpm17.11 - 17.11.10-0ubuntu0.2 librte-kni17.11 - 17.11.10-0ubuntu0.2 librte-eal17.11 - 17.11.10-0ubuntu0.2 librte-pmd-octeontx17.11 - 17.11.10-0ubuntu0.2 librte-sched17.11 - 17.11.10-0ubuntu0.2 librte-pmd-mlx4-17.11 - 17.11.10-0ubuntu0.2 librte-pmd-mlx5-17.11 - 17.11.10-0ubuntu0.2 librte-pci17.11 - 17.11.10-0ubuntu0.2 librte-pmd-octeontx-ssovf17.11 - 17.11.10-0ubuntu0.2 librte-pmd-null-crypto17.11 - 17.11.10-0ubuntu0.2 librte-pmd-vmxnet3-uio17.11 - 17.11.10-0ubuntu0.2 librte-security17.11 - 17.11.10-0ubuntu0.2 librte-pmd-null17.11 - 17.11.10-0ubuntu0.2 librte-hash17.11 - 17.11.10-0ubuntu0.2 librte-pmd-tap17.11 - 17.11.10-0ubuntu0.2 librte-pmd-enic17.11 - 17.11.10-0ubuntu0.2 librte-pmd-ark17.11 - 17.11.10-0ubuntu0.2 librte-ethdev17.11 - 17.11.10-0ubuntu0.2 librte-meter17.11 - 17.11.10-0ubuntu0.2 librte-pmd-virtio17.11 - 17.11.10-0ubuntu0.2 librte-power17.11 - 17.11.10-0ubuntu0.2 librte-pmd-vhost17.11 - 17.11.10-0ubuntu0.2 librte-mempool17.11 - 17.11.10-0ubuntu0.2 librte-cfgfile17.11 - 17.11.10-0ubuntu0.2 librte-efd17.11 - 17.11.10-0ubuntu0.2 librte-pmd-cxgbe17.11 - 17.11.10-0ubuntu0.2 librte-mbuf17.11 - 17.11.10-0ubuntu0.2 dpdk - 17.11.10-0ubuntu0.2 librte-gro17.11 - 17.11.10-0ubuntu0.2 librte-pmd-qede17.11 - 17.11.10-0ubuntu0.2 librte-pmd-failsafe17.11 - 17.11.10-0ubuntu0.2 librte-reorder17.11 - 17.11.10-0ubuntu0.2 librte-pmd-kni17.11 - 17.11.10-0ubuntu0.2 librte-pmd-ena17.11 - 17.11.10-0ubuntu0.2 librte-mempool-ring17.11 - 17.11.10-0ubuntu0.2 librte-pmd-bnxt17.11 - 17.11.10-0ubuntu0.2 librte-pmd-ring17.11 - 17.11.10-0ubuntu0.2 librte-acl17.11 - 17.11.10-0ubuntu0.2 libdpdk-dev - 17.11.10-0ubuntu0.2 No subscription required Medium CVE-2022-2132 Ubuntu 18.04 LTS Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves. Update Instructions: Run `sudo pro fix USN-5612-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20220809.0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21233 Ubuntu 18.04 LTS It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943) It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154) It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420) It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616) It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619) It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620) It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621) Update Instructions: Run `sudo pro fix USN-5613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.9 vim-gnome - 2:8.0.1453-1ubuntu1.9 vim-athena - 2:8.0.1453-1ubuntu1.9 vim-tiny - 2:8.0.1453-1ubuntu1.9 vim-gtk - 2:8.0.1453-1ubuntu1.9 vim-gui-common - 2:8.0.1453-1ubuntu1.9 vim - 2:8.0.1453-1ubuntu1.9 vim-doc - 2:8.0.1453-1ubuntu1.9 xxd - 2:8.0.1453-1ubuntu1.9 vim-runtime - 2:8.0.1453-1ubuntu1.9 vim-gtk3 - 2:8.0.1453-1ubuntu1.9 vim-nox - 2:8.0.1453-1ubuntu1.9 No subscription required Medium CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 Ubuntu 18.04 LTS It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5614-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwayland-egl1 - 1.16.0-1ubuntu1.1~18.04.4 libwayland-bin - 1.16.0-1ubuntu1.1~18.04.4 libwayland-dev - 1.16.0-1ubuntu1.1~18.04.4 libwayland-cursor0 - 1.16.0-1ubuntu1.1~18.04.4 libwayland-egl-backend-dev - 1.16.0-1ubuntu1.1~18.04.4 libwayland-server0 - 1.16.0-1ubuntu1.1~18.04.4 libwayland-doc - 1.16.0-1ubuntu1.1~18.04.4 libwayland-client0 - 1.16.0-1ubuntu1.1~18.04.4 No subscription required Medium CVE-2021-3782 Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-35525) It was discovered that SQLite incorrectly handled ALTER TABLE for views that have a nested FROM clause. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-35527) It was discovered that SQLite incorrectly handled embedded null characters when tokenizing certain unicode strings. This issue could result in incorrect results. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20223) Update Instructions: Run `sudo pro fix USN-5615-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.6 sqlite3-doc - 3.22.0-1ubuntu0.6 libsqlite3-0 - 3.22.0-1ubuntu0.6 libsqlite3-tcl - 3.22.0-1ubuntu0.6 sqlite3 - 3.22.0-1ubuntu0.6 libsqlite3-dev - 3.22.0-1ubuntu0.6 No subscription required Medium CVE-2020-35525 CVE-2020-35527 Ubuntu 18.04 LTS It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19131) It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffinfo tool, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1354) It was discovered that LibTIFF did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TIFF file using tiffcp tool, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-1355) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behaviour situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) Update Instructions: Run `sudo pro fix USN-5619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.7 libtiffxx5 - 4.0.9-5ubuntu0.7 libtiff5-dev - 4.0.9-5ubuntu0.7 libtiff-dev - 4.0.9-5ubuntu0.7 libtiff5 - 4.0.9-5ubuntu0.7 libtiff-tools - 4.0.9-5ubuntu0.7 libtiff-doc - 4.0.9-5ubuntu0.7 No subscription required Medium CVE-2020-19131 CVE-2020-19144 CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 Ubuntu 18.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1053-dell300x - 4.15.0-1053.58 linux-tools-4.15.0-1053-dell300x - 4.15.0-1053.58 linux-dell300x-headers-4.15.0-1053 - 4.15.0-1053.58 linux-modules-4.15.0-1053-dell300x - 4.15.0-1053.58 linux-headers-4.15.0-1053-dell300x - 4.15.0-1053.58 linux-image-4.15.0-1053-dell300x - 4.15.0-1053.58 linux-dell300x-tools-4.15.0-1053 - 4.15.0-1053.58 linux-image-unsigned-4.15.0-1053-dell300x - 4.15.0-1053.58 No subscription required linux-modules-4.15.0-1106-oracle - 4.15.0-1106.117 linux-headers-4.15.0-1106-oracle - 4.15.0-1106.117 linux-oracle-headers-4.15.0-1106 - 4.15.0-1106.117 linux-buildinfo-4.15.0-1106-oracle - 4.15.0-1106.117 linux-image-unsigned-4.15.0-1106-oracle - 4.15.0-1106.117 linux-modules-extra-4.15.0-1106-oracle - 4.15.0-1106.117 linux-image-4.15.0-1106-oracle - 4.15.0-1106.117 linux-oracle-tools-4.15.0-1106 - 4.15.0-1106.117 linux-tools-4.15.0-1106-oracle - 4.15.0-1106.117 No subscription required linux-image-4.15.0-1119-raspi2 - 4.15.0-1119.127 linux-raspi2-headers-4.15.0-1119 - 4.15.0-1119.127 linux-tools-4.15.0-1119-raspi2 - 4.15.0-1119.127 linux-raspi2-tools-4.15.0-1119 - 4.15.0-1119.127 linux-buildinfo-4.15.0-1119-raspi2 - 4.15.0-1119.127 linux-headers-4.15.0-1119-raspi2 - 4.15.0-1119.127 linux-modules-4.15.0-1119-raspi2 - 4.15.0-1119.127 No subscription required linux-buildinfo-4.15.0-1127-kvm - 4.15.0-1127.132 linux-modules-4.15.0-1127-kvm - 4.15.0-1127.132 linux-tools-4.15.0-1127-kvm - 4.15.0-1127.132 linux-kvm-headers-4.15.0-1127 - 4.15.0-1127.132 linux-headers-4.15.0-1127-kvm - 4.15.0-1127.132 linux-image-4.15.0-1127-kvm - 4.15.0-1127.132 linux-kvm-tools-4.15.0-1127 - 4.15.0-1127.132 No subscription required linux-image-4.15.0-1136-gcp - 4.15.0-1136.152 linux-modules-4.15.0-1136-gcp - 4.15.0-1136.152 linux-tools-4.15.0-1136-gcp - 4.15.0-1136.152 linux-image-unsigned-4.15.0-1136-gcp - 4.15.0-1136.152 linux-gcp-4.15-tools-4.15.0-1136 - 4.15.0-1136.152 linux-modules-extra-4.15.0-1136-gcp - 4.15.0-1136.152 linux-headers-4.15.0-1136-gcp - 4.15.0-1136.152 linux-gcp-4.15-headers-4.15.0-1136 - 4.15.0-1136.152 linux-buildinfo-4.15.0-1136-gcp - 4.15.0-1136.152 No subscription required linux-tools-4.15.0-1137-snapdragon - 4.15.0-1137.147 linux-modules-4.15.0-1137-snapdragon - 4.15.0-1137.147 linux-image-4.15.0-1137-snapdragon - 4.15.0-1137.147 linux-snapdragon-headers-4.15.0-1137 - 4.15.0-1137.147 linux-buildinfo-4.15.0-1137-snapdragon - 4.15.0-1137.147 linux-headers-4.15.0-1137-snapdragon - 4.15.0-1137.147 linux-snapdragon-tools-4.15.0-1137 - 4.15.0-1137.147 No subscription required linux-aws-headers-4.15.0-1141 - 4.15.0-1141.152 linux-aws-cloud-tools-4.15.0-1141 - 4.15.0-1141.152 linux-buildinfo-4.15.0-1141-aws - 4.15.0-1141.152 linux-modules-extra-4.15.0-1141-aws - 4.15.0-1141.152 linux-headers-4.15.0-1141-aws - 4.15.0-1141.152 linux-cloud-tools-4.15.0-1141-aws - 4.15.0-1141.152 linux-image-unsigned-4.15.0-1141-aws - 4.15.0-1141.152 linux-modules-4.15.0-1141-aws - 4.15.0-1141.152 linux-image-4.15.0-1141-aws - 4.15.0-1141.152 linux-tools-4.15.0-1141-aws - 4.15.0-1141.152 linux-aws-tools-4.15.0-1141 - 4.15.0-1141.152 No subscription required linux-headers-4.15.0-1151-azure - 4.15.0-1151.166 linux-modules-extra-4.15.0-1151-azure - 4.15.0-1151.166 linux-azure-4.15-tools-4.15.0-1151 - 4.15.0-1151.166 linux-azure-4.15-headers-4.15.0-1151 - 4.15.0-1151.166 linux-modules-4.15.0-1151-azure - 4.15.0-1151.166 linux-tools-4.15.0-1151-azure - 4.15.0-1151.166 linux-azure-4.15-cloud-tools-4.15.0-1151 - 4.15.0-1151.166 linux-image-unsigned-4.15.0-1151-azure - 4.15.0-1151.166 linux-buildinfo-4.15.0-1151-azure - 4.15.0-1151.166 linux-cloud-tools-4.15.0-1151-azure - 4.15.0-1151.166 linux-image-4.15.0-1151-azure - 4.15.0-1151.166 No subscription required linux-tools-common - 4.15.0-193.204 linux-headers-4.15.0-193-generic - 4.15.0-193.204 linux-tools-host - 4.15.0-193.204 linux-doc - 4.15.0-193.204 linux-modules-4.15.0-193-generic - 4.15.0-193.204 linux-image-4.15.0-193-lowlatency - 4.15.0-193.204 linux-headers-4.15.0-193-lowlatency - 4.15.0-193.204 linux-modules-4.15.0-193-generic-lpae - 4.15.0-193.204 linux-tools-4.15.0-193 - 4.15.0-193.204 linux-libc-dev - 4.15.0-193.204 linux-tools-4.15.0-193-lowlatency - 4.15.0-193.204 linux-cloud-tools-4.15.0-193 - 4.15.0-193.204 linux-tools-4.15.0-193-generic-lpae - 4.15.0-193.204 linux-image-unsigned-4.15.0-193-lowlatency - 4.15.0-193.204 linux-modules-4.15.0-193-lowlatency - 4.15.0-193.204 linux-image-4.15.0-193-generic - 4.15.0-193.204 linux-buildinfo-4.15.0-193-lowlatency - 4.15.0-193.204 linux-modules-extra-4.15.0-193-generic - 4.15.0-193.204 linux-buildinfo-4.15.0-193-generic - 4.15.0-193.204 linux-cloud-tools-common - 4.15.0-193.204 linux-image-4.15.0-193-generic-lpae - 4.15.0-193.204 linux-image-unsigned-4.15.0-193-generic - 4.15.0-193.204 linux-buildinfo-4.15.0-193-generic-lpae - 4.15.0-193.204 linux-cloud-tools-4.15.0-193-generic - 4.15.0-193.204 linux-headers-4.15.0-193 - 4.15.0-193.204 linux-cloud-tools-4.15.0-193-lowlatency - 4.15.0-193.204 linux-tools-4.15.0-193-generic - 4.15.0-193.204 linux-source-4.15.0 - 4.15.0-193.204 linux-headers-4.15.0-193-generic-lpae - 4.15.0-193.204 No subscription required linux-tools-dell300x - 4.15.0.1053.53 linux-image-dell300x - 4.15.0.1053.53 linux-headers-dell300x - 4.15.0.1053.53 linux-dell300x - 4.15.0.1053.53 No subscription required linux-oracle-lts-18.04 - 4.15.0.1106.113 linux-image-oracle-lts-18.04 - 4.15.0.1106.113 linux-signed-image-oracle-lts-18.04 - 4.15.0.1106.113 linux-tools-oracle-lts-18.04 - 4.15.0.1106.113 linux-signed-oracle-lts-18.04 - 4.15.0.1106.113 linux-headers-oracle-lts-18.04 - 4.15.0.1106.113 No subscription required linux-raspi2 - 4.15.0.1119.116 linux-headers-raspi2 - 4.15.0.1119.116 linux-image-raspi2 - 4.15.0.1119.116 linux-tools-raspi2 - 4.15.0.1119.116 No subscription required linux-kvm - 4.15.0.1127.120 linux-headers-kvm - 4.15.0.1127.120 linux-image-kvm - 4.15.0.1127.120 linux-tools-kvm - 4.15.0.1127.120 No subscription required linux-gcp-lts-18.04 - 4.15.0.1136.152 linux-tools-gcp-lts-18.04 - 4.15.0.1136.152 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1136.152 linux-image-gcp-lts-18.04 - 4.15.0.1136.152 linux-headers-gcp-lts-18.04 - 4.15.0.1136.152 No subscription required linux-snapdragon - 4.15.0.1137.138 linux-headers-snapdragon - 4.15.0.1137.138 linux-tools-snapdragon - 4.15.0.1137.138 linux-image-snapdragon - 4.15.0.1137.138 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1141.141 linux-headers-aws-lts-18.04 - 4.15.0.1141.141 linux-aws-lts-18.04 - 4.15.0.1141.141 linux-modules-extra-aws-lts-18.04 - 4.15.0.1141.141 linux-tools-aws-lts-18.04 - 4.15.0.1141.141 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1151.121 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1151.121 linux-tools-azure-lts-18.04 - 4.15.0.1151.121 linux-headers-azure-lts-18.04 - 4.15.0.1151.121 linux-signed-image-azure-lts-18.04 - 4.15.0.1151.121 linux-azure-lts-18.04 - 4.15.0.1151.121 linux-signed-azure-lts-18.04 - 4.15.0.1151.121 linux-image-azure-lts-18.04 - 4.15.0.1151.121 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.193.178 linux-image-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-signed-generic-hwe-16.04-edge - 4.15.0.193.178 linux-headers-generic-lpae - 4.15.0.193.178 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.193.178 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-image-extra-virtual-hwe-16.04 - 4.15.0.193.178 linux-image-virtual - 4.15.0.193.178 linux-tools-lowlatency - 4.15.0.193.178 linux-tools-generic-hwe-16.04-edge - 4.15.0.193.178 linux-headers-generic-hwe-16.04-edge - 4.15.0.193.178 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.193.178 linux-generic-lpae-hwe-16.04 - 4.15.0.193.178 linux-generic-hwe-16.04 - 4.15.0.193.178 linux-cloud-tools-virtual - 4.15.0.193.178 linux-tools-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-image-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-generic-lpae-hwe-16.04-edge - 4.15.0.193.178 linux-signed-image-lowlatency - 4.15.0.193.178 linux-signed-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-crashdump - 4.15.0.193.178 linux-signed-image-generic - 4.15.0.193.178 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-lowlatency - 4.15.0.193.178 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.193.178 linux-source - 4.15.0.193.178 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.193.178 linux-tools-generic-lpae - 4.15.0.193.178 linux-cloud-tools-generic - 4.15.0.193.178 linux-tools-virtual-hwe-16.04 - 4.15.0.193.178 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.193.178 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-tools-generic-hwe-16.04 - 4.15.0.193.178 linux-tools-virtual - 4.15.0.193.178 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-generic-lpae - 4.15.0.193.178 linux-generic-hwe-16.04-edge - 4.15.0.193.178 linux-generic - 4.15.0.193.178 linux-virtual - 4.15.0.193.178 linux-signed-image-generic-hwe-16.04 - 4.15.0.193.178 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.193.178 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-headers-lowlatency - 4.15.0.193.178 linux-headers-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-headers-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-tools-generic - 4.15.0.193.178 linux-virtual-hwe-16.04 - 4.15.0.193.178 linux-image-extra-virtual - 4.15.0.193.178 linux-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.193.178 linux-cloud-tools-lowlatency - 4.15.0.193.178 linux-image-generic-hwe-16.04 - 4.15.0.193.178 linux-image-generic-hwe-16.04-edge - 4.15.0.193.178 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-image-virtual-hwe-16.04 - 4.15.0.193.178 linux-image-generic-lpae-hwe-16.04 - 4.15.0.193.178 linux-virtual-hwe-16.04-edge - 4.15.0.193.178 linux-tools-lowlatency-hwe-16.04 - 4.15.0.193.178 linux-signed-generic - 4.15.0.193.178 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.193.178 linux-headers-generic - 4.15.0.193.178 linux-headers-virtual-hwe-16.04 - 4.15.0.193.178 linux-image-generic - 4.15.0.193.178 linux-headers-generic-hwe-16.04 - 4.15.0.193.178 linux-headers-virtual - 4.15.0.193.178 linux-signed-generic-hwe-16.04 - 4.15.0.193.178 linux-image-generic-lpae - 4.15.0.193.178 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.193.178 linux-signed-lowlatency - 4.15.0.193.178 linux-image-lowlatency - 4.15.0.193.178 No subscription required Medium CVE-2021-33655 CVE-2022-36946 Ubuntu 18.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5622-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-buildinfo-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-ibm-5.4-headers-5.4.0-1033 - 5.4.0-1033.37~18.04.1 linux-modules-extra-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-headers-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-ibm-5.4-tools-5.4.0-1033 - 5.4.0-1033.37~18.04.1 linux-image-unsigned-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-modules-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1033.37~18.04.1 linux-image-5.4.0-1033-ibm - 5.4.0-1033.37~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1033.37~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1033.37~18.04.1 No subscription required linux-buildinfo-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-headers-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-image-unsigned-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-tools-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-oracle-5.4-tools-5.4.0-1083 - 5.4.0-1083.91~18.04.1 linux-modules-extra-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-modules-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-image-5.4.0-1083-oracle - 5.4.0-1083.91~18.04.1 linux-oracle-5.4-headers-5.4.0-1083 - 5.4.0-1083.91~18.04.1 No subscription required linux-cloud-tools-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-buildinfo-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1085 - 5.4.0-1085.92~18.04.1 linux-aws-5.4-tools-5.4.0-1085 - 5.4.0-1085.92~18.04.1 linux-image-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-tools-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-modules-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-aws-5.4-headers-5.4.0-1085 - 5.4.0-1085.92~18.04.1 linux-image-unsigned-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-modules-extra-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 linux-headers-5.4.0-1085-aws - 5.4.0-1085.92~18.04.1 No subscription required linux-buildinfo-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1091 - 5.4.0-1091.96~18.04.1 linux-image-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-image-unsigned-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-cloud-tools-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-azure-5.4-tools-5.4.0-1091 - 5.4.0-1091.96~18.04.1 linux-azure-5.4-headers-5.4.0-1091 - 5.4.0-1091.96~18.04.1 linux-modules-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-modules-extra-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-tools-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 linux-headers-5.4.0-1091-azure - 5.4.0-1091.96~18.04.1 No subscription required linux-modules-extra-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-126.142~18.04.1 linux-buildinfo-5.4.0-126-generic-lpae - 5.4.0-126.142~18.04.1 linux-modules-5.4.0-126-generic-lpae - 5.4.0-126.142~18.04.1 linux-cloud-tools-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-headers-5.4.0-126-generic-lpae - 5.4.0-126.142~18.04.1 linux-tools-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-modules-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-tools-5.4.0-126-generic-lpae - 5.4.0-126.142~18.04.1 linux-image-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-buildinfo-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-cloud-tools-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-126 - 5.4.0-126.142~18.04.1 linux-image-unsigned-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-modules-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-hwe-5.4-headers-5.4.0-126 - 5.4.0-126.142~18.04.1 linux-image-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-image-5.4.0-126-generic-lpae - 5.4.0-126.142~18.04.1 linux-buildinfo-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-headers-5.4.0-126-generic - 5.4.0-126.142~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-126.142~18.04.1 linux-image-unsigned-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-126.142~18.04.1 linux-hwe-5.4-tools-5.4.0-126 - 5.4.0-126.142~18.04.1 linux-headers-5.4.0-126-lowlatency - 5.4.0-126.142~18.04.1 linux-tools-5.4.0-126-generic - 5.4.0-126.142~18.04.1 No subscription required linux-image-ibm - 5.4.0.1033.47 linux-headers-ibm-edge - 5.4.0.1033.47 linux-modules-extra-ibm - 5.4.0.1033.47 linux-modules-extra-ibm-edge - 5.4.0.1033.47 linux-tools-ibm-edge - 5.4.0.1033.47 linux-ibm - 5.4.0.1033.47 linux-ibm-edge - 5.4.0.1033.47 linux-headers-ibm - 5.4.0.1033.47 linux-tools-ibm - 5.4.0.1033.47 linux-image-ibm-edge - 5.4.0.1033.47 No subscription required linux-modules-extra-oracle - 5.4.0.1083.91~18.04.60 linux-signed-image-oracle - 5.4.0.1083.91~18.04.60 linux-signed-oracle - 5.4.0.1083.91~18.04.60 linux-tools-oracle-edge - 5.4.0.1083.91~18.04.60 linux-oracle-edge - 5.4.0.1083.91~18.04.60 linux-modules-extra-oracle-edge - 5.4.0.1083.91~18.04.60 linux-image-oracle-edge - 5.4.0.1083.91~18.04.60 linux-signed-oracle-edge - 5.4.0.1083.91~18.04.60 linux-headers-oracle - 5.4.0.1083.91~18.04.60 linux-signed-image-oracle-edge - 5.4.0.1083.91~18.04.60 linux-headers-oracle-edge - 5.4.0.1083.91~18.04.60 linux-image-oracle - 5.4.0.1083.91~18.04.60 linux-tools-oracle - 5.4.0.1083.91~18.04.60 linux-oracle - 5.4.0.1083.91~18.04.60 No subscription required linux-headers-aws - 5.4.0.1085.65 linux-image-aws - 5.4.0.1085.65 linux-modules-extra-aws-edge - 5.4.0.1085.65 linux-image-aws-edge - 5.4.0.1085.65 linux-aws-edge - 5.4.0.1085.65 linux-aws - 5.4.0.1085.65 linux-headers-aws-edge - 5.4.0.1085.65 linux-modules-extra-aws - 5.4.0.1085.65 linux-tools-aws - 5.4.0.1085.65 linux-tools-aws-edge - 5.4.0.1085.65 No subscription required linux-signed-azure - 5.4.0.1091.68 linux-tools-azure-edge - 5.4.0.1091.68 linux-cloud-tools-azure - 5.4.0.1091.68 linux-tools-azure - 5.4.0.1091.68 linux-image-azure-edge - 5.4.0.1091.68 linux-cloud-tools-azure-edge - 5.4.0.1091.68 linux-modules-extra-azure - 5.4.0.1091.68 linux-azure - 5.4.0.1091.68 linux-signed-image-azure-edge - 5.4.0.1091.68 linux-image-azure - 5.4.0.1091.68 linux-signed-image-azure - 5.4.0.1091.68 linux-headers-azure-edge - 5.4.0.1091.68 linux-azure-edge - 5.4.0.1091.68 linux-modules-extra-azure-edge - 5.4.0.1091.68 linux-signed-azure-edge - 5.4.0.1091.68 linux-headers-azure - 5.4.0.1091.68 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-headers-snapdragon-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-generic-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-snapdragon-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-generic-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-oem - 5.4.0.126.142~18.04.106 linux-tools-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-generic-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-lowlatency-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-lowlatency-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-extra-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-oem-osp1 - 5.4.0.126.142~18.04.106 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-oem - 5.4.0.126.142~18.04.106 linux-snapdragon-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-generic-lpae-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-tools-lowlatency-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-snapdragon-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-generic-lpae-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-tools-oem-osp1 - 5.4.0.126.142~18.04.106 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-generic-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-oem - 5.4.0.126.142~18.04.106 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-snapdragon-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-tools-oem - 5.4.0.126.142~18.04.106 linux-headers-oem-osp1 - 5.4.0.126.142~18.04.106 linux-tools-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-generic-lpae-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-generic-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-oem-osp1 - 5.4.0.126.142~18.04.106 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-lowlatency-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-lowlatency-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-generic-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-virtual-hwe-18.04-edge - 5.4.0.126.142~18.04.106 linux-tools-generic-hwe-18.04 - 5.4.0.126.142~18.04.106 linux-image-generic-hwe-18.04-edge - 5.4.0.126.142~18.04.106 No subscription required Medium CVE-2021-33655 CVE-2022-1012 CVE-2022-1729 CVE-2022-2503 CVE-2022-32296 CVE-2022-36946 Ubuntu 18.04 LTS It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mako - 1.0.7+ds1-1ubuntu0.2 python-mako-doc - 1.0.7+ds1-1ubuntu0.2 python3-mako - 1.0.7+ds1-1ubuntu0.2 No subscription required Medium CVE-2022-40023 Ubuntu 18.04 LTS Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. (CVE-2022-2795) It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2881) It was discovered that Bind incorrectly handled memory when processing certain Diffie-Hellman key exchanges. A remote attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2906) Maksym Odinintsev discovered that Bind incorrectly handled answers from cache when configured with a zero stale-answer-timeout. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3080) It was discovered that Bind incorrectly handled memory when processing ECDSA DNSSEC verification. A remote attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-38177) It was discovered that Bind incorrectly handled memory when processing EDDSA DNSSEC verification. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2022-38178) Update Instructions: Run `sudo pro fix USN-5626-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsutils - 1:9.11.3+dfsg-1ubuntu1.18 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.18 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.18 bind9utils - 1:9.11.3+dfsg-1ubuntu1.18 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.18 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.18 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.18 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.18 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.18 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.18 libisc169 - 1:9.11.3+dfsg-1ubuntu1.18 libirs160 - 1:9.11.3+dfsg-1ubuntu1.18 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.18 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.18 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.18 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.18 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.18 bind9 - 1:9.11.3+dfsg-1ubuntu1.18 bind9-host - 1:9.11.3+dfsg-1ubuntu1.18 No subscription required Medium CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38177 CVE-2022-38178 Ubuntu 18.04 LTS USN-5627-1 fixed several vulnerabilities in PCRE. This update provides the corresponding fixes for Ubuntu 18.04 ESM. Original advisory details: It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5627-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpcre2-16-0 - 10.31-2ubuntu0.1~esm1 libpcre2-32-0 - 10.31-2ubuntu0.1~esm1 libpcre2-posix0 - 10.31-2ubuntu0.1~esm1 pcre2-utils - 10.31-2ubuntu0.1~esm1 libpcre2-dev - 10.31-2ubuntu0.1~esm1 libpcre2-8-0 - 10.31-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2022-1586 CVE-2022-1587 Ubuntu 18.04 LTS USN-5628-1 fixed vulnerabilities in etcd. This update provides the corresponding updates for Ubuntu 18.04 ESM. Original advisory details: It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-15106, CVE-2020-15112) It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-15113) It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-15114) Update Instructions: Run `sudo pro fix USN-5628-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: etcd-server - 3.2.17+dfsg-1ubuntu0.1~esm1 golang-etcd-server-dev - 3.2.17+dfsg-1ubuntu0.1~esm1 etcd-client - 3.2.17+dfsg-1ubuntu0.1~esm1 etcd - 3.2.17+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-15106 CVE-2020-15112 CVE-2020-15113 CVE-2020-15114 Ubuntu 18.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5630-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-5.4.0-1070-raspi - 5.4.0-1070.80~18.04.1 linux-headers-5.4.0-1070-raspi - 5.4.0-1070.80~18.04.1 linux-raspi-5.4-tools-5.4.0-1070 - 5.4.0-1070.80~18.04.1 linux-tools-5.4.0-1070-raspi - 5.4.0-1070.80~18.04.1 linux-buildinfo-5.4.0-1070-raspi - 5.4.0-1070.80~18.04.1 linux-raspi-5.4-headers-5.4.0-1070 - 5.4.0-1070.80~18.04.1 linux-image-5.4.0-1070-raspi - 5.4.0-1070.80~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1070.70 linux-tools-raspi-hwe-18.04 - 5.4.0.1070.70 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1070.70 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1070.70 linux-raspi-hwe-18.04-edge - 5.4.0.1070.70 linux-raspi-hwe-18.04 - 5.4.0.1070.70 linux-headers-raspi-hwe-18.04 - 5.4.0.1070.70 linux-image-raspi-hwe-18.04 - 5.4.0.1070.70 No subscription required Medium CVE-2021-33655 CVE-2022-1012 CVE-2022-1729 CVE-2022-2503 CVE-2022-32296 CVE-2022-36946 Ubuntu 18.04 LTS It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11813) It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service. (CVE-2020-17541, CVE-2020-35538) It was discovered that libjpeg-turbo incorrectly handled certain malformed PPM files. An attacker could use this issue to cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-46822) Update Instructions: Run `sudo pro fix USN-5631-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libturbojpeg0-dev - 1.5.2-0ubuntu5.18.04.6 libjpeg-turbo8-dev - 1.5.2-0ubuntu5.18.04.6 libjpeg-turbo-progs - 1.5.2-0ubuntu5.18.04.6 libturbojpeg - 1.5.2-0ubuntu5.18.04.6 libjpeg-turbo8 - 1.5.2-0ubuntu5.18.04.6 libjpeg-turbo-test - 1.5.2-0ubuntu5.18.04.6 No subscription required Medium CVE-2018-11813 CVE-2020-17541 CVE-2020-35538 CVE-2021-46822 Ubuntu 18.04 LTS It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-5636-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sosreport - 4.3-1ubuntu0.18.04.2 No subscription required Medium CVE-2022-2806 Ubuntu 18.04 LTS USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Expat incorrectly handled memory in out-of-memory situations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-43680) Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5638-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.2.5-3ubuntu0.8 libexpat1-dev - 2.2.5-3ubuntu0.8 libexpat1 - 2.2.5-3ubuntu0.8 No subscription required Medium CVE-2022-40674 CVE-2022-43680 Ubuntu 18.04 LTS USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43680) This update also fixes a minor regression introduced in Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5638-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.2.5-3ubuntu0.9 libexpat1-dev - 2.2.5-3ubuntu0.9 libexpat1 - 2.2.5-3ubuntu0.9 No subscription required Medium CVE-2022-43680 Ubuntu 18.04 LTS Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-41317) It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2022-41318) Update Instructions: Run `sudo pro fix USN-5641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid-common - 3.5.27-1ubuntu1.14 squid - 3.5.27-1ubuntu1.14 squid-cgi - 3.5.27-1ubuntu1.14 squid-purge - 3.5.27-1ubuntu1.14 squidclient - 3.5.27-1ubuntu1.14 squid3 - 3.5.27-1ubuntu1.14 No subscription required Medium CVE-2022-41317 CVE-2022-41318 Ubuntu 18.04 LTS It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27792) It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2085) Update Instructions: Run `sudo pro fix USN-5643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.17 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.17 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.17 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.17 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.17 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.17 No subscription required Medium CVE-2020-27792 CVE-2022-2085 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy (CSP) or other security restrictions, conduct session fixation attacks, or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5649-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 105.0+build2-0ubuntu0.18.04.1 firefox - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 105.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 105.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 105.0+build2-0ubuntu0.18.04.1 firefox-dev - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 105.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 105.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-3266 CVE-2022-40959 CVE-2022-40960 CVE-2022-40958 CVE-2022-40956 CVE-2022-40957 CVE-2022-40962 Ubuntu 18.04 LTS Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points (CDP) in certificates. A remote attacker could possibly use this issue to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which can lead to a denial-of-service attack. Update Instructions: Run `sudo pro fix USN-5651-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: strongswan-nm - 5.6.2-1ubuntu2.9 strongswan-scepclient - 5.6.2-1ubuntu2.9 libcharon-extra-plugins - 5.6.2-1ubuntu2.9 libcharon-standard-plugins - 5.6.2-1ubuntu2.9 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.9 strongswan-tnc-pdp - 5.6.2-1ubuntu2.9 strongswan-charon - 5.6.2-1ubuntu2.9 libstrongswan - 5.6.2-1ubuntu2.9 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.9 charon-systemd - 5.6.2-1ubuntu2.9 strongswan - 5.6.2-1ubuntu2.9 strongswan-tnc-server - 5.6.2-1ubuntu2.9 strongswan-tnc-client - 5.6.2-1ubuntu2.9 strongswan-tnc-base - 5.6.2-1ubuntu2.9 charon-cmd - 5.6.2-1ubuntu2.9 strongswan-libcharon - 5.6.2-1ubuntu2.9 strongswan-pki - 5.6.2-1ubuntu2.9 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.9 strongswan-starter - 5.6.2-1ubuntu2.9 strongswan-swanctl - 5.6.2-1ubuntu2.9 No subscription required Medium CVE-2022-40617 Ubuntu 18.04 LTS It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. (CVE-2022-2928) It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service. (CVE-2022-2929) Update Instructions: Run `sudo pro fix USN-5658-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isc-dhcp-dev - 4.3.5-3ubuntu7.4 isc-dhcp-client-ddns - 4.3.5-3ubuntu7.4 isc-dhcp-relay - 4.3.5-3ubuntu7.4 isc-dhcp-client - 4.3.5-3ubuntu7.4 isc-dhcp-common - 4.3.5-3ubuntu7.4 isc-dhcp-server - 4.3.5-3ubuntu7.4 isc-dhcp-server-ldap - 4.3.5-3ubuntu7.4 No subscription required Medium CVE-2022-2928 CVE-2022-2929 Ubuntu 18.04 LTS It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) driver in the Linux kernel did not properly verify targets being loaded into the device- mapper table. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2503) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update Instructions: Run `sudo pro fix USN-5660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-image-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-headers-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-image-unsigned-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-modules-extra-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-buildinfo-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 linux-gcp-5.4-tools-5.4.0-1089 - 5.4.0-1089.97~18.04.1 linux-gcp-5.4-headers-5.4.0-1089 - 5.4.0-1089.97~18.04.1 linux-modules-5.4.0-1089-gcp - 5.4.0-1089.97~18.04.1 No subscription required linux-headers-gcp - 5.4.0.1089.68 linux-tools-gcp - 5.4.0.1089.68 linux-modules-extra-gcp-edge - 5.4.0.1089.68 linux-tools-gcp-edge - 5.4.0.1089.68 linux-modules-extra-gcp - 5.4.0.1089.68 linux-gcp-edge - 5.4.0.1089.68 linux-headers-gcp-edge - 5.4.0.1089.68 linux-image-gcp - 5.4.0.1089.68 linux-gcp - 5.4.0.1089.68 linux-image-gcp-edge - 5.4.0.1089.68 No subscription required Medium CVE-2021-33655 CVE-2022-1012 CVE-2022-1729 CVE-2022-2503 CVE-2022-32296 CVE-2022-36946 Ubuntu 18.04 LTS It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246) It was discovered that Oniguruma incorrectly handled memory when using certain UChar pointers. An attacker could possibly use this issue to cause a denial of service or sensitive information disclosure. (CVE-2019-19203) Update Instructions: Run `sudo pro fix USN-5662-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libonig4 - 6.7.0-1ubuntu0.1~esm2 libonig-dev - 6.7.0-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-16163 CVE-2019-19012 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code. (CVE-2022-2505, CVE-2022-36318, CVE-2022-36319, CVE-2022-38472, CVE-2022-38473, CVE-2022-38476 CVE-2022-38477, CVE-2022-38478) Multiple security issues were discovered in Thunderbird. An attacker could potentially exploit these in order to determine when a user opens a specially crafted message. (CVE-2022-3032, CVE-2022-3034) It was discovered that Thunderbird did not correctly handle HTML messages that contain a meta tag in some circumstances. If a user were tricked into replying to a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2022-3033) A security issue was discovered with the Matrix SDK in Thunderbird. An attacker sharing a room with a user could potentially exploit this to cause a denial of service. (CVE-2022-36059) Update Instructions: Run `sudo pro fix USN-5663-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.2.2+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.2.2+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.2.2+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.2.2+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.2.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-2505 CVE-2022-3032 CVE-2022-3033 CVE-2022-3034 CVE-2022-36059 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 Ubuntu 18.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Update Instructions: Run `sudo pro fix USN-5668-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1034.38~18.04.1 linux-headers-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-ibm-5.4-headers-5.4.0-1034 - 5.4.0-1034.38~18.04.1 linux-modules-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-tools-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-image-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-ibm-5.4-tools-5.4.0-1034 - 5.4.0-1034.38~18.04.1 linux-buildinfo-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1034.38~18.04.1 linux-image-unsigned-5.4.0-1034-ibm - 5.4.0-1034.38~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1034.38~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-128.144~18.04.1 linux-buildinfo-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-modules-5.4.0-128-generic-lpae - 5.4.0-128.144~18.04.1 linux-image-5.4.0-128-generic-lpae - 5.4.0-128.144~18.04.1 linux-image-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-image-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-tools-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-buildinfo-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-headers-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-image-unsigned-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-headers-5.4.0-128-generic-lpae - 5.4.0-128.144~18.04.1 linux-hwe-5.4-tools-5.4.0-128 - 5.4.0-128.144~18.04.1 linux-modules-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-buildinfo-5.4.0-128-generic-lpae - 5.4.0-128.144~18.04.1 linux-tools-5.4.0-128-generic-lpae - 5.4.0-128.144~18.04.1 linux-headers-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-128 - 5.4.0-128.144~18.04.1 linux-hwe-5.4-headers-5.4.0-128 - 5.4.0-128.144~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-128.144~18.04.1 linux-cloud-tools-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-128.144~18.04.1 linux-image-unsigned-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-cloud-tools-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-tools-5.4.0-128-lowlatency - 5.4.0-128.144~18.04.1 linux-modules-5.4.0-128-generic - 5.4.0-128.144~18.04.1 linux-modules-extra-5.4.0-128-generic - 5.4.0-128.144~18.04.1 No subscription required linux-image-ibm - 5.4.0.1034.48 linux-headers-ibm-edge - 5.4.0.1034.48 linux-modules-extra-ibm - 5.4.0.1034.48 linux-modules-extra-ibm-edge - 5.4.0.1034.48 linux-tools-ibm-edge - 5.4.0.1034.48 linux-ibm - 5.4.0.1034.48 linux-ibm-edge - 5.4.0.1034.48 linux-headers-ibm - 5.4.0.1034.48 linux-tools-ibm - 5.4.0.1034.48 linux-image-ibm-edge - 5.4.0.1034.48 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-headers-snapdragon-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-image-generic-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-tools-oem - 5.4.0.128.144~18.04.107 linux-image-snapdragon-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-oem - 5.4.0.128.144~18.04.107 linux-tools-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-generic-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-lowlatency-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-lowlatency-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-extra-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-image-oem-osp1 - 5.4.0.128.144~18.04.107 linux-snapdragon-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-generic-lpae-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-tools-lowlatency-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-headers-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-tools-snapdragon-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-tools-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-headers-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-generic-lpae-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-oem - 5.4.0.128.144~18.04.107 linux-tools-oem-osp1 - 5.4.0.128.144~18.04.107 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-tools-generic-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-generic-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-generic-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-tools-generic-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-oem - 5.4.0.128.144~18.04.107 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-snapdragon-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-oem-osp1 - 5.4.0.128.144~18.04.107 linux-generic-lpae-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-generic-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-oem-osp1 - 5.4.0.128.144~18.04.107 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-image-lowlatency-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-lowlatency-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.128.144~18.04.107 linux-generic-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.128.144~18.04.107 linux-image-virtual-hwe-18.04-edge - 5.4.0.128.144~18.04.107 No subscription required Medium CVE-2021-4159 CVE-2022-20369 CVE-2022-2318 CVE-2022-26365 CVE-2022-26373 CVE-2022-3176 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-36879 Ubuntu 18.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5669-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1054-dell300x - 4.15.0-1054.59 linux-dell300x-headers-4.15.0-1054 - 4.15.0-1054.59 linux-image-unsigned-4.15.0-1054-dell300x - 4.15.0-1054.59 linux-tools-4.15.0-1054-dell300x - 4.15.0-1054.59 linux-dell300x-tools-4.15.0-1054 - 4.15.0-1054.59 linux-headers-4.15.0-1054-dell300x - 4.15.0-1054.59 linux-modules-4.15.0-1054-dell300x - 4.15.0-1054.59 linux-buildinfo-4.15.0-1054-dell300x - 4.15.0-1054.59 No subscription required linux-oracle-headers-4.15.0-1107 - 4.15.0-1107.118 linux-headers-4.15.0-1107-oracle - 4.15.0-1107.118 linux-image-4.15.0-1107-oracle - 4.15.0-1107.118 linux-modules-extra-4.15.0-1107-oracle - 4.15.0-1107.118 linux-modules-4.15.0-1107-oracle - 4.15.0-1107.118 linux-buildinfo-4.15.0-1107-oracle - 4.15.0-1107.118 linux-tools-4.15.0-1107-oracle - 4.15.0-1107.118 linux-oracle-tools-4.15.0-1107 - 4.15.0-1107.118 linux-image-unsigned-4.15.0-1107-oracle - 4.15.0-1107.118 No subscription required linux-raspi2-tools-4.15.0-1120 - 4.15.0-1120.128 linux-image-4.15.0-1120-raspi2 - 4.15.0-1120.128 linux-tools-4.15.0-1120-raspi2 - 4.15.0-1120.128 linux-buildinfo-4.15.0-1120-raspi2 - 4.15.0-1120.128 linux-raspi2-headers-4.15.0-1120 - 4.15.0-1120.128 linux-headers-4.15.0-1120-raspi2 - 4.15.0-1120.128 linux-modules-4.15.0-1120-raspi2 - 4.15.0-1120.128 No subscription required linux-image-4.15.0-1128-kvm - 4.15.0-1128.133 linux-tools-4.15.0-1128-kvm - 4.15.0-1128.133 linux-headers-4.15.0-1128-kvm - 4.15.0-1128.133 linux-kvm-headers-4.15.0-1128 - 4.15.0-1128.133 linux-modules-4.15.0-1128-kvm - 4.15.0-1128.133 linux-buildinfo-4.15.0-1128-kvm - 4.15.0-1128.133 linux-kvm-tools-4.15.0-1128 - 4.15.0-1128.133 No subscription required linux-modules-4.15.0-1138-snapdragon - 4.15.0-1138.148 linux-image-4.15.0-1138-snapdragon - 4.15.0-1138.148 linux-snapdragon-headers-4.15.0-1138 - 4.15.0-1138.148 linux-headers-4.15.0-1138-snapdragon - 4.15.0-1138.148 linux-buildinfo-4.15.0-1138-snapdragon - 4.15.0-1138.148 linux-tools-4.15.0-1138-snapdragon - 4.15.0-1138.148 linux-snapdragon-tools-4.15.0-1138 - 4.15.0-1138.148 No subscription required linux-image-4.15.0-194-generic-lpae - 4.15.0-194.205 linux-image-4.15.0-194-lowlatency - 4.15.0-194.205 linux-tools-4.15.0-194-generic-lpae - 4.15.0-194.205 linux-tools-host - 4.15.0-194.205 linux-tools-common - 4.15.0-194.205 linux-doc - 4.15.0-194.205 linux-cloud-tools-4.15.0-194-lowlatency - 4.15.0-194.205 linux-tools-4.15.0-194-lowlatency - 4.15.0-194.205 linux-tools-4.15.0-194 - 4.15.0-194.205 linux-cloud-tools-4.15.0-194-generic - 4.15.0-194.205 linux-libc-dev - 4.15.0-194.205 linux-headers-4.15.0-194-generic - 4.15.0-194.205 linux-headers-4.15.0-194-lowlatency - 4.15.0-194.205 linux-image-unsigned-4.15.0-194-generic - 4.15.0-194.205 linux-cloud-tools-4.15.0-194 - 4.15.0-194.205 linux-modules-4.15.0-194-generic-lpae - 4.15.0-194.205 linux-headers-4.15.0-194 - 4.15.0-194.205 linux-buildinfo-4.15.0-194-generic - 4.15.0-194.205 linux-modules-extra-4.15.0-194-generic - 4.15.0-194.205 linux-cloud-tools-common - 4.15.0-194.205 linux-image-unsigned-4.15.0-194-lowlatency - 4.15.0-194.205 linux-headers-4.15.0-194-generic-lpae - 4.15.0-194.205 linux-buildinfo-4.15.0-194-generic-lpae - 4.15.0-194.205 linux-tools-4.15.0-194-generic - 4.15.0-194.205 linux-modules-4.15.0-194-generic - 4.15.0-194.205 linux-image-4.15.0-194-generic - 4.15.0-194.205 linux-source-4.15.0 - 4.15.0-194.205 linux-modules-4.15.0-194-lowlatency - 4.15.0-194.205 linux-buildinfo-4.15.0-194-lowlatency - 4.15.0-194.205 No subscription required linux-tools-dell300x - 4.15.0.1054.54 linux-headers-dell300x - 4.15.0.1054.54 linux-image-dell300x - 4.15.0.1054.54 linux-dell300x - 4.15.0.1054.54 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1107.114 linux-oracle-lts-18.04 - 4.15.0.1107.114 linux-signed-image-oracle-lts-18.04 - 4.15.0.1107.114 linux-signed-oracle-lts-18.04 - 4.15.0.1107.114 linux-headers-oracle-lts-18.04 - 4.15.0.1107.114 linux-tools-oracle-lts-18.04 - 4.15.0.1107.114 No subscription required linux-raspi2 - 4.15.0.1120.117 linux-headers-raspi2 - 4.15.0.1120.117 linux-image-raspi2 - 4.15.0.1120.117 linux-tools-raspi2 - 4.15.0.1120.117 No subscription required linux-kvm - 4.15.0.1128.121 linux-headers-kvm - 4.15.0.1128.121 linux-image-kvm - 4.15.0.1128.121 linux-tools-kvm - 4.15.0.1128.121 No subscription required linux-snapdragon - 4.15.0.1138.139 linux-headers-snapdragon - 4.15.0.1138.139 linux-tools-snapdragon - 4.15.0.1138.139 linux-image-snapdragon - 4.15.0.1138.139 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-cloud-tools-virtual - 4.15.0.194.179 linux-headers-generic-lpae - 4.15.0.194.179 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-image-extra-virtual-hwe-16.04 - 4.15.0.194.179 linux-image-virtual - 4.15.0.194.179 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.194.179 linux-signed-lowlatency - 4.15.0.194.179 linux-image-generic - 4.15.0.194.179 linux-tools-lowlatency - 4.15.0.194.179 linux-headers-generic-hwe-16.04-edge - 4.15.0.194.179 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.194.179 linux-generic-lpae-hwe-16.04 - 4.15.0.194.179 linux-signed-generic-hwe-16.04-edge - 4.15.0.194.179 linux-lowlatency - 4.15.0.194.179 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-image-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-generic-lpae-hwe-16.04-edge - 4.15.0.194.179 linux-signed-image-lowlatency - 4.15.0.194.179 linux-signed-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-crashdump - 4.15.0.194.179 linux-signed-image-generic - 4.15.0.194.179 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.194.179 linux-source - 4.15.0.194.179 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.194.179 linux-tools-generic-lpae - 4.15.0.194.179 linux-tools-virtual - 4.15.0.194.179 linux-generic-hwe-16.04-edge - 4.15.0.194.179 linux-virtual - 4.15.0.194.179 linux-headers-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-tools-virtual-hwe-16.04 - 4.15.0.194.179 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.194.179 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-tools-generic-hwe-16.04 - 4.15.0.194.179 linux-image-generic-lpae - 4.15.0.194.179 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-generic-lpae - 4.15.0.194.179 linux-generic - 4.15.0.194.179 linux-signed-generic-hwe-16.04 - 4.15.0.194.179 linux-signed-image-generic-hwe-16.04 - 4.15.0.194.179 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.194.179 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-headers-lowlatency - 4.15.0.194.179 linux-headers-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-headers-generic-hwe-16.04 - 4.15.0.194.179 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-generic-hwe-16.04 - 4.15.0.194.179 linux-tools-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-tools-generic - 4.15.0.194.179 linux-virtual-hwe-16.04 - 4.15.0.194.179 linux-image-extra-virtual - 4.15.0.194.179 linux-cloud-tools-generic - 4.15.0.194.179 linux-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-cloud-tools-lowlatency - 4.15.0.194.179 linux-image-generic-hwe-16.04 - 4.15.0.194.179 linux-image-generic-hwe-16.04-edge - 4.15.0.194.179 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-image-generic-lpae-hwe-16.04 - 4.15.0.194.179 linux-virtual-hwe-16.04-edge - 4.15.0.194.179 linux-tools-lowlatency-hwe-16.04 - 4.15.0.194.179 linux-signed-generic - 4.15.0.194.179 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.194.179 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.194.179 linux-headers-generic - 4.15.0.194.179 linux-headers-virtual-hwe-16.04 - 4.15.0.194.179 linux-image-virtual-hwe-16.04 - 4.15.0.194.179 linux-headers-virtual - 4.15.0.194.179 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.194.179 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.194.179 linux-tools-generic-hwe-16.04-edge - 4.15.0.194.179 linux-image-lowlatency - 4.15.0.194.179 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.194.179 No subscription required Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 18.04 LTS It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read() under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8379) It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8() under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8383) Update Instructions: Run `sudo pro fix USN-5671-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 2.1-1ubuntu0.18.04.2 No subscription required Low CVE-2019-8379 CVE-2019-8383 Ubuntu 18.04 LTS It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5672-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgmp10-doc - 2:6.1.2+dfsg-2ubuntu0.1 libgmpxx4ldbl - 2:6.1.2+dfsg-2ubuntu0.1 libgmp3-dev - 2:6.1.2+dfsg-2ubuntu0.1 libgmp10 - 2:6.1.2+dfsg-2ubuntu0.1 libgmp-dev - 2:6.1.2+dfsg-2ubuntu0.1 No subscription required Low CVE-2021-43618 Ubuntu 18.04 LTS It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-4217) It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0529, CVE-2022-0530) Update Instructions: Run `sudo pro fix USN-5673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: unzip - 6.0-21ubuntu1.2 No subscription required Medium CVE-2021-4217 CVE-2022-0529 CVE-2022-0530 https://launchpad.net/bugs/1957077 Ubuntu 18.04 LTS Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the application. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-16860) It was discovered that Heimdal was not properly handling the verification of key exchanges when an anonymous PKINIT was being used. An attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-12098) Joseph Sutton discovered that Heimdal was not properly handling memory management operations when dealing with TGS-REQ tickets that were missing information. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3671) Michał Kępień discovered that Heimdal was not properly handling logical conditions that related to memory management operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3116) Update Instructions: Run `sudo pro fix USN-5675-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 7.5.0+dfsg-1ubuntu0.1 libwind0-heimdal - 7.5.0+dfsg-1ubuntu0.1 libroken18-heimdal - 7.5.0+dfsg-1ubuntu0.1 libgssapi3-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-kcm - 7.5.0+dfsg-1ubuntu0.1 libhdb9-heimdal - 7.5.0+dfsg-1ubuntu0.1 libasn1-8-heimdal - 7.5.0+dfsg-1ubuntu0.1 libsl0-heimdal - 7.5.0+dfsg-1ubuntu0.1 libkadm5clnt7-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-kdc - 7.5.0+dfsg-1ubuntu0.1 libkdc2-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-servers - 7.5.0+dfsg-1ubuntu0.1 libheimntlm0-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-docs - 7.5.0+dfsg-1ubuntu0.1 libheimbase1-heimdal - 7.5.0+dfsg-1ubuntu0.1 libkrb5-26-heimdal - 7.5.0+dfsg-1ubuntu0.1 libotp0-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-dev - 7.5.0+dfsg-1ubuntu0.1 libkafs0-heimdal - 7.5.0+dfsg-1ubuntu0.1 libhx509-5-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-multidev - 7.5.0+dfsg-1ubuntu0.1 libkadm5srv8-heimdal - 7.5.0+dfsg-1ubuntu0.1 heimdal-clients - 7.5.0+dfsg-1ubuntu0.1 No subscription required Medium CVE-2018-16860 CVE-2019-12098 CVE-2021-3671 CVE-2022-3116 Ubuntu 18.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Update Instructions: Run `sudo pro fix USN-5677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi-5.4-tools-5.4.0-1071 - 5.4.0-1071.81~18.04.1 linux-image-5.4.0-1071-raspi - 5.4.0-1071.81~18.04.1 linux-modules-5.4.0-1071-raspi - 5.4.0-1071.81~18.04.1 linux-headers-5.4.0-1071-raspi - 5.4.0-1071.81~18.04.1 linux-buildinfo-5.4.0-1071-raspi - 5.4.0-1071.81~18.04.1 linux-raspi-5.4-headers-5.4.0-1071 - 5.4.0-1071.81~18.04.1 linux-tools-5.4.0-1071-raspi - 5.4.0-1071.81~18.04.1 No subscription required linux-modules-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-image-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-tools-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-oracle-5.4-tools-5.4.0-1084 - 5.4.0-1084.92~18.04.1 linux-headers-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-image-unsigned-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-modules-extra-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 linux-oracle-5.4-headers-5.4.0-1084 - 5.4.0-1084.92~18.04.1 linux-buildinfo-5.4.0-1084-oracle - 5.4.0-1084.92~18.04.1 No subscription required linux-raspi-hwe-18.04-edge - 5.4.0.1071.71 linux-raspi-hwe-18.04 - 5.4.0.1071.71 linux-tools-raspi-hwe-18.04 - 5.4.0.1071.71 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1071.71 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1071.71 linux-image-raspi-hwe-18.04 - 5.4.0.1071.71 linux-headers-raspi-hwe-18.04 - 5.4.0.1071.71 linux-image-raspi-hwe-18.04-edge - 5.4.0.1071.71 No subscription required linux-modules-extra-oracle - 5.4.0.1084.92~18.04.61 linux-headers-oracle - 5.4.0.1084.92~18.04.61 linux-headers-oracle-edge - 5.4.0.1084.92~18.04.61 linux-image-oracle - 5.4.0.1084.92~18.04.61 linux-signed-image-oracle-edge - 5.4.0.1084.92~18.04.61 linux-signed-oracle - 5.4.0.1084.92~18.04.61 linux-tools-oracle - 5.4.0.1084.92~18.04.61 linux-tools-oracle-edge - 5.4.0.1084.92~18.04.61 linux-oracle-edge - 5.4.0.1084.92~18.04.61 linux-signed-oracle-edge - 5.4.0.1084.92~18.04.61 linux-modules-extra-oracle-edge - 5.4.0.1084.92~18.04.61 linux-signed-image-oracle - 5.4.0.1084.92~18.04.61 linux-image-oracle-edge - 5.4.0.1084.92~18.04.61 linux-oracle - 5.4.0.1084.92~18.04.61 No subscription required Medium CVE-2021-4159 CVE-2022-20369 CVE-2022-2318 CVE-2022-26365 CVE-2022-26373 CVE-2022-3176 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-36879 Ubuntu 18.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5678-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1137-gcp - 4.15.0-1137.153 linux-modules-4.15.0-1137-gcp - 4.15.0-1137.153 linux-buildinfo-4.15.0-1137-gcp - 4.15.0-1137.153 linux-tools-4.15.0-1137-gcp - 4.15.0-1137.153 linux-image-unsigned-4.15.0-1137-gcp - 4.15.0-1137.153 linux-gcp-4.15-tools-4.15.0-1137 - 4.15.0-1137.153 linux-modules-extra-4.15.0-1137-gcp - 4.15.0-1137.153 linux-gcp-4.15-headers-4.15.0-1137 - 4.15.0-1137.153 linux-headers-4.15.0-1137-gcp - 4.15.0-1137.153 No subscription required linux-aws-tools-4.15.0-1142 - 4.15.0-1142.154 linux-tools-4.15.0-1142-aws - 4.15.0-1142.154 linux-image-4.15.0-1142-aws - 4.15.0-1142.154 linux-buildinfo-4.15.0-1142-aws - 4.15.0-1142.154 linux-modules-4.15.0-1142-aws - 4.15.0-1142.154 linux-aws-headers-4.15.0-1142 - 4.15.0-1142.154 linux-modules-extra-4.15.0-1142-aws - 4.15.0-1142.154 linux-cloud-tools-4.15.0-1142-aws - 4.15.0-1142.154 linux-aws-cloud-tools-4.15.0-1142 - 4.15.0-1142.154 linux-headers-4.15.0-1142-aws - 4.15.0-1142.154 linux-image-unsigned-4.15.0-1142-aws - 4.15.0-1142.154 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1137.153 linux-headers-gcp-lts-18.04 - 4.15.0.1137.153 linux-gcp-lts-18.04 - 4.15.0.1137.153 linux-tools-gcp-lts-18.04 - 4.15.0.1137.153 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1137.153 No subscription required linux-tools-aws-lts-18.04 - 4.15.0.1142.142 linux-modules-extra-aws-lts-18.04 - 4.15.0.1142.142 linux-image-aws-lts-18.04 - 4.15.0.1142.142 linux-headers-aws-lts-18.04 - 4.15.0.1142.142 linux-aws-lts-18.04 - 4.15.0.1142.142 No subscription required Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 18.04 LTS It was discovered that gThumb did not properly managed memory under certain circumstances. An attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18718) It was discovered that gThumb did not properly managed memory when processing certain image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20326) It was discovered that gThumb did not properly handled certain malformed image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service. (CVE-2020-36427) Update Instructions: Run `sudo pro fix USN-5681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gthumb-dev - 3:3.6.1-1ubuntu0.1~esm1 gthumb-data - 3:3.6.1-1ubuntu0.1~esm1 gthumb - 3:3.6.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-18718 CVE-2019-20326 CVE-2020-36427 Ubuntu 18.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Update Instructions: Run `sudo pro fix USN-5682-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-5.4-cloud-tools-5.4.0-1086 - 5.4.0-1086.93~18.04.1 linux-image-unsigned-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-modules-extra-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-image-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-cloud-tools-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-buildinfo-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-aws-5.4-tools-5.4.0-1086 - 5.4.0-1086.93~18.04.1 linux-aws-5.4-headers-5.4.0-1086 - 5.4.0-1086.93~18.04.1 linux-modules-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-tools-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 linux-headers-5.4.0-1086-aws - 5.4.0-1086.93~18.04.1 No subscription required linux-modules-extra-aws - 5.4.0.1086.66 linux-aws-edge - 5.4.0.1086.66 linux-modules-extra-aws-edge - 5.4.0.1086.66 linux-tools-aws-edge - 5.4.0.1086.66 linux-image-aws-edge - 5.4.0.1086.66 linux-headers-aws - 5.4.0.1086.66 linux-headers-aws-edge - 5.4.0.1086.66 linux-image-aws - 5.4.0.1086.66 linux-aws - 5.4.0.1086.66 linux-tools-aws - 5.4.0.1086.66 No subscription required Medium CVE-2021-4159 CVE-2022-20369 CVE-2022-2318 CVE-2022-26365 CVE-2022-26373 CVE-2022-3176 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-36879 Ubuntu 18.04 LTS Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253) Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260) Update Instructions: Run `sudo pro fix USN-5686-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.13 gitweb - 1:2.17.1-1ubuntu0.13 git-gui - 1:2.17.1-1ubuntu0.13 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.13 git-el - 1:2.17.1-1ubuntu0.13 gitk - 1:2.17.1-1ubuntu0.13 git-all - 1:2.17.1-1ubuntu0.13 git-mediawiki - 1:2.17.1-1ubuntu0.13 git-daemon-run - 1:2.17.1-1ubuntu0.13 git-man - 1:2.17.1-1ubuntu0.13 git-doc - 1:2.17.1-1ubuntu0.13 git-svn - 1:2.17.1-1ubuntu0.13 git-cvs - 1:2.17.1-1ubuntu0.13 git-email - 1:2.17.1-1ubuntu0.13 No subscription required Medium CVE-2022-39253 CVE-2022-39260 Ubuntu 18.04 LTS It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0812) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) Update Instructions: Run `sudo pro fix USN-5687-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1153-azure - 4.15.0-1153.168 linux-cloud-tools-4.15.0-1153-azure - 4.15.0-1153.168 linux-modules-4.15.0-1153-azure - 4.15.0-1153.168 linux-azure-4.15-cloud-tools-4.15.0-1153 - 4.15.0-1153.168 linux-image-4.15.0-1153-azure - 4.15.0-1153.168 linux-headers-4.15.0-1153-azure - 4.15.0-1153.168 linux-buildinfo-4.15.0-1153-azure - 4.15.0-1153.168 linux-tools-4.15.0-1153-azure - 4.15.0-1153.168 linux-azure-4.15-headers-4.15.0-1153 - 4.15.0-1153.168 linux-modules-extra-4.15.0-1153-azure - 4.15.0-1153.168 linux-azure-4.15-tools-4.15.0-1153 - 4.15.0-1153.168 No subscription required linux-azure-lts-18.04 - 4.15.0.1153.123 linux-tools-azure-lts-18.04 - 4.15.0.1153.123 linux-signed-image-azure-lts-18.04 - 4.15.0.1153.123 linux-headers-azure-lts-18.04 - 4.15.0.1153.123 linux-modules-extra-azure-lts-18.04 - 4.15.0.1153.123 linux-signed-azure-lts-18.04 - 4.15.0.1153.123 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1153.123 linux-image-azure-lts-18.04 - 4.15.0.1153.123 No subscription required Medium CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-26365 CVE-2022-32296 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 Ubuntu 18.04 LTS It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service (application crash) or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5688-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba-mingw-w64-dev - 1.3.5-2ubuntu0.18.04.1 libksba8 - 1.3.5-2ubuntu0.18.04.1 libksba-dev - 1.3.5-2ubuntu0.18.04.1 No subscription required High CVE-2022-3515 Ubuntu 18.04 LTS It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Update Instructions: Run `sudo pro fix USN-5689-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.26.1-6ubuntu0.6 perl-modules-5.26 - 5.26.1-6ubuntu0.6 perl-doc - 5.26.1-6ubuntu0.6 perl - 5.26.1-6ubuntu0.6 perl-base - 5.26.1-6ubuntu0.6 libperl5.26 - 5.26.1-6ubuntu0.6 perl-debug - 5.26.1-6ubuntu0.6 No subscription required Medium CVE-2020-16156 Ubuntu 18.04 LTS David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2602) Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720) Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721) Update Instructions: Run `sudo pro fix USN-5691-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-modules-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-buildinfo-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-image-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-ibm-5.4-headers-5.4.0-1036 - 5.4.0-1036.41~18.04.1 linux-tools-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-modules-extra-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 linux-ibm-5.4-tools-5.4.0-1036 - 5.4.0-1036.41~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1036.41~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1036.41~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1036.41~18.04.1 linux-headers-5.4.0-1036-ibm - 5.4.0-1036.41~18.04.1 No subscription required linux-raspi-5.4-headers-5.4.0-1073 - 5.4.0-1073.84~18.04.1 linux-raspi-5.4-tools-5.4.0-1073 - 5.4.0-1073.84~18.04.1 linux-image-5.4.0-1073-raspi - 5.4.0-1073.84~18.04.1 linux-buildinfo-5.4.0-1073-raspi - 5.4.0-1073.84~18.04.1 linux-headers-5.4.0-1073-raspi - 5.4.0-1073.84~18.04.1 linux-modules-5.4.0-1073-raspi - 5.4.0-1073.84~18.04.1 linux-tools-5.4.0-1073-raspi - 5.4.0-1073.84~18.04.1 No subscription required linux-image-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-buildinfo-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-tools-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-oracle-5.4-headers-5.4.0-1086 - 5.4.0-1086.95~18.04.1 linux-image-unsigned-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-modules-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-oracle-5.4-tools-5.4.0-1086 - 5.4.0-1086.95~18.04.1 linux-headers-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 linux-modules-extra-5.4.0-1086-oracle - 5.4.0-1086.95~18.04.1 No subscription required linux-aws-5.4-cloud-tools-5.4.0-1088 - 5.4.0-1088.96~18.04.1 linux-image-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-headers-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-modules-extra-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-aws-5.4-tools-5.4.0-1088 - 5.4.0-1088.96~18.04.1 linux-modules-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-image-unsigned-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-tools-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-buildinfo-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-cloud-tools-5.4.0-1088-aws - 5.4.0-1088.96~18.04.1 linux-aws-5.4-headers-5.4.0-1088 - 5.4.0-1088.96~18.04.1 No subscription required linux-image-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-image-unsigned-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-buildinfo-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-tools-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-gcp-5.4-tools-5.4.0-1092 - 5.4.0-1092.101~18.04.1 linux-modules-extra-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-gcp-5.4-headers-5.4.0-1092 - 5.4.0-1092.101~18.04.1 linux-headers-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 linux-modules-5.4.0-1092-gcp - 5.4.0-1092.101~18.04.1 No subscription required linux-modules-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-modules-extra-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-image-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-tools-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-cloud-tools-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1094 - 5.4.0-1094.100~18.04.1 linux-azure-5.4-tools-5.4.0-1094 - 5.4.0-1094.100~18.04.1 linux-azure-5.4-headers-5.4.0-1094 - 5.4.0-1094.100~18.04.1 linux-headers-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-buildinfo-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 linux-image-unsigned-5.4.0-1094-azure - 5.4.0-1094.100~18.04.1 No subscription required linux-modules-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-131.147~18.04.1 linux-image-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-modules-extra-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-headers-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-tools-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-headers-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-headers-5.4.0-131-generic-lpae - 5.4.0-131.147~18.04.1 linux-tools-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-modules-5.4.0-131-generic-lpae - 5.4.0-131.147~18.04.1 linux-image-unsigned-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-hwe-5.4-tools-5.4.0-131 - 5.4.0-131.147~18.04.1 linux-tools-5.4.0-131-generic-lpae - 5.4.0-131.147~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-131 - 5.4.0-131.147~18.04.1 linux-buildinfo-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-image-5.4.0-131-generic-lpae - 5.4.0-131.147~18.04.1 linux-modules-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-cloud-tools-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-131.147~18.04.1 linux-cloud-tools-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-hwe-5.4-headers-5.4.0-131 - 5.4.0-131.147~18.04.1 linux-image-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-buildinfo-5.4.0-131-generic-lpae - 5.4.0-131.147~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-131.147~18.04.1 linux-buildinfo-5.4.0-131-generic - 5.4.0-131.147~18.04.1 linux-image-unsigned-5.4.0-131-lowlatency - 5.4.0-131.147~18.04.1 No subscription required linux-modules-extra-ibm - 5.4.0.1036.49 linux-image-ibm - 5.4.0.1036.49 linux-tools-ibm-edge - 5.4.0.1036.49 linux-headers-ibm-edge - 5.4.0.1036.49 linux-modules-extra-ibm-edge - 5.4.0.1036.49 linux-ibm - 5.4.0.1036.49 linux-ibm-edge - 5.4.0.1036.49 linux-headers-ibm - 5.4.0.1036.49 linux-tools-ibm - 5.4.0.1036.49 linux-image-ibm-edge - 5.4.0.1036.49 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1073.72 linux-headers-raspi-hwe-18.04 - 5.4.0.1073.72 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1073.72 linux-raspi-hwe-18.04 - 5.4.0.1073.72 linux-image-raspi-hwe-18.04-edge - 5.4.0.1073.72 linux-tools-raspi-hwe-18.04 - 5.4.0.1073.72 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1073.72 linux-raspi-hwe-18.04-edge - 5.4.0.1073.72 No subscription required linux-headers-oracle - 5.4.0.1086.95~18.04.62 linux-signed-image-oracle - 5.4.0.1086.95~18.04.62 linux-signed-oracle - 5.4.0.1086.95~18.04.62 linux-tools-oracle-edge - 5.4.0.1086.95~18.04.62 linux-oracle-edge - 5.4.0.1086.95~18.04.62 linux-modules-extra-oracle-edge - 5.4.0.1086.95~18.04.62 linux-image-oracle-edge - 5.4.0.1086.95~18.04.62 linux-modules-extra-oracle - 5.4.0.1086.95~18.04.62 linux-signed-oracle-edge - 5.4.0.1086.95~18.04.62 linux-signed-image-oracle-edge - 5.4.0.1086.95~18.04.62 linux-headers-oracle-edge - 5.4.0.1086.95~18.04.62 linux-image-oracle - 5.4.0.1086.95~18.04.62 linux-tools-oracle - 5.4.0.1086.95~18.04.62 linux-oracle - 5.4.0.1086.95~18.04.62 No subscription required linux-headers-aws - 5.4.0.1088.67 linux-image-aws - 5.4.0.1088.67 linux-modules-extra-aws-edge - 5.4.0.1088.67 linux-tools-aws-edge - 5.4.0.1088.67 linux-image-aws-edge - 5.4.0.1088.67 linux-aws-edge - 5.4.0.1088.67 linux-aws - 5.4.0.1088.67 linux-headers-aws-edge - 5.4.0.1088.67 linux-modules-extra-aws - 5.4.0.1088.67 linux-tools-aws - 5.4.0.1088.67 No subscription required linux-headers-gcp-edge - 5.4.0.1092.70 linux-image-gcp - 5.4.0.1092.70 linux-image-gcp-edge - 5.4.0.1092.70 linux-modules-extra-gcp - 5.4.0.1092.70 linux-tools-gcp - 5.4.0.1092.70 linux-modules-extra-gcp-edge - 5.4.0.1092.70 linux-gcp - 5.4.0.1092.70 linux-tools-gcp-edge - 5.4.0.1092.70 linux-headers-gcp - 5.4.0.1092.70 linux-gcp-edge - 5.4.0.1092.70 No subscription required linux-signed-azure - 5.4.0.1094.70 linux-tools-azure-edge - 5.4.0.1094.70 linux-cloud-tools-azure - 5.4.0.1094.70 linux-tools-azure - 5.4.0.1094.70 linux-image-azure-edge - 5.4.0.1094.70 linux-azure - 5.4.0.1094.70 linux-cloud-tools-azure-edge - 5.4.0.1094.70 linux-modules-extra-azure - 5.4.0.1094.70 linux-image-azure - 5.4.0.1094.70 linux-signed-image-azure-edge - 5.4.0.1094.70 linux-azure-edge - 5.4.0.1094.70 linux-modules-extra-azure-edge - 5.4.0.1094.70 linux-headers-azure-edge - 5.4.0.1094.70 linux-signed-azure-edge - 5.4.0.1094.70 linux-signed-image-azure - 5.4.0.1094.70 linux-headers-azure - 5.4.0.1094.70 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-headers-snapdragon-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-generic-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-snapdragon-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-oem - 5.4.0.131.147~18.04.108 linux-tools-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-lowlatency-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-extra-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-oem-osp1 - 5.4.0.131.147~18.04.108 linux-snapdragon-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-generic-lpae-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-tools-lowlatency-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-generic-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-tools-oem-osp1 - 5.4.0.131.147~18.04.108 linux-tools-snapdragon-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-generic-lpae-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-lowlatency-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-oem - 5.4.0.131.147~18.04.108 linux-tools-generic-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-generic-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-oem - 5.4.0.131.147~18.04.108 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-snapdragon-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-oem-osp1 - 5.4.0.131.147~18.04.108 linux-tools-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-generic-lpae-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-tools-generic-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-generic-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-tools-oem - 5.4.0.131.147~18.04.108 linux-oem-osp1 - 5.4.0.131.147~18.04.108 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-lowlatency-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-lowlatency-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-generic-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.131.147~18.04.108 linux-image-generic-hwe-18.04-edge - 5.4.0.131.147~18.04.108 linux-image-virtual-hwe-18.04-edge - 5.4.0.131.147~18.04.108 No subscription required High CVE-2022-2602 CVE-2022-41674 CVE-2022-42720 CVE-2022-42721 Ubuntu 18.04 LTS It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. (CVE-2022-3140) Thomas Florian discovered that LibreOffice incorrectly handled crashes when an encrypted document is open. If the document is recovered upon restarting LibreOffice, subsequent saves of the document were unencrypted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12801) Jens Müller discovered that LibreOffice incorrectly handled certain documents containing forms. If a user were tricked into opening a specially crafted document, a remote attacker could overwrite arbitrary files when the form was submitted. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-12803) It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-26305) It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for storing passwords for web connections. A local attacker could possibly use this issue to obtain access to passwords stored in the user’s configuration data. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-26306, CVE-2022-26307) Update Instructions: Run `sudo pro fix USN-5694-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.12 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.12 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.12 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.12 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.12 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.12 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.12 python3-uno - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.12 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.12 libreoffice - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.12 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.12 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.12 No subscription required ure - 6.0.7-0ubuntu0.18.04.12 uno-libs3 - 6.0.7-0ubuntu0.18.04.12 No subscription required Medium CVE-2020-12801 CVE-2020-12803 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307 CVE-2022-3140 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-40.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-31.html https://www.oracle.com/security-alerts/cpuoct2022.html Update Instructions: Run `sudo pro fix USN-5696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.40-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.40-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.40-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.40-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.40-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.40-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.40-0ubuntu0.18.04.1 mysql-server - 5.7.40-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.40-0ubuntu0.18.04.1 mysql-testsuite - 5.7.40-0ubuntu0.18.04.1 libmysqld-dev - 5.7.40-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.40-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21589 CVE-2022-21592 CVE-2022-21594 CVE-2022-21599 CVE-2022-21604 CVE-2022-21608 CVE-2022-21611 CVE-2022-21617 CVE-2022-21625 CVE-2022-21632 CVE-2022-21633 CVE-2022-21637 CVE-2022-21640 CVE-2022-39400 CVE-2022-39408 CVE-2022-39410 Ubuntu 18.04 LTS Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy. Update Instructions: Run `sudo pro fix USN-5697-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-barbican - 1:6.0.1-0ubuntu1.2 barbican-api - 1:6.0.1-0ubuntu1.2 barbican-worker - 1:6.0.1-0ubuntu1.2 barbican-keystone-listener - 1:6.0.1-0ubuntu1.2 barbican-common - 1:6.0.1-0ubuntu1.2 barbican-doc - 1:6.0.1-0ubuntu1.2 No subscription required Medium CVE-2022-3100 Ubuntu 18.04 LTS It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.8-0ubuntu0.18.04.3 openvswitch-switch - 2.9.8-0ubuntu0.18.04.3 openvswitch-pki - 2.9.8-0ubuntu0.18.04.3 openvswitch-common - 2.9.8-0ubuntu0.18.04.3 ovn-docker - 2.9.8-0ubuntu0.18.04.3 openvswitch-testcontroller - 2.9.8-0ubuntu0.18.04.3 openvswitch-vtep - 2.9.8-0ubuntu0.18.04.3 python-openvswitch - 2.9.8-0ubuntu0.18.04.3 python3-openvswitch - 2.9.8-0ubuntu0.18.04.3 ovn-host - 2.9.8-0ubuntu0.18.04.3 ovn-common - 2.9.8-0ubuntu0.18.04.3 ovn-central - 2.9.8-0ubuntu0.18.04.3 ovn-controller-vtep - 2.9.8-0ubuntu0.18.04.3 openvswitch-switch-dpdk - 2.9.8-0ubuntu0.18.04.3 openvswitch-test - 2.9.8-0ubuntu0.18.04.3 No subscription required Medium CVE-2022-32166 Ubuntu 18.04 LTS Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260) It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915) Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916) Update Instructions: Run `sudo pro fix USN-5702-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.21 libcurl4-openssl-dev - 7.58.0-2ubuntu3.21 libcurl3-gnutls - 7.58.0-2ubuntu3.21 libcurl4-doc - 7.58.0-2ubuntu3.21 libcurl3-nss - 7.58.0-2ubuntu3.21 libcurl4-nss-dev - 7.58.0-2ubuntu3.21 libcurl4 - 7.58.0-2ubuntu3.21 curl - 7.58.0-2ubuntu3.21 No subscription required Medium CVE-2022-32221 CVE-2022-35260 CVE-2022-42915 CVE-2022-42916 Ubuntu 18.04 LTS It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42010) It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42011) It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. (CVE-2022-42012) Update Instructions: Run `sudo pro fix USN-5704-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dbus-1-doc - 1.12.2-1ubuntu1.4 dbus - 1.12.2-1ubuntu1.4 libdbus-1-dev - 1.12.2-1ubuntu1.4 dbus-user-session - 1.12.2-1ubuntu1.4 dbus-x11 - 1.12.2-1ubuntu1.4 dbus-tests - 1.12.2-1ubuntu1.4 libdbus-1-3 - 1.12.2-1ubuntu1.4 No subscription required Medium CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932) It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information. (CVE-2022-42931) Update Instructions: Run `sudo pro fix USN-5709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 106.0.2+build1-0ubuntu0.18.04.1 firefox - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 106.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 106.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 106.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 106.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 106.0.2+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42930 CVE-2022-42931 CVE-2022-42932 Ubuntu 18.04 LTS USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932) It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information. (CVE-2022-42931) Update Instructions: Run `sudo pro fix USN-5709-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-nn - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ne - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-nb - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-fa - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-fi - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-fr - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-fy - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-or - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-kab - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-oc - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-cs - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ga - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-gd - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-gn - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-gl - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-gu - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-pa - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-pl - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-cy - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-pt - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-szl - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-hi - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ms - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-he - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-hy - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-hr - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-hu - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-as - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ar - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ia - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-az - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-id - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-mai - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-af - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-is - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-vi - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-an - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-bs - 106.0.5+build1-0ubuntu0.18.04.1 firefox - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ro - 106.0.5+build1-0ubuntu0.18.04.1 firefox-geckodriver - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ja - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ru - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-br - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-bn - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-be - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-bg - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sl - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sk - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-si - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sw - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sv - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sr - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-sq - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ko - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-kn - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-km - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-kk - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ka - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-xh - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ca - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ku - 106.0.5+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-lv - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-lt - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-th - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 106.0.5+build1-0ubuntu0.18.04.1 firefox-dev - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-te - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-cak - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ta - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-lg - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-csb - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-tr - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-nso - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-de - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-da - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-uk - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-mr - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-my - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-uz - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ml - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-mn - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-mk - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ur - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-eu - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-et - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-es - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-it - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-el - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-eo - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-en - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-zu - 106.0.5+build1-0ubuntu0.18.04.1 firefox-locale-ast - 106.0.5+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1996178 Ubuntu 18.04 LTS Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges. Update Instructions: Run `sudo pro fix USN-5711-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ntfs-3g - 1:2017.3.23-2ubuntu0.18.04.5 libntfs-3g88 - 1:2017.3.23-2ubuntu0.18.04.5 ntfs-3g-dev - 1:2017.3.23-2ubuntu0.18.04.5 No subscription required Medium CVE-2022-40284 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2867, CVE-2022-2868, CVE-2022-2869) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffsplit. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-34526) Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3570) It was discovered that LibTIFF incorrectly handled memory in certain conditions when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service. This issue only affected to Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3598) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. (CVE-2022-3599) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 22.10. (CVE-2022-3597, CVE-2022-3626, CVE-2022-3627) Update Instructions: Run `sudo pro fix USN-5714-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.8 libtiffxx5 - 4.0.9-5ubuntu0.8 libtiff5-dev - 4.0.9-5ubuntu0.8 libtiff-dev - 4.0.9-5ubuntu0.8 libtiff5 - 4.0.9-5ubuntu0.8 libtiff-tools - 4.0.9-5ubuntu0.8 libtiff-doc - 4.0.9-5ubuntu0.8 No subscription required Medium CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-34526 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 Ubuntu 18.04 LTS It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-doc - 0.18.8-1ubuntu0.4 libraw-bin - 0.18.8-1ubuntu0.4 libraw16 - 0.18.8-1ubuntu0.4 libraw-dev - 0.18.8-1ubuntu0.4 No subscription required Medium CVE-2020-15503 CVE-2020-35530 CVE-2020-35531 CVE-2020-35532 CVE-2020-35533 Ubuntu 18.04 LTS It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.22.0-1ubuntu0.7 sqlite3-doc - 3.22.0-1ubuntu0.7 libsqlite3-0 - 3.22.0-1ubuntu0.7 libsqlite3-tcl - 3.22.0-1ubuntu0.7 sqlite3 - 3.22.0-1ubuntu0.7 libsqlite3-dev - 3.22.0-1ubuntu0.7 No subscription required Medium CVE-2022-35737 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data (CVE-2022-31629) It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-31630) Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-37454) Update Instructions: Run `sudo pro fix USN-5717-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.15 php7.2-enchant - 7.2.24-0ubuntu0.18.04.15 php7.2-ldap - 7.2.24-0ubuntu0.18.04.15 php7.2-fpm - 7.2.24-0ubuntu0.18.04.15 php7.2-recode - 7.2.24-0ubuntu0.18.04.15 php7.2-cli - 7.2.24-0ubuntu0.18.04.15 php7.2-json - 7.2.24-0ubuntu0.18.04.15 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.15 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.15 php7.2 - 7.2.24-0ubuntu0.18.04.15 php7.2-pspell - 7.2.24-0ubuntu0.18.04.15 php7.2-dev - 7.2.24-0ubuntu0.18.04.15 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.15 php7.2-gmp - 7.2.24-0ubuntu0.18.04.15 php7.2-opcache - 7.2.24-0ubuntu0.18.04.15 php7.2-gd - 7.2.24-0ubuntu0.18.04.15 php7.2-soap - 7.2.24-0ubuntu0.18.04.15 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.15 php7.2-intl - 7.2.24-0ubuntu0.18.04.15 php7.2-cgi - 7.2.24-0ubuntu0.18.04.15 php7.2-odbc - 7.2.24-0ubuntu0.18.04.15 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.15 php7.2-tidy - 7.2.24-0ubuntu0.18.04.15 php7.2-imap - 7.2.24-0ubuntu0.18.04.15 php7.2-readline - 7.2.24-0ubuntu0.18.04.15 php7.2-mysql - 7.2.24-0ubuntu0.18.04.15 php7.2-dba - 7.2.24-0ubuntu0.18.04.15 php7.2-xml - 7.2.24-0ubuntu0.18.04.15 php7.2-interbase - 7.2.24-0ubuntu0.18.04.15 php7.2-xsl - 7.2.24-0ubuntu0.18.04.15 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.15 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.15 php7.2-sybase - 7.2.24-0ubuntu0.18.04.15 php7.2-curl - 7.2.24-0ubuntu0.18.04.15 php7.2-common - 7.2.24-0ubuntu0.18.04.15 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.15 php7.2-snmp - 7.2.24-0ubuntu0.18.04.15 php7.2-zip - 7.2.24-0ubuntu0.18.04.15 No subscription required Medium CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 Ubuntu 18.04 LTS Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5718-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpixman-1-0 - 0.34.0-2ubuntu0.1 libpixman-1-dev - 0.34.0-2ubuntu0.1 No subscription required Medium CVE-2022-44638 Ubuntu 18.04 LTS It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. (CVE-2022-21619) It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. (CVE-2022-21624) It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628) It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626) It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-39399) It was discovered that OpenJDK incorrectly handled byte conversions. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19. (CVE-2022-21618) Update Instructions: Run `sudo pro fix USN-5719-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.17+8-1ubuntu2~18.04 openjdk-11-jdk - 11.0.17+8-1ubuntu2~18.04 openjdk-11-source - 11.0.17+8-1ubuntu2~18.04 openjdk-11-jdk-headless - 11.0.17+8-1ubuntu2~18.04 openjdk-11-demo - 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-zero - 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre-headless - 11.0.17+8-1ubuntu2~18.04 openjdk-11-jre - 11.0.17+8-1ubuntu2~18.04 No subscription required openjdk-17-jdk-headless - 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-headless - 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre - 17.0.5+8-2ubuntu1~18.04 openjdk-17-jdk - 17.0.5+8-2ubuntu1~18.04 openjdk-17-jre-zero - 17.0.5+8-2ubuntu1~18.04 openjdk-17-source - 17.0.5+8-2ubuntu1~18.04 openjdk-17-demo - 17.0.5+8-2ubuntu1~18.04 openjdk-17-doc - 17.0.5+8-2ubuntu1~18.04 No subscription required openjdk-8-doc - 8u352-ga-1~18.04 openjdk-8-jre-headless - 8u352-ga-1~18.04 openjdk-8-jre - 8u352-ga-1~18.04 openjdk-8-demo - 8u352-ga-1~18.04 openjdk-8-jre-zero - 8u352-ga-1~18.04 openjdk-8-jdk - 8u352-ga-1~18.04 openjdk-8-source - 8u352-ga-1~18.04 openjdk-8-jdk-headless - 8u352-ga-1~18.04 No subscription required Medium CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2022-21618 Ubuntu 18.04 LTS It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2022-41741, CVE-2022-41742) Update Instructions: Run `sudo pro fix USN-5722-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-stream - 1.14.0-0ubuntu1.11 libnginx-mod-http-subs-filter - 1.14.0-0ubuntu1.11 nginx-doc - 1.14.0-0ubuntu1.11 libnginx-mod-mail - 1.14.0-0ubuntu1.11 libnginx-mod-http-image-filter - 1.14.0-0ubuntu1.11 libnginx-mod-http-echo - 1.14.0-0ubuntu1.11 libnginx-mod-nchan - 1.14.0-0ubuntu1.11 nginx-common - 1.14.0-0ubuntu1.11 libnginx-mod-http-fancyindex - 1.14.0-0ubuntu1.11 libnginx-mod-http-auth-pam - 1.14.0-0ubuntu1.11 nginx-light - 1.14.0-0ubuntu1.11 libnginx-mod-http-headers-more-filter - 1.14.0-0ubuntu1.11 nginx-extras - 1.14.0-0ubuntu1.11 libnginx-mod-http-upstream-fair - 1.14.0-0ubuntu1.11 libnginx-mod-http-xslt-filter - 1.14.0-0ubuntu1.11 libnginx-mod-http-lua - 1.14.0-0ubuntu1.11 libnginx-mod-http-perl - 1.14.0-0ubuntu1.11 nginx-core - 1.14.0-0ubuntu1.11 libnginx-mod-http-geoip - 1.14.0-0ubuntu1.11 libnginx-mod-http-dav-ext - 1.14.0-0ubuntu1.11 nginx - 1.14.0-0ubuntu1.11 libnginx-mod-http-ndk - 1.14.0-0ubuntu1.11 libnginx-mod-http-uploadprogress - 1.14.0-0ubuntu1.11 libnginx-mod-http-cache-purge - 1.14.0-0ubuntu1.11 nginx-full - 1.14.0-0ubuntu1.11 libnginx-mod-rtmp - 1.14.0-0ubuntu1.11 No subscription required Medium CVE-2022-41741 CVE-2022-41742 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy (CSP) or other security restrictions, or execute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3266, CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962) Multiple security issues were discovered in the Matrix SDK bundled with Thunderbird. An attacker could potentially exploit these in order to impersonate another user. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022-39251) Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932) Update Instructions: Run `sudo pro fix USN-5724-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.4.2+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.4.2+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.4.2+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.4.2+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.4.2+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 Ubuntu 18.04 LTS Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5725-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.13-doc - 1.13.8-1ubuntu1~18.04.4 golang-1.13-src - 1.13.8-1ubuntu1~18.04.4 golang-1.13 - 1.13.8-1ubuntu1~18.04.4 golang-1.13-go - 1.13.8-1ubuntu1~18.04.4 No subscription required Low CVE-2020-16845 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419, CVE-2022-45420, CVE-2022-45421) Armin Ebert discovered that Firefox did not properly manage while resolving file symlink. If a user were tricked into opening a specially crafted weblink, an attacker could potentially exploit these to cause a denial of service. (CVE-2022-45412) Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did not properly sanitize the HTML download file extension under certain circumstances. If a user were tricked into downloading and executing malicious content, a remote attacker could execute arbitrary code with the privileges of the user invoking the programs. (CVE-2022-45415) Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefox incorrectly handled keyboard events. An attacker could possibly use this issue to perform a timing side-channel attack and possibly figure out which keys are being pressed. (CVE-2022-45416) Kagami discovered that Firefox did not detect Private Browsing Mode correctly. An attacker could possibly use this issue to obtain sensitive information about Private Browsing Mode. (CVE-2022-45417) Update Instructions: Run `sudo pro fix USN-5726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 107.0+build2-0ubuntu0.18.04.1 firefox - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 107.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 107.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 107.0+build2-0ubuntu0.18.04.1 firefox-dev - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 107.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 107.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45407 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45413 CVE-2022-40674 CVE-2022-45415 CVE-2022-45416 CVE-2022-45417 CVE-2022-45418 CVE-2022-45419 CVE-2022-45420 CVE-2022-45421 Ubuntu 18.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5727-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1055-dell300x - 4.15.0-1055.60 linux-dell300x-headers-4.15.0-1055 - 4.15.0-1055.60 linux-tools-4.15.0-1055-dell300x - 4.15.0-1055.60 linux-buildinfo-4.15.0-1055-dell300x - 4.15.0-1055.60 linux-dell300x-tools-4.15.0-1055 - 4.15.0-1055.60 linux-image-4.15.0-1055-dell300x - 4.15.0-1055.60 linux-headers-4.15.0-1055-dell300x - 4.15.0-1055.60 linux-image-unsigned-4.15.0-1055-dell300x - 4.15.0-1055.60 No subscription required linux-image-unsigned-4.15.0-1108-oracle - 4.15.0-1108.119 linux-oracle-headers-4.15.0-1108 - 4.15.0-1108.119 linux-buildinfo-4.15.0-1108-oracle - 4.15.0-1108.119 linux-headers-4.15.0-1108-oracle - 4.15.0-1108.119 linux-tools-4.15.0-1108-oracle - 4.15.0-1108.119 linux-modules-4.15.0-1108-oracle - 4.15.0-1108.119 linux-modules-extra-4.15.0-1108-oracle - 4.15.0-1108.119 linux-oracle-tools-4.15.0-1108 - 4.15.0-1108.119 linux-image-4.15.0-1108-oracle - 4.15.0-1108.119 No subscription required linux-modules-4.15.0-1121-raspi2 - 4.15.0-1121.129 linux-headers-4.15.0-1121-raspi2 - 4.15.0-1121.129 linux-image-4.15.0-1121-raspi2 - 4.15.0-1121.129 linux-tools-4.15.0-1121-raspi2 - 4.15.0-1121.129 linux-buildinfo-4.15.0-1121-raspi2 - 4.15.0-1121.129 linux-raspi2-headers-4.15.0-1121 - 4.15.0-1121.129 linux-raspi2-tools-4.15.0-1121 - 4.15.0-1121.129 No subscription required linux-buildinfo-4.15.0-1129-kvm - 4.15.0-1129.134 linux-headers-4.15.0-1129-kvm - 4.15.0-1129.134 linux-image-4.15.0-1129-kvm - 4.15.0-1129.134 linux-kvm-headers-4.15.0-1129 - 4.15.0-1129.134 linux-tools-4.15.0-1129-kvm - 4.15.0-1129.134 linux-modules-4.15.0-1129-kvm - 4.15.0-1129.134 linux-kvm-tools-4.15.0-1129 - 4.15.0-1129.134 No subscription required linux-modules-4.15.0-1139-snapdragon - 4.15.0-1139.149 linux-snapdragon-headers-4.15.0-1139 - 4.15.0-1139.149 linux-image-4.15.0-1139-snapdragon - 4.15.0-1139.149 linux-tools-4.15.0-1139-snapdragon - 4.15.0-1139.149 linux-headers-4.15.0-1139-snapdragon - 4.15.0-1139.149 linux-snapdragon-tools-4.15.0-1139 - 4.15.0-1139.149 linux-buildinfo-4.15.0-1139-snapdragon - 4.15.0-1139.149 No subscription required linux-buildinfo-4.15.0-1143-aws - 4.15.0-1143.155 linux-tools-4.15.0-1143-aws - 4.15.0-1143.155 linux-aws-cloud-tools-4.15.0-1143 - 4.15.0-1143.155 linux-modules-extra-4.15.0-1143-aws - 4.15.0-1143.155 linux-image-4.15.0-1143-aws - 4.15.0-1143.155 linux-aws-headers-4.15.0-1143 - 4.15.0-1143.155 linux-modules-4.15.0-1143-aws - 4.15.0-1143.155 linux-headers-4.15.0-1143-aws - 4.15.0-1143.155 linux-aws-tools-4.15.0-1143 - 4.15.0-1143.155 linux-image-unsigned-4.15.0-1143-aws - 4.15.0-1143.155 linux-cloud-tools-4.15.0-1143-aws - 4.15.0-1143.155 No subscription required linux-tools-4.15.0-197-generic - 4.15.0-197.208 linux-tools-common - 4.15.0-197.208 linux-headers-4.15.0-197-generic-lpae - 4.15.0-197.208 linux-image-4.15.0-197-generic - 4.15.0-197.208 linux-tools-host - 4.15.0-197.208 linux-image-4.15.0-197-lowlatency - 4.15.0-197.208 linux-buildinfo-4.15.0-197-generic - 4.15.0-197.208 linux-doc - 4.15.0-197.208 linux-modules-4.15.0-197-generic-lpae - 4.15.0-197.208 linux-tools-4.15.0-197-generic-lpae - 4.15.0-197.208 linux-buildinfo-4.15.0-197-lowlatency - 4.15.0-197.208 linux-tools-4.15.0-197-lowlatency - 4.15.0-197.208 linux-libc-dev - 4.15.0-197.208 linux-tools-4.15.0-197 - 4.15.0-197.208 linux-image-unsigned-4.15.0-197-lowlatency - 4.15.0-197.208 linux-image-unsigned-4.15.0-197-generic - 4.15.0-197.208 linux-cloud-tools-4.15.0-197 - 4.15.0-197.208 linux-image-4.15.0-197-generic-lpae - 4.15.0-197.208 linux-buildinfo-4.15.0-197-generic-lpae - 4.15.0-197.208 linux-modules-extra-4.15.0-197-generic - 4.15.0-197.208 linux-cloud-tools-4.15.0-197-lowlatency - 4.15.0-197.208 linux-headers-4.15.0-197-lowlatency - 4.15.0-197.208 linux-cloud-tools-common - 4.15.0-197.208 linux-modules-4.15.0-197-generic - 4.15.0-197.208 linux-headers-4.15.0-197-generic - 4.15.0-197.208 linux-headers-4.15.0-197 - 4.15.0-197.208 linux-modules-4.15.0-197-lowlatency - 4.15.0-197.208 linux-cloud-tools-4.15.0-197-generic - 4.15.0-197.208 linux-source-4.15.0 - 4.15.0-197.208 No subscription required linux-tools-dell300x - 4.15.0.1055.55 linux-headers-dell300x - 4.15.0.1055.55 linux-image-dell300x - 4.15.0.1055.55 linux-dell300x - 4.15.0.1055.55 No subscription required linux-oracle-lts-18.04 - 4.15.0.1108.115 linux-image-oracle-lts-18.04 - 4.15.0.1108.115 linux-tools-oracle-lts-18.04 - 4.15.0.1108.115 linux-signed-oracle-lts-18.04 - 4.15.0.1108.115 linux-headers-oracle-lts-18.04 - 4.15.0.1108.115 linux-signed-image-oracle-lts-18.04 - 4.15.0.1108.115 No subscription required linux-raspi2 - 4.15.0.1121.118 linux-headers-raspi2 - 4.15.0.1121.118 linux-image-raspi2 - 4.15.0.1121.118 linux-tools-raspi2 - 4.15.0.1121.118 No subscription required linux-headers-kvm - 4.15.0.1129.122 linux-kvm - 4.15.0.1129.122 linux-tools-kvm - 4.15.0.1129.122 linux-image-kvm - 4.15.0.1129.122 No subscription required linux-snapdragon - 4.15.0.1139.140 linux-headers-snapdragon - 4.15.0.1139.140 linux-tools-snapdragon - 4.15.0.1139.140 linux-image-snapdragon - 4.15.0.1139.140 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1143.143 linux-headers-aws-lts-18.04 - 4.15.0.1143.143 linux-aws-lts-18.04 - 4.15.0.1143.143 linux-modules-extra-aws-lts-18.04 - 4.15.0.1143.143 linux-tools-aws-lts-18.04 - 4.15.0.1143.143 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-cloud-tools-virtual - 4.15.0.197.182 linux-headers-generic-lpae - 4.15.0.197.182 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-image-extra-virtual-hwe-16.04 - 4.15.0.197.182 linux-image-virtual - 4.15.0.197.182 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.197.182 linux-image-generic - 4.15.0.197.182 linux-tools-lowlatency - 4.15.0.197.182 linux-tools-generic-hwe-16.04-edge - 4.15.0.197.182 linux-headers-generic-hwe-16.04-edge - 4.15.0.197.182 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.197.182 linux-generic-lpae-hwe-16.04 - 4.15.0.197.182 linux-signed-generic-hwe-16.04-edge - 4.15.0.197.182 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-image-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-generic-lpae-hwe-16.04-edge - 4.15.0.197.182 linux-signed-image-lowlatency - 4.15.0.197.182 linux-signed-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-crashdump - 4.15.0.197.182 linux-signed-image-generic - 4.15.0.197.182 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-lowlatency - 4.15.0.197.182 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.197.182 linux-source - 4.15.0.197.182 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.197.182 linux-tools-generic-lpae - 4.15.0.197.182 linux-cloud-tools-generic - 4.15.0.197.182 linux-generic-hwe-16.04-edge - 4.15.0.197.182 linux-headers-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-tools-virtual-hwe-16.04 - 4.15.0.197.182 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.197.182 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-tools-generic-hwe-16.04 - 4.15.0.197.182 linux-tools-virtual - 4.15.0.197.182 linux-generic-lpae - 4.15.0.197.182 linux-generic - 4.15.0.197.182 linux-virtual - 4.15.0.197.182 linux-signed-image-generic-hwe-16.04 - 4.15.0.197.182 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.197.182 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-headers-lowlatency - 4.15.0.197.182 linux-headers-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-headers-generic-hwe-16.04 - 4.15.0.197.182 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-generic-hwe-16.04 - 4.15.0.197.182 linux-tools-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.197.182 linux-tools-generic - 4.15.0.197.182 linux-image-extra-virtual - 4.15.0.197.182 linux-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-cloud-tools-lowlatency - 4.15.0.197.182 linux-virtual-hwe-16.04 - 4.15.0.197.182 linux-image-generic-hwe-16.04 - 4.15.0.197.182 linux-image-generic-hwe-16.04-edge - 4.15.0.197.182 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-image-generic-lpae-hwe-16.04 - 4.15.0.197.182 linux-virtual-hwe-16.04-edge - 4.15.0.197.182 linux-tools-lowlatency-hwe-16.04 - 4.15.0.197.182 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.197.182 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.197.182 linux-headers-generic - 4.15.0.197.182 linux-headers-virtual-hwe-16.04 - 4.15.0.197.182 linux-image-virtual-hwe-16.04 - 4.15.0.197.182 linux-headers-virtual - 4.15.0.197.182 linux-signed-generic-hwe-16.04 - 4.15.0.197.182 linux-image-generic-lpae - 4.15.0.197.182 linux-signed-generic - 4.15.0.197.182 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.197.182 linux-signed-lowlatency - 4.15.0.197.182 linux-image-lowlatency - 4.15.0.197.182 No subscription required Medium CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 Ubuntu 18.04 LTS It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5727-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1138-gcp - 4.15.0-1138.154 linux-modules-extra-4.15.0-1138-gcp - 4.15.0-1138.154 linux-modules-4.15.0-1138-gcp - 4.15.0-1138.154 linux-gcp-4.15-tools-4.15.0-1138 - 4.15.0-1138.154 linux-image-4.15.0-1138-gcp - 4.15.0-1138.154 linux-headers-4.15.0-1138-gcp - 4.15.0-1138.154 linux-tools-4.15.0-1138-gcp - 4.15.0-1138.154 linux-gcp-4.15-headers-4.15.0-1138 - 4.15.0-1138.154 linux-buildinfo-4.15.0-1138-gcp - 4.15.0-1138.154 No subscription required linux-gcp-lts-18.04 - 4.15.0.1138.154 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1138.154 linux-tools-gcp-lts-18.04 - 4.15.0.1138.154 linux-headers-gcp-lts-18.04 - 4.15.0.1138.154 linux-image-gcp-lts-18.04 - 4.15.0.1138.154 No subscription required Medium CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41222) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Netlink device interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3625) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719) Update Instructions: Run `sudo pro fix USN-5728-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-ibm-5.4-headers-5.4.0-1037 - 5.4.0-1037.42~18.04.1 linux-image-unsigned-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-modules-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-tools-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-headers-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-buildinfo-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-modules-extra-5.4.0-1037-ibm - 5.4.0-1037.42~18.04.1 linux-ibm-5.4-tools-5.4.0-1037 - 5.4.0-1037.42~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1037.42~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1037.42~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1037.42~18.04.1 No subscription required linux-headers-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-modules-extra-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-image-unsigned-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-image-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-modules-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-buildinfo-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-oracle-5.4-tools-5.4.0-1087 - 5.4.0-1087.96~18.04.1 linux-tools-5.4.0-1087-oracle - 5.4.0-1087.96~18.04.1 linux-oracle-5.4-headers-5.4.0-1087 - 5.4.0-1087.96~18.04.1 No subscription required linux-buildinfo-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1089 - 5.4.0-1089.97~18.04.1 linux-cloud-tools-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-modules-extra-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-aws-5.4-tools-5.4.0-1089 - 5.4.0-1089.97~18.04.1 linux-headers-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-modules-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-image-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-aws-5.4-headers-5.4.0-1089 - 5.4.0-1089.97~18.04.1 linux-image-unsigned-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 linux-tools-5.4.0-1089-aws - 5.4.0-1089.97~18.04.1 No subscription required linux-image-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-tools-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-modules-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-modules-extra-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-image-unsigned-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1095 - 5.4.0-1095.101~18.04.1 linux-azure-5.4-tools-5.4.0-1095 - 5.4.0-1095.101~18.04.1 linux-azure-5.4-headers-5.4.0-1095 - 5.4.0-1095.101~18.04.1 linux-headers-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-buildinfo-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 linux-cloud-tools-5.4.0-1095-azure - 5.4.0-1095.101~18.04.1 No subscription required linux-cloud-tools-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-132.148~18.04.1 linux-headers-5.4.0-132-generic-lpae - 5.4.0-132.148~18.04.1 linux-modules-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-buildinfo-5.4.0-132-generic-lpae - 5.4.0-132.148~18.04.1 linux-buildinfo-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-modules-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-headers-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-headers-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-image-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-hwe-5.4-tools-5.4.0-132 - 5.4.0-132.148~18.04.1 linux-tools-5.4.0-132-generic-lpae - 5.4.0-132.148~18.04.1 linux-cloud-tools-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-132 - 5.4.0-132.148~18.04.1 linux-image-unsigned-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-image-5.4.0-132-generic-lpae - 5.4.0-132.148~18.04.1 linux-hwe-5.4-headers-5.4.0-132 - 5.4.0-132.148~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-132.148~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-132.148~18.04.1 linux-tools-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-modules-extra-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-tools-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-image-unsigned-5.4.0-132-generic - 5.4.0-132.148~18.04.1 linux-modules-5.4.0-132-generic-lpae - 5.4.0-132.148~18.04.1 linux-image-5.4.0-132-lowlatency - 5.4.0-132.148~18.04.1 linux-buildinfo-5.4.0-132-generic - 5.4.0-132.148~18.04.1 No subscription required linux-image-ibm - 5.4.0.1037.50 linux-headers-ibm-edge - 5.4.0.1037.50 linux-modules-extra-ibm - 5.4.0.1037.50 linux-modules-extra-ibm-edge - 5.4.0.1037.50 linux-tools-ibm-edge - 5.4.0.1037.50 linux-ibm - 5.4.0.1037.50 linux-ibm-edge - 5.4.0.1037.50 linux-headers-ibm - 5.4.0.1037.50 linux-tools-ibm - 5.4.0.1037.50 linux-image-ibm-edge - 5.4.0.1037.50 No subscription required linux-headers-oracle - 5.4.0.1087.96~18.04.63 linux-tools-oracle - 5.4.0.1087.96~18.04.63 linux-signed-image-oracle - 5.4.0.1087.96~18.04.63 linux-signed-oracle - 5.4.0.1087.96~18.04.63 linux-tools-oracle-edge - 5.4.0.1087.96~18.04.63 linux-modules-extra-oracle-edge - 5.4.0.1087.96~18.04.63 linux-image-oracle-edge - 5.4.0.1087.96~18.04.63 linux-modules-extra-oracle - 5.4.0.1087.96~18.04.63 linux-signed-oracle-edge - 5.4.0.1087.96~18.04.63 linux-oracle-edge - 5.4.0.1087.96~18.04.63 linux-signed-image-oracle-edge - 5.4.0.1087.96~18.04.63 linux-headers-oracle-edge - 5.4.0.1087.96~18.04.63 linux-image-oracle - 5.4.0.1087.96~18.04.63 linux-oracle - 5.4.0.1087.96~18.04.63 No subscription required linux-headers-aws - 5.4.0.1089.68 linux-image-aws - 5.4.0.1089.68 linux-image-aws-edge - 5.4.0.1089.68 linux-aws-edge - 5.4.0.1089.68 linux-aws - 5.4.0.1089.68 linux-headers-aws-edge - 5.4.0.1089.68 linux-modules-extra-aws - 5.4.0.1089.68 linux-tools-aws - 5.4.0.1089.68 linux-modules-extra-aws-edge - 5.4.0.1089.68 linux-tools-aws-edge - 5.4.0.1089.68 No subscription required linux-signed-azure - 5.4.0.1095.71 linux-cloud-tools-azure - 5.4.0.1095.71 linux-tools-azure - 5.4.0.1095.71 linux-image-azure-edge - 5.4.0.1095.71 linux-cloud-tools-azure-edge - 5.4.0.1095.71 linux-modules-extra-azure - 5.4.0.1095.71 linux-azure - 5.4.0.1095.71 linux-signed-image-azure-edge - 5.4.0.1095.71 linux-image-azure - 5.4.0.1095.71 linux-signed-image-azure - 5.4.0.1095.71 linux-headers-azure-edge - 5.4.0.1095.71 linux-azure-edge - 5.4.0.1095.71 linux-modules-extra-azure-edge - 5.4.0.1095.71 linux-signed-azure-edge - 5.4.0.1095.71 linux-tools-azure-edge - 5.4.0.1095.71 linux-headers-azure - 5.4.0.1095.71 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-headers-snapdragon-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-image-generic-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-snapdragon-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-oem - 5.4.0.132.148~18.04.109 linux-tools-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-lowlatency-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-lowlatency-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-extra-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-image-oem-osp1 - 5.4.0.132.148~18.04.109 linux-headers-oem - 5.4.0.132.148~18.04.109 linux-snapdragon-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-generic-lpae-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-tools-lowlatency-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-generic-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-tools-snapdragon-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-oem-osp1 - 5.4.0.132.148~18.04.109 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-generic-lpae-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-tools-oem-osp1 - 5.4.0.132.148~18.04.109 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-tools-generic-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-generic-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-generic-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-oem - 5.4.0.132.148~18.04.109 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-snapdragon-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-tools-oem - 5.4.0.132.148~18.04.109 linux-tools-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-generic-lpae-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-generic-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-oem-osp1 - 5.4.0.132.148~18.04.109 linux-image-virtual-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-image-lowlatency-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-lowlatency-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-generic-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.132.148~18.04.109 linux-image-virtual-hwe-18.04-edge - 5.4.0.132.148~18.04.109 linux-tools-generic-hwe-18.04 - 5.4.0.132.148~18.04.109 No subscription required High CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-29901 CVE-2022-3028 CVE-2022-3625 CVE-2022-3635 CVE-2022-40768 CVE-2022-41222 CVE-2022-42703 CVE-2022-42719 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41222) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Netlink device interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3625) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719) Update Instructions: Run `sudo pro fix USN-5728-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-5.4.0-1074-raspi - 5.4.0-1074.85~18.04.1 linux-buildinfo-5.4.0-1074-raspi - 5.4.0-1074.85~18.04.1 linux-image-5.4.0-1074-raspi - 5.4.0-1074.85~18.04.1 linux-raspi-5.4-tools-5.4.0-1074 - 5.4.0-1074.85~18.04.1 linux-headers-5.4.0-1074-raspi - 5.4.0-1074.85~18.04.1 linux-modules-5.4.0-1074-raspi - 5.4.0-1074.85~18.04.1 linux-raspi-5.4-headers-5.4.0-1074 - 5.4.0-1074.85~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1074.73 linux-tools-raspi-hwe-18.04 - 5.4.0.1074.73 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1074.73 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1074.73 linux-raspi-hwe-18.04-edge - 5.4.0.1074.73 linux-raspi-hwe-18.04 - 5.4.0.1074.73 linux-headers-raspi-hwe-18.04 - 5.4.0.1074.73 linux-image-raspi-hwe-18.04 - 5.4.0.1074.73 No subscription required High CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-29901 CVE-2022-3028 CVE-2022-3625 CVE-2022-3635 CVE-2022-40768 CVE-2022-41222 CVE-2022-42703 CVE-2022-42719 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41222) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the Netlink device interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3625) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719) Update Instructions: Run `sudo pro fix USN-5728-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-modules-extra-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-modules-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-buildinfo-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-gcp-5.4-headers-5.4.0-1093 - 5.4.0-1093.102~18.04.1 linux-headers-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-image-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-tools-5.4.0-1093-gcp - 5.4.0-1093.102~18.04.1 linux-gcp-5.4-tools-5.4.0-1093 - 5.4.0-1093.102~18.04.1 No subscription required linux-tools-gcp - 5.4.0.1093.71 linux-modules-extra-gcp-edge - 5.4.0.1093.71 linux-tools-gcp-edge - 5.4.0.1093.71 linux-modules-extra-gcp - 5.4.0.1093.71 linux-gcp-edge - 5.4.0.1093.71 linux-headers-gcp-edge - 5.4.0.1093.71 linux-image-gcp - 5.4.0.1093.71 linux-headers-gcp - 5.4.0.1093.71 linux-gcp - 5.4.0.1093.71 linux-image-gcp-edge - 5.4.0.1093.71 No subscription required High CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-29901 CVE-2022-3028 CVE-2022-3625 CVE-2022-3635 CVE-2022-40768 CVE-2022-41222 CVE-2022-42703 CVE-2022-42719 Ubuntu 18.04 LTS It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973) It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. (CVE-2022-41974) Update Instructions: Run `sudo pro fix USN-5731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kpartx-boot - 0.7.4-2ubuntu3.2 multipath-tools-boot - 0.7.4-2ubuntu3.2 kpartx - 0.7.4-2ubuntu3.2 multipath-tools - 0.7.4-2ubuntu3.2 No subscription required Medium CVE-2022-41973 CVE-2022-41974 Ubuntu 18.04 LTS It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-5732-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound2 - 1.6.7-1ubuntu2.6 unbound - 1.6.7-1ubuntu2.6 python3-unbound - 1.6.7-1ubuntu2.6 python-unbound - 1.6.7-1ubuntu2.6 unbound-anchor - 1.6.7-1ubuntu2.6 unbound-host - 1.6.7-1ubuntu2.6 libunbound-dev - 1.6.7-1ubuntu2.6 No subscription required Medium CVE-2022-3204 Ubuntu 18.04 LTS It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2017-6888) It was discovered that FLAC was not properly performing bounds checking operations when decoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499) It was discovered that FLAC was not properly performing bounds checking operations when encoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. (CVE-2021-0561) Update Instructions: Run `sudo pro fix USN-5733-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libflac-doc - 1.3.2-1ubuntu0.1 libflac-dev - 1.3.2-1ubuntu0.1 libflac++-dev - 1.3.2-1ubuntu0.1 flac - 1.3.2-1ubuntu0.1 libflac++6v5 - 1.3.2-1ubuntu0.1 libflac8 - 1.3.2-1ubuntu0.1 No subscription required Low CVE-2017-6888 CVE-2020-0499 CVE-2021-0561 Ubuntu 18.04 LTS It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-39282, CVE-2022-39283) It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320) It was discovered that FreeRDP incorrectly handled certain path checks. A malicious server could use this issue to cause FreeRDP clients to read files outside of the shared directory. (CVE-2022-39347) Update Instructions: Run `sudo pro fix USN-5734-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.4 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.4 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.4 No subscription required Medium CVE-2022-39282 CVE-2022-39283 CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244) It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 22.10. (CVE-2021-20313) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file using the convert command, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-3574) It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 22.10. (CVE-2021-39212) It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219) It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-1114) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10. (CVE-2022-28463) It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547) Update Instructions: Run `sudo pro fix USN-5736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.14 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.14 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.14 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.14 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.14 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.14 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.14 No subscription required Medium CVE-2021-20224 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-3574 CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 Ubuntu 18.04 LTS It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.12 xmir - 2:1.19.6-1ubuntu4.12 xwayland - 2:1.19.6-1ubuntu4.12 xorg-server-source - 2:1.19.6-1ubuntu4.12 xserver-xephyr - 2:1.19.6-1ubuntu4.12 xdmx - 2:1.19.6-1ubuntu4.12 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.12 xserver-xorg-dev - 2:1.19.6-1ubuntu4.12 xvfb - 2:1.19.6-1ubuntu4.12 xnest - 2:1.19.6-1ubuntu4.12 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.12 xserver-common - 2:1.19.6-1ubuntu4.12 xdmx-tools - 2:1.19.6-1ubuntu4.12 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.8 No subscription required Medium CVE-2022-3550 CVE-2022-3551 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5741-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4-dev - 4.90.1-1ubuntu1.10 eximon4 - 4.90.1-1ubuntu1.10 exim4 - 4.90.1-1ubuntu1.10 exim4-base - 4.90.1-1ubuntu1.10 exim4-config - 4.90.1-1ubuntu1.10 exim4-daemon-heavy - 4.90.1-1ubuntu1.10 exim4-daemon-light - 4.90.1-1ubuntu1.10 No subscription required Medium CVE-2022-3559 Ubuntu 18.04 LTS It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5742-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jbigkit-bin - 2.1-3.1ubuntu0.18.04.1 libjbig-dev - 2.1-3.1ubuntu0.18.04.1 libjbig0 - 2.1-3.1ubuntu0.18.04.1 No subscription required Negligible CVE-2017-9937 Ubuntu 18.04 LTS USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update Instructions: Run `sudo pro fix USN-5743-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.9 libtiffxx5 - 4.0.9-5ubuntu0.9 libtiff5-dev - 4.0.9-5ubuntu0.9 libtiff-dev - 4.0.9-5ubuntu0.9 libtiff5 - 4.0.9-5ubuntu0.9 libtiff-tools - 4.0.9-5ubuntu0.9 libtiff-doc - 4.0.9-5ubuntu0.9 No subscription required Medium CVE-2022-3970 Ubuntu 18.04 LTS It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack. Update Instructions: Run `sudo pro fix USN-5744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libice6 - 2:1.0.9-2ubuntu0.18.04.1 libice-doc - 2:1.0.9-2ubuntu0.18.04.1 libice-dev - 2:1.0.9-2ubuntu0.18.04.1 No subscription required Low CVE-2017-2626 Ubuntu 18.04 LTS Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.5-1ubuntu2.4 login - 1:4.5-1ubuntu2.4 uidmap - 1:4.5-1ubuntu2.4 No subscription required Low CVE-2013-4235 Ubuntu 18.04 LTS USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Update Instructions: Run `sudo pro fix USN-5745-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: passwd - 1:4.5-1ubuntu2.5 login - 1:4.5-1ubuntu2.5 uidmap - 1:4.5-1ubuntu2.5 No subscription required None https://launchpad.net/bugs/1998169 Ubuntu 18.04 LTS It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5748-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.6.1-1ubuntu0.2 sysstat - 11.6.1-1ubuntu0.2 No subscription required Medium CVE-2022-39377 Ubuntu 18.04 LTS The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing the private /tmp mount for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.57.5+18.04ubuntu0.1 ubuntu-core-launcher - 2.57.5+18.04ubuntu0.1 snap-confine - 2.57.5+18.04ubuntu0.1 ubuntu-snappy-cli - 2.57.5+18.04ubuntu0.1 golang-github-snapcore-snapd-dev - 2.57.5+18.04ubuntu0.1 snapd-xdg-open - 2.57.5+18.04ubuntu0.1 snapd - 2.57.5+18.04ubuntu0.1 golang-github-ubuntu-core-snappy-dev - 2.57.5+18.04ubuntu0.1 ubuntu-snappy - 2.57.5+18.04ubuntu0.1 No subscription required High CVE-2022-3328 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) Update Instructions: Run `sudo pro fix USN-5756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-modules-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-ibm-5.4-headers-5.4.0-1040 - 5.4.0-1040.45~18.04.2 linux-headers-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-ibm-5.4-tools-5.4.0-1040 - 5.4.0-1040.45~18.04.2 linux-image-unsigned-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-tools-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-buildinfo-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 linux-ibm-5.4-source-5.4.0 - 5.4.0-1040.45~18.04.2 linux-ibm-5.4-cloud-tools-common - 5.4.0-1040.45~18.04.2 linux-ibm-5.4-tools-common - 5.4.0-1040.45~18.04.2 linux-modules-extra-5.4.0-1040-ibm - 5.4.0-1040.45~18.04.2 No subscription required linux-headers-5.4.0-1077-raspi - 5.4.0-1077.88~18.04.2 linux-buildinfo-5.4.0-1077-raspi - 5.4.0-1077.88~18.04.2 linux-tools-5.4.0-1077-raspi - 5.4.0-1077.88~18.04.2 linux-modules-5.4.0-1077-raspi - 5.4.0-1077.88~18.04.2 linux-raspi-5.4-headers-5.4.0-1077 - 5.4.0-1077.88~18.04.2 linux-raspi-5.4-tools-5.4.0-1077 - 5.4.0-1077.88~18.04.2 linux-image-5.4.0-1077-raspi - 5.4.0-1077.88~18.04.2 No subscription required linux-oracle-5.4-headers-5.4.0-1090 - 5.4.0-1090.99~18.04.2 linux-modules-extra-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-buildinfo-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-headers-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-image-unsigned-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-modules-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-tools-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 linux-oracle-5.4-tools-5.4.0-1090 - 5.4.0-1090.99~18.04.2 linux-image-5.4.0-1090-oracle - 5.4.0-1090.99~18.04.2 No subscription required linux-headers-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-cloud-tools-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-aws-5.4-cloud-tools-5.4.0-1092 - 5.4.0-1092.100~18.04.2 linux-aws-5.4-tools-5.4.0-1092 - 5.4.0-1092.100~18.04.2 linux-image-unsigned-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-aws-5.4-headers-5.4.0-1092 - 5.4.0-1092.100~18.04.2 linux-image-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-buildinfo-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-tools-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-modules-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 linux-modules-extra-5.4.0-1092-aws - 5.4.0-1092.100~18.04.2 No subscription required linux-modules-extra-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-image-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-modules-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-buildinfo-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-image-unsigned-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-gcp-5.4-headers-5.4.0-1096 - 5.4.0-1096.105~18.04.2 linux-headers-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-tools-5.4.0-1096-gcp - 5.4.0-1096.105~18.04.2 linux-gcp-5.4-tools-5.4.0-1096 - 5.4.0-1096.105~18.04.2 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-135.152~18.04.2 linux-headers-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-image-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-cloud-tools-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-image-unsigned-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-modules-extra-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-tools-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-image-5.4.0-135-generic-lpae - 5.4.0-135.152~18.04.2 linux-image-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-modules-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-tools-5.4.0-135-generic-lpae - 5.4.0-135.152~18.04.2 linux-headers-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-image-unsigned-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-modules-5.4.0-135-generic-lpae - 5.4.0-135.152~18.04.2 linux-buildinfo-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-hwe-5.4-tools-common - 5.4.0-135.152~18.04.2 linux-hwe-5.4-headers-5.4.0-135 - 5.4.0-135.152~18.04.2 linux-headers-5.4.0-135-generic-lpae - 5.4.0-135.152~18.04.2 linux-tools-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-hwe-5.4-cloud-tools-5.4.0-135 - 5.4.0-135.152~18.04.2 linux-hwe-5.4-source-5.4.0 - 5.4.0-135.152~18.04.2 linux-buildinfo-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-modules-5.4.0-135-generic - 5.4.0-135.152~18.04.2 linux-cloud-tools-5.4.0-135-lowlatency - 5.4.0-135.152~18.04.2 linux-buildinfo-5.4.0-135-generic-lpae - 5.4.0-135.152~18.04.2 linux-hwe-5.4-tools-5.4.0-135 - 5.4.0-135.152~18.04.2 No subscription required linux-image-ibm - 5.4.0.1040.51 linux-headers-ibm-edge - 5.4.0.1040.51 linux-modules-extra-ibm-edge - 5.4.0.1040.51 linux-tools-ibm-edge - 5.4.0.1040.51 linux-modules-extra-ibm - 5.4.0.1040.51 linux-ibm - 5.4.0.1040.51 linux-ibm-edge - 5.4.0.1040.51 linux-headers-ibm - 5.4.0.1040.51 linux-tools-ibm - 5.4.0.1040.51 linux-image-ibm-edge - 5.4.0.1040.51 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1077.74 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1077.74 linux-headers-raspi-hwe-18.04 - 5.4.0.1077.74 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1077.74 linux-raspi-hwe-18.04 - 5.4.0.1077.74 linux-tools-raspi-hwe-18.04 - 5.4.0.1077.74 linux-image-raspi-hwe-18.04-edge - 5.4.0.1077.74 linux-raspi-hwe-18.04-edge - 5.4.0.1077.74 No subscription required linux-headers-oracle - 5.4.0.1090.99~18.04.64 linux-tools-oracle - 5.4.0.1090.99~18.04.64 linux-signed-image-oracle - 5.4.0.1090.99~18.04.64 linux-signed-oracle - 5.4.0.1090.99~18.04.64 linux-tools-oracle-edge - 5.4.0.1090.99~18.04.64 linux-oracle-edge - 5.4.0.1090.99~18.04.64 linux-modules-extra-oracle-edge - 5.4.0.1090.99~18.04.64 linux-image-oracle-edge - 5.4.0.1090.99~18.04.64 linux-modules-extra-oracle - 5.4.0.1090.99~18.04.64 linux-signed-oracle-edge - 5.4.0.1090.99~18.04.64 linux-signed-image-oracle-edge - 5.4.0.1090.99~18.04.64 linux-headers-oracle-edge - 5.4.0.1090.99~18.04.64 linux-image-oracle - 5.4.0.1090.99~18.04.64 linux-oracle - 5.4.0.1090.99~18.04.64 No subscription required linux-image-aws - 5.4.0.1092.69 linux-headers-aws - 5.4.0.1092.69 linux-modules-extra-aws-edge - 5.4.0.1092.69 linux-image-aws-edge - 5.4.0.1092.69 linux-aws-edge - 5.4.0.1092.69 linux-aws - 5.4.0.1092.69 linux-headers-aws-edge - 5.4.0.1092.69 linux-modules-extra-aws - 5.4.0.1092.69 linux-tools-aws - 5.4.0.1092.69 linux-tools-aws-edge - 5.4.0.1092.69 No subscription required linux-image-gcp-edge - 5.4.0.1096.72 linux-headers-gcp-edge - 5.4.0.1096.72 linux-modules-extra-gcp - 5.4.0.1096.72 linux-modules-extra-gcp-edge - 5.4.0.1096.72 linux-tools-gcp - 5.4.0.1096.72 linux-gcp - 5.4.0.1096.72 linux-tools-gcp-edge - 5.4.0.1096.72 linux-headers-gcp - 5.4.0.1096.72 linux-image-gcp - 5.4.0.1096.72 linux-gcp-edge - 5.4.0.1096.72 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-headers-snapdragon-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-image-snapdragon-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-image-oem - 5.4.0.135.152~18.04.110 linux-headers-lowlatency-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-image-extra-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-oem-osp1 - 5.4.0.135.152~18.04.110 linux-image-generic-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-snapdragon-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-image-generic-lpae-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-lowlatency-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-generic-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-oem - 5.4.0.135.152~18.04.110 linux-tools-snapdragon-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-generic-lpae-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-lowlatency-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-oem - 5.4.0.135.152~18.04.110 linux-tools-oem-osp1 - 5.4.0.135.152~18.04.110 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-generic-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-headers-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-generic-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-snapdragon-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-tools-oem - 5.4.0.135.152~18.04.110 linux-headers-oem-osp1 - 5.4.0.135.152~18.04.110 linux-tools-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-generic-lpae-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-generic-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-oem-osp1 - 5.4.0.135.152~18.04.110 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-lowlatency-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-virtual-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-lowlatency-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-generic-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-virtual-hwe-18.04-edge - 5.4.0.135.152~18.04.110 linux-tools-generic-hwe-18.04 - 5.4.0.135.152~18.04.110 linux-image-generic-hwe-18.04-edge - 5.4.0.135.152~18.04.110 No subscription required High CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-42703 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) Update Instructions: Run `sudo pro fix USN-5756-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-headers-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-tools-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-modules-extra-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-modules-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-cloud-tools-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-azure-5.4-headers-5.4.0-1098 - 5.4.0-1098.104~18.04.2 linux-image-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 linux-azure-5.4-tools-5.4.0-1098 - 5.4.0-1098.104~18.04.2 linux-azure-5.4-cloud-tools-5.4.0-1098 - 5.4.0-1098.104~18.04.2 linux-buildinfo-5.4.0-1098-azure - 5.4.0-1098.104~18.04.2 No subscription required linux-signed-azure - 5.4.0.1098.72 linux-tools-azure-edge - 5.4.0.1098.72 linux-azure - 5.4.0.1098.72 linux-signed-image-azure-edge - 5.4.0.1098.72 linux-image-azure - 5.4.0.1098.72 linux-cloud-tools-azure - 5.4.0.1098.72 linux-cloud-tools-azure-edge - 5.4.0.1098.72 linux-tools-azure - 5.4.0.1098.72 linux-headers-azure-edge - 5.4.0.1098.72 linux-image-azure-edge - 5.4.0.1098.72 linux-headers-azure - 5.4.0.1098.72 linux-modules-extra-azure - 5.4.0.1098.72 linux-azure-edge - 5.4.0.1098.72 linux-modules-extra-azure-edge - 5.4.0.1098.72 linux-signed-azure-edge - 5.4.0.1098.72 linux-signed-image-azure - 5.4.0.1098.72 No subscription required High CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-42703 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) Update Instructions: Run `sudo pro fix USN-5757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1057-dell300x - 4.15.0-1057.62 linux-dell300x-headers-4.15.0-1057 - 4.15.0-1057.62 linux-buildinfo-4.15.0-1057-dell300x - 4.15.0-1057.62 linux-image-unsigned-4.15.0-1057-dell300x - 4.15.0-1057.62 linux-modules-4.15.0-1057-dell300x - 4.15.0-1057.62 linux-tools-4.15.0-1057-dell300x - 4.15.0-1057.62 linux-dell300x-tools-4.15.0-1057 - 4.15.0-1057.62 linux-image-4.15.0-1057-dell300x - 4.15.0-1057.62 No subscription required linux-modules-4.15.0-1111-oracle - 4.15.0-1111.122 linux-image-4.15.0-1111-oracle - 4.15.0-1111.122 linux-headers-4.15.0-1111-oracle - 4.15.0-1111.122 linux-tools-4.15.0-1111-oracle - 4.15.0-1111.122 linux-buildinfo-4.15.0-1111-oracle - 4.15.0-1111.122 linux-oracle-headers-4.15.0-1111 - 4.15.0-1111.122 linux-oracle-tools-4.15.0-1111 - 4.15.0-1111.122 linux-modules-extra-4.15.0-1111-oracle - 4.15.0-1111.122 linux-image-unsigned-4.15.0-1111-oracle - 4.15.0-1111.122 No subscription required linux-buildinfo-4.15.0-1124-raspi2 - 4.15.0-1124.132 linux-image-4.15.0-1124-raspi2 - 4.15.0-1124.132 linux-tools-4.15.0-1124-raspi2 - 4.15.0-1124.132 linux-raspi2-headers-4.15.0-1124 - 4.15.0-1124.132 linux-headers-4.15.0-1124-raspi2 - 4.15.0-1124.132 linux-raspi2-tools-4.15.0-1124 - 4.15.0-1124.132 linux-modules-4.15.0-1124-raspi2 - 4.15.0-1124.132 No subscription required linux-modules-4.15.0-1132-kvm - 4.15.0-1132.137 linux-tools-4.15.0-1132-kvm - 4.15.0-1132.137 linux-headers-4.15.0-1132-kvm - 4.15.0-1132.137 linux-kvm-headers-4.15.0-1132 - 4.15.0-1132.137 linux-image-4.15.0-1132-kvm - 4.15.0-1132.137 linux-buildinfo-4.15.0-1132-kvm - 4.15.0-1132.137 linux-kvm-tools-4.15.0-1132 - 4.15.0-1132.137 No subscription required linux-image-unsigned-4.15.0-1141-gcp - 4.15.0-1141.157 linux-gcp-4.15-headers-4.15.0-1141 - 4.15.0-1141.157 linux-image-4.15.0-1141-gcp - 4.15.0-1141.157 linux-tools-4.15.0-1141-gcp - 4.15.0-1141.157 linux-modules-4.15.0-1141-gcp - 4.15.0-1141.157 linux-headers-4.15.0-1141-gcp - 4.15.0-1141.157 linux-gcp-4.15-tools-4.15.0-1141 - 4.15.0-1141.157 linux-buildinfo-4.15.0-1141-gcp - 4.15.0-1141.157 linux-modules-extra-4.15.0-1141-gcp - 4.15.0-1141.157 No subscription required linux-snapdragon-headers-4.15.0-1142 - 4.15.0-1142.152 linux-image-4.15.0-1142-snapdragon - 4.15.0-1142.152 linux-headers-4.15.0-1142-snapdragon - 4.15.0-1142.152 linux-buildinfo-4.15.0-1142-snapdragon - 4.15.0-1142.152 linux-tools-4.15.0-1142-snapdragon - 4.15.0-1142.152 linux-modules-4.15.0-1142-snapdragon - 4.15.0-1142.152 linux-snapdragon-tools-4.15.0-1142 - 4.15.0-1142.152 No subscription required linux-headers-4.15.0-1146-aws - 4.15.0-1146.158 linux-aws-cloud-tools-4.15.0-1146 - 4.15.0-1146.158 linux-cloud-tools-4.15.0-1146-aws - 4.15.0-1146.158 linux-aws-headers-4.15.0-1146 - 4.15.0-1146.158 linux-buildinfo-4.15.0-1146-aws - 4.15.0-1146.158 linux-modules-extra-4.15.0-1146-aws - 4.15.0-1146.158 linux-modules-4.15.0-1146-aws - 4.15.0-1146.158 linux-image-4.15.0-1146-aws - 4.15.0-1146.158 linux-aws-tools-4.15.0-1146 - 4.15.0-1146.158 linux-tools-4.15.0-1146-aws - 4.15.0-1146.158 linux-image-unsigned-4.15.0-1146-aws - 4.15.0-1146.158 No subscription required linux-tools-common - 4.15.0-200.211 linux-image-unsigned-4.15.0-200-generic - 4.15.0-200.211 linux-cloud-tools-4.15.0-200-generic - 4.15.0-200.211 linux-headers-4.15.0-200-generic - 4.15.0-200.211 linux-tools-4.15.0-200 - 4.15.0-200.211 linux-tools-host - 4.15.0-200.211 linux-image-unsigned-4.15.0-200-lowlatency - 4.15.0-200.211 linux-doc - 4.15.0-200.211 linux-cloud-tools-4.15.0-200 - 4.15.0-200.211 linux-buildinfo-4.15.0-200-generic - 4.15.0-200.211 linux-modules-4.15.0-200-generic - 4.15.0-200.211 linux-libc-dev - 4.15.0-200.211 linux-buildinfo-4.15.0-200-generic-lpae - 4.15.0-200.211 linux-buildinfo-4.15.0-200-lowlatency - 4.15.0-200.211 linux-cloud-tools-4.15.0-200-lowlatency - 4.15.0-200.211 linux-image-4.15.0-200-generic - 4.15.0-200.211 linux-image-4.15.0-200-generic-lpae - 4.15.0-200.211 linux-modules-extra-4.15.0-200-generic - 4.15.0-200.211 linux-headers-4.15.0-200-lowlatency - 4.15.0-200.211 linux-headers-4.15.0-200-generic-lpae - 4.15.0-200.211 linux-tools-4.15.0-200-generic - 4.15.0-200.211 linux-tools-4.15.0-200-lowlatency - 4.15.0-200.211 linux-cloud-tools-common - 4.15.0-200.211 linux-tools-4.15.0-200-generic-lpae - 4.15.0-200.211 linux-modules-4.15.0-200-generic-lpae - 4.15.0-200.211 linux-image-4.15.0-200-lowlatency - 4.15.0-200.211 linux-modules-4.15.0-200-lowlatency - 4.15.0-200.211 linux-source-4.15.0 - 4.15.0-200.211 linux-headers-4.15.0-200 - 4.15.0-200.211 No subscription required linux-tools-dell300x - 4.15.0.1057.56 linux-headers-dell300x - 4.15.0.1057.56 linux-image-dell300x - 4.15.0.1057.56 linux-dell300x - 4.15.0.1057.56 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1111.116 linux-signed-image-oracle-lts-18.04 - 4.15.0.1111.116 linux-oracle-lts-18.04 - 4.15.0.1111.116 linux-signed-oracle-lts-18.04 - 4.15.0.1111.116 linux-headers-oracle-lts-18.04 - 4.15.0.1111.116 linux-tools-oracle-lts-18.04 - 4.15.0.1111.116 No subscription required linux-raspi2 - 4.15.0.1124.119 linux-headers-raspi2 - 4.15.0.1124.119 linux-image-raspi2 - 4.15.0.1124.119 linux-tools-raspi2 - 4.15.0.1124.119 No subscription required linux-kvm - 4.15.0.1132.123 linux-headers-kvm - 4.15.0.1132.123 linux-tools-kvm - 4.15.0.1132.123 linux-image-kvm - 4.15.0.1132.123 No subscription required linux-gcp-lts-18.04 - 4.15.0.1141.155 linux-tools-gcp-lts-18.04 - 4.15.0.1141.155 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1141.155 linux-image-gcp-lts-18.04 - 4.15.0.1141.155 linux-headers-gcp-lts-18.04 - 4.15.0.1141.155 No subscription required linux-snapdragon - 4.15.0.1142.141 linux-headers-snapdragon - 4.15.0.1142.141 linux-tools-snapdragon - 4.15.0.1142.141 linux-image-snapdragon - 4.15.0.1142.141 No subscription required linux-headers-aws-lts-18.04 - 4.15.0.1146.144 linux-aws-lts-18.04 - 4.15.0.1146.144 linux-modules-extra-aws-lts-18.04 - 4.15.0.1146.144 linux-image-aws-lts-18.04 - 4.15.0.1146.144 linux-tools-aws-lts-18.04 - 4.15.0.1146.144 No subscription required linux-signed-generic-hwe-16.04-edge - 4.15.0.200.183 linux-headers-generic-lpae - 4.15.0.200.183 linux-image-extra-virtual-hwe-16.04 - 4.15.0.200.183 linux-image-virtual - 4.15.0.200.183 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.200.183 linux-signed-lowlatency - 4.15.0.200.183 linux-image-generic - 4.15.0.200.183 linux-tools-lowlatency - 4.15.0.200.183 linux-headers-generic-hwe-16.04-edge - 4.15.0.200.183 linux-image-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-generic-lpae-hwe-16.04 - 4.15.0.200.183 linux-cloud-tools-virtual - 4.15.0.200.183 linux-tools-generic-hwe-16.04 - 4.15.0.200.183 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-image-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-generic-lpae-hwe-16.04-edge - 4.15.0.200.183 linux-signed-image-lowlatency - 4.15.0.200.183 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.200.183 linux-signed-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-signed-image-generic - 4.15.0.200.183 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-lowlatency - 4.15.0.200.183 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.200.183 linux-source - 4.15.0.200.183 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.200.183 linux-tools-generic-lpae - 4.15.0.200.183 linux-cloud-tools-generic - 4.15.0.200.183 linux-generic-hwe-16.04-edge - 4.15.0.200.183 linux-headers-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-tools-virtual-hwe-16.04 - 4.15.0.200.183 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.200.183 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.200.183 linux-tools-virtual - 4.15.0.200.183 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-generic-lpae - 4.15.0.200.183 linux-generic - 4.15.0.200.183 linux-virtual - 4.15.0.200.183 linux-signed-image-generic-hwe-16.04 - 4.15.0.200.183 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.200.183 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-headers-lowlatency - 4.15.0.200.183 linux-headers-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-headers-generic-hwe-16.04 - 4.15.0.200.183 linux-generic-hwe-16.04 - 4.15.0.200.183 linux-tools-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-tools-generic - 4.15.0.200.183 linux-crashdump - 4.15.0.200.183 linux-virtual-hwe-16.04 - 4.15.0.200.183 linux-image-extra-virtual - 4.15.0.200.183 linux-cloud-tools-lowlatency - 4.15.0.200.183 linux-image-generic-hwe-16.04 - 4.15.0.200.183 linux-image-generic-hwe-16.04-edge - 4.15.0.200.183 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-image-generic-lpae-hwe-16.04 - 4.15.0.200.183 linux-virtual-hwe-16.04-edge - 4.15.0.200.183 linux-tools-lowlatency-hwe-16.04 - 4.15.0.200.183 linux-signed-generic - 4.15.0.200.183 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.200.183 linux-headers-generic - 4.15.0.200.183 linux-tools-generic-hwe-16.04-edge - 4.15.0.200.183 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-image-virtual-hwe-16.04 - 4.15.0.200.183 linux-headers-virtual - 4.15.0.200.183 linux-signed-generic-hwe-16.04 - 4.15.0.200.183 linux-image-generic-lpae - 4.15.0.200.183 linux-headers-virtual-hwe-16.04 - 4.15.0.200.183 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.200.183 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.200.183 linux-image-lowlatency - 4.15.0.200.183 No subscription required High CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-42703 Ubuntu 18.04 LTS It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2022-2309) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304) Update Instructions: Run `sudo pro fix USN-5760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.8 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.8 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.8 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.8 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.8 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.8 No subscription required Medium CVE-2022-2309 CVE-2022-40303 CVE-2022-40304 Ubuntu 18.04 LTS Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package. Update Instructions: Run `sudo pro fix USN-5761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20211016ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/1998785 Ubuntu 18.04 LTS It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.30-21ubuntu1~18.04.8 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.8 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-multiarch - 2.30-21ubuntu1~18.04.8 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.8 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.8 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.8 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-for-build - 2.30-21ubuntu1~18.04.8 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.8 binutils-for-host - 2.30-21ubuntu1~18.04.8 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-i686-gnu - 2.30-21ubuntu1~18.04.8 binutils-doc - 2.30-21ubuntu1~18.04.8 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.8 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-source - 2.30-21ubuntu1~18.04.8 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-common - 2.30-21ubuntu1~18.04.8 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.8 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.8 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.8 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.8 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.8 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.8 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.8 libbinutils - 2.30-21ubuntu1~18.04.8 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.8 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.8 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.8 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.8 binutils - 2.30-21ubuntu1~18.04.8 No subscription required Medium CVE-2022-38533 Ubuntu 18.04 LTS It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-2347) Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30552, CVE-2022-30790) It was discovered that U-Boot incorrectly handled certain NFS lookup replies. A remote attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30767) Jincheng Wang discovered that U-Boot incorrectly handled certain SquashFS structures. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-33103) Tatsuhiko Yasumatsu discovered that U-Boot incorrectly handled certain SquashFS structures. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-33967) It was discovered that U-Boot incorrectly handled the i2c command. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-34835) Update Instructions: Run `sudo pro fix USN-5764-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: u-boot - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-qemu - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-amlogic - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-tools - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-imx - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-tegra - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-sunxi - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-qcom - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-rpi - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-omap - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-mvebu - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-rockchip - 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-exynos - 2020.10+dfsg-1ubuntu0~18.04.3 No subscription required Medium CVE-2022-2347 CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835 Ubuntu 18.04 LTS It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5766-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 7.5.0+dfsg-1ubuntu0.2 libwind0-heimdal - 7.5.0+dfsg-1ubuntu0.2 libroken18-heimdal - 7.5.0+dfsg-1ubuntu0.2 libgssapi3-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-kcm - 7.5.0+dfsg-1ubuntu0.2 libhdb9-heimdal - 7.5.0+dfsg-1ubuntu0.2 libasn1-8-heimdal - 7.5.0+dfsg-1ubuntu0.2 libsl0-heimdal - 7.5.0+dfsg-1ubuntu0.2 libkadm5clnt7-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-kdc - 7.5.0+dfsg-1ubuntu0.2 libkdc2-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-servers - 7.5.0+dfsg-1ubuntu0.2 libheimntlm0-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-docs - 7.5.0+dfsg-1ubuntu0.2 libheimbase1-heimdal - 7.5.0+dfsg-1ubuntu0.2 libkrb5-26-heimdal - 7.5.0+dfsg-1ubuntu0.2 libotp0-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-dev - 7.5.0+dfsg-1ubuntu0.2 libkafs0-heimdal - 7.5.0+dfsg-1ubuntu0.2 libhx509-5-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-multidev - 7.5.0+dfsg-1ubuntu0.2 libkadm5srv8-heimdal - 7.5.0+dfsg-1ubuntu0.2 heimdal-clients - 7.5.0+dfsg-1ubuntu0.2 No subscription required Medium CVE-2022-41916 Ubuntu 18.04 LTS Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454) It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Update Instructions: Run `sudo pro fix USN-5767-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.10 python2.7-doc - 2.7.17-1~18.04ubuntu1.10 libpython2.7 - 2.7.17-1~18.04ubuntu1.10 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.10 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.10 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.10 python2.7 - 2.7.17-1~18.04ubuntu1.10 idle-python2.7 - 2.7.17-1~18.04ubuntu1.10 python2.7-examples - 2.7.17-1~18.04ubuntu1.10 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.10 python2.7-minimal - 2.7.17-1~18.04ubuntu1.10 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.9 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.9 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.9 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.9 python3.6-examples - 3.6.9-1~18.04ubuntu1.9 python3.6-venv - 3.6.9-1~18.04ubuntu1.9 python3.6-minimal - 3.6.9-1~18.04ubuntu1.9 python3.6 - 3.6.9-1~18.04ubuntu1.9 idle-python3.6 - 3.6.9-1~18.04ubuntu1.9 python3.6-doc - 3.6.9-1~18.04ubuntu1.9 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.9 libpython3.6 - 3.6.9-1~18.04ubuntu1.9 No subscription required Medium CVE-2022-37454 CVE-2022-45061 Ubuntu 18.04 LTS USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454) Update Instructions: Run `sudo pro fix USN-5767-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.10 python3.6-venv - 3.6.9-1~18.04ubuntu1.10 python3.6-doc - 3.6.9-1~18.04ubuntu1.10 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.10 python3.6-dev - 3.6.9-1~18.04ubuntu1.10 python3.6 - 3.6.9-1~18.04ubuntu1.10 python3.6-minimal - 3.6.9-1~18.04ubuntu1.10 idle-python3.6 - 3.6.9-1~18.04ubuntu1.10 libpython3.6 - 3.6.9-1~18.04ubuntu1.10 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.10 python3.6-examples - 3.6.9-1~18.04ubuntu1.10 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.10 No subscription required Medium CVE-2022-37454 https://launchpad.net/bugs/1995197 Ubuntu 18.04 LTS It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3682) It was discovered that QEMU did not properly manage memory when it transfers the USB packets. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-3750) It was discovered that the QEMU SCSI device emulation incorrectly handled certain MODE SELECT commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2021-3930) It was discovered that QEMU did not properly manage memory when it processing repeated messages to cancel the current SCSI request. A malicious privileged guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2022-0216) It was discovered that QEMU did not properly manage memory when it using Tulip device emulation. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2962) It was discovered that QEMU did not properly manage memory when processing ClientCutText messages. A attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3165) Update Instructions: Run `sudo pro fix USN-5772-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.41 qemu-user-static - 1:2.11+dfsg-1ubuntu7.41 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.41 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.41 qemu-kvm - 1:2.11+dfsg-1ubuntu7.41 qemu-user - 1:2.11+dfsg-1ubuntu7.41 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.41 qemu-system - 1:2.11+dfsg-1ubuntu7.41 qemu-utils - 1:2.11+dfsg-1ubuntu7.41 qemu - 1:2.11+dfsg-1ubuntu7.41 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.41 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.41 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.41 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.41 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.41 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.41 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.41 No subscription required Medium CVE-2021-3682 CVE-2021-3750 CVE-2021-3930 CVE-2022-0216 CVE-2022-2962 CVE-2022-3165 Ubuntu 18.04 LTS Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service (host system crash). (CVE-2022-2153) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978) Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) Update Instructions: Run `sudo pro fix USN-5774-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1157-azure - 4.15.0-1157.172 linux-azure-4.15-cloud-tools-4.15.0-1157 - 4.15.0-1157.172 linux-cloud-tools-4.15.0-1157-azure - 4.15.0-1157.172 linux-modules-4.15.0-1157-azure - 4.15.0-1157.172 linux-image-unsigned-4.15.0-1157-azure - 4.15.0-1157.172 linux-image-4.15.0-1157-azure - 4.15.0-1157.172 linux-modules-extra-4.15.0-1157-azure - 4.15.0-1157.172 linux-buildinfo-4.15.0-1157-azure - 4.15.0-1157.172 linux-azure-4.15-tools-4.15.0-1157 - 4.15.0-1157.172 linux-tools-4.15.0-1157-azure - 4.15.0-1157.172 linux-azure-4.15-headers-4.15.0-1157 - 4.15.0-1157.172 No subscription required linux-headers-azure-lts-18.04 - 4.15.0.1157.125 linux-azure-lts-18.04 - 4.15.0.1157.125 linux-signed-azure-lts-18.04 - 4.15.0.1157.125 linux-signed-image-azure-lts-18.04 - 4.15.0.1157.125 linux-modules-extra-azure-lts-18.04 - 4.15.0.1157.125 linux-tools-azure-lts-18.04 - 4.15.0.1157.125 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1157.125 linux-image-azure-lts-18.04 - 4.15.0.1157.125 No subscription required High CVE-2022-20422 CVE-2022-2153 CVE-2022-2978 CVE-2022-3028 CVE-2022-3239 CVE-2022-3524 CVE-2022-3564 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3594 CVE-2022-3621 CVE-2022-3635 CVE-2022-36879 CVE-2022-40768 CVE-2022-42703 Ubuntu 18.04 LTS It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. (CVE-2022-23471, CVE-2022-31030) It was discovered that containerd incorrectly set up inheritable file capabilities. An attacker could possibly use this issue to escalate privileges inside a container. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24769) It was discovered that containerd incorrectly handled access to encrypted container images when using imgcrypt library. A remote attacker could possibly use this issue to access encrypted images from other users. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24778) Update Instructions: Run `sudo pro fix USN-5776-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.5.9-0ubuntu1~18.04.2 golang-github-containerd-containerd-dev - 1.5.9-0ubuntu1~18.04.2 No subscription required Medium CVE-2022-23471 CVE-2022-24769 CVE-2022-24778 CVE-2022-31030 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update Instructions: Run `sudo pro fix USN-5778-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.13 xmir - 2:1.19.6-1ubuntu4.13 xwayland - 2:1.19.6-1ubuntu4.13 xorg-server-source - 2:1.19.6-1ubuntu4.13 xdmx - 2:1.19.6-1ubuntu4.13 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.13 xserver-xorg-dev - 2:1.19.6-1ubuntu4.13 xvfb - 2:1.19.6-1ubuntu4.13 xnest - 2:1.19.6-1ubuntu4.13 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.13 xdmx-tools - 2:1.19.6-1ubuntu4.13 xserver-xephyr - 2:1.19.6-1ubuntu4.13 xserver-common - 2:1.19.6-1ubuntu4.13 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.9 No subscription required Medium CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 Ubuntu 18.04 LTS It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-46878, CVE-2022-46879) Update Instructions: Run `sudo pro fix USN-5782-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 108.0+build2-0ubuntu0.18.04.1 firefox - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 108.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 108.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 108.0+build2-0ubuntu0.18.04.1 firefox-dev - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 108.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 108.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-46871 CVE-2022-46872 CVE-2022-46873 CVE-2022-46874 CVE-2022-46877 CVE-2022-46878 CVE-2022-46879 Ubuntu 18.04 LTS USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-46878, CVE-2022-46879) Update Instructions: Run `sudo pro fix USN-5782-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-szl - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 108.0.1+build1-0ubuntu0.18.04.1 firefox - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 108.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 108.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 108.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 108.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 108.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2001921 Ubuntu 18.04 LTS USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-46878, CVE-2022-46879) Update Instructions: Run `sudo pro fix USN-5782-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 108.0.2+build1-0ubuntu0.18.04.1 firefox - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 108.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 108.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 108.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 108.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 108.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2002377 Ubuntu 18.04 LTS It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5784-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libusbredirparser-dev - 0.7.1-1ubuntu0.18.04.1 libusbredirhost-dev - 0.7.1-1ubuntu0.18.04.1 usbredirserver - 0.7.1-1ubuntu0.18.04.1 libusbredirhost1 - 0.7.1-1ubuntu0.18.04.1 libusbredirparser1 - 0.7.1-1ubuntu0.18.04.1 No subscription required Low CVE-2021-3700 Ubuntu 18.04 LTS It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17185) Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-41860) It was discovered that FreeRADIUS incorrectly handled memory when processing certain abinary attributes. An attacker could possibly use this issue to cause a denial of service on the server. (CVE-2022-41861) Update Instructions: Run `sudo pro fix USN-5785-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freeradius-ldap - 3.0.16+dfsg-1ubuntu3.2 freeradius-redis - 3.0.16+dfsg-1ubuntu3.2 libfreeradius3 - 3.0.16+dfsg-1ubuntu3.2 freeradius-yubikey - 3.0.16+dfsg-1ubuntu3.2 freeradius-memcached - 3.0.16+dfsg-1ubuntu3.2 freeradius-postgresql - 3.0.16+dfsg-1ubuntu3.2 freeradius-mysql - 3.0.16+dfsg-1ubuntu3.2 libfreeradius-dev - 3.0.16+dfsg-1ubuntu3.2 freeradius-dhcp - 3.0.16+dfsg-1ubuntu3.2 freeradius-utils - 3.0.16+dfsg-1ubuntu3.2 freeradius - 3.0.16+dfsg-1ubuntu3.2 freeradius-iodbc - 3.0.16+dfsg-1ubuntu3.2 freeradius-common - 3.0.16+dfsg-1ubuntu3.2 freeradius-rest - 3.0.16+dfsg-1ubuntu3.2 freeradius-config - 3.0.16+dfsg-1ubuntu3.2 freeradius-krb5 - 3.0.16+dfsg-1ubuntu3.2 No subscription required Medium CVE-2019-17185 CVE-2022-41860 CVE-2022-41861 Ubuntu 18.04 LTS It was discovered that GNOME Files incorrectly handled certain filenames. An attacker could possibly use this issue to cause GNOME Files to crash, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-5786-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nautilus-data - 1:3.26.4-0~ubuntu18.04.6 gir1.2-nautilus-3.0 - 1:3.26.4-0~ubuntu18.04.6 nautilus - 1:3.26.4-0~ubuntu18.04.6 libnautilus-extension-dev - 1:3.26.4-0~ubuntu18.04.6 libnautilus-extension1a - 1:3.26.4-0~ubuntu18.04.6 No subscription required Medium CVE-2022-37290 Ubuntu 18.04 LTS It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5787-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libksba-mingw-w64-dev - 1.3.5-2ubuntu0.18.04.2 libksba8 - 1.3.5-2ubuntu0.18.04.2 libksba-dev - 1.3.5-2ubuntu0.18.04.2 No subscription required Medium CVE-2022-47629 Ubuntu 18.04 LTS Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43551) It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-43552) Update Instructions: Run `sudo pro fix USN-5788-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.22 libcurl4-openssl-dev - 7.58.0-2ubuntu3.22 libcurl3-gnutls - 7.58.0-2ubuntu3.22 libcurl4-doc - 7.58.0-2ubuntu3.22 libcurl3-nss - 7.58.0-2ubuntu3.22 libcurl4-nss-dev - 7.58.0-2ubuntu3.22 libcurl4 - 7.58.0-2ubuntu3.22 curl - 7.58.0-2ubuntu3.22 No subscription required Medium CVE-2022-43551 CVE-2022-43552 Ubuntu 18.04 LTS It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) Update Instructions: Run `sudo pro fix USN-5790-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-headers-4.15.0-1058 - 4.15.0-1058.63 linux-buildinfo-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-tools-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-modules-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-image-unsigned-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-image-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-headers-4.15.0-1058-dell300x - 4.15.0-1058.63 linux-dell300x-tools-4.15.0-1058 - 4.15.0-1058.63 No subscription required linux-image-4.15.0-1112-oracle - 4.15.0-1112.123 linux-modules-extra-4.15.0-1112-oracle - 4.15.0-1112.123 linux-modules-4.15.0-1112-oracle - 4.15.0-1112.123 linux-oracle-tools-4.15.0-1112 - 4.15.0-1112.123 linux-oracle-headers-4.15.0-1112 - 4.15.0-1112.123 linux-buildinfo-4.15.0-1112-oracle - 4.15.0-1112.123 linux-image-unsigned-4.15.0-1112-oracle - 4.15.0-1112.123 linux-tools-4.15.0-1112-oracle - 4.15.0-1112.123 linux-headers-4.15.0-1112-oracle - 4.15.0-1112.123 No subscription required linux-modules-4.15.0-1125-raspi2 - 4.15.0-1125.133 linux-tools-4.15.0-1125-raspi2 - 4.15.0-1125.133 linux-raspi2-tools-4.15.0-1125 - 4.15.0-1125.133 linux-raspi2-headers-4.15.0-1125 - 4.15.0-1125.133 linux-image-4.15.0-1125-raspi2 - 4.15.0-1125.133 linux-buildinfo-4.15.0-1125-raspi2 - 4.15.0-1125.133 linux-headers-4.15.0-1125-raspi2 - 4.15.0-1125.133 No subscription required linux-tools-4.15.0-1133-kvm - 4.15.0-1133.138 linux-image-4.15.0-1133-kvm - 4.15.0-1133.138 linux-modules-4.15.0-1133-kvm - 4.15.0-1133.138 linux-kvm-headers-4.15.0-1133 - 4.15.0-1133.138 linux-headers-4.15.0-1133-kvm - 4.15.0-1133.138 linux-kvm-tools-4.15.0-1133 - 4.15.0-1133.138 linux-buildinfo-4.15.0-1133-kvm - 4.15.0-1133.138 No subscription required linux-tools-4.15.0-1142-gcp - 4.15.0-1142.158 linux-gcp-4.15-headers-4.15.0-1142 - 4.15.0-1142.158 linux-image-unsigned-4.15.0-1142-gcp - 4.15.0-1142.158 linux-headers-4.15.0-1142-gcp - 4.15.0-1142.158 linux-image-4.15.0-1142-gcp - 4.15.0-1142.158 linux-modules-extra-4.15.0-1142-gcp - 4.15.0-1142.158 linux-buildinfo-4.15.0-1142-gcp - 4.15.0-1142.158 linux-modules-4.15.0-1142-gcp - 4.15.0-1142.158 linux-gcp-4.15-tools-4.15.0-1142 - 4.15.0-1142.158 No subscription required linux-buildinfo-4.15.0-1143-snapdragon - 4.15.0-1143.153 linux-snapdragon-headers-4.15.0-1143 - 4.15.0-1143.153 linux-modules-4.15.0-1143-snapdragon - 4.15.0-1143.153 linux-snapdragon-tools-4.15.0-1143 - 4.15.0-1143.153 linux-tools-4.15.0-1143-snapdragon - 4.15.0-1143.153 linux-image-4.15.0-1143-snapdragon - 4.15.0-1143.153 linux-headers-4.15.0-1143-snapdragon - 4.15.0-1143.153 No subscription required linux-cloud-tools-4.15.0-1147-aws - 4.15.0-1147.159 linux-tools-4.15.0-1147-aws - 4.15.0-1147.159 linux-image-4.15.0-1147-aws - 4.15.0-1147.159 linux-aws-headers-4.15.0-1147 - 4.15.0-1147.159 linux-image-unsigned-4.15.0-1147-aws - 4.15.0-1147.159 linux-buildinfo-4.15.0-1147-aws - 4.15.0-1147.159 linux-headers-4.15.0-1147-aws - 4.15.0-1147.159 linux-modules-4.15.0-1147-aws - 4.15.0-1147.159 linux-aws-tools-4.15.0-1147 - 4.15.0-1147.159 linux-modules-extra-4.15.0-1147-aws - 4.15.0-1147.159 linux-aws-cloud-tools-4.15.0-1147 - 4.15.0-1147.159 No subscription required linux-tools-4.15.0-1158-azure - 4.15.0-1158.173 linux-azure-4.15-tools-4.15.0-1158 - 4.15.0-1158.173 linux-modules-extra-4.15.0-1158-azure - 4.15.0-1158.173 linux-image-unsigned-4.15.0-1158-azure - 4.15.0-1158.173 linux-azure-4.15-headers-4.15.0-1158 - 4.15.0-1158.173 linux-modules-4.15.0-1158-azure - 4.15.0-1158.173 linux-buildinfo-4.15.0-1158-azure - 4.15.0-1158.173 linux-azure-4.15-cloud-tools-4.15.0-1158 - 4.15.0-1158.173 linux-image-4.15.0-1158-azure - 4.15.0-1158.173 linux-cloud-tools-4.15.0-1158-azure - 4.15.0-1158.173 linux-headers-4.15.0-1158-azure - 4.15.0-1158.173 No subscription required linux-image-4.15.0-201-lowlatency - 4.15.0-201.212 linux-tools-common - 4.15.0-201.212 linux-tools-4.15.0-201 - 4.15.0-201.212 linux-tools-host - 4.15.0-201.212 linux-doc - 4.15.0-201.212 linux-headers-4.15.0-201-generic-lpae - 4.15.0-201.212 linux-modules-4.15.0-201-generic-lpae - 4.15.0-201.212 linux-image-4.15.0-201-generic - 4.15.0-201.212 linux-tools-4.15.0-201-generic - 4.15.0-201.212 linux-image-4.15.0-201-generic-lpae - 4.15.0-201.212 linux-cloud-tools-4.15.0-201-generic - 4.15.0-201.212 linux-libc-dev - 4.15.0-201.212 linux-modules-4.15.0-201-generic - 4.15.0-201.212 linux-headers-4.15.0-201-lowlatency - 4.15.0-201.212 linux-buildinfo-4.15.0-201-generic-lpae - 4.15.0-201.212 linux-headers-4.15.0-201-generic - 4.15.0-201.212 linux-modules-4.15.0-201-lowlatency - 4.15.0-201.212 linux-tools-4.15.0-201-lowlatency - 4.15.0-201.212 linux-cloud-tools-common - 4.15.0-201.212 linux-modules-extra-4.15.0-201-generic - 4.15.0-201.212 linux-buildinfo-4.15.0-201-generic - 4.15.0-201.212 linux-buildinfo-4.15.0-201-lowlatency - 4.15.0-201.212 linux-image-unsigned-4.15.0-201-generic - 4.15.0-201.212 linux-image-unsigned-4.15.0-201-lowlatency - 4.15.0-201.212 linux-tools-4.15.0-201-generic-lpae - 4.15.0-201.212 linux-cloud-tools-4.15.0-201 - 4.15.0-201.212 linux-cloud-tools-4.15.0-201-lowlatency - 4.15.0-201.212 linux-source-4.15.0 - 4.15.0-201.212 linux-headers-4.15.0-201 - 4.15.0-201.212 No subscription required linux-tools-dell300x - 4.15.0.1058.57 linux-headers-dell300x - 4.15.0.1058.57 linux-image-dell300x - 4.15.0.1058.57 linux-dell300x - 4.15.0.1058.57 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1112.117 linux-signed-image-oracle-lts-18.04 - 4.15.0.1112.117 linux-oracle-lts-18.04 - 4.15.0.1112.117 linux-signed-oracle-lts-18.04 - 4.15.0.1112.117 linux-tools-oracle-lts-18.04 - 4.15.0.1112.117 linux-headers-oracle-lts-18.04 - 4.15.0.1112.117 No subscription required linux-raspi2 - 4.15.0.1125.120 linux-headers-raspi2 - 4.15.0.1125.120 linux-image-raspi2 - 4.15.0.1125.120 linux-tools-raspi2 - 4.15.0.1125.120 No subscription required linux-kvm - 4.15.0.1133.124 linux-headers-kvm - 4.15.0.1133.124 linux-tools-kvm - 4.15.0.1133.124 linux-image-kvm - 4.15.0.1133.124 No subscription required linux-gcp-lts-18.04 - 4.15.0.1142.156 linux-tools-gcp-lts-18.04 - 4.15.0.1142.156 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1142.156 linux-image-gcp-lts-18.04 - 4.15.0.1142.156 linux-headers-gcp-lts-18.04 - 4.15.0.1142.156 No subscription required linux-snapdragon - 4.15.0.1143.142 linux-headers-snapdragon - 4.15.0.1143.142 linux-tools-snapdragon - 4.15.0.1143.142 linux-image-snapdragon - 4.15.0.1143.142 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1147.145 linux-headers-aws-lts-18.04 - 4.15.0.1147.145 linux-aws-lts-18.04 - 4.15.0.1147.145 linux-modules-extra-aws-lts-18.04 - 4.15.0.1147.145 linux-tools-aws-lts-18.04 - 4.15.0.1147.145 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1158.126 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1158.126 linux-tools-azure-lts-18.04 - 4.15.0.1158.126 linux-headers-azure-lts-18.04 - 4.15.0.1158.126 linux-signed-image-azure-lts-18.04 - 4.15.0.1158.126 linux-azure-lts-18.04 - 4.15.0.1158.126 linux-signed-azure-lts-18.04 - 4.15.0.1158.126 linux-image-azure-lts-18.04 - 4.15.0.1158.126 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-cloud-tools-virtual - 4.15.0.201.184 linux-headers-generic-lpae - 4.15.0.201.184 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-image-extra-virtual-hwe-16.04 - 4.15.0.201.184 linux-image-virtual - 4.15.0.201.184 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.201.184 linux-image-generic - 4.15.0.201.184 linux-tools-lowlatency - 4.15.0.201.184 linux-tools-generic-hwe-16.04-edge - 4.15.0.201.184 linux-headers-generic-hwe-16.04-edge - 4.15.0.201.184 linux-generic-lpae-hwe-16.04 - 4.15.0.201.184 linux-signed-generic-hwe-16.04-edge - 4.15.0.201.184 linux-tools-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-tools-virtual-hwe-16.04 - 4.15.0.201.184 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-generic-lpae-hwe-16.04-edge - 4.15.0.201.184 linux-signed-image-lowlatency - 4.15.0.201.184 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.201.184 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.201.184 linux-crashdump - 4.15.0.201.184 linux-signed-image-generic - 4.15.0.201.184 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-lowlatency - 4.15.0.201.184 linux-source - 4.15.0.201.184 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.201.184 linux-tools-generic-lpae - 4.15.0.201.184 linux-cloud-tools-generic - 4.15.0.201.184 linux-generic-hwe-16.04-edge - 4.15.0.201.184 linux-headers-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.201.184 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-tools-generic-hwe-16.04 - 4.15.0.201.184 linux-tools-virtual - 4.15.0.201.184 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-generic-lpae - 4.15.0.201.184 linux-generic - 4.15.0.201.184 linux-virtual - 4.15.0.201.184 linux-signed-image-generic-hwe-16.04 - 4.15.0.201.184 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.201.184 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-headers-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-headers-generic-hwe-16.04 - 4.15.0.201.184 linux-generic-hwe-16.04 - 4.15.0.201.184 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.201.184 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-virtual-hwe-16.04 - 4.15.0.201.184 linux-image-extra-virtual - 4.15.0.201.184 linux-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-tools-generic - 4.15.0.201.184 linux-cloud-tools-lowlatency - 4.15.0.201.184 linux-image-generic-hwe-16.04 - 4.15.0.201.184 linux-image-generic-hwe-16.04-edge - 4.15.0.201.184 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-image-generic-lpae-hwe-16.04 - 4.15.0.201.184 linux-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-tools-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-signed-generic - 4.15.0.201.184 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.201.184 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.201.184 linux-headers-generic - 4.15.0.201.184 linux-image-virtual-hwe-16.04-edge - 4.15.0.201.184 linux-image-virtual-hwe-16.04 - 4.15.0.201.184 linux-headers-lowlatency - 4.15.0.201.184 linux-headers-virtual - 4.15.0.201.184 linux-signed-lowlatency-hwe-16.04 - 4.15.0.201.184 linux-signed-generic-hwe-16.04 - 4.15.0.201.184 linux-image-generic-lpae - 4.15.0.201.184 linux-headers-virtual-hwe-16.04 - 4.15.0.201.184 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.201.184 linux-signed-lowlatency - 4.15.0.201.184 linux-image-lowlatency - 4.15.0.201.184 No subscription required Medium CVE-2021-4159 CVE-2022-20421 CVE-2022-3061 CVE-2022-3586 CVE-2022-39188 CVE-2022-40307 CVE-2022-4095 Ubuntu 18.04 LTS It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Update Instructions: Run `sudo pro fix USN-5791-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-ibm-5.4-tools-5.4.0-1041 - 5.4.0-1041.46~18.04.1 linux-modules-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-image-unsigned-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-modules-extra-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-buildinfo-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-ibm-5.4-headers-5.4.0-1041 - 5.4.0-1041.46~18.04.1 linux-image-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1041.46~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1041.46~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1041.46~18.04.1 linux-headers-5.4.0-1041-ibm - 5.4.0-1041.46~18.04.1 No subscription required linux-tools-5.4.0-1078-raspi - 5.4.0-1078.89~18.04.1 linux-buildinfo-5.4.0-1078-raspi - 5.4.0-1078.89~18.04.1 linux-raspi-5.4-tools-5.4.0-1078 - 5.4.0-1078.89~18.04.1 linux-raspi-5.4-headers-5.4.0-1078 - 5.4.0-1078.89~18.04.1 linux-modules-5.4.0-1078-raspi - 5.4.0-1078.89~18.04.1 linux-headers-5.4.0-1078-raspi - 5.4.0-1078.89~18.04.1 linux-image-5.4.0-1078-raspi - 5.4.0-1078.89~18.04.1 No subscription required linux-buildinfo-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-oracle-5.4-headers-5.4.0-1091 - 5.4.0-1091.100~18.04.1 linux-modules-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-headers-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-image-unsigned-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-modules-extra-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-image-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 linux-oracle-5.4-tools-5.4.0-1091 - 5.4.0-1091.100~18.04.1 linux-tools-5.4.0-1091-oracle - 5.4.0-1091.100~18.04.1 No subscription required linux-modules-extra-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-tools-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-aws-5.4-cloud-tools-5.4.0-1093 - 5.4.0-1093.102~18.04.2 linux-cloud-tools-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-image-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-headers-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-buildinfo-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-aws-5.4-tools-5.4.0-1093 - 5.4.0-1093.102~18.04.2 linux-image-unsigned-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 linux-aws-5.4-headers-5.4.0-1093 - 5.4.0-1093.102~18.04.2 linux-modules-5.4.0-1093-aws - 5.4.0-1093.102~18.04.2 No subscription required linux-modules-extra-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-image-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-modules-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-buildinfo-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-image-unsigned-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-headers-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 linux-gcp-5.4-headers-5.4.0-1097 - 5.4.0-1097.106~18.04.1 linux-gcp-5.4-tools-5.4.0-1097 - 5.4.0-1097.106~18.04.1 linux-tools-5.4.0-1097-gcp - 5.4.0-1097.106~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-136.153~18.04.1 linux-modules-extra-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-modules-5.4.0-136-generic-lpae - 5.4.0-136.153~18.04.1 linux-modules-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-image-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-headers-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-hwe-5.4-tools-5.4.0-136 - 5.4.0-136.153~18.04.1 linux-image-unsigned-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-136 - 5.4.0-136.153~18.04.1 linux-modules-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-tools-5.4.0-136-generic-lpae - 5.4.0-136.153~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-136.153~18.04.1 linux-image-unsigned-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-hwe-5.4-headers-5.4.0-136 - 5.4.0-136.153~18.04.1 linux-buildinfo-5.4.0-136-generic-lpae - 5.4.0-136.153~18.04.1 linux-tools-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-tools-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-cloud-tools-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-image-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-136.153~18.04.1 linux-cloud-tools-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-buildinfo-5.4.0-136-lowlatency - 5.4.0-136.153~18.04.1 linux-buildinfo-5.4.0-136-generic - 5.4.0-136.153~18.04.1 linux-image-5.4.0-136-generic-lpae - 5.4.0-136.153~18.04.1 linux-headers-5.4.0-136-generic-lpae - 5.4.0-136.153~18.04.1 linux-headers-5.4.0-136-generic - 5.4.0-136.153~18.04.1 No subscription required linux-tools-ibm - 5.4.0.1041.52 linux-modules-extra-ibm - 5.4.0.1041.52 linux-image-ibm - 5.4.0.1041.52 linux-tools-ibm-edge - 5.4.0.1041.52 linux-headers-ibm-edge - 5.4.0.1041.52 linux-modules-extra-ibm-edge - 5.4.0.1041.52 linux-ibm - 5.4.0.1041.52 linux-ibm-edge - 5.4.0.1041.52 linux-headers-ibm - 5.4.0.1041.52 linux-image-ibm-edge - 5.4.0.1041.52 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1078.75 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1078.75 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1078.75 linux-raspi-hwe-18.04 - 5.4.0.1078.75 linux-image-raspi-hwe-18.04-edge - 5.4.0.1078.75 linux-tools-raspi-hwe-18.04 - 5.4.0.1078.75 linux-headers-raspi-hwe-18.04 - 5.4.0.1078.75 linux-raspi-hwe-18.04-edge - 5.4.0.1078.75 No subscription required linux-headers-oracle - 5.4.0.1091.100~18.04.65 linux-tools-oracle - 5.4.0.1091.100~18.04.65 linux-signed-image-oracle - 5.4.0.1091.100~18.04.65 linux-signed-oracle - 5.4.0.1091.100~18.04.65 linux-tools-oracle-edge - 5.4.0.1091.100~18.04.65 linux-oracle-edge - 5.4.0.1091.100~18.04.65 linux-image-oracle-edge - 5.4.0.1091.100~18.04.65 linux-modules-extra-oracle - 5.4.0.1091.100~18.04.65 linux-signed-oracle-edge - 5.4.0.1091.100~18.04.65 linux-signed-image-oracle-edge - 5.4.0.1091.100~18.04.65 linux-modules-extra-oracle-edge - 5.4.0.1091.100~18.04.65 linux-headers-oracle-edge - 5.4.0.1091.100~18.04.65 linux-image-oracle - 5.4.0.1091.100~18.04.65 linux-oracle - 5.4.0.1091.100~18.04.65 No subscription required linux-headers-aws - 5.4.0.1093.71 linux-image-aws - 5.4.0.1093.71 linux-modules-extra-aws-edge - 5.4.0.1093.71 linux-aws-edge - 5.4.0.1093.71 linux-aws - 5.4.0.1093.71 linux-headers-aws-edge - 5.4.0.1093.71 linux-modules-extra-aws - 5.4.0.1093.71 linux-tools-aws - 5.4.0.1093.71 linux-tools-aws-edge - 5.4.0.1093.71 linux-image-aws-edge - 5.4.0.1093.71 No subscription required linux-image-gcp-edge - 5.4.0.1097.73 linux-tools-gcp-edge - 5.4.0.1097.73 linux-headers-gcp-edge - 5.4.0.1097.73 linux-modules-extra-gcp - 5.4.0.1097.73 linux-tools-gcp - 5.4.0.1097.73 linux-modules-extra-gcp-edge - 5.4.0.1097.73 linux-gcp - 5.4.0.1097.73 linux-headers-gcp - 5.4.0.1097.73 linux-image-gcp - 5.4.0.1097.73 linux-gcp-edge - 5.4.0.1097.73 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-headers-snapdragon-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-generic-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-snapdragon-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-oem - 5.4.0.136.153~18.04.111 linux-tools-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-lowlatency-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-extra-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-oem-osp1 - 5.4.0.136.153~18.04.111 linux-snapdragon-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-generic-lpae-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-lowlatency-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-generic-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-tools-snapdragon-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-oem - 5.4.0.136.153~18.04.111 linux-headers-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-generic-lpae-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-lowlatency-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-oem-osp1 - 5.4.0.136.153~18.04.111 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-oem - 5.4.0.136.153~18.04.111 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-tools-generic-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-generic-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-generic-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-snapdragon-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-oem - 5.4.0.136.153~18.04.111 linux-headers-oem-osp1 - 5.4.0.136.153~18.04.111 linux-tools-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-generic-lpae-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-tools-generic-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-generic-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-oem-osp1 - 5.4.0.136.153~18.04.111 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-lowlatency-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-lowlatency-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.136.153~18.04.111 linux-image-generic-hwe-18.04-edge - 5.4.0.136.153~18.04.111 linux-image-virtual-hwe-18.04-edge - 5.4.0.136.153~18.04.111 No subscription required Medium CVE-2022-20421 CVE-2022-2663 CVE-2022-3061 CVE-2022-3303 CVE-2022-3586 CVE-2022-3646 CVE-2022-39842 CVE-2022-40307 CVE-2022-4095 CVE-2022-43750 CVE-2022-39188 Ubuntu 18.04 LTS It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) Gwnaun Jung discovered that the SFB packet scheduling implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3586) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the EFI capsule loader driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-40307) Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4095) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Jann Horn discovered a race condition existed in the Linux kernel when unmapping VMAs in certain situations, resulting in possible use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-39188) Update Instructions: Run `sudo pro fix USN-5791-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-image-unsigned-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-headers-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-tools-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-azure-5.4-headers-5.4.0-1100 - 5.4.0-1100.106~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1100 - 5.4.0-1100.106~18.04.1 linux-cloud-tools-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-modules-extra-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-modules-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-image-5.4.0-1100-azure - 5.4.0-1100.106~18.04.1 linux-azure-5.4-tools-5.4.0-1100 - 5.4.0-1100.106~18.04.1 No subscription required linux-signed-azure - 5.4.0.1100.73 linux-tools-azure-edge - 5.4.0.1100.73 linux-azure - 5.4.0.1100.73 linux-signed-image-azure-edge - 5.4.0.1100.73 linux-image-azure - 5.4.0.1100.73 linux-signed-image-azure - 5.4.0.1100.73 linux-tools-azure - 5.4.0.1100.73 linux-headers-azure-edge - 5.4.0.1100.73 linux-image-azure-edge - 5.4.0.1100.73 linux-modules-extra-azure - 5.4.0.1100.73 linux-cloud-tools-azure-edge - 5.4.0.1100.73 linux-azure-edge - 5.4.0.1100.73 linux-headers-azure - 5.4.0.1100.73 linux-modules-extra-azure-edge - 5.4.0.1100.73 linux-signed-azure-edge - 5.4.0.1100.73 linux-cloud-tools-azure - 5.4.0.1100.73 No subscription required Medium CVE-2022-20421 CVE-2022-2663 CVE-2022-3061 CVE-2022-3303 CVE-2022-3586 CVE-2022-3646 CVE-2022-39842 CVE-2022-40307 CVE-2022-4095 CVE-2022-43750 CVE-2022-39188 Ubuntu 18.04 LTS It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-5795-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: snmptrapd - 5.7.3+dfsg-1.8ubuntu3.8 libsnmp-perl - 5.7.3+dfsg-1.8ubuntu3.8 libsnmp-dev - 5.7.3+dfsg-1.8ubuntu3.8 libsnmp-base - 5.7.3+dfsg-1.8ubuntu3.8 snmp - 5.7.3+dfsg-1.8ubuntu3.8 libsnmp30 - 5.7.3+dfsg-1.8ubuntu3.8 tkmib - 5.7.3+dfsg-1.8ubuntu3.8 snmpd - 5.7.3+dfsg-1.8ubuntu3.8 python-netsnmp - 5.7.3+dfsg-1.8ubuntu3.8 No subscription required Medium CVE-2022-44792 CVE-2022-44793 Ubuntu 18.04 LTS It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5796-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m-img - 0.5.3-36ubuntu0.1 w3m - 0.5.3-36ubuntu0.1 No subscription required Medium CVE-2022-38223 Ubuntu 18.04 LTS It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-3437) Greg Hudson discovered that Kerberos PAC implementation used in Heimdal incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) It was discovered that Heimdal's KDC did not properly handle certain error conditions. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-44640) Update Instructions: Run `sudo pro fix USN-5800-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 7.5.0+dfsg-1ubuntu0.3 libwind0-heimdal - 7.5.0+dfsg-1ubuntu0.3 libroken18-heimdal - 7.5.0+dfsg-1ubuntu0.3 libgssapi3-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-kcm - 7.5.0+dfsg-1ubuntu0.3 libhdb9-heimdal - 7.5.0+dfsg-1ubuntu0.3 libasn1-8-heimdal - 7.5.0+dfsg-1ubuntu0.3 libsl0-heimdal - 7.5.0+dfsg-1ubuntu0.3 libkadm5clnt7-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-kdc - 7.5.0+dfsg-1ubuntu0.3 libkdc2-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-servers - 7.5.0+dfsg-1ubuntu0.3 libheimntlm0-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-docs - 7.5.0+dfsg-1ubuntu0.3 libheimbase1-heimdal - 7.5.0+dfsg-1ubuntu0.3 libkrb5-26-heimdal - 7.5.0+dfsg-1ubuntu0.3 libotp0-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-dev - 7.5.0+dfsg-1ubuntu0.3 libkafs0-heimdal - 7.5.0+dfsg-1ubuntu0.3 libhx509-5-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-multidev - 7.5.0+dfsg-1ubuntu0.3 libkadm5srv8-heimdal - 7.5.0+dfsg-1ubuntu0.3 heimdal-clients - 7.5.0+dfsg-1ubuntu0.3 No subscription required Medium CVE-2021-44758 CVE-2022-3437 CVE-2022-42898 CVE-2022-44640 Ubuntu 18.04 LTS It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. This issue affected only Ubuntu 20.04 and 22.04 (CVE-2022-0392) It was discovered that Vim makes illegal memory calls when making certain retab calls. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-0417) Update Instructions: Run `sudo pro fix USN-5801-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.10 vim-gnome - 2:8.0.1453-1ubuntu1.10 vim-athena - 2:8.0.1453-1ubuntu1.10 xxd - 2:8.0.1453-1ubuntu1.10 vim-gtk - 2:8.0.1453-1ubuntu1.10 vim-gui-common - 2:8.0.1453-1ubuntu1.10 vim - 2:8.0.1453-1ubuntu1.10 vim-doc - 2:8.0.1453-1ubuntu1.10 vim-tiny - 2:8.0.1453-1ubuntu1.10 vim-runtime - 2:8.0.1453-1ubuntu1.10 vim-gtk3 - 2:8.0.1453-1ubuntu1.10 vim-nox - 2:8.0.1453-1ubuntu1.10 No subscription required Medium CVE-2022-0392 CVE-2022-0417 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5804-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1134-kvm - 4.15.0-1134.139 linux-kvm-headers-4.15.0-1134 - 4.15.0-1134.139 linux-buildinfo-4.15.0-1134-kvm - 4.15.0-1134.139 linux-tools-4.15.0-1134-kvm - 4.15.0-1134.139 linux-kvm-tools-4.15.0-1134 - 4.15.0-1134.139 linux-image-4.15.0-1134-kvm - 4.15.0-1134.139 linux-modules-4.15.0-1134-kvm - 4.15.0-1134.139 No subscription required linux-cloud-tools-4.15.0-1159-azure - 4.15.0-1159.174 linux-modules-4.15.0-1159-azure - 4.15.0-1159.174 linux-azure-4.15-tools-4.15.0-1159 - 4.15.0-1159.174 linux-image-unsigned-4.15.0-1159-azure - 4.15.0-1159.174 linux-modules-extra-4.15.0-1159-azure - 4.15.0-1159.174 linux-image-4.15.0-1159-azure - 4.15.0-1159.174 linux-headers-4.15.0-1159-azure - 4.15.0-1159.174 linux-azure-4.15-headers-4.15.0-1159 - 4.15.0-1159.174 linux-buildinfo-4.15.0-1159-azure - 4.15.0-1159.174 linux-azure-4.15-cloud-tools-4.15.0-1159 - 4.15.0-1159.174 linux-tools-4.15.0-1159-azure - 4.15.0-1159.174 No subscription required linux-tools-common - 4.15.0-202.213 linux-buildinfo-4.15.0-202-lowlatency - 4.15.0-202.213 linux-tools-4.15.0-202-generic - 4.15.0-202.213 linux-tools-4.15.0-202 - 4.15.0-202.213 linux-tools-host - 4.15.0-202.213 linux-doc - 4.15.0-202.213 linux-modules-extra-4.15.0-202-generic - 4.15.0-202.213 linux-cloud-tools-4.15.0-202 - 4.15.0-202.213 linux-headers-4.15.0-202-generic-lpae - 4.15.0-202.213 linux-cloud-tools-4.15.0-202-generic - 4.15.0-202.213 linux-buildinfo-4.15.0-202-generic - 4.15.0-202.213 linux-libc-dev - 4.15.0-202.213 linux-headers-4.15.0-202-generic - 4.15.0-202.213 linux-tools-4.15.0-202-generic-lpae - 4.15.0-202.213 linux-image-4.15.0-202-generic - 4.15.0-202.213 linux-image-4.15.0-202-generic-lpae - 4.15.0-202.213 linux-modules-4.15.0-202-generic - 4.15.0-202.213 linux-buildinfo-4.15.0-202-generic-lpae - 4.15.0-202.213 linux-image-unsigned-4.15.0-202-lowlatency - 4.15.0-202.213 linux-headers-4.15.0-202-lowlatency - 4.15.0-202.213 linux-tools-4.15.0-202-lowlatency - 4.15.0-202.213 linux-cloud-tools-4.15.0-202-lowlatency - 4.15.0-202.213 linux-modules-4.15.0-202-generic-lpae - 4.15.0-202.213 linux-cloud-tools-common - 4.15.0-202.213 linux-modules-4.15.0-202-lowlatency - 4.15.0-202.213 linux-image-unsigned-4.15.0-202-generic - 4.15.0-202.213 linux-source-4.15.0 - 4.15.0-202.213 linux-headers-4.15.0-202 - 4.15.0-202.213 linux-image-4.15.0-202-lowlatency - 4.15.0-202.213 No subscription required linux-kvm - 4.15.0.1134.125 linux-headers-kvm - 4.15.0.1134.125 linux-image-kvm - 4.15.0.1134.125 linux-tools-kvm - 4.15.0.1134.125 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1159.127 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1159.127 linux-tools-azure-lts-18.04 - 4.15.0.1159.127 linux-headers-azure-lts-18.04 - 4.15.0.1159.127 linux-azure-lts-18.04 - 4.15.0.1159.127 linux-signed-azure-lts-18.04 - 4.15.0.1159.127 linux-image-azure-lts-18.04 - 4.15.0.1159.127 linux-signed-image-azure-lts-18.04 - 4.15.0.1159.127 No subscription required linux-signed-generic-hwe-16.04-edge - 4.15.0.202.185 linux-headers-generic-lpae - 4.15.0.202.185 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-image-extra-virtual-hwe-16.04 - 4.15.0.202.185 linux-image-virtual - 4.15.0.202.185 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.202.185 linux-image-generic - 4.15.0.202.185 linux-tools-lowlatency - 4.15.0.202.185 linux-headers-generic-hwe-16.04-edge - 4.15.0.202.185 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.202.185 linux-generic-lpae-hwe-16.04 - 4.15.0.202.185 linux-cloud-tools-virtual - 4.15.0.202.185 linux-tools-virtual-hwe-16.04 - 4.15.0.202.185 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-image-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-generic-lpae-hwe-16.04-edge - 4.15.0.202.185 linux-signed-image-lowlatency - 4.15.0.202.185 linux-signed-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-crashdump - 4.15.0.202.185 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-lowlatency - 4.15.0.202.185 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.202.185 linux-signed-image-generic - 4.15.0.202.185 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.202.185 linux-tools-generic-lpae - 4.15.0.202.185 linux-cloud-tools-generic - 4.15.0.202.185 linux-signed-lowlatency - 4.15.0.202.185 linux-generic-hwe-16.04-edge - 4.15.0.202.185 linux-virtual - 4.15.0.202.185 linux-headers-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.202.185 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-tools-generic-hwe-16.04 - 4.15.0.202.185 linux-tools-virtual - 4.15.0.202.185 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-generic-lpae - 4.15.0.202.185 linux-generic - 4.15.0.202.185 linux-image-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-signed-image-generic-hwe-16.04 - 4.15.0.202.185 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.202.185 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-headers-lowlatency - 4.15.0.202.185 linux-headers-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-headers-generic-hwe-16.04 - 4.15.0.202.185 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-generic-hwe-16.04 - 4.15.0.202.185 linux-tools-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-image-generic-lpae - 4.15.0.202.185 linux-tools-generic - 4.15.0.202.185 linux-virtual-hwe-16.04 - 4.15.0.202.185 linux-image-generic-hwe-16.04-edge - 4.15.0.202.185 linux-image-extra-virtual - 4.15.0.202.185 linux-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-cloud-tools-lowlatency - 4.15.0.202.185 linux-image-generic-hwe-16.04 - 4.15.0.202.185 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-image-generic-lpae-hwe-16.04 - 4.15.0.202.185 linux-virtual-hwe-16.04-edge - 4.15.0.202.185 linux-tools-lowlatency-hwe-16.04 - 4.15.0.202.185 linux-signed-generic - 4.15.0.202.185 linux-signed-generic-hwe-16.04 - 4.15.0.202.185 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.202.185 linux-source - 4.15.0.202.185 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.202.185 linux-headers-generic - 4.15.0.202.185 linux-headers-virtual-hwe-16.04 - 4.15.0.202.185 linux-image-virtual-hwe-16.04 - 4.15.0.202.185 linux-headers-virtual - 4.15.0.202.185 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.202.185 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.202.185 linux-tools-generic-hwe-16.04-edge - 4.15.0.202.185 linux-image-lowlatency - 4.15.0.202.185 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.202.185 No subscription required linux-oracle-5.4-headers-5.4.0-1092 - 5.4.0-1092.101~18.04.1 linux-modules-extra-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-headers-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-oracle-5.4-tools-5.4.0-1092 - 5.4.0-1092.101~18.04.1 linux-tools-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-image-unsigned-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-modules-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-image-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 linux-buildinfo-5.4.0-1092-oracle - 5.4.0-1092.101~18.04.1 No subscription required linux-tools-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-image-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-modules-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-headers-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-gcp-5.4-tools-5.4.0-1098 - 5.4.0-1098.107~18.04.1 linux-modules-extra-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-gcp-5.4-headers-5.4.0-1098 - 5.4.0-1098.107~18.04.1 linux-buildinfo-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 linux-image-unsigned-5.4.0-1098-gcp - 5.4.0-1098.107~18.04.1 No subscription required linux-headers-oracle - 5.4.0.1092.101~18.04.66 linux-tools-oracle - 5.4.0.1092.101~18.04.66 linux-signed-image-oracle - 5.4.0.1092.101~18.04.66 linux-signed-oracle - 5.4.0.1092.101~18.04.66 linux-tools-oracle-edge - 5.4.0.1092.101~18.04.66 linux-image-oracle-edge - 5.4.0.1092.101~18.04.66 linux-modules-extra-oracle - 5.4.0.1092.101~18.04.66 linux-signed-oracle-edge - 5.4.0.1092.101~18.04.66 linux-oracle-edge - 5.4.0.1092.101~18.04.66 linux-signed-image-oracle-edge - 5.4.0.1092.101~18.04.66 linux-modules-extra-oracle-edge - 5.4.0.1092.101~18.04.66 linux-headers-oracle-edge - 5.4.0.1092.101~18.04.66 linux-image-oracle - 5.4.0.1092.101~18.04.66 linux-oracle - 5.4.0.1092.101~18.04.66 No subscription required linux-image-gcp-edge - 5.4.0.1098.74 linux-headers-gcp-edge - 5.4.0.1098.74 linux-modules-extra-gcp - 5.4.0.1098.74 linux-tools-gcp - 5.4.0.1098.74 linux-modules-extra-gcp-edge - 5.4.0.1098.74 linux-gcp - 5.4.0.1098.74 linux-tools-gcp-edge - 5.4.0.1098.74 linux-headers-gcp - 5.4.0.1098.74 linux-image-gcp - 5.4.0.1098.74 linux-gcp-edge - 5.4.0.1098.74 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5804-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1143-gcp - 4.15.0-1143.159 linux-gcp-4.15-headers-4.15.0-1143 - 4.15.0-1143.159 linux-gcp-4.15-tools-4.15.0-1143 - 4.15.0-1143.159 linux-image-unsigned-4.15.0-1143-gcp - 4.15.0-1143.159 linux-image-4.15.0-1143-gcp - 4.15.0-1143.159 linux-modules-4.15.0-1143-gcp - 4.15.0-1143.159 linux-modules-extra-4.15.0-1143-gcp - 4.15.0-1143.159 linux-headers-4.15.0-1143-gcp - 4.15.0-1143.159 linux-tools-4.15.0-1143-gcp - 4.15.0-1143.159 No subscription required linux-modules-4.15.0-1148-aws - 4.15.0-1148.160 linux-modules-extra-4.15.0-1148-aws - 4.15.0-1148.160 linux-headers-4.15.0-1148-aws - 4.15.0-1148.160 linux-aws-headers-4.15.0-1148 - 4.15.0-1148.160 linux-cloud-tools-4.15.0-1148-aws - 4.15.0-1148.160 linux-aws-tools-4.15.0-1148 - 4.15.0-1148.160 linux-tools-4.15.0-1148-aws - 4.15.0-1148.160 linux-aws-cloud-tools-4.15.0-1148 - 4.15.0-1148.160 linux-image-unsigned-4.15.0-1148-aws - 4.15.0-1148.160 linux-buildinfo-4.15.0-1148-aws - 4.15.0-1148.160 linux-image-4.15.0-1148-aws - 4.15.0-1148.160 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1143.157 linux-gcp-lts-18.04 - 4.15.0.1143.157 linux-tools-gcp-lts-18.04 - 4.15.0.1143.157 linux-headers-gcp-lts-18.04 - 4.15.0.1143.157 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1143.157 No subscription required linux-aws-lts-18.04 - 4.15.0.1148.146 linux-modules-extra-aws-lts-18.04 - 4.15.0.1148.146 linux-image-aws-lts-18.04 - 4.15.0.1148.146 linux-headers-aws-lts-18.04 - 4.15.0.1148.146 linux-tools-aws-lts-18.04 - 4.15.0.1148.146 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. Update Instructions: Run `sudo pro fix USN-5806-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.5 - 2.5.1-1ubuntu1.13 ruby2.5 - 2.5.1-1ubuntu1.13 ruby2.5-doc - 2.5.1-1ubuntu1.13 ruby2.5-dev - 2.5.1-1ubuntu1.13 No subscription required Medium CVE-2021-33621 Ubuntu 18.04 LTS Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. (CVE-2022-44617) Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. (CVE-2022-46285) Alan Coopersmith discovered that libXpm incorrectly handled calling external helper binaries. If libXpm was being used by a setuid binary, a local attacker could possibly use this issue to escalate privileges. (CVE-2022-4883) Update Instructions: Run `sudo pro fix USN-5807-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xpmutils - 1:3.5.12-1ubuntu0.18.04.2 libxpm-dev - 1:3.5.12-1ubuntu0.18.04.2 libxpm4 - 1:3.5.12-1ubuntu0.18.04.2 No subscription required Medium CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5808-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1042 - 5.4.0-1042.47~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1042.47~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1042.47~18.04.1 linux-image-unsigned-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-buildinfo-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-modules-extra-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1042.47~18.04.1 linux-image-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-headers-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-ibm-5.4-tools-5.4.0-1042 - 5.4.0-1042.47~18.04.1 linux-tools-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 linux-modules-5.4.0-1042-ibm - 5.4.0-1042.47~18.04.1 No subscription required linux-image-ibm - 5.4.0.1042.53 linux-tools-ibm - 5.4.0.1042.53 linux-ibm-edge - 5.4.0.1042.53 linux-headers-ibm - 5.4.0.1042.53 linux-headers-ibm-edge - 5.4.0.1042.53 linux-modules-extra-ibm-edge - 5.4.0.1042.53 linux-tools-ibm-edge - 5.4.0.1042.53 linux-modules-extra-ibm - 5.4.0.1042.53 linux-ibm - 5.4.0.1042.53 linux-image-ibm-edge - 5.4.0.1042.53 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Update Instructions: Run `sudo pro fix USN-5810-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.14 gitweb - 1:2.17.1-1ubuntu0.14 git-gui - 1:2.17.1-1ubuntu0.14 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.14 git-el - 1:2.17.1-1ubuntu0.14 gitk - 1:2.17.1-1ubuntu0.14 git-all - 1:2.17.1-1ubuntu0.14 git-mediawiki - 1:2.17.1-1ubuntu0.14 git-daemon-run - 1:2.17.1-1ubuntu0.14 git-man - 1:2.17.1-1ubuntu0.14 git-doc - 1:2.17.1-1ubuntu0.14 git-svn - 1:2.17.1-1ubuntu0.14 git-cvs - 1:2.17.1-1ubuntu0.14 git-email - 1:2.17.1-1ubuntu0.14 No subscription required Medium CVE-2022-23521 CVE-2022-41903 Ubuntu 18.04 LTS USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Update Instructions: Run `sudo pro fix USN-5810-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.15 gitweb - 1:2.17.1-1ubuntu0.15 git-all - 1:2.17.1-1ubuntu0.15 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.15 git-el - 1:2.17.1-1ubuntu0.15 gitk - 1:2.17.1-1ubuntu0.15 git-gui - 1:2.17.1-1ubuntu0.15 git-mediawiki - 1:2.17.1-1ubuntu0.15 git-daemon-run - 1:2.17.1-1ubuntu0.15 git-man - 1:2.17.1-1ubuntu0.15 git-doc - 1:2.17.1-1ubuntu0.15 git-svn - 1:2.17.1-1ubuntu0.15 git-cvs - 1:2.17.1-1ubuntu0.15 git-email - 1:2.17.1-1ubuntu0.15 No subscription required None https://launchpad.net/bugs/2003246 Ubuntu 18.04 LTS Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. (CVE-2023-22809) It was discovered that the Protobuf-c library, used by Sudo, incorrectly handled certain arithmetic shifts. An attacker could possibly use this issue to cause Sudo to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-33070) Update Instructions: Run `sudo pro fix USN-5811-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.21p2-3ubuntu1.5 sudo - 1.8.21p2-3ubuntu1.5 No subscription required Medium CVE-2022-33070 CVE-2023-22809 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5813-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1113-oracle - 4.15.0-1113.124 linux-tools-4.15.0-1113-oracle - 4.15.0-1113.124 linux-oracle-headers-4.15.0-1113 - 4.15.0-1113.124 linux-oracle-tools-4.15.0-1113 - 4.15.0-1113.124 linux-modules-extra-4.15.0-1113-oracle - 4.15.0-1113.124 linux-buildinfo-4.15.0-1113-oracle - 4.15.0-1113.124 linux-image-4.15.0-1113-oracle - 4.15.0-1113.124 linux-headers-4.15.0-1113-oracle - 4.15.0-1113.124 linux-modules-4.15.0-1113-oracle - 4.15.0-1113.124 No subscription required linux-modules-4.15.0-1144-snapdragon - 4.15.0-1144.154 linux-snapdragon-headers-4.15.0-1144 - 4.15.0-1144.154 linux-tools-4.15.0-1144-snapdragon - 4.15.0-1144.154 linux-buildinfo-4.15.0-1144-snapdragon - 4.15.0-1144.154 linux-snapdragon-tools-4.15.0-1144 - 4.15.0-1144.154 linux-image-4.15.0-1144-snapdragon - 4.15.0-1144.154 linux-headers-4.15.0-1144-snapdragon - 4.15.0-1144.154 No subscription required linux-oracle-lts-18.04 - 4.15.0.1113.118 linux-image-oracle-lts-18.04 - 4.15.0.1113.118 linux-signed-image-oracle-lts-18.04 - 4.15.0.1113.118 linux-signed-oracle-lts-18.04 - 4.15.0.1113.118 linux-headers-oracle-lts-18.04 - 4.15.0.1113.118 linux-tools-oracle-lts-18.04 - 4.15.0.1113.118 No subscription required linux-snapdragon - 4.15.0.1144.143 linux-headers-snapdragon - 4.15.0.1144.143 linux-tools-snapdragon - 4.15.0.1144.143 linux-image-snapdragon - 4.15.0.1144.143 No subscription required linux-image-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-modules-extra-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1094 - 5.4.0-1094.102~18.04.1 linux-buildinfo-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-modules-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-tools-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-aws-5.4-tools-5.4.0-1094 - 5.4.0-1094.102~18.04.1 linux-aws-5.4-headers-5.4.0-1094 - 5.4.0-1094.102~18.04.1 linux-cloud-tools-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-image-unsigned-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 linux-headers-5.4.0-1094-aws - 5.4.0-1094.102~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-137.154~18.04.1 linux-image-unsigned-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-modules-extra-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-headers-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-buildinfo-5.4.0-137-generic-lpae - 5.4.0-137.154~18.04.1 linux-image-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-image-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-buildinfo-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-137 - 5.4.0-137.154~18.04.1 linux-tools-5.4.0-137-generic-lpae - 5.4.0-137.154~18.04.1 linux-tools-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-cloud-tools-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-buildinfo-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-137.154~18.04.1 linux-hwe-5.4-headers-5.4.0-137 - 5.4.0-137.154~18.04.1 linux-cloud-tools-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-modules-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-137.154~18.04.1 linux-image-5.4.0-137-generic-lpae - 5.4.0-137.154~18.04.1 linux-tools-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-headers-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-hwe-5.4-tools-5.4.0-137 - 5.4.0-137.154~18.04.1 linux-modules-5.4.0-137-generic-lpae - 5.4.0-137.154~18.04.1 linux-image-unsigned-5.4.0-137-generic - 5.4.0-137.154~18.04.1 linux-modules-5.4.0-137-lowlatency - 5.4.0-137.154~18.04.1 linux-headers-5.4.0-137-generic-lpae - 5.4.0-137.154~18.04.1 No subscription required linux-headers-aws - 5.4.0.1094.72 linux-image-aws - 5.4.0.1094.72 linux-modules-extra-aws-edge - 5.4.0.1094.72 linux-aws-edge - 5.4.0.1094.72 linux-image-aws-edge - 5.4.0.1094.72 linux-aws - 5.4.0.1094.72 linux-headers-aws-edge - 5.4.0.1094.72 linux-modules-extra-aws - 5.4.0.1094.72 linux-tools-aws - 5.4.0.1094.72 linux-tools-aws-edge - 5.4.0.1094.72 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-headers-snapdragon-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-generic-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-snapdragon-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-snapdragon-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-oem - 5.4.0.137.154~18.04.112 linux-headers-lowlatency-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-lowlatency-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-extra-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-oem-osp1 - 5.4.0.137.154~18.04.112 linux-headers-oem - 5.4.0.137.154~18.04.112 linux-snapdragon-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-generic-lpae-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-tools-lowlatency-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-generic-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-oem - 5.4.0.137.154~18.04.112 linux-headers-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-generic-lpae-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-tools-oem-osp1 - 5.4.0.137.154~18.04.112 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-generic-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-generic-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-generic-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-generic-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-generic-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-snapdragon-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-tools-oem - 5.4.0.137.154~18.04.112 linux-headers-oem-osp1 - 5.4.0.137.154~18.04.112 linux-tools-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-generic-lpae-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-generic-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-oem-osp1 - 5.4.0.137.154~18.04.112 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-lowlatency-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-tools-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-lowlatency-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.137.154~18.04.112 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.137.154~18.04.112 linux-image-virtual-hwe-18.04-edge - 5.4.0.137.154~18.04.112 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23597) Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23598) Vadim discovered that Firefox was not properly sanitizing a curl command output when copying a network request from the developer tools panel. An attacker could potentially exploits this to hide and execute arbitrary commands. (CVE-2023-23599) Luan Herrera discovered that Firefox was not stopping navigation when dragging a URL from a cross-origin iframe into the same tab. An attacker potentially exploits this to spoof the user. (CVE-2023-23601) Dave Vandyke discovered that Firefox did not properly implement CSP policy when creating a WebSocket in a WebWorker. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2023-23602) Dan Veditz discovered that Firefox did not properly implement CSP policy on regular expression when using console.log. An attacker potentially exploits this to exfiltrate data from the browser. (CVE-2023-23603) Nika Layzell discovered that Firefox was not performing a validation check when parsing a non-system html document via DOMParser::ParseFromSafeString. An attacker potentially exploits this to bypass web security checks. (CVE-2023-23604) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-23605, CVE-2023-23606) Update Instructions: Run `sudo pro fix USN-5816-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 109.0+build2-0ubuntu0.18.04.1 firefox - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 109.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 109.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 109.0+build2-0ubuntu0.18.04.1 firefox-dev - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 109.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 109.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-23597 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23604 CVE-2023-23605 CVE-2023-23606 Ubuntu 18.04 LTS USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23597) Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23598) Vadim discovered that Firefox was not properly sanitizing a curl command output when copying a network request from the developer tools panel. An attacker could potentially exploits this to hide and execute arbitrary commands. (CVE-2023-23599) Luan Herrera discovered that Firefox was not stopping navigation when dragging a URL from a cross-origin iframe into the same tab. An attacker potentially exploits this to spoof the user. (CVE-2023-23601) Dave Vandyke discovered that Firefox did not properly implement CSP policy when creating a WebSocket in a WebWorker. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2023-23602) Dan Veditz discovered that Firefox did not properly implement CSP policy on regular expression when using console.log. An attacker potentially exploits this to exfiltrate data from the browser. (CVE-2023-23603) Nika Layzell discovered that Firefox was not performing a validation check when parsing a non-system html document via DOMParser::ParseFromSafeString. An attacker potentially exploits this to bypass web security checks. (CVE-2023-23604) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-23605, CVE-2023-23606) Update Instructions: Run `sudo pro fix USN-5816-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nn - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ne - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nb - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fa - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fi - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fr - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-fy - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-or - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kab - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-oc - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cs - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ga - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gd - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gn - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gl - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-gu - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pa - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pl - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cy - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-pt - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-szl - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hi - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ms - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-he - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hy - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hr - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hu - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-it - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-as - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ar - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ia - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-az - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-id - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mai - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-af - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-is - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-vi - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-an - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bs - 109.0.1+build1-0ubuntu0.18.04.2 firefox - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ro - 109.0.1+build1-0ubuntu0.18.04.2 firefox-geckodriver - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ja - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ru - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-br - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zh-hant - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zh-hans - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bn - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-be - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-bg - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sl - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sk - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-si - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sw - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sv - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sr - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-sq - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ko - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kn - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-km - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-kk - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ka - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-xh - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ca - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ku - 109.0.1+build1-0ubuntu0.18.04.2 firefox-mozsymbols - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lv - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lt - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-th - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-hsb - 109.0.1+build1-0ubuntu0.18.04.2 firefox-dev - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-te - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-cak - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ta - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-lg - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-tr - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-nso - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-de - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-da - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-uk - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mr - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-my - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-uz - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ml - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mn - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-mk - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ur - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-eu - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-et - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-es - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-csb - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-el - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-eo - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-en - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-zu - 109.0.1+build1-0ubuntu0.18.04.2 firefox-locale-ast - 109.0.1+build1-0ubuntu0.18.04.2 No subscription required None https://launchpad.net/bugs/2006075 Ubuntu 18.04 LTS Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5817-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-setuptools - 39.0.1-2ubuntu0.1 python-setuptools-doc - 39.0.1-2ubuntu0.1 python3-pkg-resources - 39.0.1-2ubuntu0.1 pypy-setuptools - 39.0.1-2ubuntu0.1 pypy-pkg-resources - 39.0.1-2ubuntu0.1 python3-setuptools - 39.0.1-2ubuntu0.1 python-pkg-resources - 39.0.1-2ubuntu0.1 No subscription required Medium CVE-2022-40897 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5818-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.16 php7.2-enchant - 7.2.24-0ubuntu0.18.04.16 php7.2-ldap - 7.2.24-0ubuntu0.18.04.16 php7.2-fpm - 7.2.24-0ubuntu0.18.04.16 php7.2-recode - 7.2.24-0ubuntu0.18.04.16 php7.2-cli - 7.2.24-0ubuntu0.18.04.16 php7.2-json - 7.2.24-0ubuntu0.18.04.16 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.16 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.16 php7.2 - 7.2.24-0ubuntu0.18.04.16 php7.2-pspell - 7.2.24-0ubuntu0.18.04.16 php7.2-dev - 7.2.24-0ubuntu0.18.04.16 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.16 php7.2-gmp - 7.2.24-0ubuntu0.18.04.16 php7.2-opcache - 7.2.24-0ubuntu0.18.04.16 php7.2-gd - 7.2.24-0ubuntu0.18.04.16 php7.2-soap - 7.2.24-0ubuntu0.18.04.16 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.16 php7.2-intl - 7.2.24-0ubuntu0.18.04.16 php7.2-cgi - 7.2.24-0ubuntu0.18.04.16 php7.2-odbc - 7.2.24-0ubuntu0.18.04.16 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.16 php7.2-tidy - 7.2.24-0ubuntu0.18.04.16 php7.2-imap - 7.2.24-0ubuntu0.18.04.16 php7.2-readline - 7.2.24-0ubuntu0.18.04.16 php7.2-mysql - 7.2.24-0ubuntu0.18.04.16 php7.2-dba - 7.2.24-0ubuntu0.18.04.16 php7.2-xml - 7.2.24-0ubuntu0.18.04.16 php7.2-interbase - 7.2.24-0ubuntu0.18.04.16 php7.2-xsl - 7.2.24-0ubuntu0.18.04.16 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.16 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.16 php7.2-sybase - 7.2.24-0ubuntu0.18.04.16 php7.2-curl - 7.2.24-0ubuntu0.18.04.16 php7.2-common - 7.2.24-0ubuntu0.18.04.16 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.16 php7.2-snmp - 7.2.24-0ubuntu0.18.04.16 php7.2-zip - 7.2.24-0ubuntu0.18.04.16 No subscription required Medium CVE-2022-31631 Ubuntu 18.04 LTS Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution. Update Instructions: Run `sudo pro fix USN-5820-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exuberant-ctags - 1:5.9~svn20110310-11ubuntu0.1 No subscription required Medium CVE-2022-4515 Ubuntu 18.04 LTS Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-wheel - 0.30.0-0.2ubuntu0.1 python-wheel-common - 0.30.0-0.2ubuntu0.1 python3-wheel - 0.30.0-0.2ubuntu0.1 No subscription required Medium CVE-2022-40898 Ubuntu 18.04 LTS USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 9.0.1-2.3~ubuntu1.18.04.7 python-pip-whl - 9.0.1-2.3~ubuntu1.18.04.7 python3-pip - 9.0.1-2.3~ubuntu1.18.04.7 No subscription required Medium CVE-2022-40898 Ubuntu 18.04 LTS USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5821-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 9.0.1-2.3~ubuntu1.18.04.8 python-pip-whl - 9.0.1-2.3~ubuntu1.18.04.8 python3-pip - 9.0.1-2.3~ubuntu1.18.04.8 No subscription required None https://launchpad.net/bugs/2009130 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html https://www.oracle.com/security-alerts/cpujan2023.html Update Instructions: Run `sudo pro fix USN-5823-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.41-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.41-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.41-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.41-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.41-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.41-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.41-0ubuntu0.18.04.1 mysql-server - 5.7.41-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.41-0ubuntu0.18.04.1 mysql-testsuite - 5.7.41-0ubuntu0.18.04.1 libmysqld-dev - 5.7.41-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.41-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-32221 CVE-2023-21836 CVE-2023-21840 CVE-2023-21863 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21879 CVE-2023-21880 CVE-2023-21881 CVE-2023-21882 CVE-2023-21883 CVE-2023-21887 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882, CVE-2023-23605) Armin Ebert discovered that Thunderbird did not properly manage memory while resolving file symlink. If a user were tricked into opening a specially crafted weblink, an attacker could potentially exploit these to cause a denial of service. (CVE-2022-45412) Sarah Jamie Lewis discovered that Thunderbird did not properly manage network request while handling HTML emails with certain tags. If a user were tricked into opening a specially HTML email, an attacker could potentially exploit these issue and load remote content regardless of a configuration to block remote content. (CVE-2022-45414) Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Thunderbird incorrectly handled keyboard events. An attacker could possibly use this issue to perform a timing side-channel attack and possibly figure out which keys are being pressed. (CVE-2022-45416) It was discovered that Thunderbird was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Thunderbird. (CVE-2022-46871) Nika Layzell discovered that Thunderbird was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Matthias Zoellner discovered that Thunderbird was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. (CVE-2022-46874) Hafiizh discovered that Thunderbird was not properly handling fullscreen notifications when the window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2022-46877) Tom Schuster discovered that Thunderbird was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-23598) Vadim discovered that Thunderbird was not properly sanitizing a curl command output when copying a network request from the developer tools panel. An attacker could potentially exploits this to hide and execute arbitrary commands. (CVE-2023-23599) Luan Herrera discovered that Thunderbird was not stopping navigation when dragging a URL from a cross-origin iframe into the same tab. An attacker potentially exploits this to spoof the user. (CVE-2023-23601) Dave Vandyke discovered that Thunderbird did not properly implement CSP policy when creating a WebSocket in a WebWorker. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2023-23602) Dan Veditz discovered that Thunderbird did not properly implement CSP policy on regular expression when using console.log. An attacker potentially exploits this to exfiltrate data. (CVE-2023-23603) It was discovered that Thunderbird did not properly check the Certificate OCSP revocation status when verifying S/Mime signatures. An attacker could possibly use this issue to bypass signature validation check by sending email signed with a revoked certificate. (CVE-2023-0430) Update Instructions: Run `sudo pro fix USN-5824-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.7.1+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.7.1+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.7.1+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.7.1+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.7.1+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 CVE-2022-45414 CVE-2022-46880 CVE-2022-46872 CVE-2022-46881 CVE-2022-46882 CVE-2022-46878 CVE-2022-46874 CVE-2022-46871 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23602 CVE-2022-46877 CVE-2023-23603 CVE-2023-23605 CVE-2023-0430 Ubuntu 18.04 LTS It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-3.6ubuntu2.18.04.4 libpam0g-dev - 1.1.8-3.6ubuntu2.18.04.4 libpam-modules - 1.1.8-3.6ubuntu2.18.04.4 libpam-modules-bin - 1.1.8-3.6ubuntu2.18.04.4 libpam-doc - 1.1.8-3.6ubuntu2.18.04.4 libpam-cracklib - 1.1.8-3.6ubuntu2.18.04.4 libpam0g - 1.1.8-3.6ubuntu2.18.04.4 No subscription required Negligible CVE-2022-28321 Ubuntu 18.04 LTS USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update Instructions: Run `sudo pro fix USN-5825-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-runtime - 1.1.8-3.6ubuntu2.18.04.6 libpam0g-dev - 1.1.8-3.6ubuntu2.18.04.6 libpam-modules - 1.1.8-3.6ubuntu2.18.04.6 libpam-modules-bin - 1.1.8-3.6ubuntu2.18.04.6 libpam-doc - 1.1.8-3.6ubuntu2.18.04.6 libpam-cracklib - 1.1.8-3.6ubuntu2.18.04.6 libpam0g - 1.1.8-3.6ubuntu2.18.04.6 No subscription required Negligible CVE-2022-28321 https://launchpad.net/bugs/2006073 Ubuntu 18.04 LTS Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-44540) Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. (CVE-2021-44543) Update Instructions: Run `sudo pro fix USN-5826-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: privoxy - 3.0.26-5ubuntu0.3 No subscription required Medium CVE-2021-44540 CVE-2021-44543 Ubuntu 18.04 LTS It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-20217) Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-42898) Update Instructions: Run `sudo pro fix USN-5828-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libk5crypto3 - 1.16-2ubuntu0.3 krb5-kpropd - 1.16-2ubuntu0.3 krb5-user - 1.16-2ubuntu0.3 libgssrpc4 - 1.16-2ubuntu0.3 libkrb5support0 - 1.16-2ubuntu0.3 krb5-doc - 1.16-2ubuntu0.3 libkrb5-dev - 1.16-2ubuntu0.3 krb5-pkinit - 1.16-2ubuntu0.3 libkrb5-3 - 1.16-2ubuntu0.3 krb5-kdc-ldap - 1.16-2ubuntu0.3 krb5-otp - 1.16-2ubuntu0.3 krb5-gss-samples - 1.16-2ubuntu0.3 libkdb5-9 - 1.16-2ubuntu0.3 krb5-locales - 1.16-2ubuntu0.3 libgssapi-krb5-2 - 1.16-2ubuntu0.3 krb5-kdc - 1.16-2ubuntu0.3 libkrad-dev - 1.16-2ubuntu0.3 krb5-k5tls - 1.16-2ubuntu0.3 libkrad0 - 1.16-2ubuntu0.3 krb5-multidev - 1.16-2ubuntu0.3 libkadm5srv-mit11 - 1.16-2ubuntu0.3 libkadm5clnt-mit11 - 1.16-2ubuntu0.3 krb5-admin-server - 1.16-2ubuntu0.3 No subscription required Medium CVE-2018-20217 CVE-2022-42898 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5829-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1079-raspi - 5.4.0-1079.90~18.04.1 linux-raspi-5.4-headers-5.4.0-1079 - 5.4.0-1079.90~18.04.1 linux-raspi-5.4-tools-5.4.0-1079 - 5.4.0-1079.90~18.04.1 linux-tools-5.4.0-1079-raspi - 5.4.0-1079.90~18.04.1 linux-headers-5.4.0-1079-raspi - 5.4.0-1079.90~18.04.1 linux-modules-5.4.0-1079-raspi - 5.4.0-1079.90~18.04.1 linux-buildinfo-5.4.0-1079-raspi - 5.4.0-1079.90~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1079.76 linux-tools-raspi-hwe-18.04 - 5.4.0.1079.76 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1079.76 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1079.76 linux-image-raspi-hwe-18.04 - 5.4.0.1079.76 linux-raspi-hwe-18.04-edge - 5.4.0.1079.76 linux-headers-raspi-hwe-18.04 - 5.4.0.1079.76 linux-raspi-hwe-18.04 - 5.4.0.1079.76 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5830-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1126-raspi2 - 4.15.0-1126.134 linux-raspi2-tools-4.15.0-1126 - 4.15.0-1126.134 linux-image-4.15.0-1126-raspi2 - 4.15.0-1126.134 linux-headers-4.15.0-1126-raspi2 - 4.15.0-1126.134 linux-raspi2-headers-4.15.0-1126 - 4.15.0-1126.134 linux-tools-4.15.0-1126-raspi2 - 4.15.0-1126.134 linux-modules-4.15.0-1126-raspi2 - 4.15.0-1126.134 No subscription required linux-raspi2 - 4.15.0.1126.121 linux-headers-raspi2 - 4.15.0.1126.121 linux-image-raspi2 - 4.15.0.1126.121 linux-tools-raspi2 - 4.15.0.1126.121 No subscription required linux-modules-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-cloud-tools-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-image-unsigned-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-azure-5.4-headers-5.4.0-1101 - 5.4.0-1101.107~18.04.1 linux-buildinfo-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1101 - 5.4.0-1101.107~18.04.1 linux-headers-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-image-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-modules-extra-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 linux-azure-5.4-tools-5.4.0-1101 - 5.4.0-1101.107~18.04.1 linux-tools-5.4.0-1101-azure - 5.4.0-1101.107~18.04.1 No subscription required linux-signed-azure - 5.4.0.1101.74 linux-tools-azure-edge - 5.4.0.1101.74 linux-azure - 5.4.0.1101.74 linux-signed-image-azure-edge - 5.4.0.1101.74 linux-image-azure - 5.4.0.1101.74 linux-cloud-tools-azure - 5.4.0.1101.74 linux-tools-azure - 5.4.0.1101.74 linux-headers-azure-edge - 5.4.0.1101.74 linux-image-azure-edge - 5.4.0.1101.74 linux-modules-extra-azure - 5.4.0.1101.74 linux-cloud-tools-azure-edge - 5.4.0.1101.74 linux-azure-edge - 5.4.0.1101.74 linux-headers-azure - 5.4.0.1101.74 linux-modules-extra-azure-edge - 5.4.0.1101.74 linux-signed-azure-edge - 5.4.0.1101.74 linux-signed-image-azure - 5.4.0.1101.74 No subscription required High CVE-2022-3643 CVE-2022-42896 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5833-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-future-doc - 0.15.2-4ubuntu2.1 python3-future - 0.15.2-4ubuntu2.1 python-future - 0.15.2-4ubuntu2.1 No subscription required Medium CVE-2022-40899 Ubuntu 18.04 LTS USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information. Update Instructions: Run `sudo pro fix USN-5835-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cinder - 2:12.0.10-0ubuntu2.2 cinder-backup - 2:12.0.10-0ubuntu2.2 cinder-api - 2:12.0.10-0ubuntu2.2 cinder-volume - 2:12.0.10-0ubuntu2.2 cinder-common - 2:12.0.10-0ubuntu2.2 cinder-scheduler - 2:12.0.10-0ubuntu2.2 No subscription required Medium CVE-2022-47951 Ubuntu 18.04 LTS USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information. Update Instructions: Run `sudo pro fix USN-5835-5` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 2:17.0.13-0ubuntu5.2 nova-common - 2:17.0.13-0ubuntu5.2 nova-compute-xen - 2:17.0.13-0ubuntu5.2 nova-api-os-compute - 2:17.0.13-0ubuntu5.2 nova-novncproxy - 2:17.0.13-0ubuntu5.2 nova-serialproxy - 2:17.0.13-0ubuntu5.2 nova-api-os-volume - 2:17.0.13-0ubuntu5.2 nova-compute-lxc - 2:17.0.13-0ubuntu5.2 nova-placement-api - 2:17.0.13-0ubuntu5.2 nova-consoleauth - 2:17.0.13-0ubuntu5.2 python-nova - 2:17.0.13-0ubuntu5.2 nova-network - 2:17.0.13-0ubuntu5.2 nova-api-metadata - 2:17.0.13-0ubuntu5.2 nova-ajax-console-proxy - 2:17.0.13-0ubuntu5.2 nova-compute-kvm - 2:17.0.13-0ubuntu5.2 nova-xvpvncproxy - 2:17.0.13-0ubuntu5.2 nova-doc - 2:17.0.13-0ubuntu5.2 nova-conductor - 2:17.0.13-0ubuntu5.2 nova-volume - 2:17.0.13-0ubuntu5.2 nova-compute-vmware - 2:17.0.13-0ubuntu5.2 nova-spiceproxy - 2:17.0.13-0ubuntu5.2 nova-scheduler - 2:17.0.13-0ubuntu5.2 nova-console - 2:17.0.13-0ubuntu5.2 nova-compute-libvirt - 2:17.0.13-0ubuntu5.2 nova-compute - 2:17.0.13-0ubuntu5.2 nova-compute-qemu - 2:17.0.13-0ubuntu5.2 nova-cells - 2:17.0.13-0ubuntu5.2 No subscription required Medium CVE-2022-47951 Ubuntu 18.04 LTS Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-5837-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.19 python-django-doc - 1:1.11.11-1ubuntu1.19 python-django-common - 1:1.11.11-1ubuntu1.19 python-django - 1:1.11.11-1ubuntu1.19 No subscription required Medium CVE-2023-23969 Ubuntu 18.04 LTS It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35015, CVE-2022-35016) Update Instructions: Run `sudo pro fix USN-5838-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: advancecomp - 2.1-1ubuntu0.18.04.3 No subscription required Medium CVE-2022-35014 CVE-2022-35015 CVE-2022-35016 CVE-2022-35017 CVE-2022-35018 CVE-2022-35019 CVE-2022-35020 Ubuntu 18.04 LTS It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2006-20001) ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760) Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client. (CVE-2022-37436) Update Instructions: Run `sudo pro fix USN-5839-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.26 apache2-utils - 2.4.29-1ubuntu4.26 apache2-dev - 2.4.29-1ubuntu4.26 apache2-suexec-pristine - 2.4.29-1ubuntu4.26 apache2-suexec-custom - 2.4.29-1ubuntu4.26 apache2 - 2.4.29-1ubuntu4.26 apache2-doc - 2.4.29-1ubuntu4.26 apache2-ssl-dev - 2.4.29-1ubuntu4.26 apache2-bin - 2.4.29-1ubuntu4.26 No subscription required Medium CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 Ubuntu 18.04 LTS It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347) It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291) It was discovered that Long Range ZIP incorrectly handled memory allocation, which could lead to a heap memory corruption. An attacker could possibly use this issue to cause denial of service. This issue affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-28044) Update Instructions: Run `sudo pro fix USN-5840-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lrzip - 0.631-1+deb9u3build0.18.04.1 No subscription required Medium CVE-2018-5786 CVE-2020-25467 CVE-2021-27345 CVE-2021-27347 CVE-2022-26291 CVE-2022-28044 Ubuntu 18.04 LTS Mark Esler and David Fernandez Gonzalez discovered that EditorConfig Core C incorrectly handled memory when handling certain inputs. An attacker could possibly use this issue to cause applications using EditorConfig Core C to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5842-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: editorconfig-doc - 0.12.1-1.1ubuntu0.18.04.1~esm1 libeditorconfig0 - 0.12.1-1.1ubuntu0.18.04.1~esm1 editorconfig - 0.12.1-1.1ubuntu0.18.04.1~esm1 libeditorconfig-dev - 0.12.1-1.1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-0341 Ubuntu 18.04 LTS It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5843-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tmux - 2.6-3ubuntu0.3 No subscription required Medium CVE-2022-47016 Ubuntu 18.04 LTS David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203) Hubert Kario discovered that OpenSSL had a timing based side channel in the OpenSSL RSA Decryption implementation. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2022-4304) Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2022-4450) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Marc Schönefeld discovered that OpenSSL incorrectly handled malformed PKCS7 data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0216) Kurt Roeckx discovered that OpenSSL incorrectly handled validating certain DSA public keys. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0217) Hubert Kario and Dmitry Belyavsky discovered that OpenSSL incorrectly validated certain signatures. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0401) Update Instructions: Run `sudo pro fix USN-5844-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.1 - 1.1.1-1ubuntu2.1~18.04.21 libssl-dev - 1.1.1-1ubuntu2.1~18.04.21 openssl - 1.1.1-1ubuntu2.1~18.04.21 libssl-doc - 1.1.1-1ubuntu2.1~18.04.21 No subscription required High CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401 Ubuntu 18.04 LTS David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Update Instructions: Run `sudo pro fix USN-5845-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.11 openssl1.0 - 1.0.2n-1ubuntu5.11 libssl1.0-dev - 1.0.2n-1ubuntu5.11 No subscription required High CVE-2023-0215 CVE-2023-0286 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update Instructions: Run `sudo pro fix USN-5846-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.14 xmir - 2:1.19.6-1ubuntu4.14 xwayland - 2:1.19.6-1ubuntu4.14 xorg-server-source - 2:1.19.6-1ubuntu4.14 xdmx - 2:1.19.6-1ubuntu4.14 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.14 xserver-xorg-dev - 2:1.19.6-1ubuntu4.14 xvfb - 2:1.19.6-1ubuntu4.14 xnest - 2:1.19.6-1ubuntu4.14 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.14 xdmx-tools - 2:1.19.6-1ubuntu4.14 xserver-xephyr - 2:1.19.6-1ubuntu4.14 xserver-common - 2:1.19.6-1ubuntu4.14 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.10 No subscription required Medium CVE-2023-0494 Ubuntu 18.04 LTS It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-7729) It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2022-0436) It was discovered that there was a race condition in the Grunt file copy function, which could lead to an arbitrary file write. An attacker could possibly use this issue to perform a local privilege escalation attack or to execute arbitrary code. (CVE-2022-1537) Update Instructions: Run `sudo pro fix USN-5847-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: grunt - 1.0.1-8ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2020-7729 CVE-2022-0436 CVE-2022-1537 Ubuntu 18.04 LTS Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-5849-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhcrypto4-heimdal - 7.5.0+dfsg-1ubuntu0.4 libwind0-heimdal - 7.5.0+dfsg-1ubuntu0.4 libroken18-heimdal - 7.5.0+dfsg-1ubuntu0.4 libgssapi3-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-kcm - 7.5.0+dfsg-1ubuntu0.4 libhdb9-heimdal - 7.5.0+dfsg-1ubuntu0.4 libasn1-8-heimdal - 7.5.0+dfsg-1ubuntu0.4 libsl0-heimdal - 7.5.0+dfsg-1ubuntu0.4 libkadm5clnt7-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-kdc - 7.5.0+dfsg-1ubuntu0.4 libkdc2-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-servers - 7.5.0+dfsg-1ubuntu0.4 libheimntlm0-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-docs - 7.5.0+dfsg-1ubuntu0.4 libheimbase1-heimdal - 7.5.0+dfsg-1ubuntu0.4 libkrb5-26-heimdal - 7.5.0+dfsg-1ubuntu0.4 libotp0-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-dev - 7.5.0+dfsg-1ubuntu0.4 libkafs0-heimdal - 7.5.0+dfsg-1ubuntu0.4 libhx509-5-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-multidev - 7.5.0+dfsg-1ubuntu0.4 libkadm5srv8-heimdal - 7.5.0+dfsg-1ubuntu0.4 heimdal-clients - 7.5.0+dfsg-1ubuntu0.4 No subscription required Medium CVE-2022-45142 Ubuntu 18.04 LTS It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20928) Update Instructions: Run `sudo pro fix USN-5853-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1080-raspi - 5.4.0-1080.91~18.04.1 linux-modules-5.4.0-1080-raspi - 5.4.0-1080.91~18.04.1 linux-headers-5.4.0-1080-raspi - 5.4.0-1080.91~18.04.1 linux-raspi-5.4-headers-5.4.0-1080 - 5.4.0-1080.91~18.04.1 linux-buildinfo-5.4.0-1080-raspi - 5.4.0-1080.91~18.04.1 linux-raspi-5.4-tools-5.4.0-1080 - 5.4.0-1080.91~18.04.1 linux-tools-5.4.0-1080-raspi - 5.4.0-1080.91~18.04.1 No subscription required linux-image-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-modules-extra-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-buildinfo-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-azure-5.4-headers-5.4.0-1103 - 5.4.0-1103.109~18.04.1 linux-modules-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1103 - 5.4.0-1103.109~18.04.1 linux-headers-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-azure-5.4-tools-5.4.0-1103 - 5.4.0-1103.109~18.04.1 linux-tools-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-cloud-tools-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 linux-image-unsigned-5.4.0-1103-azure - 5.4.0-1103.109~18.04.1 No subscription required linux-raspi-hwe-18.04-edge - 5.4.0.1080.77 linux-raspi-hwe-18.04 - 5.4.0.1080.77 linux-image-raspi-hwe-18.04-edge - 5.4.0.1080.77 linux-tools-raspi-hwe-18.04 - 5.4.0.1080.77 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1080.77 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1080.77 linux-image-raspi-hwe-18.04 - 5.4.0.1080.77 linux-headers-raspi-hwe-18.04 - 5.4.0.1080.77 No subscription required linux-signed-azure - 5.4.0.1103.76 linux-tools-azure-edge - 5.4.0.1103.76 linux-azure - 5.4.0.1103.76 linux-image-azure - 5.4.0.1103.76 linux-cloud-tools-azure - 5.4.0.1103.76 linux-signed-image-azure-edge - 5.4.0.1103.76 linux-cloud-tools-azure-edge - 5.4.0.1103.76 linux-headers-azure-edge - 5.4.0.1103.76 linux-image-azure-edge - 5.4.0.1103.76 linux-headers-azure - 5.4.0.1103.76 linux-modules-extra-azure - 5.4.0.1103.76 linux-azure-edge - 5.4.0.1103.76 linux-tools-azure - 5.4.0.1103.76 linux-modules-extra-azure-edge - 5.4.0.1103.76 linux-signed-azure-edge - 5.4.0.1103.76 linux-signed-image-azure - 5.4.0.1103.76 No subscription required Medium CVE-2022-3628 CVE-2022-3640 CVE-2022-3649 CVE-2022-41849 CVE-2022-41850 CVE-2022-42895 CVE-2023-20928 Ubuntu 18.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5854-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1114-oracle - 4.15.0-1114.125 linux-buildinfo-4.15.0-1114-oracle - 4.15.0-1114.125 linux-image-unsigned-4.15.0-1114-oracle - 4.15.0-1114.125 linux-tools-4.15.0-1114-oracle - 4.15.0-1114.125 linux-oracle-headers-4.15.0-1114 - 4.15.0-1114.125 linux-oracle-tools-4.15.0-1114 - 4.15.0-1114.125 linux-headers-4.15.0-1114-oracle - 4.15.0-1114.125 linux-image-4.15.0-1114-oracle - 4.15.0-1114.125 linux-modules-extra-4.15.0-1114-oracle - 4.15.0-1114.125 No subscription required linux-buildinfo-4.15.0-1127-raspi2 - 4.15.0-1127.135 linux-headers-4.15.0-1127-raspi2 - 4.15.0-1127.135 linux-modules-4.15.0-1127-raspi2 - 4.15.0-1127.135 linux-raspi2-headers-4.15.0-1127 - 4.15.0-1127.135 linux-raspi2-tools-4.15.0-1127 - 4.15.0-1127.135 linux-image-4.15.0-1127-raspi2 - 4.15.0-1127.135 linux-tools-4.15.0-1127-raspi2 - 4.15.0-1127.135 No subscription required linux-modules-4.15.0-1135-kvm - 4.15.0-1135.140 linux-tools-4.15.0-1135-kvm - 4.15.0-1135.140 linux-image-4.15.0-1135-kvm - 4.15.0-1135.140 linux-kvm-headers-4.15.0-1135 - 4.15.0-1135.140 linux-headers-4.15.0-1135-kvm - 4.15.0-1135.140 linux-kvm-tools-4.15.0-1135 - 4.15.0-1135.140 linux-buildinfo-4.15.0-1135-kvm - 4.15.0-1135.140 No subscription required linux-gcp-4.15-headers-4.15.0-1145 - 4.15.0-1145.161 linux-modules-4.15.0-1145-gcp - 4.15.0-1145.161 linux-tools-4.15.0-1145-gcp - 4.15.0-1145.161 linux-gcp-4.15-tools-4.15.0-1145 - 4.15.0-1145.161 linux-image-unsigned-4.15.0-1145-gcp - 4.15.0-1145.161 linux-image-4.15.0-1145-gcp - 4.15.0-1145.161 linux-headers-4.15.0-1145-gcp - 4.15.0-1145.161 linux-modules-extra-4.15.0-1145-gcp - 4.15.0-1145.161 linux-buildinfo-4.15.0-1145-gcp - 4.15.0-1145.161 No subscription required linux-headers-4.15.0-1150-aws - 4.15.0-1150.163 linux-buildinfo-4.15.0-1150-aws - 4.15.0-1150.163 linux-aws-cloud-tools-4.15.0-1150 - 4.15.0-1150.163 linux-modules-4.15.0-1150-aws - 4.15.0-1150.163 linux-cloud-tools-4.15.0-1150-aws - 4.15.0-1150.163 linux-tools-4.15.0-1150-aws - 4.15.0-1150.163 linux-aws-headers-4.15.0-1150 - 4.15.0-1150.163 linux-image-4.15.0-1150-aws - 4.15.0-1150.163 linux-image-unsigned-4.15.0-1150-aws - 4.15.0-1150.163 linux-modules-extra-4.15.0-1150-aws - 4.15.0-1150.163 linux-aws-tools-4.15.0-1150 - 4.15.0-1150.163 No subscription required linux-tools-4.15.0-204-generic - 4.15.0-204.215 linux-tools-host - 4.15.0-204.215 linux-tools-common - 4.15.0-204.215 linux-doc - 4.15.0-204.215 linux-cloud-tools-4.15.0-204 - 4.15.0-204.215 linux-buildinfo-4.15.0-204-lowlatency - 4.15.0-204.215 linux-tools-4.15.0-204-lowlatency - 4.15.0-204.215 linux-headers-4.15.0-204-lowlatency - 4.15.0-204.215 linux-modules-4.15.0-204-generic-lpae - 4.15.0-204.215 linux-libc-dev - 4.15.0-204.215 linux-headers-4.15.0-204-generic - 4.15.0-204.215 linux-image-4.15.0-204-lowlatency - 4.15.0-204.215 linux-tools-4.15.0-204 - 4.15.0-204.215 linux-cloud-tools-4.15.0-204-generic - 4.15.0-204.215 linux-image-unsigned-4.15.0-204-generic - 4.15.0-204.215 linux-tools-4.15.0-204-generic-lpae - 4.15.0-204.215 linux-modules-extra-4.15.0-204-generic - 4.15.0-204.215 linux-image-4.15.0-204-generic - 4.15.0-204.215 linux-modules-4.15.0-204-lowlatency - 4.15.0-204.215 linux-image-4.15.0-204-generic-lpae - 4.15.0-204.215 linux-source-4.15.0 - 4.15.0-204.215 linux-image-unsigned-4.15.0-204-lowlatency - 4.15.0-204.215 linux-cloud-tools-common - 4.15.0-204.215 linux-buildinfo-4.15.0-204-generic-lpae - 4.15.0-204.215 linux-cloud-tools-4.15.0-204-lowlatency - 4.15.0-204.215 linux-headers-4.15.0-204 - 4.15.0-204.215 linux-modules-4.15.0-204-generic - 4.15.0-204.215 linux-buildinfo-4.15.0-204-generic - 4.15.0-204.215 linux-headers-4.15.0-204-generic-lpae - 4.15.0-204.215 No subscription required linux-oracle-lts-18.04 - 4.15.0.1114.119 linux-image-oracle-lts-18.04 - 4.15.0.1114.119 linux-signed-image-oracle-lts-18.04 - 4.15.0.1114.119 linux-signed-oracle-lts-18.04 - 4.15.0.1114.119 linux-tools-oracle-lts-18.04 - 4.15.0.1114.119 linux-headers-oracle-lts-18.04 - 4.15.0.1114.119 No subscription required linux-raspi2 - 4.15.0.1127.122 linux-headers-raspi2 - 4.15.0.1127.122 linux-image-raspi2 - 4.15.0.1127.122 linux-tools-raspi2 - 4.15.0.1127.122 No subscription required linux-kvm - 4.15.0.1135.126 linux-headers-kvm - 4.15.0.1135.126 linux-tools-kvm - 4.15.0.1135.126 linux-image-kvm - 4.15.0.1135.126 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1145.159 linux-gcp-lts-18.04 - 4.15.0.1145.159 linux-tools-gcp-lts-18.04 - 4.15.0.1145.159 linux-image-gcp-lts-18.04 - 4.15.0.1145.159 linux-headers-gcp-lts-18.04 - 4.15.0.1145.159 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1150.148 linux-headers-aws-lts-18.04 - 4.15.0.1150.148 linux-aws-lts-18.04 - 4.15.0.1150.148 linux-modules-extra-aws-lts-18.04 - 4.15.0.1150.148 linux-tools-aws-lts-18.04 - 4.15.0.1150.148 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-cloud-tools-virtual - 4.15.0.204.187 linux-headers-generic-lpae - 4.15.0.204.187 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-image-extra-virtual-hwe-16.04 - 4.15.0.204.187 linux-image-virtual - 4.15.0.204.187 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.204.187 linux-image-generic - 4.15.0.204.187 linux-tools-lowlatency - 4.15.0.204.187 linux-tools-generic-hwe-16.04-edge - 4.15.0.204.187 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.204.187 linux-generic-lpae-hwe-16.04 - 4.15.0.204.187 linux-headers-generic-hwe-16.04-edge - 4.15.0.204.187 linux-tools-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-tools-virtual-hwe-16.04 - 4.15.0.204.187 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-image-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-generic-lpae-hwe-16.04-edge - 4.15.0.204.187 linux-signed-image-lowlatency - 4.15.0.204.187 linux-signed-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-crashdump - 4.15.0.204.187 linux-signed-image-generic - 4.15.0.204.187 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.204.187 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.204.187 linux-source - 4.15.0.204.187 linux-lowlatency - 4.15.0.204.187 linux-tools-generic-lpae - 4.15.0.204.187 linux-generic-hwe-16.04-edge - 4.15.0.204.187 linux-headers-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.204.187 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-tools-generic-hwe-16.04 - 4.15.0.204.187 linux-tools-virtual - 4.15.0.204.187 linux-signed-generic-hwe-16.04-edge - 4.15.0.204.187 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-generic-lpae - 4.15.0.204.187 linux-generic - 4.15.0.204.187 linux-virtual - 4.15.0.204.187 linux-signed-image-generic-hwe-16.04 - 4.15.0.204.187 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.204.187 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-headers-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-headers-generic-hwe-16.04 - 4.15.0.204.187 linux-generic-hwe-16.04 - 4.15.0.204.187 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.204.187 linux-tools-generic - 4.15.0.204.187 linux-virtual-hwe-16.04 - 4.15.0.204.187 linux-image-extra-virtual - 4.15.0.204.187 linux-cloud-tools-generic - 4.15.0.204.187 linux-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-cloud-tools-lowlatency - 4.15.0.204.187 linux-image-generic-hwe-16.04 - 4.15.0.204.187 linux-image-generic-hwe-16.04-edge - 4.15.0.204.187 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-image-generic-lpae-hwe-16.04 - 4.15.0.204.187 linux-virtual-hwe-16.04-edge - 4.15.0.204.187 linux-signed-generic - 4.15.0.204.187 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.204.187 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.204.187 linux-headers-generic - 4.15.0.204.187 linux-headers-virtual-hwe-16.04 - 4.15.0.204.187 linux-tools-lowlatency-hwe-16.04 - 4.15.0.204.187 linux-image-virtual-hwe-16.04 - 4.15.0.204.187 linux-headers-virtual - 4.15.0.204.187 linux-headers-lowlatency - 4.15.0.204.187 linux-signed-generic-hwe-16.04 - 4.15.0.204.187 linux-image-generic-lpae - 4.15.0.204.187 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.204.187 linux-signed-lowlatency - 4.15.0.204.187 linux-image-lowlatency - 4.15.0.204.187 No subscription required Medium CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-43750 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images. Update Instructions: Run `sudo pro fix USN-5855-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.15 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.15 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.15 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.15 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15 No subscription required Medium CVE-2022-44267 CVE-2022-44268 Ubuntu 18.04 LTS It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) Update Instructions: Run `sudo pro fix USN-5861-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-image-unsigned-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-tools-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-modules-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-buildinfo-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-dell300x-tools-4.15.0-1060 - 4.15.0-1060.65 linux-image-4.15.0-1060-dell300x - 4.15.0-1060.65 linux-dell300x-headers-4.15.0-1060 - 4.15.0-1060.65 No subscription required linux-image-dell300x - 4.15.0.1060.59 linux-tools-dell300x - 4.15.0.1060.59 linux-headers-dell300x - 4.15.0.1060.59 linux-dell300x - 4.15.0.1060.59 No subscription required High CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-42896 CVE-2022-43750 CVE-2022-43945 CVE-2022-45934 Ubuntu 18.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5862-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.15.0-1145-snapdragon - 4.15.0-1145.155 linux-buildinfo-4.15.0-1145-snapdragon - 4.15.0-1145.155 linux-headers-4.15.0-1145-snapdragon - 4.15.0-1145.155 linux-snapdragon-headers-4.15.0-1145 - 4.15.0-1145.155 linux-modules-4.15.0-1145-snapdragon - 4.15.0-1145.155 linux-snapdragon-tools-4.15.0-1145 - 4.15.0-1145.155 linux-image-4.15.0-1145-snapdragon - 4.15.0-1145.155 No subscription required linux-headers-snapdragon - 4.15.0.1145.144 linux-snapdragon - 4.15.0.1145.144 linux-image-snapdragon - 4.15.0.1145.144 linux-tools-snapdragon - 4.15.0.1145.144 No subscription required Medium CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-43750 Ubuntu 18.04 LTS Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-14275) It was discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-19555, CVE-2019-19797, CVE-2020-21529, CVE-2020-21530, CVE-2020-21531, CVE-2020-21532, CVE-2020-21533, CVE-2020-21534, CVE-2020-21535, CVE-2020-21675, CVE-2020-21676, CVE-2021-3561) It was discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32280) Update Instructions: Run `sudo pro fix USN-5864-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: transfig - 1:3.2.6a-6ubuntu1.1 fig2dev - 1:3.2.6a-6ubuntu1.1 No subscription required Medium CVE-2019-14275 CVE-2019-19555 CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675 CVE-2020-21676 CVE-2021-32280 CVE-2021-3561 Ubuntu 18.04 LTS It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 processors, the branch predictor could by mis-trained for return instructions in certain circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29900) Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 processors, the Linux kernel's protections against speculative branch target injection attacks were insufficient in some circumstances. A local attacker could possibly use this to expose sensitive information. (CVE-2022-29901) It was discovered that the NILFS2 file system implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3646) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Hyunwoo Kim discovered that an integer overflow vulnerability existed in the PXA3xx graphics driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-39842) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) Update Instructions: Run `sudo pro fix USN-5865-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1161-azure - 4.15.0-1161.176 linux-modules-4.15.0-1161-azure - 4.15.0-1161.176 linux-azure-4.15-tools-4.15.0-1161 - 4.15.0-1161.176 linux-headers-4.15.0-1161-azure - 4.15.0-1161.176 linux-image-4.15.0-1161-azure - 4.15.0-1161.176 linux-azure-4.15-headers-4.15.0-1161 - 4.15.0-1161.176 linux-tools-4.15.0-1161-azure - 4.15.0-1161.176 linux-azure-4.15-cloud-tools-4.15.0-1161 - 4.15.0-1161.176 linux-image-unsigned-4.15.0-1161-azure - 4.15.0-1161.176 linux-cloud-tools-4.15.0-1161-azure - 4.15.0-1161.176 linux-buildinfo-4.15.0-1161-azure - 4.15.0-1161.176 No subscription required linux-headers-azure-lts-18.04 - 4.15.0.1161.129 linux-azure-lts-18.04 - 4.15.0.1161.129 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1161.129 linux-tools-azure-lts-18.04 - 4.15.0.1161.129 linux-signed-image-azure-lts-18.04 - 4.15.0.1161.129 linux-modules-extra-azure-lts-18.04 - 4.15.0.1161.129 linux-image-azure-lts-18.04 - 4.15.0.1161.129 linux-signed-azure-lts-18.04 - 4.15.0.1161.129 No subscription required Medium CVE-2022-20369 CVE-2022-26373 CVE-2022-2663 CVE-2022-29900 CVE-2022-29901 CVE-2022-3646 CVE-2022-3649 CVE-2022-39842 CVE-2022-41849 CVE-2022-41850 CVE-2022-43750 Ubuntu 18.04 LTS It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's logs could exploit this issue and may obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543) It was discovered that Nova did not properly handle attaching and reattaching the encrypted volume. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-18191) It was discovered that Nova did not properly handle the updation of domain XML after live migration. An attacker could possibly use this issue to corrupt the volume or perform a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-17376) It was discovered that Nova was not properly validating the URL passed to noVNC. An attacker could possibly use this issue by providing malicious URL to the noVNC proxy to redirect to any desired URL. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-3654) It was discovered that Nova did not properly handle changes in the neutron port of vnic_type type. An authenticated user could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-37394) Update Instructions: Run `sudo pro fix USN-5866-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nova-api - 2:17.0.13-0ubuntu5.3 nova-common - 2:17.0.13-0ubuntu5.3 nova-compute-xen - 2:17.0.13-0ubuntu5.3 nova-api-os-compute - 2:17.0.13-0ubuntu5.3 nova-novncproxy - 2:17.0.13-0ubuntu5.3 nova-serialproxy - 2:17.0.13-0ubuntu5.3 nova-api-os-volume - 2:17.0.13-0ubuntu5.3 nova-compute-lxc - 2:17.0.13-0ubuntu5.3 nova-placement-api - 2:17.0.13-0ubuntu5.3 nova-consoleauth - 2:17.0.13-0ubuntu5.3 python-nova - 2:17.0.13-0ubuntu5.3 nova-network - 2:17.0.13-0ubuntu5.3 nova-api-metadata - 2:17.0.13-0ubuntu5.3 nova-ajax-console-proxy - 2:17.0.13-0ubuntu5.3 nova-compute-kvm - 2:17.0.13-0ubuntu5.3 nova-xvpvncproxy - 2:17.0.13-0ubuntu5.3 nova-doc - 2:17.0.13-0ubuntu5.3 nova-conductor - 2:17.0.13-0ubuntu5.3 nova-volume - 2:17.0.13-0ubuntu5.3 nova-compute-vmware - 2:17.0.13-0ubuntu5.3 nova-spiceproxy - 2:17.0.13-0ubuntu5.3 nova-scheduler - 2:17.0.13-0ubuntu5.3 nova-console - 2:17.0.13-0ubuntu5.3 nova-compute-libvirt - 2:17.0.13-0ubuntu5.3 nova-compute - 2:17.0.13-0ubuntu5.3 nova-compute-qemu - 2:17.0.13-0ubuntu5.3 nova-cells - 2:17.0.13-0ubuntu5.3 No subscription required Medium CVE-2015-9543 CVE-2017-18191 CVE-2020-17376 CVE-2021-3654 CVE-2022-37394 Ubuntu 18.04 LTS Jakob Ackermann discovered that Django incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-5868-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.20 python-django-doc - 1:1.11.11-1ubuntu1.20 python-django-common - 1:1.11.11-1ubuntu1.20 python-django - 1:1.11.11-1ubuntu1.20 No subscription required Medium CVE-2023-24580 Ubuntu 18.04 LTS Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions. Update Instructions: Run `sudo pro fix USN-5869-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 1.8.8-1ubuntu0.13 haproxy-doc - 1.8.8-1ubuntu0.13 vim-haproxy - 1.8.8-1ubuntu0.13 No subscription required Medium CVE-2023-25725 Ubuntu 18.04 LTS Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5870-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaprutil1-dbd-odbc - 1.6.1-2ubuntu0.1 libaprutil1 - 1.6.1-2ubuntu0.1 libaprutil1-dbd-mysql - 1.6.1-2ubuntu0.1 libaprutil1-ldap - 1.6.1-2ubuntu0.1 libaprutil1-dbd-sqlite3 - 1.6.1-2ubuntu0.1 libaprutil1-dbd-pgsql - 1.6.1-2ubuntu0.1 libaprutil1-dev - 1.6.1-2ubuntu0.1 No subscription required Medium CVE-2022-25147 Ubuntu 18.04 LTS It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. (CVE-2023-22490) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwrite a patch outside the working tree. (CVE-2023-23946) Update Instructions: Run `sudo pro fix USN-5871-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.16 gitweb - 1:2.17.1-1ubuntu0.16 git-gui - 1:2.17.1-1ubuntu0.16 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.16 git-el - 1:2.17.1-1ubuntu0.16 gitk - 1:2.17.1-1ubuntu0.16 git-all - 1:2.17.1-1ubuntu0.16 git-mediawiki - 1:2.17.1-1ubuntu0.16 git-daemon-run - 1:2.17.1-1ubuntu0.16 git-man - 1:2.17.1-1ubuntu0.16 git-doc - 1:2.17.1-1ubuntu0.16 git-svn - 1:2.17.1-1ubuntu0.16 git-cvs - 1:2.17.1-1ubuntu0.16 git-email - 1:2.17.1-1ubuntu0.16 No subscription required Medium CVE-2023-22490 CVE-2023-23946 Ubuntu 18.04 LTS USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Ubuntu 18.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. (CVE-2023-22490) Update Instructions: Run `sudo pro fix USN-5871-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.17 gitweb - 1:2.17.1-1ubuntu0.17 git-gui - 1:2.17.1-1ubuntu0.17 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.17 git-el - 1:2.17.1-1ubuntu0.17 gitk - 1:2.17.1-1ubuntu0.17 git-all - 1:2.17.1-1ubuntu0.17 git-mediawiki - 1:2.17.1-1ubuntu0.17 git-daemon-run - 1:2.17.1-1ubuntu0.17 git-man - 1:2.17.1-1ubuntu0.17 git-doc - 1:2.17.1-1ubuntu0.17 git-svn - 1:2.17.1-1ubuntu0.17 git-cvs - 1:2.17.1-1ubuntu0.17 git-email - 1:2.17.1-1ubuntu0.17 No subscription required Medium CVE-2023-22490 https://launchpad.net/bugs/2008277 Ubuntu 18.04 LTS It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14040) It was discovered that Go Text incorrectly handled certain BCP 47 language tags. An attacker could possibly use this issue to cause a denial of service. CVE-2020-28851, CVE-2020-28852 and CVE-2021-38561 affected only Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-28851, CVE-2020-28852, CVE-2021-38561, CVE-2022-32149) Update Instructions: Run `sudo pro fix USN-5873-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-golang-x-text-dev - 0.0~git20170627.0.6353ef0-1ubuntu2.1 golang-x-text-dev - 0.0~git20170627.0.6353ef0-1ubuntu2.1 No subscription required Medium CVE-2020-14040 CVE-2020-28851 CVE-2020-28852 CVE-2021-38561 CVE-2022-32149 Ubuntu 18.04 LTS It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41849) It was discovered that a race condition existed in the Roccat HID driver in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41850) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20928) Update Instructions: Run `sudo pro fix USN-5874-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1044 - 5.4.0-1044.49~18.04.1 linux-buildinfo-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-ibm-5.4-tools-5.4.0-1044 - 5.4.0-1044.49~18.04.1 linux-modules-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-image-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-modules-extra-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1044.49~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1044.49~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1044.49~18.04.1 linux-image-unsigned-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-headers-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 linux-tools-5.4.0-1044-ibm - 5.4.0-1044.49~18.04.1 No subscription required linux-oracle-5.4-headers-5.4.0-1093 - 5.4.0-1093.102~18.04.1 linux-image-unsigned-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-headers-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-tools-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-modules-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-image-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-buildinfo-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 linux-oracle-5.4-tools-5.4.0-1093 - 5.4.0-1093.102~18.04.1 linux-modules-extra-5.4.0-1093-oracle - 5.4.0-1093.102~18.04.1 No subscription required linux-headers-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-buildinfo-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1096 - 5.4.0-1096.104~18.04.1 linux-modules-extra-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-cloud-tools-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-aws-5.4-tools-5.4.0-1096 - 5.4.0-1096.104~18.04.1 linux-image-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-aws-5.4-headers-5.4.0-1096 - 5.4.0-1096.104~18.04.1 linux-tools-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-image-unsigned-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 linux-modules-5.4.0-1096-aws - 5.4.0-1096.104~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1100 - 5.4.0-1100.109~18.04.1 linux-buildinfo-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-modules-extra-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-tools-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-modules-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-image-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-image-unsigned-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 linux-gcp-5.4-tools-5.4.0-1100 - 5.4.0-1100.109~18.04.1 linux-headers-5.4.0-1100-gcp - 5.4.0-1100.109~18.04.1 No subscription required linux-image-unsigned-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-139.156~18.04.1 linux-buildinfo-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-modules-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-headers-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-buildinfo-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-buildinfo-5.4.0-139-generic-lpae - 5.4.0-139.156~18.04.1 linux-tools-5.4.0-139-generic-lpae - 5.4.0-139.156~18.04.1 linux-tools-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-modules-5.4.0-139-generic-lpae - 5.4.0-139.156~18.04.1 linux-hwe-5.4-tools-5.4.0-139 - 5.4.0-139.156~18.04.1 linux-cloud-tools-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-139 - 5.4.0-139.156~18.04.1 linux-headers-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-image-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-modules-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-tools-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-image-5.4.0-139-generic-lpae - 5.4.0-139.156~18.04.1 linux-image-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-139.156~18.04.1 linux-cloud-tools-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-hwe-5.4-headers-5.4.0-139 - 5.4.0-139.156~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-139.156~18.04.1 linux-image-unsigned-5.4.0-139-lowlatency - 5.4.0-139.156~18.04.1 linux-modules-extra-5.4.0-139-generic - 5.4.0-139.156~18.04.1 linux-headers-5.4.0-139-generic-lpae - 5.4.0-139.156~18.04.1 No subscription required linux-ibm-edge - 5.4.0.1044.55 linux-image-ibm - 5.4.0.1044.55 linux-headers-ibm-edge - 5.4.0.1044.55 linux-modules-extra-ibm - 5.4.0.1044.55 linux-modules-extra-ibm-edge - 5.4.0.1044.55 linux-tools-ibm-edge - 5.4.0.1044.55 linux-ibm - 5.4.0.1044.55 linux-headers-ibm - 5.4.0.1044.55 linux-tools-ibm - 5.4.0.1044.55 linux-image-ibm-edge - 5.4.0.1044.55 No subscription required linux-headers-oracle - 5.4.0.1093.102~18.04.67 linux-tools-oracle - 5.4.0.1093.102~18.04.67 linux-signed-image-oracle - 5.4.0.1093.102~18.04.67 linux-signed-oracle - 5.4.0.1093.102~18.04.67 linux-tools-oracle-edge - 5.4.0.1093.102~18.04.67 linux-oracle-edge - 5.4.0.1093.102~18.04.67 linux-modules-extra-oracle-edge - 5.4.0.1093.102~18.04.67 linux-image-oracle-edge - 5.4.0.1093.102~18.04.67 linux-modules-extra-oracle - 5.4.0.1093.102~18.04.67 linux-signed-oracle-edge - 5.4.0.1093.102~18.04.67 linux-signed-image-oracle-edge - 5.4.0.1093.102~18.04.67 linux-headers-oracle-edge - 5.4.0.1093.102~18.04.67 linux-image-oracle - 5.4.0.1093.102~18.04.67 linux-oracle - 5.4.0.1093.102~18.04.67 No subscription required linux-headers-aws - 5.4.0.1096.74 linux-image-aws - 5.4.0.1096.74 linux-modules-extra-aws-edge - 5.4.0.1096.74 linux-aws-edge - 5.4.0.1096.74 linux-image-aws-edge - 5.4.0.1096.74 linux-aws - 5.4.0.1096.74 linux-headers-aws-edge - 5.4.0.1096.74 linux-modules-extra-aws - 5.4.0.1096.74 linux-tools-aws - 5.4.0.1096.74 linux-tools-aws-edge - 5.4.0.1096.74 No subscription required linux-modules-extra-gcp-edge - 5.4.0.1100.76 linux-image-gcp-edge - 5.4.0.1100.76 linux-headers-gcp-edge - 5.4.0.1100.76 linux-modules-extra-gcp - 5.4.0.1100.76 linux-tools-gcp - 5.4.0.1100.76 linux-gcp - 5.4.0.1100.76 linux-tools-gcp-edge - 5.4.0.1100.76 linux-headers-gcp - 5.4.0.1100.76 linux-image-gcp - 5.4.0.1100.76 linux-gcp-edge - 5.4.0.1100.76 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-headers-snapdragon-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-image-generic-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-snapdragon-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-oem - 5.4.0.139.156~18.04.114 linux-tools-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-generic-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-lowlatency-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-lowlatency-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-oem-osp1 - 5.4.0.139.156~18.04.114 linux-headers-oem - 5.4.0.139.156~18.04.114 linux-snapdragon-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-generic-lpae-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-lowlatency-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-tools-snapdragon-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-generic-lpae-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-image-extra-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-tools-oem-osp1 - 5.4.0.139.156~18.04.114 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-tools-generic-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-generic-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-generic-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-oem - 5.4.0.139.156~18.04.114 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-snapdragon-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-oem - 5.4.0.139.156~18.04.114 linux-headers-oem-osp1 - 5.4.0.139.156~18.04.114 linux-generic-lpae-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-generic-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-oem-osp1 - 5.4.0.139.156~18.04.114 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-image-lowlatency-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-lowlatency-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.139.156~18.04.114 linux-generic-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-tools-generic-hwe-18.04 - 5.4.0.139.156~18.04.114 linux-image-virtual-hwe-18.04-edge - 5.4.0.139.156~18.04.114 No subscription required Medium CVE-2022-3628 CVE-2022-3640 CVE-2022-3649 CVE-2022-41849 CVE-2022-41850 CVE-2022-42895 CVE-2023-20928 Ubuntu 18.04 LTS Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. (CVE-2023-0767) Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-25728) Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. (CVE-2023-25729) Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730) Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25732) Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25735) Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25739) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-25731, CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741, CVE-2023-25742, CVE-2023-25744, CVE-2023-25745) Update Instructions: Run `sudo pro fix USN-5880-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-nn - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ne - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-nb - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-fa - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-fi - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-fr - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-fy - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-or - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-kab - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-oc - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-cs - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ga - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-gd - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-gn - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-gl - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-gu - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-pa - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-pl - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-cy - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-pt - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-szl - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-hi - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ms - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-he - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-hy - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-hr - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-hu - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-it - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-as - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ar - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ia - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-az - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-id - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-mai - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-af - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-is - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-vi - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-an - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-bs - 110.0+build3-0ubuntu0.18.04.1 firefox - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ro - 110.0+build3-0ubuntu0.18.04.1 firefox-geckodriver - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ja - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ru - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-br - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hant - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-zh-hans - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-bn - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-be - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-bg - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sl - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sk - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-si - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sw - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sv - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sr - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-sq - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ko - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-kn - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-km - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-kk - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ka - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-xh - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ca - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ku - 110.0+build3-0ubuntu0.18.04.1 firefox-mozsymbols - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-lv - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-lt - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-th - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-hsb - 110.0+build3-0ubuntu0.18.04.1 firefox-dev - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-te - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-cak - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ta - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-lg - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-tr - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-nso - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-de - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-da - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-uk - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-mr - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-my - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-uz - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ml - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-mn - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-mk - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ur - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-eu - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-et - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-es - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-csb - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-el - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-eo - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-en - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-zu - 110.0+build3-0ubuntu0.18.04.1 firefox-locale-ast - 110.0+build3-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-25728 CVE-2023-25730 CVE-2023-0767 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25729 CVE-2023-25732 CVE-2023-25731 CVE-2023-25733 CVE-2023-25736 CVE-2023-25741 CVE-2023-25742 CVE-2023-25744 CVE-2023-25745 Ubuntu 18.04 LTS USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. (CVE-2023-0767) Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-25728) Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. (CVE-2023-25729) Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730) Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25732) Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25735) Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25739) Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-25731, CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741, CVE-2023-25742, CVE-2023-25744, CVE-2023-25745) Update Instructions: Run `sudo pro fix USN-5880-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-szl - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 110.0.1+build2-0ubuntu0.18.04.1 firefox - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 110.0.1+build2-0ubuntu0.18.04.1 firefox-geckodriver - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 110.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 110.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 110.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 110.0.1+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2008861 Ubuntu 18.04 LTS It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. (CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0702, CVE-2023-0705) It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app. (CVE-2023-0474) It was discovered that Chromium contained an inappropriate implementation in the Download component. A remote attacker could possibly use this issue to spoof contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-0700) It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to engage in specific UI interactions could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2023-0701, CVE-2023-0703) It was discovered that Chromium insufficiently enforced policies. A remote attacker could possibly use this issue to bypass same origin policy and proxy settings via a crafted HTML page. (CVE-2023-0704) Update Instructions: Run `sudo pro fix USN-5881-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chromium-chromedriver - 110.0.5481.100-0ubuntu0.18.04.1 chromium-browser-l10n - 110.0.5481.100-0ubuntu0.18.04.1 chromium-codecs-ffmpeg-extra - 110.0.5481.100-0ubuntu0.18.04.1 chromium-codecs-ffmpeg - 110.0.5481.100-0ubuntu0.18.04.1 chromium-browser - 110.0.5481.100-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474 CVE-2023-0696 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 Ubuntu 18.04 LTS Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8979) Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010228) Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, and CVE-2021-41690) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-2119 and CVE-2022-2120) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-2121) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43272) Update Instructions: Run `sudo pro fix USN-5882-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dcmtk - 3.6.2-3ubuntu0.1~esm1 dcmtk-doc - 3.6.2-3ubuntu0.1~esm1 libdcmtk-dev - 3.6.2-3ubuntu0.1~esm1 libdcmtk12 - 3.6.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-8979 CVE-2019-1010228 CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690 CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 CVE-2022-43272 Ubuntu 18.04 LTS Erik C. Bjorge discovered that some Intel(R) Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. (CVE-2022-21216) Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel(R) Xeon(R) Processors used incorrect default permissions in some memory controller configurations when using Intel(R) Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges. (CVE-2022-33196) It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable Processors did not properly calculate microkey keying. This may allow a privileged local user to potentially disclose information. (CVE-2022-33972) Joseph Nuzman discovered that some Intel(R) Processors when using Intel(R) Software Guard Extensions did not properly isolate shared resources. This may allow a privileged local user to potentially disclose information. (CVE-2022-38090) Update Instructions: Run `sudo pro fix USN-5886-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20230214.0ubuntu0.18.04.1 No subscription required Medium CVE-2022-21216 CVE-2022-33196 CVE-2022-33972 CVE-2022-38090 Ubuntu 18.04 LTS Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2023-20032) Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052) Update Instructions: Run `sudo pro fix USN-5887-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libclamav-dev - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-testfiles - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-base - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-daemon - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-milter - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-docs - 0.103.8+dfsg-0ubuntu0.18.04.1 clamav-freshclam - 0.103.8+dfsg-0ubuntu0.18.04.1 libclamav9 - 0.103.8+dfsg-0ubuntu0.18.04.1 clamdscan - 0.103.8+dfsg-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-20032 CVE-2023-20052 Ubuntu 18.04 LTS Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5890-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.8-0ubuntu0.18.04.4 openvswitch-switch - 2.9.8-0ubuntu0.18.04.4 openvswitch-pki - 2.9.8-0ubuntu0.18.04.4 openvswitch-common - 2.9.8-0ubuntu0.18.04.4 ovn-docker - 2.9.8-0ubuntu0.18.04.4 openvswitch-testcontroller - 2.9.8-0ubuntu0.18.04.4 openvswitch-vtep - 2.9.8-0ubuntu0.18.04.4 python-openvswitch - 2.9.8-0ubuntu0.18.04.4 python3-openvswitch - 2.9.8-0ubuntu0.18.04.4 ovn-host - 2.9.8-0ubuntu0.18.04.4 ovn-common - 2.9.8-0ubuntu0.18.04.4 ovn-central - 2.9.8-0ubuntu0.18.04.4 ovn-controller-vtep - 2.9.8-0ubuntu0.18.04.4 openvswitch-switch-dpdk - 2.9.8-0ubuntu0.18.04.4 openvswitch-test - 2.9.8-0ubuntu0.18.04.4 No subscription required Medium CVE-2022-4337 CVE-2022-4338 Ubuntu 18.04 LTS Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23914) Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23915) Patrick Monnerat discovered that curl incorrectly handled memory when processing requests with multi-header compression. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service. (CVE-2023-23916) Update Instructions: Run `sudo pro fix USN-5891-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.23 libcurl4-openssl-dev - 7.58.0-2ubuntu3.23 libcurl3-gnutls - 7.58.0-2ubuntu3.23 libcurl4-doc - 7.58.0-2ubuntu3.23 libcurl3-nss - 7.58.0-2ubuntu3.23 libcurl4-nss-dev - 7.58.0-2ubuntu3.23 libcurl4 - 7.58.0-2ubuntu3.23 curl - 7.58.0-2ubuntu3.23 No subscription required Medium CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 Ubuntu 18.04 LTS It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-3479) Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-0767) Update Instructions: Run `sudo pro fix USN-5892-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss3-dev - 2:3.35-2ubuntu2.16 libnss3 - 2:3.35-2ubuntu2.16 libnss3-tools - 2:3.35-2ubuntu2.16 No subscription required Medium CVE-2022-3479 CVE-2023-0767 Ubuntu 18.04 LTS It was discovered that MPlayer could be made to divide by zero when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. (CVE-2022-38850, CVE-2022-38860, CVE-2022-38865) It was discovered that MPlayer could be made to read out of bounds when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. (CVE-2022-38851) It was discovered that MPlayer could be made to write out of bounds when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-38855, CVE-2022-38858, CVE-2022-38863, CVE-2022-38864, CVE-2022-38866) It was discovered that MPlayer did not properly managed memory when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-38861) Update Instructions: Run `sudo pro fix USN-5895-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mplayer-doc - 2:1.3.0-7ubuntu0.2 mplayer-gui - 2:1.3.0-7ubuntu0.2 mplayer - 2:1.3.0-7ubuntu0.2 mencoder - 2:1.3.0-7ubuntu0.2 No subscription required Medium CVE-2022-38850 CVE-2022-38851 CVE-2022-38855 CVE-2022-38858 CVE-2022-38860 CVE-2022-38861 CVE-2022-38863 CVE-2022-38864 CVE-2022-38865 CVE-2022-38866 Ubuntu 18.04 LTS It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-30122) It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application. (CVE-2022-30123) Update Instructions: Run `sudo pro fix USN-5896-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-4ubuntu0.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-30122 CVE-2022-30123 Ubuntu 18.04 LTS Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. (CVE-2023-21835) Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843) Update Instructions: Run `sudo pro fix USN-5897-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-jre-zero - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-source - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-jre-headless - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-jdk - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-jdk-headless - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-jre - 11.0.18+10-0ubuntu1~18.04.1 openjdk-11-demo - 11.0.18+10-0ubuntu1~18.04.1 No subscription required openjdk-17-demo - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-jdk - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-jre-zero - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-jdk-headless - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-source - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-jre-headless - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-jre - 17.0.6+10-0ubuntu1~18.04.1 openjdk-17-doc - 17.0.6+10-0ubuntu1~18.04.1 No subscription required Medium CVE-2023-21835 CVE-2023-21843 Ubuntu 18.04 LTS It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-21830) Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properly validate the origin of a Soundbank. An attacker could use this to specially craft an untrusted Java application or applet that could load a Soundbank from an attacker controlled remote URL. (CVE-2023-21843) Update Instructions: Run `sudo pro fix USN-5898-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-doc - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jdk - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre-headless - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jdk-headless - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-source - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-jre-zero - 8u362-ga-0ubuntu1~18.04.1 openjdk-8-demo - 8u362-ga-0ubuntu1~18.04.1 No subscription required Medium CVE-2023-21830 CVE-2023-21843 Ubuntu 18.04 LTS It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. Update Instructions: Run `sudo pro fix USN-5899-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: awstats - 7.6+dfsg-2ubuntu0.18.04.2 No subscription required Low CVE-2022-46391 Ubuntu 18.04 LTS It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Update Instructions: Run `sudo pro fix USN-5900-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.29b-2ubuntu0.4 tar - 1.29b-2ubuntu0.4 No subscription required Medium CVE-2022-48303 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. (CVE-2023-0567) It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. (CVE-2023-0568) It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662) Update Instructions: Run `sudo pro fix USN-5902-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php7.2-bz2 - 7.2.24-0ubuntu0.18.04.17 php7.2-enchant - 7.2.24-0ubuntu0.18.04.17 php7.2-ldap - 7.2.24-0ubuntu0.18.04.17 php7.2-fpm - 7.2.24-0ubuntu0.18.04.17 php7.2-recode - 7.2.24-0ubuntu0.18.04.17 php7.2-cli - 7.2.24-0ubuntu0.18.04.17 php7.2-json - 7.2.24-0ubuntu0.18.04.17 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.17 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.17 php7.2 - 7.2.24-0ubuntu0.18.04.17 php7.2-pspell - 7.2.24-0ubuntu0.18.04.17 php7.2-dev - 7.2.24-0ubuntu0.18.04.17 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.17 php7.2-gmp - 7.2.24-0ubuntu0.18.04.17 php7.2-opcache - 7.2.24-0ubuntu0.18.04.17 php7.2-gd - 7.2.24-0ubuntu0.18.04.17 php7.2-soap - 7.2.24-0ubuntu0.18.04.17 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.17 php7.2-intl - 7.2.24-0ubuntu0.18.04.17 php7.2-cgi - 7.2.24-0ubuntu0.18.04.17 php7.2-odbc - 7.2.24-0ubuntu0.18.04.17 libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.17 php7.2-tidy - 7.2.24-0ubuntu0.18.04.17 php7.2-imap - 7.2.24-0ubuntu0.18.04.17 php7.2-readline - 7.2.24-0ubuntu0.18.04.17 php7.2-mysql - 7.2.24-0ubuntu0.18.04.17 php7.2-dba - 7.2.24-0ubuntu0.18.04.17 php7.2-xml - 7.2.24-0ubuntu0.18.04.17 php7.2-interbase - 7.2.24-0ubuntu0.18.04.17 php7.2-xsl - 7.2.24-0ubuntu0.18.04.17 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.17 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.17 php7.2-sybase - 7.2.24-0ubuntu0.18.04.17 php7.2-curl - 7.2.24-0ubuntu0.18.04.17 php7.2-common - 7.2.24-0ubuntu0.18.04.17 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.17 php7.2-snmp - 7.2.24-0ubuntu0.18.04.17 php7.2-zip - 7.2.24-0ubuntu0.18.04.17 No subscription required Medium CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 Ubuntu 18.04 LTS Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-pulse - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-ao - 14.4.2-3ubuntu0.18.04.2 sox - 14.4.2-3ubuntu0.18.04.2 libsox3 - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-base - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-all - 14.4.2-3ubuntu0.18.04.2 libsox-dev - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-alsa - 14.4.2-3ubuntu0.18.04.2 libsox-fmt-oss - 14.4.2-3ubuntu0.18.04.2 No subscription required Medium CVE-2019-13590 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 Ubuntu 18.04 LTS USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Update Instructions: Run `sudo pro fix USN-5904-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-fmt-mp3 - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-pulse - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-ao - 14.4.2-3ubuntu0.18.04.3 sox - 14.4.2-3ubuntu0.18.04.3 libsox3 - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-base - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-all - 14.4.2-3ubuntu0.18.04.3 libsox-dev - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-alsa - 14.4.2-3ubuntu0.18.04.3 libsox-fmt-oss - 14.4.2-3ubuntu0.18.04.3 No subscription required Medium CVE-2021-33844 Ubuntu 18.04 LTS It was discovered that c-ares incorrectly handled certain sortlist strings. A remote attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5907-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares2 - 1.14.0-1ubuntu0.2 libc-ares-dev - 1.14.0-1ubuntu0.2 No subscription required Medium CVE-2022-4904 Ubuntu 18.04 LTS It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571) It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572) Update Instructions: Run `sudo pro fix USN-5910-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 1.6.4-4ubuntu0.2+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in the Linux kernel when deleting multipath routes, resulting in an out-of-bounds read. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3435) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-4139) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-47520) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Android Binder IPC subsystem in the Linux kernel did not properly validate inputs in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20938) Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23454) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Update Instructions: Run `sudo pro fix USN-5917-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-oracle-5.4-headers-5.4.0-1094 - 5.4.0-1094.103~18.04.1 linux-modules-extra-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-image-unsigned-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-modules-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-headers-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-oracle-5.4-tools-5.4.0-1094 - 5.4.0-1094.103~18.04.1 linux-tools-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-image-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 linux-buildinfo-5.4.0-1094-oracle - 5.4.0-1094.103~18.04.1 No subscription required linux-tools-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-cloud-tools-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1097 - 5.4.0-1097.105~18.04.1 linux-headers-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-aws-5.4-tools-5.4.0-1097 - 5.4.0-1097.105~18.04.1 linux-modules-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-modules-extra-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-aws-5.4-headers-5.4.0-1097 - 5.4.0-1097.105~18.04.1 linux-buildinfo-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-image-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 linux-image-unsigned-5.4.0-1097-aws - 5.4.0-1097.105~18.04.1 No subscription required linux-modules-extra-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1104 - 5.4.0-1104.110~18.04.1 linux-azure-5.4-headers-5.4.0-1104 - 5.4.0-1104.110~18.04.1 linux-azure-5.4-tools-5.4.0-1104 - 5.4.0-1104.110~18.04.1 linux-cloud-tools-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-image-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-modules-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-buildinfo-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-headers-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-tools-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 linux-image-unsigned-5.4.0-1104-azure - 5.4.0-1104.110~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-144.161~18.04.1 linux-tools-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-buildinfo-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-image-5.4.0-144-generic-lpae - 5.4.0-144.161~18.04.1 linux-modules-5.4.0-144-generic-lpae - 5.4.0-144.161~18.04.1 linux-modules-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-tools-5.4.0-144-generic-lpae - 5.4.0-144.161~18.04.1 linux-buildinfo-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-modules-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-tools-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-image-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-hwe-5.4-tools-5.4.0-144 - 5.4.0-144.161~18.04.1 linux-buildinfo-5.4.0-144-generic-lpae - 5.4.0-144.161~18.04.1 linux-headers-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-image-unsigned-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-modules-extra-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-144.161~18.04.1 linux-headers-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-image-unsigned-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-144 - 5.4.0-144.161~18.04.1 linux-hwe-5.4-headers-5.4.0-144 - 5.4.0-144.161~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-144.161~18.04.1 linux-cloud-tools-5.4.0-144-generic - 5.4.0-144.161~18.04.1 linux-image-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 linux-headers-5.4.0-144-generic-lpae - 5.4.0-144.161~18.04.1 linux-cloud-tools-5.4.0-144-lowlatency - 5.4.0-144.161~18.04.1 No subscription required linux-headers-oracle - 5.4.0.1094.103~18.04.68 linux-tools-oracle - 5.4.0.1094.103~18.04.68 linux-signed-image-oracle - 5.4.0.1094.103~18.04.68 linux-signed-oracle - 5.4.0.1094.103~18.04.68 linux-tools-oracle-edge - 5.4.0.1094.103~18.04.68 linux-oracle-edge - 5.4.0.1094.103~18.04.68 linux-modules-extra-oracle-edge - 5.4.0.1094.103~18.04.68 linux-image-oracle-edge - 5.4.0.1094.103~18.04.68 linux-modules-extra-oracle - 5.4.0.1094.103~18.04.68 linux-signed-oracle-edge - 5.4.0.1094.103~18.04.68 linux-signed-image-oracle-edge - 5.4.0.1094.103~18.04.68 linux-headers-oracle-edge - 5.4.0.1094.103~18.04.68 linux-image-oracle - 5.4.0.1094.103~18.04.68 linux-oracle - 5.4.0.1094.103~18.04.68 No subscription required linux-headers-aws - 5.4.0.1097.75 linux-image-aws - 5.4.0.1097.75 linux-modules-extra-aws-edge - 5.4.0.1097.75 linux-image-aws-edge - 5.4.0.1097.75 linux-aws-edge - 5.4.0.1097.75 linux-headers-aws-edge - 5.4.0.1097.75 linux-aws - 5.4.0.1097.75 linux-modules-extra-aws - 5.4.0.1097.75 linux-tools-aws - 5.4.0.1097.75 linux-tools-aws-edge - 5.4.0.1097.75 No subscription required linux-signed-azure - 5.4.0.1104.77 linux-tools-azure-edge - 5.4.0.1104.77 linux-cloud-tools-azure - 5.4.0.1104.77 linux-tools-azure - 5.4.0.1104.77 linux-image-azure-edge - 5.4.0.1104.77 linux-cloud-tools-azure-edge - 5.4.0.1104.77 linux-modules-extra-azure - 5.4.0.1104.77 linux-azure - 5.4.0.1104.77 linux-signed-image-azure-edge - 5.4.0.1104.77 linux-image-azure - 5.4.0.1104.77 linux-signed-image-azure - 5.4.0.1104.77 linux-headers-azure-edge - 5.4.0.1104.77 linux-azure-edge - 5.4.0.1104.77 linux-modules-extra-azure-edge - 5.4.0.1104.77 linux-signed-azure-edge - 5.4.0.1104.77 linux-headers-azure - 5.4.0.1104.77 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-headers-snapdragon-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-generic-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-snapdragon-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-oem - 5.4.0.144.161~18.04.115 linux-tools-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-lowlatency-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-lowlatency-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-extra-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-oem-osp1 - 5.4.0.144.161~18.04.115 linux-headers-oem - 5.4.0.144.161~18.04.115 linux-snapdragon-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-generic-lpae-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-tools-lowlatency-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-generic-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-tools-snapdragon-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-generic-lpae-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-tools-oem-osp1 - 5.4.0.144.161~18.04.115 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-tools-generic-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-generic-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-generic-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-oem - 5.4.0.144.161~18.04.115 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-snapdragon-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-tools-oem - 5.4.0.144.161~18.04.115 linux-headers-oem-osp1 - 5.4.0.144.161~18.04.115 linux-tools-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-generic-lpae-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-tools-generic-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-generic-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-oem-osp1 - 5.4.0.144.161~18.04.115 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-lowlatency-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-lowlatency-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.144.161~18.04.115 linux-generic-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.144.161~18.04.115 linux-image-virtual-hwe-18.04-edge - 5.4.0.144.161~18.04.115 No subscription required High CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) Update Instructions: Run `sudo pro fix USN-5920-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1061-dell300x - 4.15.0-1061.66 linux-dell300x-headers-4.15.0-1061 - 4.15.0-1061.66 linux-tools-4.15.0-1061-dell300x - 4.15.0-1061.66 linux-modules-4.15.0-1061-dell300x - 4.15.0-1061.66 linux-headers-4.15.0-1061-dell300x - 4.15.0-1061.66 linux-dell300x-tools-4.15.0-1061 - 4.15.0-1061.66 linux-image-unsigned-4.15.0-1061-dell300x - 4.15.0-1061.66 linux-buildinfo-4.15.0-1061-dell300x - 4.15.0-1061.66 No subscription required linux-image-4.15.0-1115-oracle - 4.15.0-1115.126 linux-tools-4.15.0-1115-oracle - 4.15.0-1115.126 linux-headers-4.15.0-1115-oracle - 4.15.0-1115.126 linux-modules-extra-4.15.0-1115-oracle - 4.15.0-1115.126 linux-oracle-headers-4.15.0-1115 - 4.15.0-1115.126 linux-oracle-tools-4.15.0-1115 - 4.15.0-1115.126 linux-image-unsigned-4.15.0-1115-oracle - 4.15.0-1115.126 linux-modules-4.15.0-1115-oracle - 4.15.0-1115.126 linux-buildinfo-4.15.0-1115-oracle - 4.15.0-1115.126 No subscription required linux-image-unsigned-4.15.0-1146-gcp - 4.15.0-1146.162 linux-modules-4.15.0-1146-gcp - 4.15.0-1146.162 linux-gcp-4.15-headers-4.15.0-1146 - 4.15.0-1146.162 linux-modules-extra-4.15.0-1146-gcp - 4.15.0-1146.162 linux-tools-4.15.0-1146-gcp - 4.15.0-1146.162 linux-buildinfo-4.15.0-1146-gcp - 4.15.0-1146.162 linux-gcp-4.15-tools-4.15.0-1146 - 4.15.0-1146.162 linux-image-4.15.0-1146-gcp - 4.15.0-1146.162 linux-headers-4.15.0-1146-gcp - 4.15.0-1146.162 No subscription required linux-aws-headers-4.15.0-1151 - 4.15.0-1151.164 linux-image-unsigned-4.15.0-1151-aws - 4.15.0-1151.164 linux-cloud-tools-4.15.0-1151-aws - 4.15.0-1151.164 linux-image-4.15.0-1151-aws - 4.15.0-1151.164 linux-aws-cloud-tools-4.15.0-1151 - 4.15.0-1151.164 linux-tools-4.15.0-1151-aws - 4.15.0-1151.164 linux-headers-4.15.0-1151-aws - 4.15.0-1151.164 linux-modules-4.15.0-1151-aws - 4.15.0-1151.164 linux-modules-extra-4.15.0-1151-aws - 4.15.0-1151.164 linux-aws-tools-4.15.0-1151 - 4.15.0-1151.164 linux-buildinfo-4.15.0-1151-aws - 4.15.0-1151.164 No subscription required linux-tools-4.15.0-206-lowlatency - 4.15.0-206.217 linux-modules-4.15.0-206-lowlatency - 4.15.0-206.217 linux-tools-4.15.0-206-generic - 4.15.0-206.217 linux-tools-4.15.0-206 - 4.15.0-206.217 linux-image-4.15.0-206-lowlatency - 4.15.0-206.217 linux-tools-host - 4.15.0-206.217 linux-tools-common - 4.15.0-206.217 linux-doc - 4.15.0-206.217 linux-modules-4.15.0-206-generic - 4.15.0-206.217 linux-cloud-tools-4.15.0-206 - 4.15.0-206.217 linux-image-unsigned-4.15.0-206-lowlatency - 4.15.0-206.217 linux-modules-4.15.0-206-generic-lpae - 4.15.0-206.217 linux-buildinfo-4.15.0-206-generic-lpae - 4.15.0-206.217 linux-image-unsigned-4.15.0-206-generic - 4.15.0-206.217 linux-libc-dev - 4.15.0-206.217 linux-image-4.15.0-206-generic-lpae - 4.15.0-206.217 linux-cloud-tools-4.15.0-206-lowlatency - 4.15.0-206.217 linux-buildinfo-4.15.0-206-lowlatency - 4.15.0-206.217 linux-headers-4.15.0-206-generic-lpae - 4.15.0-206.217 linux-headers-4.15.0-206-generic - 4.15.0-206.217 linux-buildinfo-4.15.0-206-generic - 4.15.0-206.217 linux-tools-4.15.0-206-generic-lpae - 4.15.0-206.217 linux-cloud-tools-common - 4.15.0-206.217 linux-cloud-tools-4.15.0-206-generic - 4.15.0-206.217 linux-headers-4.15.0-206-lowlatency - 4.15.0-206.217 linux-image-4.15.0-206-generic - 4.15.0-206.217 linux-source-4.15.0 - 4.15.0-206.217 linux-modules-extra-4.15.0-206-generic - 4.15.0-206.217 linux-headers-4.15.0-206 - 4.15.0-206.217 No subscription required linux-tools-dell300x - 4.15.0.1061.60 linux-headers-dell300x - 4.15.0.1061.60 linux-image-dell300x - 4.15.0.1061.60 linux-dell300x - 4.15.0.1061.60 No subscription required linux-oracle-lts-18.04 - 4.15.0.1115.120 linux-image-oracle-lts-18.04 - 4.15.0.1115.120 linux-signed-image-oracle-lts-18.04 - 4.15.0.1115.120 linux-tools-oracle-lts-18.04 - 4.15.0.1115.120 linux-signed-oracle-lts-18.04 - 4.15.0.1115.120 linux-headers-oracle-lts-18.04 - 4.15.0.1115.120 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1146.160 linux-gcp-lts-18.04 - 4.15.0.1146.160 linux-tools-gcp-lts-18.04 - 4.15.0.1146.160 linux-image-gcp-lts-18.04 - 4.15.0.1146.160 linux-headers-gcp-lts-18.04 - 4.15.0.1146.160 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1151.149 linux-headers-aws-lts-18.04 - 4.15.0.1151.149 linux-aws-lts-18.04 - 4.15.0.1151.149 linux-modules-extra-aws-lts-18.04 - 4.15.0.1151.149 linux-tools-aws-lts-18.04 - 4.15.0.1151.149 No subscription required linux-cloud-tools-virtual - 4.15.0.206.189 linux-headers-generic-lpae - 4.15.0.206.189 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-image-extra-virtual-hwe-16.04 - 4.15.0.206.189 linux-headers-generic - 4.15.0.206.189 linux-image-virtual - 4.15.0.206.189 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.206.189 linux-signed-lowlatency - 4.15.0.206.189 linux-image-generic - 4.15.0.206.189 linux-tools-lowlatency - 4.15.0.206.189 linux-headers-generic-hwe-16.04-edge - 4.15.0.206.189 linux-image-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.206.189 linux-generic-lpae-hwe-16.04 - 4.15.0.206.189 linux-signed-generic-hwe-16.04-edge - 4.15.0.206.189 linux-tools-virtual-hwe-16.04 - 4.15.0.206.189 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-image-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-generic-lpae-hwe-16.04-edge - 4.15.0.206.189 linux-signed-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-crashdump - 4.15.0.206.189 linux-signed-image-generic - 4.15.0.206.189 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.206.189 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.206.189 linux-source - 4.15.0.206.189 linux-lowlatency - 4.15.0.206.189 linux-tools-generic-lpae - 4.15.0.206.189 linux-cloud-tools-generic - 4.15.0.206.189 linux-generic-hwe-16.04-edge - 4.15.0.206.189 linux-headers-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.206.189 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-tools-generic-hwe-16.04 - 4.15.0.206.189 linux-tools-virtual - 4.15.0.206.189 linux-image-generic-lpae - 4.15.0.206.189 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-generic-lpae - 4.15.0.206.189 linux-generic - 4.15.0.206.189 linux-virtual - 4.15.0.206.189 linux-signed-image-generic-hwe-16.04 - 4.15.0.206.189 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.206.189 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-headers-lowlatency - 4.15.0.206.189 linux-headers-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-headers-generic-hwe-16.04 - 4.15.0.206.189 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-generic-hwe-16.04 - 4.15.0.206.189 linux-tools-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-tools-generic - 4.15.0.206.189 linux-virtual-hwe-16.04 - 4.15.0.206.189 linux-image-extra-virtual - 4.15.0.206.189 linux-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-cloud-tools-lowlatency - 4.15.0.206.189 linux-image-generic-hwe-16.04 - 4.15.0.206.189 linux-image-generic-hwe-16.04-edge - 4.15.0.206.189 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-signed-image-lowlatency - 4.15.0.206.189 linux-image-generic-lpae-hwe-16.04 - 4.15.0.206.189 linux-virtual-hwe-16.04-edge - 4.15.0.206.189 linux-tools-lowlatency-hwe-16.04 - 4.15.0.206.189 linux-signed-generic - 4.15.0.206.189 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.206.189 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.206.189 linux-headers-virtual-hwe-16.04 - 4.15.0.206.189 linux-image-virtual-hwe-16.04 - 4.15.0.206.189 linux-headers-virtual - 4.15.0.206.189 linux-signed-generic-hwe-16.04 - 4.15.0.206.189 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.206.189 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.206.189 linux-tools-generic-hwe-16.04-edge - 4.15.0.206.189 linux-image-lowlatency - 4.15.0.206.189 No subscription required High CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-3640 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-4378 CVE-2023-0461 Ubuntu 18.04 LTS Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges. Update Instructions: Run `sudo pro fix USN-5921-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.1.2-2.1ubuntu1.6 No subscription required Medium CVE-2022-29154 Ubuntu 18.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. (CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804) Update Instructions: Run `sudo pro fix USN-5923-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.9-5ubuntu0.10 libtiffxx5 - 4.0.9-5ubuntu0.10 libtiff5-dev - 4.0.9-5ubuntu0.10 libtiff-dev - 4.0.9-5ubuntu0.10 libtiff5 - 4.0.9-5ubuntu0.10 libtiff-tools - 4.0.9-5ubuntu0.10 libtiff-doc - 4.0.9-5ubuntu0.10 No subscription required Medium CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) Update Instructions: Run `sudo pro fix USN-5925-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-4.15.0-1128-raspi2 - 4.15.0-1128.136 linux-raspi2-tools-4.15.0-1128 - 4.15.0-1128.136 linux-tools-4.15.0-1128-raspi2 - 4.15.0-1128.136 linux-image-4.15.0-1128-raspi2 - 4.15.0-1128.136 linux-modules-4.15.0-1128-raspi2 - 4.15.0-1128.136 linux-buildinfo-4.15.0-1128-raspi2 - 4.15.0-1128.136 linux-raspi2-headers-4.15.0-1128 - 4.15.0-1128.136 No subscription required linux-image-4.15.0-1136-kvm - 4.15.0-1136.141 linux-headers-4.15.0-1136-kvm - 4.15.0-1136.141 linux-kvm-headers-4.15.0-1136 - 4.15.0-1136.141 linux-kvm-tools-4.15.0-1136 - 4.15.0-1136.141 linux-buildinfo-4.15.0-1136-kvm - 4.15.0-1136.141 linux-tools-4.15.0-1136-kvm - 4.15.0-1136.141 linux-modules-4.15.0-1136-kvm - 4.15.0-1136.141 No subscription required linux-image-4.15.0-1146-snapdragon - 4.15.0-1146.156 linux-tools-4.15.0-1146-snapdragon - 4.15.0-1146.156 linux-snapdragon-tools-4.15.0-1146 - 4.15.0-1146.156 linux-buildinfo-4.15.0-1146-snapdragon - 4.15.0-1146.156 linux-modules-4.15.0-1146-snapdragon - 4.15.0-1146.156 linux-snapdragon-headers-4.15.0-1146 - 4.15.0-1146.156 linux-headers-4.15.0-1146-snapdragon - 4.15.0-1146.156 No subscription required linux-raspi2 - 4.15.0.1128.123 linux-headers-raspi2 - 4.15.0.1128.123 linux-image-raspi2 - 4.15.0.1128.123 linux-tools-raspi2 - 4.15.0.1128.123 No subscription required linux-kvm - 4.15.0.1136.127 linux-image-kvm - 4.15.0.1136.127 linux-tools-kvm - 4.15.0.1136.127 linux-headers-kvm - 4.15.0.1136.127 No subscription required linux-snapdragon - 4.15.0.1146.145 linux-image-snapdragon - 4.15.0.1146.145 linux-headers-snapdragon - 4.15.0.1146.145 linux-tools-snapdragon - 4.15.0.1146.145 No subscription required High CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-3640 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2023-0461 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Tamás Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5927-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-cloud-tools-4.15.0-1162-azure - 4.15.0-1162.177 linux-modules-extra-4.15.0-1162-azure - 4.15.0-1162.177 linux-tools-4.15.0-1162-azure - 4.15.0-1162.177 linux-modules-4.15.0-1162-azure - 4.15.0-1162.177 linux-headers-4.15.0-1162-azure - 4.15.0-1162.177 linux-azure-4.15-cloud-tools-4.15.0-1162 - 4.15.0-1162.177 linux-azure-4.15-headers-4.15.0-1162 - 4.15.0-1162.177 linux-image-4.15.0-1162-azure - 4.15.0-1162.177 linux-image-unsigned-4.15.0-1162-azure - 4.15.0-1162.177 linux-azure-4.15-tools-4.15.0-1162 - 4.15.0-1162.177 linux-buildinfo-4.15.0-1162-azure - 4.15.0-1162.177 No subscription required linux-headers-azure-lts-18.04 - 4.15.0.1162.130 linux-azure-lts-18.04 - 4.15.0.1162.130 linux-signed-image-azure-lts-18.04 - 4.15.0.1162.130 linux-modules-extra-azure-lts-18.04 - 4.15.0.1162.130 linux-signed-azure-lts-18.04 - 4.15.0.1162.130 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1162.130 linux-image-azure-lts-18.04 - 4.15.0.1162.130 linux-tools-azure-lts-18.04 - 4.15.0.1162.130 No subscription required High CVE-2021-3669 CVE-2022-3424 CVE-2022-3521 CVE-2022-3545 CVE-2022-3628 CVE-2022-36280 CVE-2022-3640 CVE-2022-41218 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-23455 CVE-2023-23559 Ubuntu 18.04 LTS It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan() function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3821) It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415) It was discovered that systemd did not properly manage a crash with long backtrace data. A local attacker could possibly use this issue to cause a deadlock, leading to a denial of service attack. This issue only affected Ubuntu 22.10. (CVE-2022-45873) Update Instructions: Run `sudo pro fix USN-5928-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: systemd-tests - 237-3ubuntu10.57 systemd-coredump - 237-3ubuntu10.57 systemd - 237-3ubuntu10.57 libsystemd0 - 237-3ubuntu10.57 systemd-container - 237-3ubuntu10.57 libnss-myhostname - 237-3ubuntu10.57 libudev1 - 237-3ubuntu10.57 libsystemd-dev - 237-3ubuntu10.57 libnss-systemd - 237-3ubuntu10.57 systemd-journal-remote - 237-3ubuntu10.57 libpam-systemd - 237-3ubuntu10.57 libnss-mymachines - 237-3ubuntu10.57 libnss-resolve - 237-3ubuntu10.57 systemd-sysv - 237-3ubuntu10.57 udev - 237-3ubuntu10.57 libudev-dev - 237-3ubuntu10.57 No subscription required Medium CVE-2022-3821 CVE-2022-4415 CVE-2022-45873 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-37454) Update Instructions: Run `sudo pro fix USN-5930-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.7-doc - 3.7.5-2ubuntu1~18.04.2+esm2 libpython3.7-minimal - 3.7.5-2ubuntu1~18.04.2+esm2 libpython3.7-testsuite - 3.7.5-2ubuntu1~18.04.2+esm2 libpython3.7-stdlib - 3.7.5-2ubuntu1~18.04.2+esm2 python3.7-minimal - 3.7.5-2ubuntu1~18.04.2+esm2 python3.7 - 3.7.5-2ubuntu1~18.04.2+esm2 python3.7-venv - 3.7.5-2ubuntu1~18.04.2+esm2 libpython3.7-dev - 3.7.5-2ubuntu1~18.04.2+esm2 python3.7-examples - 3.7.5-2ubuntu1~18.04.2+esm2 python3.7-dev - 3.7.5-2ubuntu1~18.04.2+esm2 idle-python3.7 - 3.7.5-2ubuntu1~18.04.2+esm2 libpython3.7 - 3.7.5-2ubuntu1~18.04.2+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-37454 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-37454) Update Instructions: Run `sudo pro fix USN-5931-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3.8-minimal - 3.8.0-3ubuntu1~18.04.2+esm1 python3.8-examples - 3.8.0-3ubuntu1~18.04.2+esm1 python3.8-dev - 3.8.0-3ubuntu1~18.04.2+esm1 libpython3.8-minimal - 3.8.0-3ubuntu1~18.04.2+esm1 libpython3.8-dev - 3.8.0-3ubuntu1~18.04.2+esm1 python3.8-venv - 3.8.0-3ubuntu1~18.04.2+esm1 libpython3.8 - 3.8.0-3ubuntu1~18.04.2+esm1 idle-python3.8 - 3.8.0-3ubuntu1~18.04.2+esm1 libpython3.8-testsuite - 3.8.0-3ubuntu1~18.04.2+esm1 libpython3.8-stdlib - 3.8.0-3ubuntu1~18.04.2+esm1 python3.8 - 3.8.0-3ubuntu1~18.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-37454 Ubuntu 18.04 LTS It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-31001, CVE-2022-31002, CVE-2022-31003) It was discovered that Sofia-SIP incorrectly handled specially crafted UDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service. (CVE-2022-47516) Qiuhao Li discovered that Sofia-SIP incorrectly handled specially crafted STUN packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-22741) Update Instructions: Run `sudo pro fix USN-5932-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sofia-sip-doc - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 libsofia-sip-ua-glib3 - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 libsofia-sip-ua0 - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 sofia-sip-bin - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 libsofia-sip-ua-glib-dev - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 libsofia-sip-ua-dev - 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 No subscription required Medium CVE-2022-31001 CVE-2022-31002 CVE-2022-31003 CVE-2022-47516 CVE-2023-22741 Ubuntu 18.04 LTS It was discovered that Opusfile was not properly validating pointer arguments in some of its functions, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. Update Instructions: Run `sudo pro fix USN-5937-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopusfile-doc - 0.9+20170913-1ubuntu0.18.04.1~esm1 libopusfile-dev - 0.9+20170913-1ubuntu0.18.04.1~esm1 libopusfile0 - 0.9+20170913-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-47021 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in the Linux kernel when deleting multipath routes, resulting in an out-of-bounds read. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3435) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-4139) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-47520) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Android Binder IPC subsystem in the Linux kernel did not properly validate inputs in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20938) Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23454) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Update Instructions: Run `sudo pro fix USN-5939-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-modules-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-image-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-tools-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-image-unsigned-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-gcp-5.4-tools-5.4.0-1101 - 5.4.0-1101.110~18.04.1 linux-gcp-5.4-headers-5.4.0-1101 - 5.4.0-1101.110~18.04.1 linux-modules-extra-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 linux-headers-5.4.0-1101-gcp - 5.4.0-1101.110~18.04.1 No subscription required linux-headers-gcp-edge - 5.4.0.1101.77 linux-tools-gcp - 5.4.0.1101.77 linux-tools-gcp-edge - 5.4.0.1101.77 linux-modules-extra-gcp - 5.4.0.1101.77 linux-modules-extra-gcp-edge - 5.4.0.1101.77 linux-gcp-edge - 5.4.0.1101.77 linux-image-gcp - 5.4.0.1101.77 linux-headers-gcp - 5.4.0.1101.77 linux-gcp - 5.4.0.1101.77 linux-image-gcp-edge - 5.4.0.1101.77 No subscription required High CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in the Linux kernel when deleting multipath routes, resulting in an out-of-bounds read. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3435) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-4139) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-47520) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Android Binder IPC subsystem in the Linux kernel did not properly validate inputs in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20938) Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23454) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Update Instructions: Run `sudo pro fix USN-5940-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-5.4.0-1081-raspi - 5.4.0-1081.92~18.04.1 linux-headers-5.4.0-1081-raspi - 5.4.0-1081.92~18.04.1 linux-modules-5.4.0-1081-raspi - 5.4.0-1081.92~18.04.1 linux-tools-5.4.0-1081-raspi - 5.4.0-1081.92~18.04.1 linux-raspi-5.4-headers-5.4.0-1081 - 5.4.0-1081.92~18.04.1 linux-buildinfo-5.4.0-1081-raspi - 5.4.0-1081.92~18.04.1 linux-raspi-5.4-tools-5.4.0-1081 - 5.4.0-1081.92~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1081.78 linux-tools-raspi-hwe-18.04 - 5.4.0.1081.78 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1081.78 linux-image-raspi-hwe-18.04 - 5.4.0.1081.78 linux-raspi-hwe-18.04-edge - 5.4.0.1081.78 linux-raspi-hwe-18.04 - 5.4.0.1081.78 linux-headers-raspi-hwe-18.04 - 5.4.0.1081.78 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1081.78 No subscription required High CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455 Ubuntu 18.04 LTS Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-25690) Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-27522) Update Instructions: Run `sudo pro fix USN-5942-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2-data - 2.4.29-1ubuntu4.27 apache2-utils - 2.4.29-1ubuntu4.27 apache2-dev - 2.4.29-1ubuntu4.27 apache2-suexec-pristine - 2.4.29-1ubuntu4.27 apache2-suexec-custom - 2.4.29-1ubuntu4.27 apache2 - 2.4.29-1ubuntu4.27 apache2-doc - 2.4.29-1ubuntu4.27 apache2-ssl-dev - 2.4.29-1ubuntu4.27 apache2-bin - 2.4.29-1ubuntu4.27 No subscription required Medium CVE-2023-25690 CVE-2023-27522 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-0616, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25742, CVE-2023-25746) Johan Carlsson discovered that Thunderbird did not properly implement CSP policy on a header when using iframes. An attacker could potentially exploits this to exfiltrate data. (CVE-2023-25728) Irvan Kurniawan discovered that Thunderbird was not properly handling background fullscreen scripts when the window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. (CVE-2023-25730) Christian Holler discovered that Thunderbird did not properly check the Safe Bag attributes in PKCS 12 certificate bundle. An attacker could possibly use this issue to write to arbitrary memory by sending malicious PKCS 12 certificate. (CVE-2023-0767) Ronald Crane discovered that Thunderbird did not properly check the size of the input being encoded in xpcom. An attacker could possibly use this issue to perform out of bound memory write operations. (CVE-2023-25732) Update Instructions: Run `sudo pro fix USN-5943-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.8.0+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.8.0+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.8.0+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.8.0+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.8.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-0616 CVE-2023-25728 CVE-2023-25730 CVE-2023-0767 CVE-2023-25735 CVE-2023-25737 CVE-2023-25729 CVE-2023-25739 CVE-2023-25732 CVE-2023-25742 CVE-2023-25746 Ubuntu 18.04 LTS It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749, CVE-2022-38750) It was discovered that SnakeYAML did not limit the maximal data matched with regular expressions when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751) Update Instructions: Run `sudo pro fix USN-5944-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyaml-snake-java - 1.23-1+deb10u1build0.18.04.1 libyaml-snake-java-doc - 1.23-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 Ubuntu 18.04 LTS It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2021-22569) It was discovered that Protocol Buffers did not properly parse certain symbols. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2021-22570) It was discovered that Protocol Buffers did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1941) Update Instructions: Run `sudo pro fix USN-5945-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprotoc10 - 3.0.0-9.1ubuntu1.1 libprotobuf10 - 3.0.0-9.1ubuntu1.1 python3-protobuf - 3.0.0-9.1ubuntu1.1 libprotobuf-lite10 - 3.0.0-9.1ubuntu1.1 libprotoc-dev - 3.0.0-9.1ubuntu1.1 python-protobuf - 3.0.0-9.1ubuntu1.1 libprotobuf-dev - 3.0.0-9.1ubuntu1.1 libprotobuf-java - 3.0.0-9.1ubuntu1.1 protobuf-compiler - 3.0.0-9.1ubuntu1.1 No subscription required Low CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 Ubuntu 18.04 LTS Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39140) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39139, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39153, CVE-2021-39154) It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39150, CVE-2021-39152) Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-41966) Update Instructions: Run `sudo pro fix USN-5946-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxstream-java - 1.4.11.1-1+deb10u4build0.18.04.1 No subscription required Medium CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2022-41966 Ubuntu 18.04 LTS Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-9942) Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2022-23614) Dariusz Tytko discovered that Twig was not properly verifying input data utilized when defining pathnames used to access files in a system. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2022-39261) Update Instructions: Run `sudo pro fix USN-5947-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-twig-doc - 2.4.6-1ubuntu0.1~esm1 php-twig - 2.4.6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-9942 CVE-2022-23614 CVE-2022-39261 Ubuntu 18.04 LTS It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934) It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577) Update Instructions: Run `sudo pro fix USN-5948-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-werkzeug - 0.14.1+dfsg1-1ubuntu0.2 python-werkzeug - 0.14.1+dfsg1-1ubuntu0.2 python-werkzeug-doc - 0.14.1+dfsg1-1ubuntu0.2 No subscription required Medium CVE-2023-23934 CVE-2023-25577 Ubuntu 18.04 LTS It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219, CVE-2023-1220, CVE-2023-1222) It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0933) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928, CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218) It was discovered that Chromium did not correctly distinguish data types in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215, CVE-2023-1235) It was discovered that Chromium insufficiently enforced policies. An attacker could possibly use this issue to bypass navigation restrictions. (CVE-2023-1221, CVE-2023-1224) It was discovered that Chromium insufficiently enforced policies in Web Payments API. A remote attacker could possibly use this issue to bypass content security policy via a crafted HTML page. (CVE-2023-1226) It was discovered that Chromium contained an inappropriate implementation in the Permission prompts component. A remote attacker could possibly use this issue to bypass navigation restrictions via a crafted HTML page. (CVE-2023-1229) It was discovered that Chromium insufficiently enforced policies in Resource Timing component. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-1232, CVE-2023-1233) It was discovered that Chromium contained an inappropriate implementation in the Internals component. A remote attacker could possibly use this issue to spoof the origin of an iframe via a crafted HTML page. (CVE-2023-1236) Update Instructions: Run `sudo pro fix USN-5949-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chromium-chromedriver - 111.0.5563.64-0ubuntu0.18.04.5 chromium-browser-l10n - 111.0.5563.64-0ubuntu0.18.04.5 chromium-codecs-ffmpeg-extra - 111.0.5563.64-0ubuntu0.18.04.5 chromium-codecs-ffmpeg - 111.0.5563.64-0ubuntu0.18.04.5 chromium-browser - 111.0.5563.64-0ubuntu0.18.04.5 No subscription required Medium CVE-2023-0930 CVE-2023-1219 CVE-2023-1220 CVE-2023-1222 CVE-2023-0933 CVE-2023-0941 CVE-2023-0928 CVE-2023-0929 CVE-2023-0931 CVE-2023-1213 CVE-2023-1216 CVE-2023-1218 CVE-2023-1214 CVE-2023-1215 CVE-2023-1235 CVE-2023-1221 CVE-2023-1224 CVE-2023-1226 CVE-2023-1229 CVE-2023-1232 CVE-2023-1233 CVE-2023-1236 Ubuntu 18.04 LTS It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in the Linux kernel when deleting multipath routes, resulting in an out-of-bounds read. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3435) It was discovered that a race condition existed in the Kernel Connection Multiplexor (KCM) socket implementation in the Linux kernel when releasing sockets in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3521) It was discovered that the Netronome Ethernet driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3545) It was discovered that the hugetlb implementation in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-3623) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-4139) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-47520) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Android Binder IPC subsystem in the Linux kernel did not properly validate inputs in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-20938) Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23454) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) Update Instructions: Run `sudo pro fix USN-5951-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1045 - 5.4.0-1045.50~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1045.50~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1045.50~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1045.50~18.04.1 linux-image-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-buildinfo-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-tools-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-headers-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-ibm-5.4-tools-5.4.0-1045 - 5.4.0-1045.50~18.04.1 linux-image-unsigned-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-modules-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 linux-modules-extra-5.4.0-1045-ibm - 5.4.0-1045.50~18.04.1 No subscription required linux-image-ibm - 5.4.0.1045.56 linux-tools-ibm - 5.4.0.1045.56 linux-ibm-edge - 5.4.0.1045.56 linux-headers-ibm - 5.4.0.1045.56 linux-headers-ibm-edge - 5.4.0.1045.56 linux-modules-extra-ibm-edge - 5.4.0.1045.56 linux-tools-ibm-edge - 5.4.0.1045.56 linux-modules-extra-ibm - 5.4.0.1045.56 linux-ibm - 5.4.0.1045.56 linux-image-ibm-edge - 5.4.0.1045.56 No subscription required High CVE-2022-3169 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3623 CVE-2022-36280 CVE-2022-41218 CVE-2022-4139 CVE-2022-42328 CVE-2022-42329 CVE-2022-47520 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-20938 CVE-2023-23454 CVE-2023-23455 Ubuntu 18.04 LTS Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6851, CVE-2020-8112) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27845) It was discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-27842, CVE-2020-27843) Update Instructions: Run `sudo pro fix USN-5952-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-tools - 2.3.0-2+deb10u2build0.18.04.1 libopenjpip-server - 2.3.0-2+deb10u2build0.18.04.1 libopenjpip-viewer - 2.3.0-2+deb10u2build0.18.04.1 libopenjp3d-tools - 2.3.0-2+deb10u2build0.18.04.1 libopenjpip7 - 2.3.0-2+deb10u2build0.18.04.1 libopenjp2-7 - 2.3.0-2+deb10u2build0.18.04.1 libopenjp2-7-dev - 2.3.0-2+deb10u2build0.18.04.1 libopenjp3d7 - 2.3.0-2+deb10u2build0.18.04.1 libopenjpip-dec-server - 2.3.0-2+deb10u2build0.18.04.1 No subscription required Medium CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 Ubuntu 18.04 LTS It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery (CSRF) attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-5607) It was discovered that IPython did not properly manage cross user temporary files. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2022-21699) Update Instructions: Run `sudo pro fix USN-5953-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ipython - 5.5.0-1ubuntu0.1~esm1 python-ipython-doc - 5.5.0-1ubuntu0.1~esm1 python-ipython - 5.5.0-1ubuntu0.1~esm1 python3-ipython - 5.5.0-1ubuntu0.1~esm1 ipython3 - 5.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2015-5607 CVE-2022-21699 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-25750, CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177) Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25751) Rob Wu discovered that Firefox did not properly manage the URLs when following a redirect to a publicly accessible web extension file. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-28160) Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-28164) Khiem Tran discovered that Firefox did not properly manage one-time permissions granted to a document loaded using a file: URL. An attacker could potentially exploit this issue to use granted one-time permissions on the local files came from different sources. (CVE-2023-28161) Update Instructions: Run `sudo pro fix USN-5954-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 111.0+build2-0ubuntu0.18.04.1 firefox - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 111.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 111.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 111.0+build2-0ubuntu0.18.04.1 firefox-dev - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 111.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 111.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-25750 CVE-2023-25751 CVE-2023-28160 CVE-2023-28164 CVE-2023-28161 CVE-2023-28162 CVE-2023-25752 CVE-2023-28176 CVE-2023-28177 Ubuntu 18.04 LTS USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-25750, CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177) Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25751) Rob Wu discovered that Firefox did not properly manage the URLs when following a redirect to a publicly accessible web extension file. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-28160) Luan Herrera discovered that Firefox did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-28164) Khiem Tran discovered that Firefox did not properly manage one-time permissions granted to a document loaded using a file: URL. An attacker could potentially exploit this issue to use granted one-time permissions on the local files came from different sources. (CVE-2023-28161) Update Instructions: Run `sudo pro fix USN-5954-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nn - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ne - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nb - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fa - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fi - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fr - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-fy - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-or - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kab - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-oc - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cs - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ga - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gd - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gn - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gl - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-gu - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pa - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pl - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cy - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-pt - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-szl - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hi - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ms - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-he - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hy - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hr - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hu - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-it - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-as - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ar - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ia - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-az - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-id - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mai - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-af - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-is - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-vi - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-an - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bs - 111.0.1+build2-0ubuntu0.18.04.1 firefox - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ro - 111.0.1+build2-0ubuntu0.18.04.1 firefox-geckodriver - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ja - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ru - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-br - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bn - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-be - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-bg - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sl - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sk - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-si - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sw - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sv - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sr - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-sq - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ko - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kn - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-km - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-kk - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ka - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-xh - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ca - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ku - 111.0.1+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lv - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lt - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-th - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 111.0.1+build2-0ubuntu0.18.04.1 firefox-dev - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-te - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-cak - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ta - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-lg - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-tr - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-nso - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-de - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-da - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uk - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mr - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-my - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-uz - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ml - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mn - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-mk - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ur - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eu - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-et - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-es - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-csb - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-el - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-eo - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-en - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-zu - 111.0.1+build2-0ubuntu0.18.04.1 firefox-locale-ast - 111.0.1+build2-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2012696 Ubuntu 18.04 LTS Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs being treated as absolute local file paths and added as attachments. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-5223) Sehun Oh discovered that PHPMailer was not properly processing untrusted non-local file attachments, which could lead to an object injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19296) Elar Lang discovered that PHPMailer was not properly escaping file attachment names, which could lead to a misinterpretation of file types by entities processing the message. An attacker could possibly use this issue to bypass attachment filters. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13625) It was discovered that PHPMailer was not properly handling callables in its validateAddress function, which could result in untrusted code being called should the global namespace contain a function called 'php'. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3603) Update Instructions: Run `sudo pro fix USN-5956-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-phpmailer - 5.2.14+dfsg-2.3+deb9u2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-10033 CVE-2016-10045 CVE-2017-11503 CVE-2017-5223 CVE-2018-19296 CVE-2020-13625 CVE-2021-3603 Ubuntu 18.04 LTS USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs being treated as absolute local file paths and added as attachments. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-5223) Sehun Oh discovered that PHPMailer was not properly processing untrusted non-local file attachments, which could lead to an object injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-19296) Elar Lang discovered that PHPMailer was not properly escaping file attachment names, which could lead to a misinterpretation of file types by entities processing the message. An attacker could possibly use this issue to bypass attachment filters. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13625) It was discovered that PHPMailer was not properly handling callables in its validateAddress function, which could result in untrusted code being called should the global namespace contain a function called 'php'. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2021-3603) Update Instructions: Run `sudo pro fix USN-5956-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-phpmailer - 5.2.14+dfsg-2.3+deb9u2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2017-11503 Ubuntu 18.04 LTS Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21898, CVE-2021-21899) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DRW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21900) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing JWW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-45341, CVE-2021-45342) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. (CVE-2021-45343) Update Instructions: Run `sudo pro fix USN-5957-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: librecad-data - 2.1.2-1ubuntu0.1~esm1 librecad - 2.1.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-19105 CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 CVE-2021-45341 CVE-2021-45342 CVE-2021-45343 Ubuntu 18.04 LTS It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3109, CVE-2022-3341) It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3964) It was discovered that FFmpeg could be made to access an out-of-bounds frame by the QuickTime encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-3965) Update Instructions: Run `sudo pro fix USN-5958-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:3.4.11-0ubuntu0.1+esm1 ffmpeg-doc - 7:3.4.11-0ubuntu0.1+esm1 libavcodec-dev - 7:3.4.11-0ubuntu0.1+esm1 libavcodec-extra - 7:3.4.11-0ubuntu0.1+esm1 libavcodec-extra57 - 7:3.4.11-0ubuntu0.1+esm1 libavcodec57 - 7:3.4.11-0ubuntu0.1+esm1 libavdevice-dev - 7:3.4.11-0ubuntu0.1+esm1 libavdevice57 - 7:3.4.11-0ubuntu0.1+esm1 libavfilter-dev - 7:3.4.11-0ubuntu0.1+esm1 libavfilter-extra - 7:3.4.11-0ubuntu0.1+esm1 libavfilter-extra6 - 7:3.4.11-0ubuntu0.1+esm1 libavfilter6 - 7:3.4.11-0ubuntu0.1+esm1 libavformat-dev - 7:3.4.11-0ubuntu0.1+esm1 libavformat57 - 7:3.4.11-0ubuntu0.1+esm1 libavresample-dev - 7:3.4.11-0ubuntu0.1+esm1 libavresample3 - 7:3.4.11-0ubuntu0.1+esm1 libavutil-dev - 7:3.4.11-0ubuntu0.1+esm1 libavutil55 - 7:3.4.11-0ubuntu0.1+esm1 libpostproc-dev - 7:3.4.11-0ubuntu0.1+esm1 libpostproc54 - 7:3.4.11-0ubuntu0.1+esm1 libswresample-dev - 7:3.4.11-0ubuntu0.1+esm1 libswresample2 - 7:3.4.11-0ubuntu0.1+esm1 libswscale-dev - 7:3.4.11-0ubuntu0.1+esm1 libswscale4 - 7:3.4.11-0ubuntu0.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-3109 CVE-2022-3341 CVE-2022-3964 CVE-2022-3965 https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2007269 Ubuntu 18.04 LTS It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. (CVE-2021-36222, CVE-2021-37750) Update Instructions: Run `sudo pro fix USN-5959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libk5crypto3 - 1.16-2ubuntu0.4 krb5-kpropd - 1.16-2ubuntu0.4 krb5-user - 1.16-2ubuntu0.4 libgssrpc4 - 1.16-2ubuntu0.4 libkrb5support0 - 1.16-2ubuntu0.4 krb5-doc - 1.16-2ubuntu0.4 libkrb5-dev - 1.16-2ubuntu0.4 krb5-pkinit - 1.16-2ubuntu0.4 libkrb5-3 - 1.16-2ubuntu0.4 krb5-kdc-ldap - 1.16-2ubuntu0.4 krb5-otp - 1.16-2ubuntu0.4 krb5-gss-samples - 1.16-2ubuntu0.4 libkdb5-9 - 1.16-2ubuntu0.4 krb5-locales - 1.16-2ubuntu0.4 libgssapi-krb5-2 - 1.16-2ubuntu0.4 krb5-kdc - 1.16-2ubuntu0.4 libkrad-dev - 1.16-2ubuntu0.4 krb5-k5tls - 1.16-2ubuntu0.4 libkrad0 - 1.16-2ubuntu0.4 krb5-multidev - 1.16-2ubuntu0.4 libkadm5srv-mit11 - 1.16-2ubuntu0.4 libkadm5clnt-mit11 - 1.16-2ubuntu0.4 krb5-admin-server - 1.16-2ubuntu0.4 No subscription required Medium CVE-2021-36222 CVE-2021-37750 Ubuntu 18.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters. Update Instructions: Run `sudo pro fix USN-5960-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.11 python2.7-doc - 2.7.17-1~18.04ubuntu1.11 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.11 libpython2.7 - 2.7.17-1~18.04ubuntu1.11 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.11 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.11 python2.7 - 2.7.17-1~18.04ubuntu1.11 idle-python2.7 - 2.7.17-1~18.04ubuntu1.11 python2.7-examples - 2.7.17-1~18.04ubuntu1.11 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.11 python2.7-minimal - 2.7.17-1~18.04ubuntu1.11 No subscription required python3.6-dev - 3.6.9-1~18.04ubuntu1.12 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.12 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.12 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.12 python3.6-examples - 3.6.9-1~18.04ubuntu1.12 python3.6-venv - 3.6.9-1~18.04ubuntu1.12 python3.6-minimal - 3.6.9-1~18.04ubuntu1.12 python3.6 - 3.6.9-1~18.04ubuntu1.12 idle-python3.6 - 3.6.9-1~18.04ubuntu1.12 python3.6-doc - 3.6.9-1~18.04ubuntu1.12 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.12 libpython3.6 - 3.6.9-1~18.04ubuntu1.12 No subscription required Medium CVE-2023-24329 Ubuntu 18.04 LTS It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069) Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service. (CVE-2021-32434, CVE-2021-32435, CVE-2021-32436) Update Instructions: Run `sudo pro fix USN-5961-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: abcm2ps - 7.8.9-1+deb9u1build0.18.04.1 No subscription required Medium CVE-2018-10753 CVE-2018-10771 CVE-2019-1010069 CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 Ubuntu 18.04 LTS It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-47024, CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-0051) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-1170, CVE-2023-1175) It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-1264) Update Instructions: Run `sudo pro fix USN-5963-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.11 vim-gnome - 2:8.0.1453-1ubuntu1.11 vim-athena - 2:8.0.1453-1ubuntu1.11 xxd - 2:8.0.1453-1ubuntu1.11 vim-gtk - 2:8.0.1453-1ubuntu1.11 vim-gui-common - 2:8.0.1453-1ubuntu1.11 vim - 2:8.0.1453-1ubuntu1.11 vim-doc - 2:8.0.1453-1ubuntu1.11 vim-tiny - 2:8.0.1453-1ubuntu1.11 vim-runtime - 2:8.0.1453-1ubuntu1.11 vim-gtk3 - 2:8.0.1453-1ubuntu1.11 vim-nox - 2:8.0.1453-1ubuntu1.11 No subscription required Medium CVE-2022-47024 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 Ubuntu 18.04 LTS Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. (CVE-2023-27533) Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering. (CVE-2023-27534) Harry Sintonen discovered that curl incorrectly reused certain FTP connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27535) Harry Sintonen discovered that curl incorrectly reused connections when the GSS delegation option had been changed. This could lead to the option being reused, contrary to expectations. (CVE-2023-27536) Harry Sintonen discovered that curl incorrectly reused certain SSH connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27538) Update Instructions: Run `sudo pro fix USN-5964-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev - 7.58.0-2ubuntu3.24 libcurl4-openssl-dev - 7.58.0-2ubuntu3.24 libcurl3-gnutls - 7.58.0-2ubuntu3.24 libcurl4-doc - 7.58.0-2ubuntu3.24 libcurl3-nss - 7.58.0-2ubuntu3.24 libcurl4-nss-dev - 7.58.0-2ubuntu3.24 libcurl4 - 7.58.0-2ubuntu3.24 curl - 7.58.0-2ubuntu3.24 No subscription required Medium CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 Ubuntu 18.04 LTS Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.5.1-1ubuntu0.1 amanda-common - 1:3.5.1-1ubuntu0.1 amanda-server - 1:3.5.1-1ubuntu0.1 No subscription required High CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 Ubuntu 18.04 LTS USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.5.1-1ubuntu0.2 amanda-common - 1:3.5.1-1ubuntu0.2 amanda-server - 1:3.5.1-1ubuntu0.2 No subscription required None https://launchpad.net/bugs/2012536 Ubuntu 18.04 LTS USN-5966-1 fixed vulnerabilities in amanda. Unfortunately that update caused a regression and was reverted in USN-5966-2. This update provides security fixes for Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703) Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704) Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705) Update Instructions: Run `sudo pro fix USN-5966-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.5.1-1ubuntu0.3 amanda-common - 1:3.5.1-1ubuntu0.3 amanda-server - 1:3.5.1-1ubuntu0.3 No subscription required High CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 https://launchpad.net/bugs/2012536 Ubuntu 18.04 LTS It was discovered that the set() method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. (CVE-2020-15256, CVE-2021-23434, CVE-2021-3805) Update Instructions: Run `sudo pro fix USN-5967-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-object-path - 0.11.3-1ubuntu0.1 No subscription required Medium CVE-2020-15256 CVE-2021-23434 CVE-2021-3805 Ubuntu 18.04 LTS It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-5968-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git-doc - 2.1.8-1ubuntu0.1~esm1 python-git - 2.1.8-1ubuntu0.1~esm1 python3-git - 2.1.8-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24439 Ubuntu 18.04 LTS It was discovered that gif2apng contained multiple heap-base overflows. An attacker could potentially exploit this to cause a denial of service (system crash). (CVE-2021-45909, CVE-2021-45910, CVE-2021-45911) Update Instructions: Run `sudo pro fix USN-5969-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gif2apng - 1.9+srconly-2ubuntu0.1 No subscription required Medium CVE-2021-45909 CVE-2021-45910 CVE-2021-45911 Ubuntu 18.04 LTS It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10196) It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. These issues only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-18032) Update Instructions: Run `sudo pro fix USN-5971-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgv-perl - 2.40.1-2ubuntu0.1~esm1 python3-gv - 2.40.1-2ubuntu0.1~esm1 libcgraph6 - 2.40.1-2ubuntu0.1~esm1 libgv-tcl - 2.40.1-2ubuntu0.1~esm1 python-gv - 2.40.1-2ubuntu0.1~esm1 libgvc6 - 2.40.1-2ubuntu0.1~esm1 libgraphviz-dev - 2.40.1-2ubuntu0.1~esm1 libxdot4 - 2.40.1-2ubuntu0.1~esm1 libgv-php7 - 2.40.1-2ubuntu0.1~esm1 graphviz-doc - 2.40.1-2ubuntu0.1~esm1 graphviz - 2.40.1-2ubuntu0.1~esm1 libgv-lua - 2.40.1-2ubuntu0.1~esm1 libpathplan4 - 2.40.1-2ubuntu0.1~esm1 libcdt5 - 2.40.1-2ubuntu0.1~esm1 libgvpr2 - 2.40.1-2ubuntu0.1~esm1 liblab-gamut1 - 2.40.1-2ubuntu0.1~esm1 libgvc6-plugins-gtk - 2.40.1-2ubuntu0.1~esm1 libgv-guile - 2.40.1-2ubuntu0.1~esm1 libgv-ruby - 2.40.1-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-10196 CVE-2019-11023 CVE-2020-18032 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-25152, CVE-2023-28162, CVE-2023-28176) Lukas Bernhard discovered that Thunderbird did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-25751) Luan Herrera discovered that Thunderbird did not properly manage cross-origin iframe when dragging a URL. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-28164) Update Instructions: Run `sudo pro fix USN-5972-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.9.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.9.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.9.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.9.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.9.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 Ubuntu 18.04 LTS It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. (CVE-2018-3774) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass input validation. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8124) Yaniv Nizry discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-27515) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3664) It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass authorization. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691) Rohan Sharma discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass authorization. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-0686) Update Instructions: Run `sudo pro fix USN-5973-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-url-parse - 1.2.0-1ubuntu0.1 No subscription required Medium CVE-2018-3774 CVE-2020-8124 CVE-2021-27515 CVE-2021-3664 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686 CVE-2022-0691 Ubuntu 18.04 LTS It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184) It was discovered that GraphicsMagick was not properly validating bits per pixel data when processing DIB image files. If a user or automated system were tricked into processing a specially crafted DIB image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20189) It was discovered that GraphicsMagick was not properly processing bit-field mask values in BMP image files, which could result in the execution of an infinite loop. If a user or automated system were tricked into processing a specially crafted BMP image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685) It was discovered that GraphicsMagick was not properly validating data used in arithmetic operations when processing MNG image files, which could result in a divide-by-zero error. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018) It was discovered that GraphicsMagick was not properly performing bounds checks when processing MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2019-11006) It was discovered that GraphicsMagick did not properly magnify certain MNG image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MNG image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12672) It was discovered that GraphicsMagick was not properly performing bounds checks when parsing certain MIFF image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted MIFF image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1270) Update Instructions: Run `sudo pro fix USN-5974-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgraphics-magick-perl - 1.3.28-2ubuntu0.2+esm1 libgraphicsmagick-q16-3 - 1.3.28-2ubuntu0.2+esm1 libgraphicsmagick1-dev - 1.3.28-2ubuntu0.2+esm1 graphicsmagick - 1.3.28-2ubuntu0.2+esm1 graphicsmagick-imagemagick-compat - 1.3.28-2ubuntu0.2+esm1 graphicsmagick-libmagick-dev-compat - 1.3.28-2ubuntu0.2+esm1 libgraphicsmagick++-q16-12 - 1.3.28-2ubuntu0.2+esm1 libgraphicsmagick++1-dev - 1.3.28-2ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-20184 CVE-2018-20189 CVE-2018-5685 CVE-2018-9018 CVE-2019-11006 CVE-2020-12672 CVE-2022-1270 Ubuntu 18.04 LTS Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-5983-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-nette - 2.4-20160731-1ubuntu0.1 No subscription required Medium CVE-2020-15227 Ubuntu 18.04 LTS It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-5984-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-headers-4.15.0-1062 - 4.15.0-1062.67 linux-tools-4.15.0-1062-dell300x - 4.15.0-1062.67 linux-modules-4.15.0-1062-dell300x - 4.15.0-1062.67 linux-image-4.15.0-1062-dell300x - 4.15.0-1062.67 linux-image-unsigned-4.15.0-1062-dell300x - 4.15.0-1062.67 linux-buildinfo-4.15.0-1062-dell300x - 4.15.0-1062.67 linux-dell300x-tools-4.15.0-1062 - 4.15.0-1062.67 linux-headers-4.15.0-1062-dell300x - 4.15.0-1062.67 No subscription required linux-oracle-tools-4.15.0-1116 - 4.15.0-1116.127 linux-modules-4.15.0-1116-oracle - 4.15.0-1116.127 linux-modules-extra-4.15.0-1116-oracle - 4.15.0-1116.127 linux-buildinfo-4.15.0-1116-oracle - 4.15.0-1116.127 linux-image-4.15.0-1116-oracle - 4.15.0-1116.127 linux-tools-4.15.0-1116-oracle - 4.15.0-1116.127 linux-headers-4.15.0-1116-oracle - 4.15.0-1116.127 linux-image-unsigned-4.15.0-1116-oracle - 4.15.0-1116.127 linux-oracle-headers-4.15.0-1116 - 4.15.0-1116.127 No subscription required linux-buildinfo-4.15.0-1129-raspi2 - 4.15.0-1129.137 linux-headers-4.15.0-1129-raspi2 - 4.15.0-1129.137 linux-image-4.15.0-1129-raspi2 - 4.15.0-1129.137 linux-raspi2-headers-4.15.0-1129 - 4.15.0-1129.137 linux-raspi2-tools-4.15.0-1129 - 4.15.0-1129.137 linux-tools-4.15.0-1129-raspi2 - 4.15.0-1129.137 linux-modules-4.15.0-1129-raspi2 - 4.15.0-1129.137 No subscription required linux-image-4.15.0-1137-kvm - 4.15.0-1137.142 linux-headers-4.15.0-1137-kvm - 4.15.0-1137.142 linux-modules-4.15.0-1137-kvm - 4.15.0-1137.142 linux-buildinfo-4.15.0-1137-kvm - 4.15.0-1137.142 linux-kvm-headers-4.15.0-1137 - 4.15.0-1137.142 linux-kvm-tools-4.15.0-1137 - 4.15.0-1137.142 linux-tools-4.15.0-1137-kvm - 4.15.0-1137.142 No subscription required linux-aws-headers-4.15.0-1153 - 4.15.0-1153.166 linux-tools-4.15.0-1153-aws - 4.15.0-1153.166 linux-modules-extra-4.15.0-1153-aws - 4.15.0-1153.166 linux-image-unsigned-4.15.0-1153-aws - 4.15.0-1153.166 linux-aws-cloud-tools-4.15.0-1153 - 4.15.0-1153.166 linux-image-4.15.0-1153-aws - 4.15.0-1153.166 linux-cloud-tools-4.15.0-1153-aws - 4.15.0-1153.166 linux-headers-4.15.0-1153-aws - 4.15.0-1153.166 linux-buildinfo-4.15.0-1153-aws - 4.15.0-1153.166 linux-modules-4.15.0-1153-aws - 4.15.0-1153.166 linux-aws-tools-4.15.0-1153 - 4.15.0-1153.166 No subscription required linux-headers-4.15.0-208-generic - 4.15.0-208.220 linux-tools-common - 4.15.0-208.220 linux-buildinfo-4.15.0-208-generic - 4.15.0-208.220 linux-tools-host - 4.15.0-208.220 linux-doc - 4.15.0-208.220 linux-cloud-tools-4.15.0-208 - 4.15.0-208.220 linux-headers-4.15.0-208-generic-lpae - 4.15.0-208.220 linux-libc-dev - 4.15.0-208.220 linux-image-unsigned-4.15.0-208-lowlatency - 4.15.0-208.220 linux-modules-4.15.0-208-generic - 4.15.0-208.220 linux-buildinfo-4.15.0-208-generic-lpae - 4.15.0-208.220 linux-image-4.15.0-208-generic-lpae - 4.15.0-208.220 linux-image-unsigned-4.15.0-208-generic - 4.15.0-208.220 linux-modules-4.15.0-208-generic-lpae - 4.15.0-208.220 linux-cloud-tools-4.15.0-208-generic - 4.15.0-208.220 linux-image-4.15.0-208-generic - 4.15.0-208.220 linux-tools-4.15.0-208 - 4.15.0-208.220 linux-image-4.15.0-208-lowlatency - 4.15.0-208.220 linux-modules-extra-4.15.0-208-generic - 4.15.0-208.220 linux-headers-4.15.0-208-lowlatency - 4.15.0-208.220 linux-cloud-tools-4.15.0-208-lowlatency - 4.15.0-208.220 linux-tools-4.15.0-208-lowlatency - 4.15.0-208.220 linux-cloud-tools-common - 4.15.0-208.220 linux-tools-4.15.0-208-generic-lpae - 4.15.0-208.220 linux-modules-4.15.0-208-lowlatency - 4.15.0-208.220 linux-buildinfo-4.15.0-208-lowlatency - 4.15.0-208.220 linux-source-4.15.0 - 4.15.0-208.220 linux-headers-4.15.0-208 - 4.15.0-208.220 linux-tools-4.15.0-208-generic - 4.15.0-208.220 No subscription required linux-tools-dell300x - 4.15.0.1062.61 linux-headers-dell300x - 4.15.0.1062.61 linux-image-dell300x - 4.15.0.1062.61 linux-dell300x - 4.15.0.1062.61 No subscription required linux-oracle-lts-18.04 - 4.15.0.1116.121 linux-image-oracle-lts-18.04 - 4.15.0.1116.121 linux-signed-image-oracle-lts-18.04 - 4.15.0.1116.121 linux-tools-oracle-lts-18.04 - 4.15.0.1116.121 linux-signed-oracle-lts-18.04 - 4.15.0.1116.121 linux-headers-oracle-lts-18.04 - 4.15.0.1116.121 No subscription required linux-raspi2 - 4.15.0.1129.124 linux-headers-raspi2 - 4.15.0.1129.124 linux-image-raspi2 - 4.15.0.1129.124 linux-tools-raspi2 - 4.15.0.1129.124 No subscription required linux-kvm - 4.15.0.1137.128 linux-headers-kvm - 4.15.0.1137.128 linux-tools-kvm - 4.15.0.1137.128 linux-image-kvm - 4.15.0.1137.128 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1153.151 linux-headers-aws-lts-18.04 - 4.15.0.1153.151 linux-aws-lts-18.04 - 4.15.0.1153.151 linux-modules-extra-aws-lts-18.04 - 4.15.0.1153.151 linux-tools-aws-lts-18.04 - 4.15.0.1153.151 No subscription required linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.208.191 linux-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-image-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-signed-generic-hwe-16.04-edge - 4.15.0.208.191 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-image-extra-virtual-hwe-16.04 - 4.15.0.208.191 linux-image-virtual - 4.15.0.208.191 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.208.191 linux-image-generic - 4.15.0.208.191 linux-tools-lowlatency - 4.15.0.208.191 linux-tools-generic-hwe-16.04-edge - 4.15.0.208.191 linux-headers-generic-hwe-16.04-edge - 4.15.0.208.191 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.208.191 linux-cloud-tools-virtual - 4.15.0.208.191 linux-tools-virtual-hwe-16.04 - 4.15.0.208.191 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-generic-lpae-hwe-16.04-edge - 4.15.0.208.191 linux-signed-image-lowlatency - 4.15.0.208.191 linux-generic-lpae-hwe-16.04 - 4.15.0.208.191 linux-crashdump - 4.15.0.208.191 linux-signed-image-generic - 4.15.0.208.191 linux-headers-generic-lpae - 4.15.0.208.191 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.208.191 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.208.191 linux-source - 4.15.0.208.191 linux-lowlatency - 4.15.0.208.191 linux-tools-virtual - 4.15.0.208.191 linux-generic-hwe-16.04-edge - 4.15.0.208.191 linux-headers-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-tools-generic-lpae - 4.15.0.208.191 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.208.191 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-tools-generic-hwe-16.04 - 4.15.0.208.191 linux-cloud-tools-generic - 4.15.0.208.191 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-generic-lpae - 4.15.0.208.191 linux-generic - 4.15.0.208.191 linux-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-virtual - 4.15.0.208.191 linux-signed-image-generic-hwe-16.04 - 4.15.0.208.191 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.208.191 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-headers-lowlatency - 4.15.0.208.191 linux-headers-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-headers-generic-hwe-16.04 - 4.15.0.208.191 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-generic-hwe-16.04 - 4.15.0.208.191 linux-tools-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-tools-generic - 4.15.0.208.191 linux-virtual-hwe-16.04 - 4.15.0.208.191 linux-image-extra-virtual - 4.15.0.208.191 linux-cloud-tools-lowlatency - 4.15.0.208.191 linux-image-generic-hwe-16.04 - 4.15.0.208.191 linux-image-generic-hwe-16.04-edge - 4.15.0.208.191 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-image-generic-lpae-hwe-16.04 - 4.15.0.208.191 linux-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-signed-generic - 4.15.0.208.191 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.208.191 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.208.191 linux-headers-generic - 4.15.0.208.191 linux-headers-virtual-hwe-16.04 - 4.15.0.208.191 linux-image-virtual-hwe-16.04-edge - 4.15.0.208.191 linux-tools-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-image-virtual-hwe-16.04 - 4.15.0.208.191 linux-headers-virtual - 4.15.0.208.191 linux-signed-lowlatency-hwe-16.04 - 4.15.0.208.191 linux-signed-generic-hwe-16.04 - 4.15.0.208.191 linux-image-generic-lpae - 4.15.0.208.191 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.208.191 linux-signed-lowlatency - 4.15.0.208.191 linux-image-lowlatency - 4.15.0.208.191 No subscription required Medium CVE-2021-3669 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-23455 CVE-2023-23559 CVE-2023-28328 Ubuntu 18.04 LTS It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2022-2196) Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4382) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update Instructions: Run `sudo pro fix USN-5985-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-tools-5.4.0-1046 - 5.4.0-1046.51~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1046.51~18.04.1 linux-ibm-5.4-headers-5.4.0-1046 - 5.4.0-1046.51~18.04.1 linux-modules-extra-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1046.51~18.04.1 linux-image-unsigned-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-modules-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1046.51~18.04.1 linux-buildinfo-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-image-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-headers-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 linux-tools-5.4.0-1046-ibm - 5.4.0-1046.51~18.04.1 No subscription required linux-modules-5.4.0-1082-raspi - 5.4.0-1082.93~18.04.1 linux-buildinfo-5.4.0-1082-raspi - 5.4.0-1082.93~18.04.1 linux-raspi-5.4-tools-5.4.0-1082 - 5.4.0-1082.93~18.04.1 linux-tools-5.4.0-1082-raspi - 5.4.0-1082.93~18.04.1 linux-raspi-5.4-headers-5.4.0-1082 - 5.4.0-1082.93~18.04.1 linux-headers-5.4.0-1082-raspi - 5.4.0-1082.93~18.04.1 linux-image-5.4.0-1082-raspi - 5.4.0-1082.93~18.04.1 No subscription required linux-oracle-5.4-headers-5.4.0-1098 - 5.4.0-1098.107~18.04.1 linux-image-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-modules-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-headers-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-tools-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-modules-extra-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-oracle-5.4-tools-5.4.0-1098 - 5.4.0-1098.107~18.04.1 linux-buildinfo-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 linux-image-unsigned-5.4.0-1098-oracle - 5.4.0-1098.107~18.04.1 No subscription required linux-image-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-modules-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-tools-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-buildinfo-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1099 - 5.4.0-1099.107~18.04.1 linux-aws-5.4-tools-5.4.0-1099 - 5.4.0-1099.107~18.04.1 linux-headers-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-aws-5.4-headers-5.4.0-1099 - 5.4.0-1099.107~18.04.1 linux-cloud-tools-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-image-unsigned-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 linux-modules-extra-5.4.0-1099-aws - 5.4.0-1099.107~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1102 - 5.4.0-1102.111~18.04.2 linux-modules-extra-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-modules-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-buildinfo-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-headers-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-image-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-gcp-5.4-tools-5.4.0-1102 - 5.4.0-1102.111~18.04.2 linux-tools-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 linux-image-unsigned-5.4.0-1102-gcp - 5.4.0-1102.111~18.04.2 No subscription required linux-modules-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-cloud-tools-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-tools-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-headers-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-azure-5.4-tools-5.4.0-1105 - 5.4.0-1105.111~18.04.1 linux-image-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1105 - 5.4.0-1105.111~18.04.1 linux-azure-5.4-headers-5.4.0-1105 - 5.4.0-1105.111~18.04.1 linux-image-unsigned-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-modules-extra-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 linux-buildinfo-5.4.0-1105-azure - 5.4.0-1105.111~18.04.1 No subscription required linux-cloud-tools-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-146.163~18.04.1 linux-image-unsigned-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-buildinfo-5.4.0-146-generic-lpae - 5.4.0-146.163~18.04.1 linux-modules-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-modules-5.4.0-146-generic-lpae - 5.4.0-146.163~18.04.1 linux-image-unsigned-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-image-5.4.0-146-generic-lpae - 5.4.0-146.163~18.04.1 linux-buildinfo-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-modules-extra-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-146.163~18.04.1 linux-tools-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-headers-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-hwe-5.4-tools-5.4.0-146 - 5.4.0-146.163~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-146 - 5.4.0-146.163~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-146.163~18.04.1 linux-buildinfo-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-hwe-5.4-headers-5.4.0-146 - 5.4.0-146.163~18.04.1 linux-headers-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-modules-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-image-5.4.0-146-generic - 5.4.0-146.163~18.04.1 linux-tools-5.4.0-146-generic-lpae - 5.4.0-146.163~18.04.1 linux-headers-5.4.0-146-generic-lpae - 5.4.0-146.163~18.04.1 linux-image-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-cloud-tools-5.4.0-146-lowlatency - 5.4.0-146.163~18.04.1 linux-tools-5.4.0-146-generic - 5.4.0-146.163~18.04.1 No subscription required linux-modules-extra-ibm-edge - 5.4.0.1046.57 linux-ibm-edge - 5.4.0.1046.57 linux-image-ibm - 5.4.0.1046.57 linux-headers-ibm-edge - 5.4.0.1046.57 linux-modules-extra-ibm - 5.4.0.1046.57 linux-tools-ibm-edge - 5.4.0.1046.57 linux-ibm - 5.4.0.1046.57 linux-headers-ibm - 5.4.0.1046.57 linux-tools-ibm - 5.4.0.1046.57 linux-image-ibm-edge - 5.4.0.1046.57 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1082.79 linux-headers-raspi-hwe-18.04 - 5.4.0.1082.79 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1082.79 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1082.79 linux-raspi-hwe-18.04 - 5.4.0.1082.79 linux-image-raspi-hwe-18.04-edge - 5.4.0.1082.79 linux-tools-raspi-hwe-18.04 - 5.4.0.1082.79 linux-raspi-hwe-18.04-edge - 5.4.0.1082.79 No subscription required linux-headers-oracle - 5.4.0.1098.107~18.04.70 linux-tools-oracle - 5.4.0.1098.107~18.04.70 linux-signed-image-oracle - 5.4.0.1098.107~18.04.70 linux-signed-oracle - 5.4.0.1098.107~18.04.70 linux-tools-oracle-edge - 5.4.0.1098.107~18.04.70 linux-oracle-edge - 5.4.0.1098.107~18.04.70 linux-modules-extra-oracle-edge - 5.4.0.1098.107~18.04.70 linux-image-oracle-edge - 5.4.0.1098.107~18.04.70 linux-modules-extra-oracle - 5.4.0.1098.107~18.04.70 linux-signed-oracle-edge - 5.4.0.1098.107~18.04.70 linux-signed-image-oracle-edge - 5.4.0.1098.107~18.04.70 linux-headers-oracle-edge - 5.4.0.1098.107~18.04.70 linux-image-oracle - 5.4.0.1098.107~18.04.70 linux-oracle - 5.4.0.1098.107~18.04.70 No subscription required linux-image-aws - 5.4.0.1099.77 linux-headers-aws - 5.4.0.1099.77 linux-image-aws-edge - 5.4.0.1099.77 linux-aws-edge - 5.4.0.1099.77 linux-aws - 5.4.0.1099.77 linux-headers-aws-edge - 5.4.0.1099.77 linux-modules-extra-aws - 5.4.0.1099.77 linux-tools-aws - 5.4.0.1099.77 linux-modules-extra-aws-edge - 5.4.0.1099.77 linux-tools-aws-edge - 5.4.0.1099.77 No subscription required linux-headers-gcp - 5.4.0.1102.78 linux-image-gcp-edge - 5.4.0.1102.78 linux-tools-gcp-edge - 5.4.0.1102.78 linux-headers-gcp-edge - 5.4.0.1102.78 linux-modules-extra-gcp - 5.4.0.1102.78 linux-modules-extra-gcp-edge - 5.4.0.1102.78 linux-tools-gcp - 5.4.0.1102.78 linux-gcp - 5.4.0.1102.78 linux-image-gcp - 5.4.0.1102.78 linux-gcp-edge - 5.4.0.1102.78 No subscription required linux-signed-azure - 5.4.0.1105.78 linux-tools-azure-edge - 5.4.0.1105.78 linux-cloud-tools-azure - 5.4.0.1105.78 linux-image-azure-edge - 5.4.0.1105.78 linux-cloud-tools-azure-edge - 5.4.0.1105.78 linux-modules-extra-azure - 5.4.0.1105.78 linux-headers-azure - 5.4.0.1105.78 linux-azure - 5.4.0.1105.78 linux-image-azure - 5.4.0.1105.78 linux-signed-image-azure - 5.4.0.1105.78 linux-signed-image-azure-edge - 5.4.0.1105.78 linux-azure-edge - 5.4.0.1105.78 linux-tools-azure - 5.4.0.1105.78 linux-modules-extra-azure-edge - 5.4.0.1105.78 linux-headers-azure-edge - 5.4.0.1105.78 linux-signed-azure-edge - 5.4.0.1105.78 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-headers-snapdragon-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-snapdragon-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-generic-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-oem - 5.4.0.146.163~18.04.117 linux-tools-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-generic-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-lowlatency-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-extra-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-oem-osp1 - 5.4.0.146.163~18.04.117 linux-image-generic-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-snapdragon-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-generic-lpae-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-tools-lowlatency-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-snapdragon-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-generic-lpae-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-lowlatency-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-oem - 5.4.0.146.163~18.04.117 linux-tools-oem-osp1 - 5.4.0.146.163~18.04.117 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-generic-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-generic-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-generic-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-oem - 5.4.0.146.163~18.04.117 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-snapdragon-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-oem-osp1 - 5.4.0.146.163~18.04.117 linux-tools-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-generic-lpae-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-generic-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-oem - 5.4.0.146.163~18.04.117 linux-oem-osp1 - 5.4.0.146.163~18.04.117 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-lowlatency-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-lowlatency-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.146.163~18.04.117 linux-image-virtual-hwe-18.04-edge - 5.4.0.146.163~18.04.117 linux-tools-generic-hwe-18.04 - 5.4.0.146.163~18.04.117 No subscription required Medium CVE-2021-3669 CVE-2022-2196 CVE-2022-4382 CVE-2023-23559 Ubuntu 18.04 LTS Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Update Instructions: Run `sudo pro fix USN-5986-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xserver-xorg-core - 2:1.19.6-1ubuntu4.15 xmir - 2:1.19.6-1ubuntu4.15 xwayland - 2:1.19.6-1ubuntu4.15 xorg-server-source - 2:1.19.6-1ubuntu4.15 xserver-xephyr - 2:1.19.6-1ubuntu4.15 xdmx - 2:1.19.6-1ubuntu4.15 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15 xvfb - 2:1.19.6-1ubuntu4.15 xnest - 2:1.19.6-1ubuntu4.15 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15 xserver-common - 2:1.19.6-1ubuntu4.15 xdmx-tools - 2:1.19.6-1ubuntu4.15 No subscription required xorg-server-source-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 xserver-xorg-dev-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 xserver-xephyr-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 xserver-xorg-legacy-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 xwayland-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 xserver-xorg-core-hwe-18.04 - 2:1.20.8-2ubuntu2.2~18.04.11 No subscription required Medium CVE-2023-1393 Ubuntu 18.04 LTS It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087) Update Instructions: Run `sudo pro fix USN-5988-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xcftools - 1.0.7-6ubuntu0.1 No subscription required Medium CVE-2019-5086 CVE-2019-5087 Ubuntu 18.04 LTS It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-14697) It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928) Update Instructions: Run `sudo pro fix USN-5990-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: musl-dev - 1.1.19-1ubuntu0.1~esm1 musl-tools - 1.1.19-1ubuntu0.1~esm1 musl - 1.1.19-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-14697 CVE-2020-28928 Ubuntu 18.04 LTS It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-5991-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-4.15.0-1147-gcp - 4.15.0-1147.163 linux-gcp-4.15-headers-4.15.0-1147 - 4.15.0-1147.163 linux-gcp-4.15-tools-4.15.0-1147 - 4.15.0-1147.163 linux-buildinfo-4.15.0-1147-gcp - 4.15.0-1147.163 linux-modules-4.15.0-1147-gcp - 4.15.0-1147.163 linux-image-unsigned-4.15.0-1147-gcp - 4.15.0-1147.163 linux-headers-4.15.0-1147-gcp - 4.15.0-1147.163 linux-tools-4.15.0-1147-gcp - 4.15.0-1147.163 linux-image-4.15.0-1147-gcp - 4.15.0-1147.163 No subscription required linux-gcp-lts-18.04 - 4.15.0.1147.161 linux-tools-gcp-lts-18.04 - 4.15.0.1147.161 linux-headers-gcp-lts-18.04 - 4.15.0.1147.161 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1147.161 linux-image-gcp-lts-18.04 - 4.15.0.1147.161 No subscription required Medium CVE-2021-3669 CVE-2022-3424 CVE-2022-36280 CVE-2022-41218 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-23455 CVE-2023-23559 CVE-2023-28328 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980) Update Instructions: Run `sudo pro fix USN-5995-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.12 vim-gnome - 2:8.0.1453-1ubuntu1.12 vim-athena - 2:8.0.1453-1ubuntu1.12 vim-tiny - 2:8.0.1453-1ubuntu1.12 vim-gtk - 2:8.0.1453-1ubuntu1.12 vim-gui-common - 2:8.0.1453-1ubuntu1.12 vim - 2:8.0.1453-1ubuntu1.12 vim-doc - 2:8.0.1453-1ubuntu1.12 xxd - 2:8.0.1453-1ubuntu1.12 vim-runtime - 2:8.0.1453-1ubuntu1.12 vim-gtk3 - 2:8.0.1453-1ubuntu1.12 vim-nox - 2:8.0.1453-1ubuntu1.12 No subscription required Medium CVE-2022-0413 CVE-2022-1629 CVE-2022-1674 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1898 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2183 CVE-2022-2206 CVE-2022-2304 CVE-2022-2344 CVE-2022-2345 CVE-2022-2571 CVE-2022-2581 CVE-2022-2845 CVE-2022-2849 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 Ubuntu 18.04 LTS It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-26767, CVE-2023-26768, CVE-2023-26769) Update Instructions: Run `sudo pro fix USN-5996-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblouis-bin - 3.5.0-1ubuntu0.5 liblouis14 - 3.5.0-1ubuntu0.5 python-louis - 3.5.0-1ubuntu0.5 liblouis-dev - 3.5.0-1ubuntu0.5 python3-louis - 3.5.0-1ubuntu0.5 liblouis-data - 3.5.0-1ubuntu0.5 No subscription required Medium CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 Ubuntu 18.04 LTS It was discovered that IPMItool was not properly checking the data received from a remote LAN party. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-5997-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ipmitool - 1.8.18-5ubuntu0.2 No subscription required Medium CVE-2020-5208 Ubuntu 18.04 LTS It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-17571) It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-23302) It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL statements. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305) It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23307) Update Instructions: Run `sudo pro fix USN-5998-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblog4j1.2-java-doc - 1.2.17-8+deb10u1ubuntu0.2 liblog4j1.2-java - 1.2.17-8+deb10u1ubuntu0.2 No subscription required Medium CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVE-2019-17571 Ubuntu 18.04 LTS It was discovered that trim-newlines incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-33623) Update Instructions: Run `sudo pro fix USN-5999-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-trim-newlines - 1.0.0-1ubuntu0.18.04.1 No subscription required Medium CVE-2021-33623 Ubuntu 18.04 LTS Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed. Update Instructions: Run `sudo pro fix USN-6005-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sudo-ldap - 1.8.21p2-3ubuntu1.6 sudo - 1.8.21p2-3ubuntu1.6 No subscription required Medium CVE-2023-28486 CVE-2023-28487 Ubuntu 18.04 LTS It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6008-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libexo-2-dev - 0.12.2-0ubuntu0.18.04.1+esm1 libexo-helpers - 0.12.2-0ubuntu0.18.04.1+esm1 libexo-common - 0.12.2-0ubuntu0.18.04.1+esm1 libexo-1-0 - 0.12.2-0ubuntu0.18.04.1+esm1 exo-utils - 0.12.2-0ubuntu0.18.04.1+esm1 libexo-1-dev - 0.12.2-0ubuntu0.18.04.1+esm1 libexo-2-0 - 0.12.2-0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-32278 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-29537, CVE-2023-29540, CVE-2023-29543, CVE-2023-29544, CVE-2023-29547, CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551) Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533) Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29535) Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29536) Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-29538) Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. (CVE-2023-29539) Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code. (CVE-2023-29541) Update Instructions: Run `sudo pro fix USN-6010-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 112.0+build2-0ubuntu0.18.04.1 firefox - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 112.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 112.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 112.0+build2-0ubuntu0.18.04.1 firefox-dev - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 112.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 112.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29537 CVE-2023-29538 CVE-2023-29539 CVE-2023-29540 CVE-2023-29541 CVE-2023-29543 CVE-2023-29544 CVE-2023-29547 CVE-2023-29548 CVE-2023-29549 CVE-2023-29550 CVE-2023-29551 Ubuntu 18.04 LTS USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-29537, CVE-2023-29540, CVE-2023-29543, CVE-2023-29544, CVE-2023-29547, CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551) Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533) Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29535) Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29536) Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-29538) Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. (CVE-2023-29539) Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code. (CVE-2023-29541) Update Instructions: Run `sudo pro fix USN-6010-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-szl - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 112.0.1+build1-0ubuntu0.18.04.1 firefox - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 112.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 112.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 112.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 112.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 112.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2016835 Ubuntu 18.04 LTS USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-29537, CVE-2023-29540, CVE-2023-29543, CVE-2023-29544, CVE-2023-29547, CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551) Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533) Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29535) Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29536) Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-29538) Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. (CVE-2023-29539) Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code. (CVE-2023-29541) Update Instructions: Run `sudo pro fix USN-6010-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 112.0.2+build1-0ubuntu0.18.04.1 firefox - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 112.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 112.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 112.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 112.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 112.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2017722 Ubuntu 18.04 LTS It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. (CVE-2021-31684) It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. (CVE-2023-1370) Update Instructions: Run `sudo pro fix USN-6011-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjson-smart-java - 2.2-2ubuntu0.18.04.1 No subscription required Medium CVE-2021-31684 CVE-2023-1370 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-1945, CVE-2023-29548, CVE-2023-29550) Paul Menzel discovered that Thunderbird did not properly validate OCSP revocation status of recipient certificates when sending S/Mime encrypted email. An attacker could potentially exploits this issue to perform spoofing attack. (CVE-2023-0547) Ribose RNP Team discovered that Thunderbird did not properly manage memory when parsing certain OpenPGP messages. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29479) Irvan Kurniawan discovered that Thunderbird did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533) Lukas Bernhard discovered that Thunderbird did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29535) Zx from qriousec discovered that Thunderbird did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-29536) Trung Pham discovered that Thunderbird did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. (CVE-2023-29539) Ameen Basha M K discovered that Thunderbird did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code. (CVE-2023-29541) Update Instructions: Run `sudo pro fix USN-6015-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.10.0+build2-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-dev - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.10.0+build2-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.10.0+build2-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.10.0+build2-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.10.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-0547 CVE-2023-1945 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550 Ubuntu 18.04 LTS It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6016-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-thenify - 3.3.0-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2020-7677 Ubuntu 18.04 LTS Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6017-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.18 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.18 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.18 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.18 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.18 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.18 No subscription required Medium CVE-2023-28879 Ubuntu 18.04 LTS Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege. Update Instructions: Run `sudo pro fix USN-6018-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apport - 2.20.9-0ubuntu7.29 python3-problem-report - 2.20.9-0ubuntu7.29 apport-kde - 2.20.9-0ubuntu7.29 apport-retrace - 2.20.9-0ubuntu7.29 apport-valgrind - 2.20.9-0ubuntu7.29 python3-apport - 2.20.9-0ubuntu7.29 dh-apport - 2.20.9-0ubuntu7.29 apport-gtk - 2.20.9-0ubuntu7.29 apport - 2.20.9-0ubuntu7.29 python-problem-report - 2.20.9-0ubuntu7.29 apport-noui - 2.20.9-0ubuntu7.29 No subscription required Medium CVE-2023-1326 https://launchpad.net/bugs/2016023 Ubuntu 18.04 LTS It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530, CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818) It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1529) It was discovered that Chromium could be made to access memory out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1532, CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820) It was discovered that Chromium contained an inappropriate implementation in the Extensions component. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to bypass file access restrictions via a crafted HTML page. (CVE-2023-1813) It was discovered that Chromium did not properly validate untrusted input in the Safe Browsing component. A remote attacker could possibly use this issue to bypass download checking via a crafted HTML page. (CVE-2023-1814) It was discovered that Chromium contained an inappropriate implementation in the Picture In Picture component. A remote attacker could possibly use this issue to perform navigation spoofing via a crafted HTML page. (CVE-2023-1816) It was discovered that Chromium contained an inappropriate implementation in the WebShare component. A remote attacker could possibly use this issue to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-1821) It was discovered that Chromium contained an inappropriate implementation in the Navigation component. A remote attacker could possibly use this issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822) It was discovered that Chromium contained an inappropriate implementation in the FedCM component. A remote attacker could possibly use this issue to bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823) Update Instructions: Run `sudo pro fix USN-6021-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: chromium-chromedriver - 112.0.5615.49-0ubuntu0.18.04.1 chromium-browser-l10n - 112.0.5615.49-0ubuntu0.18.04.1 chromium-codecs-ffmpeg-extra - 112.0.5615.49-0ubuntu0.18.04.1 chromium-codecs-ffmpeg - 112.0.5615.49-0ubuntu0.18.04.1 chromium-browser - 112.0.5615.49-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-1528 CVE-2023-1530 CVE-2023-1531 CVE-2023-1533 CVE-2023-1811 CVE-2023-1815 CVE-2023-1818 CVE-2023-1529 CVE-2023-1532 CVE-2023-1534 CVE-2023-1810 CVE-2023-1812 CVE-2023-1819 CVE-2023-1820 CVE-2023-1813 CVE-2023-1814 CVE-2023-1816 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 Ubuntu 18.04 LTS It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. (CVE-2018-16657) It was discovered that Kamailio did not properly validate INVITE requests under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. (CVE-2020-27507) Update Instructions: Run `sudo pro fix USN-6022-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kamailio-radius-modules - 5.1.2-1ubuntu2+esm1 kamailio-lua-modules - 5.1.2-1ubuntu2+esm1 kamailio-postgres-modules - 5.1.2-1ubuntu2+esm1 kamailio-perl-modules - 5.1.2-1ubuntu2+esm1 kamailio-mysql-modules - 5.1.2-1ubuntu2+esm1 kamailio-utils-modules - 5.1.2-1ubuntu2+esm1 kamailio-extra-modules - 5.1.2-1ubuntu2+esm1 kamailio - 5.1.2-1ubuntu2+esm1 kamailio-cpl-modules - 5.1.2-1ubuntu2+esm1 kamailio-mono-modules - 5.1.2-1ubuntu2+esm1 kamailio-kazoo-modules - 5.1.2-1ubuntu2+esm1 kamailio-rabbitmq-modules - 5.1.2-1ubuntu2+esm1 kamailio-cnxcc-modules - 5.1.2-1ubuntu2+esm1 kamailio-snmpstats-modules - 5.1.2-1ubuntu2+esm1 kamailio-carrierroute-modules - 5.1.2-1ubuntu2+esm1 kamailio-tls-modules - 5.1.2-1ubuntu2+esm1 kamailio-xmpp-modules - 5.1.2-1ubuntu2+esm1 kamailio-presence-modules - 5.1.2-1ubuntu2+esm1 kamailio-json-modules - 5.1.2-1ubuntu2+esm1 kamailio-sctp-modules - 5.1.2-1ubuntu2+esm1 kamailio-mongodb-modules - 5.1.2-1ubuntu2+esm1 kamailio-geoip-modules - 5.1.2-1ubuntu2+esm1 kamailio-sqlite-modules - 5.1.2-1ubuntu2+esm1 kamailio-ldap-modules - 5.1.2-1ubuntu2+esm1 kamailio-websocket-modules - 5.1.2-1ubuntu2+esm1 kamailio-ims-modules - 5.1.2-1ubuntu2+esm1 kamailio-phonenum-modules - 5.1.2-1ubuntu2+esm1 kamailio-redis-modules - 5.1.2-1ubuntu2+esm1 kamailio-erlang-modules - 5.1.2-1ubuntu2+esm1 kamailio-autheph-modules - 5.1.2-1ubuntu2+esm1 kamailio-outbound-modules - 5.1.2-1ubuntu2+esm1 kamailio-python-modules - 5.1.2-1ubuntu2+esm1 kamailio-systemd-modules - 5.1.2-1ubuntu2+esm1 kamailio-berkeley-modules - 5.1.2-1ubuntu2+esm1 kamailio-geoip2-modules - 5.1.2-1ubuntu2+esm1 kamailio-unixodbc-modules - 5.1.2-1ubuntu2+esm1 kamailio-xml-modules - 5.1.2-1ubuntu2+esm1 kamailio-berkeley-bin - 5.1.2-1ubuntu2+esm1 kamailio-memcached-modules - 5.1.2-1ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-16657 CVE-2020-27507 Ubuntu 18.04 LTS It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. Update Instructions: Run `sudo pro fix USN-6023-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libreoffice-nlpsolver - 0.9+LibO6.0.7-0ubuntu0.18.04.13 No subscription required libreoffice-mysql-connector - 1.0.2+LibO6.0.7-0ubuntu0.18.04.13 No subscription required libreoffice-wiki-publisher - 1.2.0+LibO6.0.7-0ubuntu0.18.04.13 No subscription required libreoffice-impress - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-evolution - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-dev-common - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-librelogo - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-java-common - 1:6.0.7-0ubuntu0.18.04.13 gir1.2-lokdocview-0.1 - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-subsequentcheckbase - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-elementary - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-officebean - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-kde - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-base - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-galaxy - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-hicontrast - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-breeze - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-core - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-script-provider-bsh - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-avmedia-backend-gstreamer - 1:6.0.7-0ubuntu0.18.04.13 libreofficekit-dev - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-script-provider-python - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-common - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-gnome - 1:6.0.7-0ubuntu0.18.04.13 libreofficekit-data - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-kde4 - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-dev - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-gtk3 - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-report-builder - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-pdfimport - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-base-core - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-math - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-ogltrans - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-sdbc-hsqldb - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-gtk - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-systray - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-calc - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-base-drivers - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-oxygen - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-tango - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-human - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-sdbc-firebird - 1:6.0.7-0ubuntu0.18.04.13 python3-uno - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-gtk2 - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-writer - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-report-builder-bin - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-dev-doc - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-script-provider-js - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-l10n-za - 1:6.0.7-0ubuntu0.18.04.13 libreoffice - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-draw - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-style-sifr - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-sdbc-postgresql - 1:6.0.7-0ubuntu0.18.04.13 liblibreofficekitgtk - 1:6.0.7-0ubuntu0.18.04.13 libreoffice-l10n-in - 1:6.0.7-0ubuntu0.18.04.13 No subscription required fonts-opensymbol - 2:102.10+LibO6.0.7-0ubuntu0.18.04.13 No subscription required uno-libs3 - 6.0.7-0ubuntu0.18.04.13 ure - 6.0.7-0ubuntu0.18.04.13 No subscription required Low CVE-2022-38745 Ubuntu 18.04 LTS It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192) It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554) It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629) It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685) It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714) It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729) It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207) Update Instructions: Run `sudo pro fix USN-6026-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.13 vim-gnome - 2:8.0.1453-1ubuntu1.13 vim-athena - 2:8.0.1453-1ubuntu1.13 vim-tiny - 2:8.0.1453-1ubuntu1.13 vim-gtk - 2:8.0.1453-1ubuntu1.13 vim-gui-common - 2:8.0.1453-1ubuntu1.13 vim - 2:8.0.1453-1ubuntu1.13 vim-doc - 2:8.0.1453-1ubuntu1.13 xxd - 2:8.0.1453-1ubuntu1.13 vim-runtime - 2:8.0.1453-1ubuntu1.13 vim-gtk3 - 2:8.0.1453-1ubuntu1.13 vim-nox - 2:8.0.1453-1ubuntu1.13 No subscription required Medium CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0443 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729 CVE-2022-2207 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3108) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-4129) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) Update Instructions: Run `sudo pro fix USN-6027-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1047 - 5.4.0-1047.52~18.04.1 linux-modules-extra-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-ibm-5.4-tools-5.4.0-1047 - 5.4.0-1047.52~18.04.1 linux-headers-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-image-unsigned-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-buildinfo-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-modules-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-tools-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-image-5.4.0-1047-ibm - 5.4.0-1047.52~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1047.52~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1047.52~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1047.52~18.04.1 No subscription required linux-tools-5.4.0-1083-raspi - 5.4.0-1083.94~18.04.1 linux-modules-5.4.0-1083-raspi - 5.4.0-1083.94~18.04.1 linux-raspi-5.4-tools-5.4.0-1083 - 5.4.0-1083.94~18.04.1 linux-headers-5.4.0-1083-raspi - 5.4.0-1083.94~18.04.1 linux-buildinfo-5.4.0-1083-raspi - 5.4.0-1083.94~18.04.1 linux-image-5.4.0-1083-raspi - 5.4.0-1083.94~18.04.1 linux-raspi-5.4-headers-5.4.0-1083 - 5.4.0-1083.94~18.04.1 No subscription required linux-modules-extra-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-oracle-5.4-headers-5.4.0-1099 - 5.4.0-1099.108~18.04.1 linux-tools-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-image-unsigned-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-headers-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-oracle-5.4-tools-5.4.0-1099 - 5.4.0-1099.108~18.04.1 linux-image-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-modules-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 linux-buildinfo-5.4.0-1099-oracle - 5.4.0-1099.108~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1100 - 5.4.0-1100.108~18.04.1 linux-buildinfo-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-aws-5.4-tools-5.4.0-1100 - 5.4.0-1100.108~18.04.1 linux-tools-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-cloud-tools-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-image-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-headers-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-image-unsigned-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-modules-extra-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-modules-5.4.0-1100-aws - 5.4.0-1100.108~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1100 - 5.4.0-1100.108~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1103 - 5.4.0-1103.112~18.04.1 linux-image-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-headers-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-modules-extra-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-buildinfo-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-gcp-5.4-tools-5.4.0-1103 - 5.4.0-1103.112~18.04.1 linux-image-unsigned-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-tools-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 linux-modules-5.4.0-1103-gcp - 5.4.0-1103.112~18.04.1 No subscription required linux-headers-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-tools-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-azure-5.4-tools-5.4.0-1106 - 5.4.0-1106.112~18.04.1 linux-azure-5.4-headers-5.4.0-1106 - 5.4.0-1106.112~18.04.1 linux-cloud-tools-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-modules-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-image-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-image-unsigned-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1106 - 5.4.0-1106.112~18.04.1 linux-modules-extra-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 linux-buildinfo-5.4.0-1106-azure - 5.4.0-1106.112~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-147.164~18.04.1 linux-tools-5.4.0-147-generic-lpae - 5.4.0-147.164~18.04.1 linux-image-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-modules-5.4.0-147-generic-lpae - 5.4.0-147.164~18.04.1 linux-headers-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-image-5.4.0-147-generic-lpae - 5.4.0-147.164~18.04.1 linux-image-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-image-unsigned-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-image-unsigned-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-hwe-5.4-tools-5.4.0-147 - 5.4.0-147.164~18.04.1 linux-headers-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-buildinfo-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-buildinfo-5.4.0-147-generic-lpae - 5.4.0-147.164~18.04.1 linux-tools-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-147.164~18.04.1 linux-modules-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-buildinfo-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-tools-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-147 - 5.4.0-147.164~18.04.1 linux-modules-extra-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-cloud-tools-5.4.0-147-generic - 5.4.0-147.164~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-147.164~18.04.1 linux-hwe-5.4-headers-5.4.0-147 - 5.4.0-147.164~18.04.1 linux-headers-5.4.0-147-generic-lpae - 5.4.0-147.164~18.04.1 linux-cloud-tools-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 linux-modules-5.4.0-147-lowlatency - 5.4.0-147.164~18.04.1 No subscription required linux-modules-extra-ibm-edge - 5.4.0.1047.58 linux-modules-extra-ibm - 5.4.0.1047.58 linux-image-ibm - 5.4.0.1047.58 linux-tools-ibm-edge - 5.4.0.1047.58 linux-ibm - 5.4.0.1047.58 linux-headers-ibm-edge - 5.4.0.1047.58 linux-ibm-edge - 5.4.0.1047.58 linux-headers-ibm - 5.4.0.1047.58 linux-tools-ibm - 5.4.0.1047.58 linux-image-ibm-edge - 5.4.0.1047.58 No subscription required linux-image-raspi-hwe-18.04 - 5.4.0.1083.80 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1083.80 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1083.80 linux-raspi-hwe-18.04 - 5.4.0.1083.80 linux-raspi-hwe-18.04-edge - 5.4.0.1083.80 linux-image-raspi-hwe-18.04-edge - 5.4.0.1083.80 linux-tools-raspi-hwe-18.04 - 5.4.0.1083.80 linux-headers-raspi-hwe-18.04 - 5.4.0.1083.80 No subscription required linux-headers-oracle - 5.4.0.1099.108~18.04.71 linux-signed-image-oracle - 5.4.0.1099.108~18.04.71 linux-signed-oracle - 5.4.0.1099.108~18.04.71 linux-tools-oracle-edge - 5.4.0.1099.108~18.04.71 linux-oracle-edge - 5.4.0.1099.108~18.04.71 linux-modules-extra-oracle-edge - 5.4.0.1099.108~18.04.71 linux-image-oracle-edge - 5.4.0.1099.108~18.04.71 linux-oracle - 5.4.0.1099.108~18.04.71 linux-modules-extra-oracle - 5.4.0.1099.108~18.04.71 linux-signed-oracle-edge - 5.4.0.1099.108~18.04.71 linux-signed-image-oracle-edge - 5.4.0.1099.108~18.04.71 linux-headers-oracle-edge - 5.4.0.1099.108~18.04.71 linux-image-oracle - 5.4.0.1099.108~18.04.71 linux-tools-oracle - 5.4.0.1099.108~18.04.71 No subscription required linux-headers-aws - 5.4.0.1100.78 linux-image-aws - 5.4.0.1100.78 linux-modules-extra-aws-edge - 5.4.0.1100.78 linux-image-aws-edge - 5.4.0.1100.78 linux-aws-edge - 5.4.0.1100.78 linux-aws - 5.4.0.1100.78 linux-headers-aws-edge - 5.4.0.1100.78 linux-modules-extra-aws - 5.4.0.1100.78 linux-tools-aws - 5.4.0.1100.78 linux-tools-aws-edge - 5.4.0.1100.78 No subscription required linux-image-gcp-edge - 5.4.0.1103.79 linux-tools-gcp-edge - 5.4.0.1103.79 linux-headers-gcp-edge - 5.4.0.1103.79 linux-modules-extra-gcp - 5.4.0.1103.79 linux-tools-gcp - 5.4.0.1103.79 linux-modules-extra-gcp-edge - 5.4.0.1103.79 linux-gcp - 5.4.0.1103.79 linux-headers-gcp - 5.4.0.1103.79 linux-image-gcp - 5.4.0.1103.79 linux-gcp-edge - 5.4.0.1103.79 No subscription required linux-tools-azure-edge - 5.4.0.1106.79 linux-cloud-tools-azure - 5.4.0.1106.79 linux-tools-azure - 5.4.0.1106.79 linux-image-azure-edge - 5.4.0.1106.79 linux-signed-azure - 5.4.0.1106.79 linux-signed-image-azure-edge - 5.4.0.1106.79 linux-image-azure - 5.4.0.1106.79 linux-cloud-tools-azure-edge - 5.4.0.1106.79 linux-signed-azure-edge - 5.4.0.1106.79 linux-modules-extra-azure - 5.4.0.1106.79 linux-azure - 5.4.0.1106.79 linux-signed-image-azure - 5.4.0.1106.79 linux-headers-azure-edge - 5.4.0.1106.79 linux-azure-edge - 5.4.0.1106.79 linux-modules-extra-azure-edge - 5.4.0.1106.79 linux-headers-azure - 5.4.0.1106.79 No subscription required linux-headers-snapdragon-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-generic-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-snapdragon-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-snapdragon-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-oem - 5.4.0.147.164~18.04.118 linux-tools-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-tools-lowlatency-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-oem-osp1 - 5.4.0.147.164~18.04.118 linux-headers-lowlatency-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-lowlatency-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-extra-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-oem - 5.4.0.147.164~18.04.118 linux-image-oem-osp1 - 5.4.0.147.164~18.04.118 linux-snapdragon-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-generic-lpae-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-generic-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-snapdragon-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-generic-lpae-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-tools-oem-osp1 - 5.4.0.147.164~18.04.118 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-oem - 5.4.0.147.164~18.04.118 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-generic-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-generic-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-generic-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-headers-oem-osp1 - 5.4.0.147.164~18.04.118 linux-tools-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-generic-lpae-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-generic-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-tools-oem - 5.4.0.147.164~18.04.118 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-lowlatency-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-lowlatency-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-generic-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.147.164~18.04.118 linux-image-generic-hwe-18.04-edge - 5.4.0.147.164~18.04.118 linux-image-virtual-hwe-18.04-edge - 5.4.0.147.164~18.04.118 No subscription required High CVE-2022-3108 CVE-2022-3903 CVE-2022-4129 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-26545 Ubuntu 18.04 LTS It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2023-28484) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2023-29469) Update Instructions: Run `sudo pro fix USN-6028-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.9 libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.9 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.9 No subscription required Medium CVE-2023-28484 CVE-2023-29469 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) Update Instructions: Run `sudo pro fix USN-6029-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-dell300x-headers-4.15.0-1063 - 4.15.0-1063.68 linux-buildinfo-4.15.0-1063-dell300x - 4.15.0-1063.68 linux-tools-4.15.0-1063-dell300x - 4.15.0-1063.68 linux-dell300x-tools-4.15.0-1063 - 4.15.0-1063.68 linux-headers-4.15.0-1063-dell300x - 4.15.0-1063.68 linux-image-unsigned-4.15.0-1063-dell300x - 4.15.0-1063.68 linux-modules-4.15.0-1063-dell300x - 4.15.0-1063.68 linux-image-4.15.0-1063-dell300x - 4.15.0-1063.68 No subscription required linux-buildinfo-4.15.0-1117-oracle - 4.15.0-1117.128 linux-headers-4.15.0-1117-oracle - 4.15.0-1117.128 linux-image-4.15.0-1117-oracle - 4.15.0-1117.128 linux-oracle-headers-4.15.0-1117 - 4.15.0-1117.128 linux-oracle-tools-4.15.0-1117 - 4.15.0-1117.128 linux-modules-extra-4.15.0-1117-oracle - 4.15.0-1117.128 linux-tools-4.15.0-1117-oracle - 4.15.0-1117.128 linux-image-unsigned-4.15.0-1117-oracle - 4.15.0-1117.128 linux-modules-4.15.0-1117-oracle - 4.15.0-1117.128 No subscription required linux-modules-4.15.0-1130-raspi2 - 4.15.0-1130.138 linux-tools-4.15.0-1130-raspi2 - 4.15.0-1130.138 linux-image-4.15.0-1130-raspi2 - 4.15.0-1130.138 linux-headers-4.15.0-1130-raspi2 - 4.15.0-1130.138 linux-raspi2-headers-4.15.0-1130 - 4.15.0-1130.138 linux-buildinfo-4.15.0-1130-raspi2 - 4.15.0-1130.138 linux-raspi2-tools-4.15.0-1130 - 4.15.0-1130.138 No subscription required linux-buildinfo-4.15.0-1138-kvm - 4.15.0-1138.143 linux-headers-4.15.0-1138-kvm - 4.15.0-1138.143 linux-kvm-headers-4.15.0-1138 - 4.15.0-1138.143 linux-image-4.15.0-1138-kvm - 4.15.0-1138.143 linux-tools-4.15.0-1138-kvm - 4.15.0-1138.143 linux-kvm-tools-4.15.0-1138 - 4.15.0-1138.143 linux-modules-4.15.0-1138-kvm - 4.15.0-1138.143 No subscription required linux-modules-extra-4.15.0-1148-gcp - 4.15.0-1148.164 linux-buildinfo-4.15.0-1148-gcp - 4.15.0-1148.164 linux-tools-4.15.0-1148-gcp - 4.15.0-1148.164 linux-image-unsigned-4.15.0-1148-gcp - 4.15.0-1148.164 linux-gcp-4.15-headers-4.15.0-1148 - 4.15.0-1148.164 linux-image-4.15.0-1148-gcp - 4.15.0-1148.164 linux-headers-4.15.0-1148-gcp - 4.15.0-1148.164 linux-modules-4.15.0-1148-gcp - 4.15.0-1148.164 linux-gcp-4.15-tools-4.15.0-1148 - 4.15.0-1148.164 No subscription required linux-aws-headers-4.15.0-1154 - 4.15.0-1154.167 linux-cloud-tools-4.15.0-1154-aws - 4.15.0-1154.167 linux-modules-extra-4.15.0-1154-aws - 4.15.0-1154.167 linux-aws-cloud-tools-4.15.0-1154 - 4.15.0-1154.167 linux-tools-4.15.0-1154-aws - 4.15.0-1154.167 linux-headers-4.15.0-1154-aws - 4.15.0-1154.167 linux-image-4.15.0-1154-aws - 4.15.0-1154.167 linux-buildinfo-4.15.0-1154-aws - 4.15.0-1154.167 linux-image-unsigned-4.15.0-1154-aws - 4.15.0-1154.167 linux-aws-tools-4.15.0-1154 - 4.15.0-1154.167 linux-modules-4.15.0-1154-aws - 4.15.0-1154.167 No subscription required linux-image-unsigned-4.15.0-1163-azure - 4.15.0-1163.178 linux-tools-4.15.0-1163-azure - 4.15.0-1163.178 linux-azure-4.15-headers-4.15.0-1163 - 4.15.0-1163.178 linux-azure-4.15-cloud-tools-4.15.0-1163 - 4.15.0-1163.178 linux-image-4.15.0-1163-azure - 4.15.0-1163.178 linux-buildinfo-4.15.0-1163-azure - 4.15.0-1163.178 linux-modules-4.15.0-1163-azure - 4.15.0-1163.178 linux-azure-4.15-tools-4.15.0-1163 - 4.15.0-1163.178 linux-headers-4.15.0-1163-azure - 4.15.0-1163.178 linux-cloud-tools-4.15.0-1163-azure - 4.15.0-1163.178 linux-modules-extra-4.15.0-1163-azure - 4.15.0-1163.178 No subscription required linux-tools-common - 4.15.0-209.220 linux-buildinfo-4.15.0-209-lowlatency - 4.15.0-209.220 linux-tools-host - 4.15.0-209.220 linux-tools-4.15.0-209 - 4.15.0-209.220 linux-doc - 4.15.0-209.220 linux-cloud-tools-4.15.0-209 - 4.15.0-209.220 linux-headers-4.15.0-209-lowlatency - 4.15.0-209.220 linux-headers-4.15.0-209-generic-lpae - 4.15.0-209.220 linux-tools-4.15.0-209-generic-lpae - 4.15.0-209.220 linux-tools-4.15.0-209-generic - 4.15.0-209.220 linux-libc-dev - 4.15.0-209.220 linux-image-unsigned-4.15.0-209-generic - 4.15.0-209.220 linux-image-4.15.0-209-lowlatency - 4.15.0-209.220 linux-tools-4.15.0-209-lowlatency - 4.15.0-209.220 linux-image-unsigned-4.15.0-209-lowlatency - 4.15.0-209.220 linux-modules-extra-4.15.0-209-generic - 4.15.0-209.220 linux-modules-4.15.0-209-generic-lpae - 4.15.0-209.220 linux-modules-4.15.0-209-generic - 4.15.0-209.220 linux-modules-4.15.0-209-lowlatency - 4.15.0-209.220 linux-cloud-tools-common - 4.15.0-209.220 linux-image-4.15.0-209-generic-lpae - 4.15.0-209.220 linux-buildinfo-4.15.0-209-generic - 4.15.0-209.220 linux-image-4.15.0-209-generic - 4.15.0-209.220 linux-headers-4.15.0-209-generic - 4.15.0-209.220 linux-source-4.15.0 - 4.15.0-209.220 linux-buildinfo-4.15.0-209-generic-lpae - 4.15.0-209.220 linux-cloud-tools-4.15.0-209-lowlatency - 4.15.0-209.220 linux-cloud-tools-4.15.0-209-generic - 4.15.0-209.220 linux-headers-4.15.0-209 - 4.15.0-209.220 No subscription required linux-tools-dell300x - 4.15.0.1063.62 linux-headers-dell300x - 4.15.0.1063.62 linux-image-dell300x - 4.15.0.1063.62 linux-dell300x - 4.15.0.1063.62 No subscription required linux-oracle-lts-18.04 - 4.15.0.1117.122 linux-image-oracle-lts-18.04 - 4.15.0.1117.122 linux-signed-image-oracle-lts-18.04 - 4.15.0.1117.122 linux-tools-oracle-lts-18.04 - 4.15.0.1117.122 linux-signed-oracle-lts-18.04 - 4.15.0.1117.122 linux-headers-oracle-lts-18.04 - 4.15.0.1117.122 No subscription required linux-headers-raspi2 - 4.15.0.1130.125 linux-raspi2 - 4.15.0.1130.125 linux-image-raspi2 - 4.15.0.1130.125 linux-tools-raspi2 - 4.15.0.1130.125 No subscription required linux-kvm - 4.15.0.1138.129 linux-headers-kvm - 4.15.0.1138.129 linux-tools-kvm - 4.15.0.1138.129 linux-image-kvm - 4.15.0.1138.129 No subscription required linux-gcp-lts-18.04 - 4.15.0.1148.162 linux-tools-gcp-lts-18.04 - 4.15.0.1148.162 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1148.162 linux-image-gcp-lts-18.04 - 4.15.0.1148.162 linux-headers-gcp-lts-18.04 - 4.15.0.1148.162 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1154.152 linux-headers-aws-lts-18.04 - 4.15.0.1154.152 linux-aws-lts-18.04 - 4.15.0.1154.152 linux-modules-extra-aws-lts-18.04 - 4.15.0.1154.152 linux-tools-aws-lts-18.04 - 4.15.0.1154.152 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1163.131 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1163.131 linux-headers-azure-lts-18.04 - 4.15.0.1163.131 linux-signed-image-azure-lts-18.04 - 4.15.0.1163.131 linux-tools-azure-lts-18.04 - 4.15.0.1163.131 linux-azure-lts-18.04 - 4.15.0.1163.131 linux-signed-azure-lts-18.04 - 4.15.0.1163.131 linux-image-azure-lts-18.04 - 4.15.0.1163.131 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-cloud-tools-virtual - 4.15.0.209.192 linux-headers-generic-lpae - 4.15.0.209.192 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-image-extra-virtual-hwe-16.04 - 4.15.0.209.192 linux-image-virtual - 4.15.0.209.192 linux-image-generic - 4.15.0.209.192 linux-tools-lowlatency - 4.15.0.209.192 linux-tools-generic-hwe-16.04-edge - 4.15.0.209.192 linux-headers-generic-hwe-16.04-edge - 4.15.0.209.192 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.209.192 linux-generic-lpae-hwe-16.04 - 4.15.0.209.192 linux-tools-generic-hwe-16.04 - 4.15.0.209.192 linux-tools-virtual-hwe-16.04 - 4.15.0.209.192 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-generic-lpae-hwe-16.04-edge - 4.15.0.209.192 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.209.192 linux-signed-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-crashdump - 4.15.0.209.192 linux-signed-image-generic - 4.15.0.209.192 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-lowlatency - 4.15.0.209.192 linux-source - 4.15.0.209.192 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.209.192 linux-tools-generic-lpae - 4.15.0.209.192 linux-cloud-tools-generic - 4.15.0.209.192 linux-generic-hwe-16.04-edge - 4.15.0.209.192 linux-virtual - 4.15.0.209.192 linux-headers-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.209.192 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.209.192 linux-tools-virtual - 4.15.0.209.192 linux-signed-generic-hwe-16.04-edge - 4.15.0.209.192 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-generic-lpae - 4.15.0.209.192 linux-generic - 4.15.0.209.192 linux-signed-image-generic-hwe-16.04 - 4.15.0.209.192 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.209.192 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-headers-lowlatency - 4.15.0.209.192 linux-headers-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-headers-generic-hwe-16.04 - 4.15.0.209.192 linux-generic-hwe-16.04 - 4.15.0.209.192 linux-tools-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.209.192 linux-virtual-hwe-16.04 - 4.15.0.209.192 linux-image-extra-virtual - 4.15.0.209.192 linux-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-tools-generic - 4.15.0.209.192 linux-cloud-tools-lowlatency - 4.15.0.209.192 linux-image-generic-hwe-16.04 - 4.15.0.209.192 linux-image-generic-hwe-16.04-edge - 4.15.0.209.192 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-signed-image-lowlatency - 4.15.0.209.192 linux-image-generic-lpae-hwe-16.04 - 4.15.0.209.192 linux-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-tools-lowlatency-hwe-16.04 - 4.15.0.209.192 linux-signed-generic - 4.15.0.209.192 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.209.192 linux-headers-generic - 4.15.0.209.192 linux-image-generic-lpae - 4.15.0.209.192 linux-image-virtual-hwe-16.04-edge - 4.15.0.209.192 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.209.192 linux-image-virtual-hwe-16.04 - 4.15.0.209.192 linux-headers-virtual - 4.15.0.209.192 linux-signed-generic-hwe-16.04 - 4.15.0.209.192 linux-headers-virtual-hwe-16.04 - 4.15.0.209.192 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.209.192 linux-signed-lowlatency - 4.15.0.209.192 linux-image-lowlatency - 4.15.0.209.192 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.209.192 No subscription required High CVE-2022-3903 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-26545 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545) Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328) Update Instructions: Run `sudo pro fix USN-6030-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-tools-4.15.0-1148-snapdragon - 4.15.0-1148.158 linux-buildinfo-4.15.0-1148-snapdragon - 4.15.0-1148.158 linux-image-4.15.0-1148-snapdragon - 4.15.0-1148.158 linux-modules-4.15.0-1148-snapdragon - 4.15.0-1148.158 linux-snapdragon-tools-4.15.0-1148 - 4.15.0-1148.158 linux-headers-4.15.0-1148-snapdragon - 4.15.0-1148.158 linux-snapdragon-headers-4.15.0-1148 - 4.15.0-1148.158 No subscription required linux-headers-snapdragon - 4.15.0.1148.147 linux-snapdragon - 4.15.0.1148.147 linux-image-snapdragon - 4.15.0.1148.147 linux-tools-snapdragon - 4.15.0.1148.147 No subscription required High CVE-2021-3669 CVE-2022-3424 CVE-2022-36280 CVE-2022-3903 CVE-2022-41218 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-23455 CVE-2023-23559 CVE-2023-26545 CVE-2023-28328 Ubuntu 18.04 LTS It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP. Update Instructions: Run `sudo pro fix USN-6034-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.79-1ubuntu0.7 dnsmasq-base-lua - 2.79-1ubuntu0.7 dnsmasq-utils - 2.79-1ubuntu0.7 dnsmasq-base - 2.79-1ubuntu0.7 No subscription required Low CVE-2023-28450 Ubuntu 18.04 LTS It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6035-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libkf5auth-data - 5.44.0-0ubuntu1+esm1 libkf5auth-bin-dev - 5.44.0-0ubuntu1+esm1 libkf5auth-dev - 5.44.0-0ubuntu1+esm1 libkf5auth5 - 5.44.0-0ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-7443 Ubuntu 18.04 LTS ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client. Update Instructions: Run `sudo pro fix USN-6037-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcommons-net-java-doc - 3.6-1+deb11u1build0.18.04.1 libcommons-net-java - 3.6-1+deb11u1build0.18.04.1 No subscription required Medium CVE-2021-37533 Ubuntu 18.04 LTS It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-1705) It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715, CVE-2022-41717, CVE-2023-24534, CVE-2023-24537) It was discovered that Go did not properly implemented the maximum size of file headers in Reader.Read. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-2879) It was discovered that the Go net/http module incorrectly handled query parameters in requests forwarded by ReverseProxy. A remote attacker could possibly use this issue to perform an HTTP Query Parameter Smuggling attack. (CVE-2022-2880) It was discovered that Go did not properly manage the permissions for Faccessat function. A attacker could possibly use this issue to expose sensitive information. (CVE-2022-29526) It was discovered that Go did not properly generate the values for ticket_age_add in session tickets. An attacker could possibly use this issue to observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629) It was discovered that Go did not properly manage client IP addresses in net/http. An attacker could possibly use this issue to cause ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148) It was discovered that Go did not properly validate backticks (`) as Javascript string delimiters, and do not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. (CVE-2023-24538) Update Instructions: Run `sudo pro fix USN-6038-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.18-go - 1.18.1-1ubuntu1~18.04.4 golang-1.18-src - 1.18.1-1ubuntu1~18.04.4 golang-1.18 - 1.18.1-1ubuntu1~18.04.4 golang-1.18-doc - 1.18.1-1ubuntu1~18.04.4 No subscription required Medium CVE-2022-1705 CVE-2022-1962 CVE-2022-27664 CVE-2022-28131 CVE-2022-2879 CVE-2022-2880 CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVE-2022-41715 CVE-2022-41717 CVE-2023-24534 CVE-2023-24537 CVE-2023-24538 Ubuntu 18.04 LTS USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-1705) It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715, CVE-2022-41717, CVE-2023-24534, CVE-2023-24537) It was discovered that Go did not properly implemented the maximum size of file headers in Reader.Read. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2022-2879) It was discovered that the Go net/http module incorrectly handled query parameters in requests forwarded by ReverseProxy. A remote attacker could possibly use this issue to perform an HTTP Query Parameter Smuggling attack. (CVE-2022-2880) It was discovered that Go did not properly manage the permissions for Faccessat function. A attacker could possibly use this issue to expose sensitive information. (CVE-2022-29526) It was discovered that Go did not properly generate the values for ticket_age_add in session tickets. An attacker could possibly use this issue to observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629) It was discovered that Go did not properly manage client IP addresses in net/http. An attacker could possibly use this issue to cause ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148) It was discovered that Go did not properly validate backticks (`) as Javascript string delimiters, and do not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. (CVE-2023-24538) Update Instructions: Run `sudo pro fix USN-6038-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-1.13 - 1.13.8-1ubuntu1~18.04.4+esm1 golang-1.13-doc - 1.13.8-1ubuntu1~18.04.4+esm1 golang-1.13-go - 1.13.8-1ubuntu1~18.04.4+esm1 golang-1.13-src - 1.13.8-1ubuntu1~18.04.4+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro golang-1.16 - 1.16.2-0ubuntu1~18.04.2+esm1 golang-1.16-doc - 1.16.2-0ubuntu1~18.04.2+esm1 golang-1.16-go - 1.16.2-0ubuntu1~18.04.2+esm1 golang-1.16-src - 1.16.2-0ubuntu1~18.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-1705 CVE-2022-27664 CVE-2022-28131 CVE-2022-2879 CVE-2022-2880 CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVE-2022-41717 CVE-2023-24534 CVE-2023-24537 CVE-2023-24538 Ubuntu 18.04 LTS It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3996) David Benjamin discovered that OpenSSL was not properly performing the verification of X.509 certificate chains that include policy constraints, which could lead to excessive resource consumption. If a user or automated system were tricked into processing a specially crafted X.509 certificate chain that includes policy constraints, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0464) David Benjamin discovered that OpenSSL was not properly handling invalid certificate policies in leaf certificates, which would result in certain policy checks being skipped for the certificate. If a user or automated system were tricked into processing a specially crafted certificate, a remote attacker could possibly use this issue to assert invalid certificate policies and circumvent policy checking. (CVE-2023-0465) David Benjamin discovered that OpenSSL incorrectly documented the functionalities of function X509_VERIFY_PARAM_add0_policy, stating that it would implicitly enable certificate policy checks when doing certificate verifications, contrary to its implementation. This could cause users and applications to not perform certificate policy checks even when expected to do so. (CVE-2023-0466) Update Instructions: Run `sudo pro fix USN-6039-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.12 libssl1.0-dev - 1.0.2n-1ubuntu5.12 openssl1.0 - 1.0.2n-1ubuntu5.12 No subscription required libssl-dev - 1.1.1-1ubuntu2.1~18.04.22 openssl - 1.1.1-1ubuntu2.1~18.04.22 libssl-doc - 1.1.1-1ubuntu2.1~18.04.22 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.22 No subscription required Low CVE-2022-3996 CVE-2023-0464 CVE-2023-0466 Ubuntu 18.04 LTS James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Update Instructions: Run `sudo pro fix USN-6042-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cloud-init - 23.1.2-0ubuntu0~18.04.1 No subscription required Medium CVE-2023-1786 https://bugs.launchpad.net/cloud-init/+bug/2013967 Ubuntu 18.04 LTS It was discovered that OpenSSL-ibmca incorrectly handled certain RSA decryption. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6046-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssl-ibmca - 1.4.1-0ubuntu1.2 No subscription required None https://launchpad.net/bugs/2015454 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6047-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-4.15.0-1118-oracle - 4.15.0-1118.129 linux-headers-4.15.0-1118-oracle - 4.15.0-1118.129 linux-buildinfo-4.15.0-1118-oracle - 4.15.0-1118.129 linux-tools-4.15.0-1118-oracle - 4.15.0-1118.129 linux-oracle-tools-4.15.0-1118 - 4.15.0-1118.129 linux-oracle-headers-4.15.0-1118 - 4.15.0-1118.129 linux-modules-extra-4.15.0-1118-oracle - 4.15.0-1118.129 linux-modules-4.15.0-1118-oracle - 4.15.0-1118.129 linux-image-unsigned-4.15.0-1118-oracle - 4.15.0-1118.129 No subscription required linux-kvm-tools-4.15.0-1139 - 4.15.0-1139.144 linux-tools-4.15.0-1139-kvm - 4.15.0-1139.144 linux-image-4.15.0-1139-kvm - 4.15.0-1139.144 linux-modules-4.15.0-1139-kvm - 4.15.0-1139.144 linux-kvm-headers-4.15.0-1139 - 4.15.0-1139.144 linux-buildinfo-4.15.0-1139-kvm - 4.15.0-1139.144 linux-headers-4.15.0-1139-kvm - 4.15.0-1139.144 No subscription required linux-modules-extra-4.15.0-1149-gcp - 4.15.0-1149.165 linux-buildinfo-4.15.0-1149-gcp - 4.15.0-1149.165 linux-gcp-4.15-headers-4.15.0-1149 - 4.15.0-1149.165 linux-headers-4.15.0-1149-gcp - 4.15.0-1149.165 linux-modules-4.15.0-1149-gcp - 4.15.0-1149.165 linux-image-4.15.0-1149-gcp - 4.15.0-1149.165 linux-gcp-4.15-tools-4.15.0-1149 - 4.15.0-1149.165 linux-image-unsigned-4.15.0-1149-gcp - 4.15.0-1149.165 linux-tools-4.15.0-1149-gcp - 4.15.0-1149.165 No subscription required linux-azure-4.15-headers-4.15.0-1164 - 4.15.0-1164.179 linux-image-4.15.0-1164-azure - 4.15.0-1164.179 linux-tools-4.15.0-1164-azure - 4.15.0-1164.179 linux-modules-extra-4.15.0-1164-azure - 4.15.0-1164.179 linux-azure-4.15-cloud-tools-4.15.0-1164 - 4.15.0-1164.179 linux-modules-4.15.0-1164-azure - 4.15.0-1164.179 linux-image-unsigned-4.15.0-1164-azure - 4.15.0-1164.179 linux-buildinfo-4.15.0-1164-azure - 4.15.0-1164.179 linux-cloud-tools-4.15.0-1164-azure - 4.15.0-1164.179 linux-headers-4.15.0-1164-azure - 4.15.0-1164.179 linux-azure-4.15-tools-4.15.0-1164 - 4.15.0-1164.179 No subscription required linux-tools-common - 4.15.0-210.221 linux-cloud-tools-4.15.0-210-generic - 4.15.0-210.221 linux-buildinfo-4.15.0-210-generic - 4.15.0-210.221 linux-tools-host - 4.15.0-210.221 linux-doc - 4.15.0-210.221 linux-tools-4.15.0-210 - 4.15.0-210.221 linux-headers-4.15.0-210-lowlatency - 4.15.0-210.221 linux-modules-4.15.0-210-generic-lpae - 4.15.0-210.221 linux-cloud-tools-4.15.0-210-lowlatency - 4.15.0-210.221 linux-headers-4.15.0-210 - 4.15.0-210.221 linux-cloud-tools-4.15.0-210 - 4.15.0-210.221 linux-libc-dev - 4.15.0-210.221 linux-buildinfo-4.15.0-210-lowlatency - 4.15.0-210.221 linux-image-4.15.0-210-generic-lpae - 4.15.0-210.221 linux-cloud-tools-common - 4.15.0-210.221 linux-tools-4.15.0-210-generic-lpae - 4.15.0-210.221 linux-buildinfo-4.15.0-210-generic-lpae - 4.15.0-210.221 linux-source-4.15.0 - 4.15.0-210.221 linux-modules-4.15.0-210-lowlatency - 4.15.0-210.221 linux-modules-4.15.0-210-generic - 4.15.0-210.221 linux-modules-extra-4.15.0-210-generic - 4.15.0-210.221 linux-tools-4.15.0-210-generic - 4.15.0-210.221 linux-image-unsigned-4.15.0-210-generic - 4.15.0-210.221 linux-image-4.15.0-210-generic - 4.15.0-210.221 linux-image-unsigned-4.15.0-210-lowlatency - 4.15.0-210.221 linux-headers-4.15.0-210-generic - 4.15.0-210.221 linux-image-4.15.0-210-lowlatency - 4.15.0-210.221 linux-tools-4.15.0-210-lowlatency - 4.15.0-210.221 linux-headers-4.15.0-210-generic-lpae - 4.15.0-210.221 No subscription required linux-image-oracle-lts-18.04 - 4.15.0.1118.123 linux-oracle-lts-18.04 - 4.15.0.1118.123 linux-tools-oracle-lts-18.04 - 4.15.0.1118.123 linux-signed-oracle-lts-18.04 - 4.15.0.1118.123 linux-headers-oracle-lts-18.04 - 4.15.0.1118.123 linux-signed-image-oracle-lts-18.04 - 4.15.0.1118.123 No subscription required linux-kvm - 4.15.0.1139.130 linux-headers-kvm - 4.15.0.1139.130 linux-image-kvm - 4.15.0.1139.130 linux-tools-kvm - 4.15.0.1139.130 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1149.163 linux-tools-gcp-lts-18.04 - 4.15.0.1149.163 linux-image-gcp-lts-18.04 - 4.15.0.1149.163 linux-headers-gcp-lts-18.04 - 4.15.0.1149.163 linux-gcp-lts-18.04 - 4.15.0.1149.163 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1164.132 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1164.132 linux-image-azure-lts-18.04 - 4.15.0.1164.132 linux-headers-azure-lts-18.04 - 4.15.0.1164.132 linux-signed-image-azure-lts-18.04 - 4.15.0.1164.132 linux-tools-azure-lts-18.04 - 4.15.0.1164.132 linux-azure-lts-18.04 - 4.15.0.1164.132 linux-signed-azure-lts-18.04 - 4.15.0.1164.132 No subscription required linux-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-signed-generic-hwe-16.04-edge - 4.15.0.210.193 linux-headers-generic-lpae - 4.15.0.210.193 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-image-extra-virtual-hwe-16.04 - 4.15.0.210.193 linux-image-virtual - 4.15.0.210.193 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.210.193 linux-signed-lowlatency - 4.15.0.210.193 linux-cloud-tools-lowlatency - 4.15.0.210.193 linux-image-generic - 4.15.0.210.193 linux-tools-lowlatency - 4.15.0.210.193 linux-headers-generic-hwe-16.04-edge - 4.15.0.210.193 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.210.193 linux-generic-lpae-hwe-16.04 - 4.15.0.210.193 linux-cloud-tools-virtual - 4.15.0.210.193 linux-tools-virtual-hwe-16.04 - 4.15.0.210.193 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-generic-lpae-hwe-16.04-edge - 4.15.0.210.193 linux-signed-image-lowlatency - 4.15.0.210.193 linux-signed-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-crashdump - 4.15.0.210.193 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.210.193 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.210.193 linux-source - 4.15.0.210.193 linux-signed-image-generic - 4.15.0.210.193 linux-lowlatency - 4.15.0.210.193 linux-tools-generic-lpae - 4.15.0.210.193 linux-virtual - 4.15.0.210.193 linux-tools-virtual - 4.15.0.210.193 linux-headers-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.210.193 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-tools-generic-hwe-16.04 - 4.15.0.210.193 linux-image-generic-lpae - 4.15.0.210.193 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-generic-lpae - 4.15.0.210.193 linux-generic-hwe-16.04-edge - 4.15.0.210.193 linux-generic - 4.15.0.210.193 linux-image-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-signed-image-generic-hwe-16.04 - 4.15.0.210.193 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.210.193 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-headers-lowlatency - 4.15.0.210.193 linux-headers-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-headers-generic-hwe-16.04 - 4.15.0.210.193 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-generic-hwe-16.04 - 4.15.0.210.193 linux-tools-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-tools-generic - 4.15.0.210.193 linux-virtual-hwe-16.04 - 4.15.0.210.193 linux-image-extra-virtual - 4.15.0.210.193 linux-cloud-tools-generic - 4.15.0.210.193 linux-image-generic-hwe-16.04 - 4.15.0.210.193 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-image-generic-lpae-hwe-16.04 - 4.15.0.210.193 linux-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-tools-lowlatency-hwe-16.04 - 4.15.0.210.193 linux-image-generic-hwe-16.04-edge - 4.15.0.210.193 linux-signed-generic - 4.15.0.210.193 linux-signed-generic-hwe-16.04 - 4.15.0.210.193 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-headers-generic - 4.15.0.210.193 linux-headers-virtual-hwe-16.04 - 4.15.0.210.193 linux-image-virtual-hwe-16.04-edge - 4.15.0.210.193 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.210.193 linux-image-virtual-hwe-16.04 - 4.15.0.210.193 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.210.193 linux-headers-virtual - 4.15.0.210.193 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.210.193 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.210.193 linux-tools-generic-hwe-16.04-edge - 4.15.0.210.193 linux-image-lowlatency - 4.15.0.210.193 No subscription required linux-buildinfo-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-image-unsigned-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-modules-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-modules-extra-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-oracle-5.4-headers-5.4.0-1100 - 5.4.0-1100.109~18.04.1 linux-image-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-tools-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-headers-5.4.0-1100-oracle - 5.4.0-1100.109~18.04.1 linux-oracle-5.4-tools-5.4.0-1100 - 5.4.0-1100.109~18.04.1 No subscription required linux-aws-5.4-headers-5.4.0-1101 - 5.4.0-1101.109~18.04.1 linux-aws-5.4-tools-5.4.0-1101 - 5.4.0-1101.109~18.04.1 linux-modules-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-image-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-image-unsigned-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-buildinfo-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-headers-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-cloud-tools-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-modules-extra-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-tools-5.4.0-1101-aws - 5.4.0-1101.109~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1101 - 5.4.0-1101.109~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1104 - 5.4.0-1104.113~18.04.1 linux-image-unsigned-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-modules-extra-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-tools-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-image-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-buildinfo-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-gcp-5.4-tools-5.4.0-1104 - 5.4.0-1104.113~18.04.1 linux-modules-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 linux-headers-5.4.0-1104-gcp - 5.4.0-1104.113~18.04.1 No subscription required linux-azure-5.4-tools-5.4.0-1107 - 5.4.0-1107.113~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1107 - 5.4.0-1107.113~18.04.1 linux-tools-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-azure-5.4-headers-5.4.0-1107 - 5.4.0-1107.113~18.04.1 linux-buildinfo-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-cloud-tools-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-modules-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-image-unsigned-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-headers-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-image-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 linux-modules-extra-5.4.0-1107-azure - 5.4.0-1107.113~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-148.165~18.04.1 linux-buildinfo-5.4.0-148-generic-lpae - 5.4.0-148.165~18.04.1 linux-buildinfo-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-modules-5.4.0-148-generic-lpae - 5.4.0-148.165~18.04.1 linux-headers-5.4.0-148-generic-lpae - 5.4.0-148.165~18.04.1 linux-image-unsigned-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-modules-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-tools-5.4.0-148-generic-lpae - 5.4.0-148.165~18.04.1 linux-tools-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-headers-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-image-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-modules-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-image-5.4.0-148-generic-lpae - 5.4.0-148.165~18.04.1 linux-hwe-5.4-tools-5.4.0-148 - 5.4.0-148.165~18.04.1 linux-tools-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-image-unsigned-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-buildinfo-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-cloud-tools-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-148.165~18.04.1 linux-modules-extra-5.4.0-148-generic - 5.4.0-148.165~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-148 - 5.4.0-148.165~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-148.165~18.04.1 linux-headers-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-hwe-5.4-headers-5.4.0-148 - 5.4.0-148.165~18.04.1 linux-cloud-tools-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 linux-image-5.4.0-148-lowlatency - 5.4.0-148.165~18.04.1 No subscription required linux-headers-oracle - 5.4.0.1100.109~18.04.72 linux-tools-oracle - 5.4.0.1100.109~18.04.72 linux-signed-image-oracle - 5.4.0.1100.109~18.04.72 linux-signed-oracle - 5.4.0.1100.109~18.04.72 linux-tools-oracle-edge - 5.4.0.1100.109~18.04.72 linux-oracle-edge - 5.4.0.1100.109~18.04.72 linux-image-oracle-edge - 5.4.0.1100.109~18.04.72 linux-oracle - 5.4.0.1100.109~18.04.72 linux-modules-extra-oracle - 5.4.0.1100.109~18.04.72 linux-signed-oracle-edge - 5.4.0.1100.109~18.04.72 linux-signed-image-oracle-edge - 5.4.0.1100.109~18.04.72 linux-modules-extra-oracle-edge - 5.4.0.1100.109~18.04.72 linux-headers-oracle-edge - 5.4.0.1100.109~18.04.72 linux-image-oracle - 5.4.0.1100.109~18.04.72 No subscription required linux-image-aws - 5.4.0.1101.79 linux-modules-extra-aws-edge - 5.4.0.1101.79 linux-aws-edge - 5.4.0.1101.79 linux-image-aws-edge - 5.4.0.1101.79 linux-aws - 5.4.0.1101.79 linux-headers-aws-edge - 5.4.0.1101.79 linux-tools-aws - 5.4.0.1101.79 linux-modules-extra-aws - 5.4.0.1101.79 linux-headers-aws - 5.4.0.1101.79 linux-tools-aws-edge - 5.4.0.1101.79 No subscription required linux-image-gcp-edge - 5.4.0.1104.80 linux-headers-gcp-edge - 5.4.0.1104.80 linux-modules-extra-gcp - 5.4.0.1104.80 linux-tools-gcp - 5.4.0.1104.80 linux-modules-extra-gcp-edge - 5.4.0.1104.80 linux-gcp - 5.4.0.1104.80 linux-tools-gcp-edge - 5.4.0.1104.80 linux-headers-gcp - 5.4.0.1104.80 linux-image-gcp - 5.4.0.1104.80 linux-gcp-edge - 5.4.0.1104.80 No subscription required linux-tools-azure-edge - 5.4.0.1107.80 linux-cloud-tools-azure - 5.4.0.1107.80 linux-tools-azure - 5.4.0.1107.80 linux-image-azure-edge - 5.4.0.1107.80 linux-cloud-tools-azure-edge - 5.4.0.1107.80 linux-signed-image-azure-edge - 5.4.0.1107.80 linux-image-azure - 5.4.0.1107.80 linux-signed-azure - 5.4.0.1107.80 linux-headers-azure-edge - 5.4.0.1107.80 linux-azure-edge - 5.4.0.1107.80 linux-modules-extra-azure-edge - 5.4.0.1107.80 linux-signed-azure-edge - 5.4.0.1107.80 linux-modules-extra-azure - 5.4.0.1107.80 linux-azure - 5.4.0.1107.80 linux-signed-image-azure - 5.4.0.1107.80 linux-headers-azure - 5.4.0.1107.80 No subscription required linux-image-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-headers-snapdragon-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-snapdragon-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-oem - 5.4.0.148.165~18.04.119 linux-headers-lowlatency-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-lowlatency-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-image-oem-osp1 - 5.4.0.148.165~18.04.119 linux-image-generic-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-snapdragon-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-generic-lpae-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-lowlatency-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-headers-generic-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-headers-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-tools-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-headers-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-generic-lpae-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-oem-osp1 - 5.4.0.148.165~18.04.119 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-snapdragon-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-image-generic-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-extra-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-headers-oem - 5.4.0.148.165~18.04.119 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-tools-generic-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-generic-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-generic-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-oem - 5.4.0.148.165~18.04.119 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-snapdragon-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-tools-oem - 5.4.0.148.165~18.04.119 linux-headers-oem-osp1 - 5.4.0.148.165~18.04.119 linux-tools-generic-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-headers-generic-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-image-lowlatency-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-generic-lpae-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-virtual-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-tools-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-lowlatency-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.148.165~18.04.119 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.148.165~18.04.119 linux-oem-osp1 - 5.4.0.148.165~18.04.119 No subscription required High CVE-2023-1829 Ubuntu 18.04 LTS It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library. Update Instructions: Run `sudo pro fix USN-6048-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzen-dev - 0.4.37-1ubuntu0.18.04.1 libzen-doc - 0.4.37-1ubuntu0.18.04.1 libzen0v5 - 0.4.37-1ubuntu0.18.04.1 No subscription required Medium CVE-2020-36646 Ubuntu 18.04 LTS It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612) It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290) It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295, CVE-2021-21409) It was discovered that Netty's Bzip2 decompression decoder did not limit the decompressed output data size. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136) It was discovered that Netty's Snappy frame decoder function did not limit chunk lengths. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. (CVE-2021-37137) It was discovered that Netty did not properly handle control chars at the beginning and end of header names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797) It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881) It was discovered that Netty did not validate header values under certain circumstances. A remote attacker could possibly use this issue to perform HTTP response splitting via malicious header values. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915) Update Instructions: Run `sudo pro fix USN-6049-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnetty-java - 1:4.1.7-4ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881 CVE-2022-41915 Ubuntu 18.04 LTS It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. (CVE-2023-25652) Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. (CVE-2023-25815) André Baptista and Vítor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection. (CVE-2023-29007) Update Instructions: Run `sudo pro fix USN-6050-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: git - 1:2.17.1-1ubuntu0.18 gitweb - 1:2.17.1-1ubuntu0.18 git-gui - 1:2.17.1-1ubuntu0.18 git-daemon-sysvinit - 1:2.17.1-1ubuntu0.18 git-el - 1:2.17.1-1ubuntu0.18 gitk - 1:2.17.1-1ubuntu0.18 git-all - 1:2.17.1-1ubuntu0.18 git-mediawiki - 1:2.17.1-1ubuntu0.18 git-daemon-run - 1:2.17.1-1ubuntu0.18 git-man - 1:2.17.1-1ubuntu0.18 git-doc - 1:2.17.1-1ubuntu0.18 git-svn - 1:2.17.1-1ubuntu0.18 git-cvs - 1:2.17.1-1ubuntu0.18 git-email - 1:2.17.1-1ubuntu0.18 No subscription required Medium CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6052-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-4.15.0-1149-snapdragon - 4.15.0-1149.159 linux-snapdragon-tools-4.15.0-1149 - 4.15.0-1149.159 linux-image-4.15.0-1149-snapdragon - 4.15.0-1149.159 linux-snapdragon-headers-4.15.0-1149 - 4.15.0-1149.159 linux-buildinfo-4.15.0-1149-snapdragon - 4.15.0-1149.159 linux-tools-4.15.0-1149-snapdragon - 4.15.0-1149.159 linux-headers-4.15.0-1149-snapdragon - 4.15.0-1149.159 No subscription required linux-snapdragon - 4.15.0.1149.148 linux-image-snapdragon - 4.15.0.1149.148 linux-headers-snapdragon - 4.15.0.1149.148 linux-tools-snapdragon - 4.15.0.1149.148 No subscription required linux-image-unsigned-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-ibm-5.4-headers-5.4.0-1048 - 5.4.0-1048.53~18.04.1 linux-buildinfo-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1048.53~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1048.53~18.04.1 linux-image-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-ibm-5.4-tools-5.4.0-1048 - 5.4.0-1048.53~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1048.53~18.04.1 linux-modules-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-tools-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-modules-extra-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 linux-headers-5.4.0-1048-ibm - 5.4.0-1048.53~18.04.1 No subscription required linux-image-ibm - 5.4.0.1048.59 linux-tools-ibm - 5.4.0.1048.59 linux-ibm-edge - 5.4.0.1048.59 linux-headers-ibm - 5.4.0.1048.59 linux-headers-ibm-edge - 5.4.0.1048.59 linux-modules-extra-ibm-edge - 5.4.0.1048.59 linux-tools-ibm-edge - 5.4.0.1048.59 linux-modules-extra-ibm - 5.4.0.1048.59 linux-ibm - 5.4.0.1048.59 linux-image-ibm-edge - 5.4.0.1048.59 No subscription required High CVE-2023-1829 Ubuntu 18.04 LTS Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations. Update Instructions: Run `sudo pro fix USN-6054-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-django - 1:1.11.11-1ubuntu1.21 python-django-doc - 1:1.11.11-1ubuntu1.21 python-django-common - 1:1.11.11-1ubuntu1.21 python-django - 1:1.11.11-1ubuntu1.21 No subscription required Low CVE-2023-31047 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-28756) Update Instructions: Run `sudo pro fix USN-6055-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.14 ruby2.5 - 2.5.1-1ubuntu1.14 ruby2.5-doc - 2.5.1-1ubuntu1.14 libruby2.5 - 2.5.1-1ubuntu1.14 No subscription required Medium CVE-2023-28755 CVE-2023-28756 Ubuntu 18.04 LTS USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) Update Instructions: Run `sudo pro fix USN-6055-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.15 ruby2.5 - 2.5.1-1ubuntu1.15 ruby2.5-doc - 2.5.1-1ubuntu1.15 libruby2.5 - 2.5.1-1ubuntu1.15 No subscription required Medium CVE-2023-28755 https://launchpad.net/bugs/2018547 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6058-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1155-aws - 4.15.0-1155.168 linux-aws-tools-4.15.0-1155 - 4.15.0-1155.168 linux-cloud-tools-4.15.0-1155-aws - 4.15.0-1155.168 linux-modules-4.15.0-1155-aws - 4.15.0-1155.168 linux-buildinfo-4.15.0-1155-aws - 4.15.0-1155.168 linux-tools-4.15.0-1155-aws - 4.15.0-1155.168 linux-modules-extra-4.15.0-1155-aws - 4.15.0-1155.168 linux-aws-headers-4.15.0-1155 - 4.15.0-1155.168 linux-image-4.15.0-1155-aws - 4.15.0-1155.168 linux-headers-4.15.0-1155-aws - 4.15.0-1155.168 linux-aws-cloud-tools-4.15.0-1155 - 4.15.0-1155.168 No subscription required linux-tools-aws-lts-18.04 - 4.15.0.1155.153 linux-image-aws-lts-18.04 - 4.15.0.1155.153 linux-modules-extra-aws-lts-18.04 - 4.15.0.1155.153 linux-aws-lts-18.04 - 4.15.0.1155.153 linux-headers-aws-lts-18.04 - 4.15.0.1155.153 No subscription required High CVE-2023-1829 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.42. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html https://www.oracle.com/security-alerts/cpuapr2023.html Update Instructions: Run `sudo pro fix USN-6060-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client - 5.7.42-0ubuntu0.18.04.1 mysql-source-5.7 - 5.7.42-0ubuntu0.18.04.1 libmysqlclient-dev - 5.7.42-0ubuntu0.18.04.1 mysql-client-core-5.7 - 5.7.42-0ubuntu0.18.04.1 mysql-client-5.7 - 5.7.42-0ubuntu0.18.04.1 libmysqlclient20 - 5.7.42-0ubuntu0.18.04.1 mysql-server-5.7 - 5.7.42-0ubuntu0.18.04.1 mysql-server - 5.7.42-0ubuntu0.18.04.1 mysql-server-core-5.7 - 5.7.42-0ubuntu0.18.04.1 mysql-testsuite - 5.7.42-0ubuntu0.18.04.1 libmysqld-dev - 5.7.42-0ubuntu0.18.04.1 mysql-testsuite-5.7 - 5.7.42-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-21911 CVE-2023-21912 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CVE-2023-21935 CVE-2023-21940 CVE-2023-21945 CVE-2023-21946 CVE-2023-21947 CVE-2023-21953 CVE-2023-21955 CVE-2023-21962 CVE-2023-21966 CVE-2023-21972 CVE-2023-21976 CVE-2023-21977 CVE-2023-21980 CVE-2023-21982 Ubuntu 18.04 LTS Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3979) It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-0670) It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-3650) It was discovered that Ceph incorrectly handled URL processing on RGW backends. An attacker could possibly use this issue to cause RGW to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3854) Update Instructions: Run `sudo pro fix USN-6063-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-rbd - 12.2.13-0ubuntu0.18.04.11 python3-rbd - 12.2.13-0ubuntu0.18.04.11 python-rados - 12.2.13-0ubuntu0.18.04.11 ceph-mgr - 12.2.13-0ubuntu0.18.04.11 ceph - 12.2.13-0ubuntu0.18.04.11 ceph-test - 12.2.13-0ubuntu0.18.04.11 rbd-mirror - 12.2.13-0ubuntu0.18.04.11 rbd-nbd - 12.2.13-0ubuntu0.18.04.11 librbd-dev - 12.2.13-0ubuntu0.18.04.11 libradosstriper1 - 12.2.13-0ubuntu0.18.04.11 rbd-fuse - 12.2.13-0ubuntu0.18.04.11 librados-dev - 12.2.13-0ubuntu0.18.04.11 libcephfs-jni - 12.2.13-0ubuntu0.18.04.11 libradosstriper-dev - 12.2.13-0ubuntu0.18.04.11 librados2 - 12.2.13-0ubuntu0.18.04.11 ceph-mon - 12.2.13-0ubuntu0.18.04.11 libcephfs2 - 12.2.13-0ubuntu0.18.04.11 librgw2 - 12.2.13-0ubuntu0.18.04.11 ceph-mds - 12.2.13-0ubuntu0.18.04.11 radosgw - 12.2.13-0ubuntu0.18.04.11 librbd1 - 12.2.13-0ubuntu0.18.04.11 python3-rgw - 12.2.13-0ubuntu0.18.04.11 python-rgw - 12.2.13-0ubuntu0.18.04.11 python-ceph - 12.2.13-0ubuntu0.18.04.11 libcephfs-dev - 12.2.13-0ubuntu0.18.04.11 rados-objclass-dev - 12.2.13-0ubuntu0.18.04.11 ceph-osd - 12.2.13-0ubuntu0.18.04.11 python3-ceph-argparse - 12.2.13-0ubuntu0.18.04.11 librgw-dev - 12.2.13-0ubuntu0.18.04.11 python3-rados - 12.2.13-0ubuntu0.18.04.11 ceph-base - 12.2.13-0ubuntu0.18.04.11 python-cephfs - 12.2.13-0ubuntu0.18.04.11 python3-cephfs - 12.2.13-0ubuntu0.18.04.11 ceph-fuse - 12.2.13-0ubuntu0.18.04.11 ceph-common - 12.2.13-0ubuntu0.18.04.11 libcephfs-java - 12.2.13-0ubuntu0.18.04.11 ceph-resource-agents - 12.2.13-0ubuntu0.18.04.11 No subscription required Medium CVE-2021-3979 CVE-2022-0670 CVE-2022-3650 CVE-2022-3854 Ubuntu 18.04 LTS It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6064-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-sqlparse - 0.2.4-0.1ubuntu0.1 python3-sqlparse - 0.2.4-0.1ubuntu0.1 python-sqlparse-doc - 0.2.4-0.1ubuntu0.1 pypy-sqlparse - 0.2.4-0.1ubuntu0.1 sqlformat - 0.2.4-0.1ubuntu0.1 No subscription required Medium CVE-2023-30608 Ubuntu 18.04 LTS It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-33587, CVE-2022-21222) Update Instructions: Run `sudo pro fix USN-6065-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-css-what - 2.1.0-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2021-33587 CVE-2022-21222 Ubuntu 18.04 LTS It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data. Update Instructions: Run `sudo pro fix USN-6066-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-heat - 1:10.0.2-0ubuntu1.1 heat-api-cfn - 1:10.0.2-0ubuntu1.1 heat-engine - 1:10.0.2-0ubuntu1.1 heat-api - 1:10.0.2-0ubuntu1.1 heat-common - 1:10.0.2-0ubuntu1.1 No subscription required Medium CVE-2023-1625 Ubuntu 18.04 LTS David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20267) Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware addresss of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598) Pavel Toporkov discovered that OpenStack Neutron incorrectly handled extra_dhcp_opts values. An attacker could possibly use this issue to reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40085) Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the routes middleware. An attacker could possibly use this issue to cause the API worker to consume memory, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40797) It was discovered that OpenStack Neutron incorrectly handled certain queries. A remote authenticated user could possibly use this issue to cause resource consumption, leading to a denial of service. (CVE-2022-3277) Update Instructions: Run `sudo pro fix USN-6067-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: neutron-plugin-linuxbridge-agent - 2:12.1.1-0ubuntu8.1 neutron-linuxbridge-agent - 2:12.1.1-0ubuntu8.1 neutron-metering-agent - 2:12.1.1-0ubuntu8.1 neutron-plugin-ml2 - 2:12.1.1-0ubuntu8.1 neutron-plugin-sriov-agent - 2:12.1.1-0ubuntu8.1 neutron-plugin-openvswitch-agent - 2:12.1.1-0ubuntu8.1 neutron-l3-agent - 2:12.1.1-0ubuntu8.1 neutron-metadata-agent - 2:12.1.1-0ubuntu8.1 python-neutron - 2:12.1.1-0ubuntu8.1 neutron-dhcp-agent - 2:12.1.1-0ubuntu8.1 neutron-sriov-agent - 2:12.1.1-0ubuntu8.1 neutron-openvswitch-agent - 2:12.1.1-0ubuntu8.1 neutron-server - 2:12.1.1-0ubuntu8.1 neutron-common - 2:12.1.1-0ubuntu8.1 neutron-macvtap-agent - 2:12.1.1-0ubuntu8.1 No subscription required Medium CVE-2021-20267 CVE-2021-38598 CVE-2021-40085 CVE-2021-40797 CVE-2022-3277 Ubuntu 18.04 LTS David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6068-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-doc - 2.9.8-0ubuntu0.18.04.5 openvswitch-switch - 2.9.8-0ubuntu0.18.04.5 openvswitch-pki - 2.9.8-0ubuntu0.18.04.5 ovn-docker - 2.9.8-0ubuntu0.18.04.5 openvswitch-common - 2.9.8-0ubuntu0.18.04.5 python-openvswitch - 2.9.8-0ubuntu0.18.04.5 openvswitch-testcontroller - 2.9.8-0ubuntu0.18.04.5 openvswitch-vtep - 2.9.8-0ubuntu0.18.04.5 ovn-central - 2.9.8-0ubuntu0.18.04.5 python3-openvswitch - 2.9.8-0ubuntu0.18.04.5 ovn-host - 2.9.8-0ubuntu0.18.04.5 ovn-common - 2.9.8-0ubuntu0.18.04.5 openvswitch-switch-dpdk - 2.9.8-0ubuntu0.18.04.5 ovn-controller-vtep - 2.9.8-0ubuntu0.18.04.5 openvswitch-test - 2.9.8-0ubuntu0.18.04.5 No subscription required Medium CVE-2023-1668 Ubuntu 18.04 LTS It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Update Instructions: Run `sudo pro fix USN-6069-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi2-headers-4.15.0-1131 - 4.15.0-1131.139 linux-headers-4.15.0-1131-raspi2 - 4.15.0-1131.139 linux-buildinfo-4.15.0-1131-raspi2 - 4.15.0-1131.139 linux-modules-4.15.0-1131-raspi2 - 4.15.0-1131.139 linux-tools-4.15.0-1131-raspi2 - 4.15.0-1131.139 linux-raspi2-tools-4.15.0-1131 - 4.15.0-1131.139 linux-image-4.15.0-1131-raspi2 - 4.15.0-1131.139 No subscription required linux-raspi2 - 4.15.0.1131.126 linux-headers-raspi2 - 4.15.0.1131.126 linux-image-raspi2 - 4.15.0.1131.126 linux-tools-raspi2 - 4.15.0.1131.126 No subscription required linux-buildinfo-5.4.0-1084-raspi - 5.4.0-1084.95~18.04.1 linux-raspi-5.4-headers-5.4.0-1084 - 5.4.0-1084.95~18.04.1 linux-raspi-5.4-tools-5.4.0-1084 - 5.4.0-1084.95~18.04.1 linux-modules-5.4.0-1084-raspi - 5.4.0-1084.95~18.04.1 linux-image-5.4.0-1084-raspi - 5.4.0-1084.95~18.04.1 linux-headers-5.4.0-1084-raspi - 5.4.0-1084.95~18.04.1 linux-tools-5.4.0-1084-raspi - 5.4.0-1084.95~18.04.1 No subscription required linux-raspi-hwe-18.04-edge - 5.4.0.1084.81 linux-raspi-hwe-18.04 - 5.4.0.1084.81 linux-tools-raspi-hwe-18.04 - 5.4.0.1084.81 linux-image-raspi-hwe-18.04-edge - 5.4.0.1084.81 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1084.81 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1084.81 linux-image-raspi-hwe-18.04 - 5.4.0.1084.81 linux-headers-raspi-hwe-18.04 - 5.4.0.1084.81 No subscription required High CVE-2023-1829 Ubuntu 18.04 LTS Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-32205, CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215, CVE-2023-32216) Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-32206) Anne van Kesteren discovered that Firefox did not properly validate the import() call in service workers. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-32208) Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicicous favicon file, an attacker could cause a denial of service. (CVE-2023-32209) Update Instructions: Run `sudo pro fix USN-6074-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-nn - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ne - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-nb - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-fa - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-fi - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-fr - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-fy - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-or - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-kab - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-oc - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-cs - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ga - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-gd - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-gn - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-gl - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-gu - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-pa - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-pl - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-cy - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-pt - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-szl - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-hi - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-uk - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-he - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-hy - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-hr - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-hu - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-as - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ar - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ia - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-az - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-id - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-mai - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-af - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-is - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-it - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-an - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hant - 113.0+build2-0ubuntu0.18.04.1 firefox - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ro - 113.0+build2-0ubuntu0.18.04.1 firefox-geckodriver - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ja - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ru - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-br - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-bs - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-zh-hans - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-bn - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-be - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-bg - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sl - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sk - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-si - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sw - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sv - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sr - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-sq - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ko - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-kn - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-km - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-kk - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ka - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-xh - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ca - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ku - 113.0+build2-0ubuntu0.18.04.1 firefox-mozsymbols - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-lv - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-lt - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-th - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-hsb - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-tg - 113.0+build2-0ubuntu0.18.04.1 firefox-dev - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-te - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-cak - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ta - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-lg - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-tr - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-nso - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-de - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-da - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ms - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-mr - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-my - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-uz - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ml - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-mn - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-mk - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ur - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-vi - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-eu - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-et - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-es - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-csb - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-el - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-eo - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-en - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-zu - 113.0+build2-0ubuntu0.18.04.1 firefox-locale-ast - 113.0+build2-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32208 CVE-2023-32209 CVE-2023-32210 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 CVE-2023-32216 Ubuntu 18.04 LTS USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-32205, CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215, CVE-2023-32216) Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-32206) Anne van Kesteren discovered that Firefox did not properly validate the import() call in service workers. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-32208) Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicicous favicon file, an attacker could cause a denial of service. (CVE-2023-32209) Update Instructions: Run `sudo pro fix USN-6074-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nn - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ne - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nb - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fa - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fi - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fr - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-fy - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-or - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kab - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-oc - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cs - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ga - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gd - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gn - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gl - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-gu - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pa - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pl - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cy - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-pt - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-szl - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hi - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uk - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-he - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hy - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hr - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hu - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-as - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ar - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ia - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-az - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-id - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mai - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-af - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-is - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-it - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-an - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 113.0.1+build1-0ubuntu0.18.04.1 firefox - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ro - 113.0.1+build1-0ubuntu0.18.04.1 firefox-geckodriver - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ja - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ru - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-br - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bs - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bn - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-be - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-bg - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sl - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sk - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-si - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sw - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sv - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sr - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-sq - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ko - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kn - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-km - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-kk - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ka - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-xh - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ca - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ku - 113.0.1+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lv - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lt - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-th - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tg - 113.0.1+build1-0ubuntu0.18.04.1 firefox-dev - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-te - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-cak - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ta - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-lg - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-tr - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-nso - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-de - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-da - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ms - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mr - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-my - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-uz - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ml - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mn - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-mk - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ur - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-vi - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eu - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-et - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-es - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-csb - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-el - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-eo - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-en - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-zu - 113.0.1+build1-0ubuntu0.18.04.1 firefox-locale-ast - 113.0.1+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2019782 Ubuntu 18.04 LTS USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-32205, CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215, CVE-2023-32216) Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-32206) Anne van Kesteren discovered that Firefox did not properly validate the import() call in service workers. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-32208) Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicicous favicon file, an attacker could cause a denial of service. (CVE-2023-32209) Update Instructions: Run `sudo pro fix USN-6074-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: firefox-locale-nl - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nn - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ne - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nb - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fa - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fi - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fr - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-fy - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-or - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kab - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-oc - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cs - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ga - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gd - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gn - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gl - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-gu - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pa - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pl - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cy - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-pt - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-szl - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hi - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uk - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-he - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hy - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hr - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hu - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-as - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ar - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ia - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-az - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-id - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mai - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-af - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-is - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-it - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-an - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hant - 113.0.2+build1-0ubuntu0.18.04.1 firefox - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ro - 113.0.2+build1-0ubuntu0.18.04.1 firefox-geckodriver - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ja - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ru - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-br - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bs - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zh-hans - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bn - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-be - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-bg - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sl - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sk - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-si - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sw - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sv - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sr - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-sq - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ko - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kn - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-km - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-kk - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ka - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-xh - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ca - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ku - 113.0.2+build1-0ubuntu0.18.04.1 firefox-mozsymbols - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lv - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lt - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-th - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-hsb - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tg - 113.0.2+build1-0ubuntu0.18.04.1 firefox-dev - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-te - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-cak - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ta - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-lg - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-tr - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-nso - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-de - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-da - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ms - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mr - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-my - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-uz - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ml - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mn - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-mk - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ur - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-vi - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eu - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-et - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-es - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-csb - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-el - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-eo - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-en - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-zu - 113.0.2+build1-0ubuntu0.18.04.1 firefox-locale-ast - 113.0.2+build1-0ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2020649 Ubuntu 18.04 LTS Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-32205, CVE-2023-32207, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215) Irvan Kurniawan discovered that Thunderbird did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. (CVE-2023-32206) Update Instructions: Run `sudo pro fix USN-6075-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: thunderbird-locale-es-ar - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-br - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-be - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bg - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ja - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sl - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sk - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-si - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-gnome-support - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sr - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sq - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hsb - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cy - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cs - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ca - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-br - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ka - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ko - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kk - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-kab - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pl - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-tw - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn-no - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-us - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb-no - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-bn-bd - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lv - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-lt - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en-gb - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uz - 1:102.11.0+build1-0ubuntu0.18.04.1 xul-ext-calendar-timezones - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-de - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-da - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-uk - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-dev - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-el - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-en - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-rm - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ms - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ro - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-eu - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-et - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hant - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-hans - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ru - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-mk - 1:102.11.0+build1-0ubuntu0.18.04.1 xul-ext-gdata-provider - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fr - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es-es - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta-lk - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fa - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fi - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ast - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nl - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nn - 1:102.11.0+build1-0ubuntu0.18.04.1 xul-ext-lightning - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga-ie - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-fy-nl - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-nb - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-mozsymbols - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-zh-cn - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gl - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ga - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-tr - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-gd - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-th - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ta - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-dsb - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-it - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hy - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-sv-se - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hr - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-hu - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pa-in - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-he - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-ar - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-af - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-pt-pt - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-cak - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-is - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-vi - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-es - 1:102.11.0+build1-0ubuntu0.18.04.1 thunderbird-locale-id - 1:102.11.0+build1-0ubuntu0.18.04.1 No subscription required Medium CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 Ubuntu 18.04 LTS It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-18835, CVE-2018-12291, CVE-2018-10657) It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to hijack the session. (CVE-2019-11842, CVE-2018-12423) It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform spoofing or user impersonation. (CVE-2019-5885, CVE-2018-16515) Update Instructions: Run `sudo pro fix USN-6076-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: matrix-synapse - 0.24.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-10657 CVE-2018-12291 CVE-2018-12423 CVE-2018-16515 CVE-2019-11842 CVE-2019-18835 CVE-2019-5885 Ubuntu 18.04 LTS Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21930) It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21937) It was discovered that OpenJDK incorrectly handled command arguments. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21938) It was discovered that OpenJDK incorrectly validated HTML documents. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-21939) Ramki Ramakrishna discovered that OpenJDK incorrectly handled garbage collection. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2023-21954) Jonathan Looney discovered that OpenJDK incorrectly handled certificate chains during TLS session negotiation. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-21967) Adam Reziouk discovered that OpenJDK incorrectly sanitized URIs. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2023-21968) Update Instructions: Run `sudo pro fix USN-6077-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-doc - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-jdk - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-source - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-jdk-headless - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-demo - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-jre-zero - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-jre-headless - 11.0.19+7~us1-0ubuntu1~18.04.1 openjdk-11-jre - 11.0.19+7~us1-0ubuntu1~18.04.1 No subscription required openjdk-17-jdk-headless - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-jre-headless - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-jre - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-jdk - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-jre-zero - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-source - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-demo - 17.0.7+7~us1-0ubuntu1~18.04 openjdk-17-doc - 17.0.7+7~us1-0ubuntu1~18.04 No subscription required openjdk-8-doc - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-jre-headless - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-jre - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-demo - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-jre-zero - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-jdk - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-source - 8u372-ga~us1-0ubuntu1~18.04 openjdk-8-jdk-headless - 8u372-ga~us1-0ubuntu1~18.04 No subscription required Medium CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 Ubuntu 18.04 LTS Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6078-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: webp - 0.6.1-2ubuntu0.18.04.2 libwebp6 - 0.6.1-2ubuntu0.18.04.2 libwebpmux3 - 0.6.1-2ubuntu0.18.04.2 libwebp-dev - 0.6.1-2ubuntu0.18.04.2 libwebpdemux2 - 0.6.1-2ubuntu0.18.04.2 No subscription required Medium CVE-2023-1999 Ubuntu 18.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6081-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-kvm-headers-4.15.0-1140 - 4.15.0-1140.145 linux-tools-4.15.0-1140-kvm - 4.15.0-1140.145 linux-kvm-tools-4.15.0-1140 - 4.15.0-1140.145 linux-modules-4.15.0-1140-kvm - 4.15.0-1140.145 linux-headers-4.15.0-1140-kvm - 4.15.0-1140.145 linux-buildinfo-4.15.0-1140-kvm - 4.15.0-1140.145 linux-image-4.15.0-1140-kvm - 4.15.0-1140.145 No subscription required linux-image-4.15.0-1156-aws - 4.15.0-1156.169 linux-aws-headers-4.15.0-1156 - 4.15.0-1156.169 linux-modules-extra-4.15.0-1156-aws - 4.15.0-1156.169 linux-tools-4.15.0-1156-aws - 4.15.0-1156.169 linux-modules-4.15.0-1156-aws - 4.15.0-1156.169 linux-headers-4.15.0-1156-aws - 4.15.0-1156.169 linux-aws-cloud-tools-4.15.0-1156 - 4.15.0-1156.169 linux-buildinfo-4.15.0-1156-aws - 4.15.0-1156.169 linux-cloud-tools-4.15.0-1156-aws - 4.15.0-1156.169 linux-image-unsigned-4.15.0-1156-aws - 4.15.0-1156.169 linux-aws-tools-4.15.0-1156 - 4.15.0-1156.169 No subscription required linux-tools-common - 4.15.0-211.222 linux-headers-4.15.0-211-generic - 4.15.0-211.222 linux-buildinfo-4.15.0-211-lowlatency - 4.15.0-211.222 linux-tools-host - 4.15.0-211.222 linux-doc - 4.15.0-211.222 linux-tools-4.15.0-211 - 4.15.0-211.222 linux-modules-extra-4.15.0-211-generic - 4.15.0-211.222 linux-cloud-tools-4.15.0-211 - 4.15.0-211.222 linux-libc-dev - 4.15.0-211.222 linux-image-4.15.0-211-lowlatency - 4.15.0-211.222 linux-cloud-tools-4.15.0-211-lowlatency - 4.15.0-211.222 linux-image-unsigned-4.15.0-211-lowlatency - 4.15.0-211.222 linux-cloud-tools-4.15.0-211-generic - 4.15.0-211.222 linux-image-unsigned-4.15.0-211-generic - 4.15.0-211.222 linux-tools-4.15.0-211-generic - 4.15.0-211.222 linux-headers-4.15.0-211-generic-lpae - 4.15.0-211.222 linux-buildinfo-4.15.0-211-generic-lpae - 4.15.0-211.222 linux-modules-4.15.0-211-lowlatency - 4.15.0-211.222 linux-cloud-tools-common - 4.15.0-211.222 linux-headers-4.15.0-211-lowlatency - 4.15.0-211.222 linux-buildinfo-4.15.0-211-generic - 4.15.0-211.222 linux-image-4.15.0-211-generic - 4.15.0-211.222 linux-modules-4.15.0-211-generic-lpae - 4.15.0-211.222 linux-headers-4.15.0-211 - 4.15.0-211.222 linux-image-4.15.0-211-generic-lpae - 4.15.0-211.222 linux-modules-4.15.0-211-generic - 4.15.0-211.222 linux-tools-4.15.0-211-generic-lpae - 4.15.0-211.222 linux-source-4.15.0 - 4.15.0-211.222 linux-tools-4.15.0-211-lowlatency - 4.15.0-211.222 No subscription required linux-kvm - 4.15.0.1140.131 linux-headers-kvm - 4.15.0.1140.131 linux-tools-kvm - 4.15.0.1140.131 linux-image-kvm - 4.15.0.1140.131 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1156.154 linux-headers-aws-lts-18.04 - 4.15.0.1156.154 linux-aws-lts-18.04 - 4.15.0.1156.154 linux-modules-extra-aws-lts-18.04 - 4.15.0.1156.154 linux-tools-aws-lts-18.04 - 4.15.0.1156.154 No subscription required linux-image-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-cloud-tools-virtual - 4.15.0.211.194 linux-headers-generic-lpae - 4.15.0.211.194 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.211.194 linux-image-extra-virtual-hwe-16.04 - 4.15.0.211.194 linux-image-virtual - 4.15.0.211.194 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.211.194 linux-image-generic - 4.15.0.211.194 linux-tools-lowlatency - 4.15.0.211.194 linux-tools-generic-hwe-16.04-edge - 4.15.0.211.194 linux-headers-generic-hwe-16.04-edge - 4.15.0.211.194 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.211.194 linux-generic-lpae-hwe-16.04 - 4.15.0.211.194 linux-signed-generic-hwe-16.04-edge - 4.15.0.211.194 linux-tools-generic-hwe-16.04 - 4.15.0.211.194 linux-tools-virtual-hwe-16.04 - 4.15.0.211.194 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-image-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-generic-lpae-hwe-16.04-edge - 4.15.0.211.194 linux-signed-image-lowlatency - 4.15.0.211.194 linux-signed-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-crashdump - 4.15.0.211.194 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.211.194 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.211.194 linux-source - 4.15.0.211.194 linux-signed-image-generic - 4.15.0.211.194 linux-lowlatency - 4.15.0.211.194 linux-tools-generic-lpae - 4.15.0.211.194 linux-cloud-tools-generic - 4.15.0.211.194 linux-generic-hwe-16.04-edge - 4.15.0.211.194 linux-headers-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.211.194 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.211.194 linux-tools-virtual - 4.15.0.211.194 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-generic-lpae - 4.15.0.211.194 linux-generic - 4.15.0.211.194 linux-virtual - 4.15.0.211.194 linux-signed-image-generic-hwe-16.04 - 4.15.0.211.194 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-headers-lowlatency - 4.15.0.211.194 linux-headers-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-headers-generic-hwe-16.04 - 4.15.0.211.194 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-generic-hwe-16.04 - 4.15.0.211.194 linux-tools-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-tools-generic - 4.15.0.211.194 linux-virtual-hwe-16.04 - 4.15.0.211.194 linux-image-extra-virtual - 4.15.0.211.194 linux-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-cloud-tools-lowlatency - 4.15.0.211.194 linux-image-generic-hwe-16.04 - 4.15.0.211.194 linux-image-generic-hwe-16.04-edge - 4.15.0.211.194 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-image-generic-lpae-hwe-16.04 - 4.15.0.211.194 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.211.194 linux-tools-lowlatency-hwe-16.04 - 4.15.0.211.194 linux-signed-generic - 4.15.0.211.194 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.211.194 linux-headers-generic - 4.15.0.211.194 linux-headers-virtual-hwe-16.04 - 4.15.0.211.194 linux-virtual-hwe-16.04-edge - 4.15.0.211.194 linux-image-virtual-hwe-16.04 - 4.15.0.211.194 linux-headers-virtual - 4.15.0.211.194 linux-signed-generic-hwe-16.04 - 4.15.0.211.194 linux-image-generic-lpae - 4.15.0.211.194 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.211.194 linux-signed-lowlatency - 4.15.0.211.194 linux-image-lowlatency - 4.15.0.211.194 No subscription required Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6082-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-eventsource - 0.2.1-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2022-1650 Ubuntu 18.04 LTS It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6083-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfontembed-dev - 1.20.2-0ubuntu3.3 libfontembed1 - 1.20.2-0ubuntu3.3 libcupsfilters-dev - 1.20.2-0ubuntu3.3 cups-filters - 1.20.2-0ubuntu3.3 cups-browsed - 1.20.2-0ubuntu3.3 cups-filters-core-drivers - 1.20.2-0ubuntu3.3 libcupsfilters1 - 1.20.2-0ubuntu3.3 No subscription required Medium CVE-2023-24805 Ubuntu 18.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6084-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1119-oracle - 4.15.0-1119.130 linux-oracle-tools-4.15.0-1119 - 4.15.0-1119.130 linux-tools-4.15.0-1119-oracle - 4.15.0-1119.130 linux-modules-4.15.0-1119-oracle - 4.15.0-1119.130 linux-modules-extra-4.15.0-1119-oracle - 4.15.0-1119.130 linux-image-4.15.0-1119-oracle - 4.15.0-1119.130 linux-oracle-headers-4.15.0-1119 - 4.15.0-1119.130 linux-buildinfo-4.15.0-1119-oracle - 4.15.0-1119.130 linux-headers-4.15.0-1119-oracle - 4.15.0-1119.130 No subscription required linux-modules-extra-4.15.0-1150-gcp - 4.15.0-1150.166 linux-image-4.15.0-1150-gcp - 4.15.0-1150.166 linux-modules-4.15.0-1150-gcp - 4.15.0-1150.166 linux-headers-4.15.0-1150-gcp - 4.15.0-1150.166 linux-tools-4.15.0-1150-gcp - 4.15.0-1150.166 linux-buildinfo-4.15.0-1150-gcp - 4.15.0-1150.166 linux-gcp-4.15-headers-4.15.0-1150 - 4.15.0-1150.166 linux-gcp-4.15-tools-4.15.0-1150 - 4.15.0-1150.166 linux-image-unsigned-4.15.0-1150-gcp - 4.15.0-1150.166 No subscription required linux-headers-oracle-lts-18.04 - 4.15.0.1119.124 linux-image-oracle-lts-18.04 - 4.15.0.1119.124 linux-oracle-lts-18.04 - 4.15.0.1119.124 linux-signed-image-oracle-lts-18.04 - 4.15.0.1119.124 linux-tools-oracle-lts-18.04 - 4.15.0.1119.124 linux-signed-oracle-lts-18.04 - 4.15.0.1119.124 No subscription required linux-image-gcp-lts-18.04 - 4.15.0.1150.164 linux-tools-gcp-lts-18.04 - 4.15.0.1150.164 linux-gcp-lts-18.04 - 4.15.0.1150.164 linux-headers-gcp-lts-18.04 - 4.15.0.1150.164 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1150.164 No subscription required Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS It was discovered that minimatch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6086-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-minimatch - 3.0.4-3+deb10u1build0.18.04.1 No subscription required Medium CVE-2022-3517 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possily use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2023-28756) Update Instructions: Run `sudo pro fix USN-6087-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby2.5-dev - 2.5.1-1ubuntu1.16 ruby2.5 - 2.5.1-1ubuntu1.16 ruby2.5-doc - 2.5.1-1ubuntu1.16 libruby2.5 - 2.5.1-1ubuntu1.16 No subscription required Medium CVE-2023-28755 CVE-2023-28756 Ubuntu 18.04 LTS It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. (CVE-2023-25809) It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. (CVE-2023-27561) It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux. (CVE-2023-28642) Update Instructions: Run `sudo pro fix USN-6088-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.1.4-0ubuntu1~18.04.2 runc - 1.1.4-0ubuntu1~18.04.2 No subscription required Medium CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 Ubuntu 18.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6092-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-4.15.0-1165-azure - 4.15.0-1165.180 linux-buildinfo-4.15.0-1165-azure - 4.15.0-1165.180 linux-modules-4.15.0-1165-azure - 4.15.0-1165.180 linux-modules-extra-4.15.0-1165-azure - 4.15.0-1165.180 linux-image-4.15.0-1165-azure - 4.15.0-1165.180 linux-azure-4.15-cloud-tools-4.15.0-1165 - 4.15.0-1165.180 linux-headers-4.15.0-1165-azure - 4.15.0-1165.180 linux-cloud-tools-4.15.0-1165-azure - 4.15.0-1165.180 linux-azure-4.15-headers-4.15.0-1165 - 4.15.0-1165.180 linux-tools-4.15.0-1165-azure - 4.15.0-1165.180 linux-azure-4.15-tools-4.15.0-1165 - 4.15.0-1165.180 No subscription required linux-headers-azure-lts-18.04 - 4.15.0.1165.133 linux-azure-lts-18.04 - 4.15.0.1165.133 linux-signed-azure-lts-18.04 - 4.15.0.1165.133 linux-tools-azure-lts-18.04 - 4.15.0.1165.133 linux-modules-extra-azure-lts-18.04 - 4.15.0.1165.133 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1165.133 linux-signed-image-azure-lts-18.04 - 4.15.0.1165.133 linux-image-azure-lts-18.04 - 4.15.0.1165.133 No subscription required Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6094-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-ibm-5.4-headers-5.4.0-1049 - 5.4.0-1049.54~18.04.1 linux-ibm-5.4-tools-5.4.0-1049 - 5.4.0-1049.54~18.04.1 linux-buildinfo-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-image-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-modules-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-headers-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1049.54~18.04.1 linux-modules-extra-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-image-unsigned-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1049.54~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1049.54~18.04.1 linux-tools-5.4.0-1049-ibm - 5.4.0-1049.54~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1105 - 5.4.0-1105.114~18.04.1 linux-tools-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-modules-extra-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-modules-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-image-unsigned-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-image-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-headers-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 linux-gcp-5.4-tools-5.4.0-1105 - 5.4.0-1105.114~18.04.1 linux-buildinfo-5.4.0-1105-gcp - 5.4.0-1105.114~18.04.1 No subscription required linux-image-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-image-unsigned-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-cloud-tools-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-azure-5.4-tools-5.4.0-1108 - 5.4.0-1108.114~18.04.1 linux-azure-5.4-headers-5.4.0-1108 - 5.4.0-1108.114~18.04.1 linux-modules-extra-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-modules-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1108 - 5.4.0-1108.114~18.04.1 linux-buildinfo-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-headers-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 linux-tools-5.4.0-1108-azure - 5.4.0-1108.114~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-149.166~18.04.1 linux-cloud-tools-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-buildinfo-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-modules-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-headers-5.4.0-149-generic-lpae - 5.4.0-149.166~18.04.1 linux-image-unsigned-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-image-5.4.0-149-generic-lpae - 5.4.0-149.166~18.04.1 linux-image-unsigned-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-tools-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-modules-5.4.0-149-generic-lpae - 5.4.0-149.166~18.04.1 linux-modules-extra-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-tools-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-hwe-5.4-tools-5.4.0-149 - 5.4.0-149.166~18.04.1 linux-cloud-tools-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-headers-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-modules-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-149.166~18.04.1 linux-image-5.4.0-149-generic - 5.4.0-149.166~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-149 - 5.4.0-149.166~18.04.1 linux-headers-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-149.166~18.04.1 linux-tools-5.4.0-149-generic-lpae - 5.4.0-149.166~18.04.1 linux-hwe-5.4-headers-5.4.0-149 - 5.4.0-149.166~18.04.1 linux-image-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-buildinfo-5.4.0-149-lowlatency - 5.4.0-149.166~18.04.1 linux-buildinfo-5.4.0-149-generic-lpae - 5.4.0-149.166~18.04.1 No subscription required linux-image-ibm - 5.4.0.1049.60 linux-headers-ibm-edge - 5.4.0.1049.60 linux-modules-extra-ibm-edge - 5.4.0.1049.60 linux-tools-ibm-edge - 5.4.0.1049.60 linux-modules-extra-ibm - 5.4.0.1049.60 linux-ibm - 5.4.0.1049.60 linux-ibm-edge - 5.4.0.1049.60 linux-headers-ibm - 5.4.0.1049.60 linux-tools-ibm - 5.4.0.1049.60 linux-image-ibm-edge - 5.4.0.1049.60 No subscription required linux-image-gcp-edge - 5.4.0.1105.81 linux-tools-gcp-edge - 5.4.0.1105.81 linux-headers-gcp-edge - 5.4.0.1105.81 linux-modules-extra-gcp - 5.4.0.1105.81 linux-tools-gcp - 5.4.0.1105.81 linux-modules-extra-gcp-edge - 5.4.0.1105.81 linux-gcp - 5.4.0.1105.81 linux-headers-gcp - 5.4.0.1105.81 linux-image-gcp - 5.4.0.1105.81 linux-gcp-edge - 5.4.0.1105.81 No subscription required linux-signed-azure - 5.4.0.1108.81 linux-cloud-tools-azure - 5.4.0.1108.81 linux-tools-azure - 5.4.0.1108.81 linux-image-azure-edge - 5.4.0.1108.81 linux-azure - 5.4.0.1108.81 linux-image-azure - 5.4.0.1108.81 linux-cloud-tools-azure-edge - 5.4.0.1108.81 linux-signed-azure-edge - 5.4.0.1108.81 linux-modules-extra-azure - 5.4.0.1108.81 linux-signed-image-azure - 5.4.0.1108.81 linux-signed-image-azure-edge - 5.4.0.1108.81 linux-headers-azure-edge - 5.4.0.1108.81 linux-azure-edge - 5.4.0.1108.81 linux-modules-extra-azure-edge - 5.4.0.1108.81 linux-tools-azure-edge - 5.4.0.1108.81 linux-headers-azure - 5.4.0.1108.81 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-generic-lpae-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-snapdragon-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-image-generic-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-snapdragon-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-oem - 5.4.0.149.166~18.04.120 linux-oem-osp1 - 5.4.0.149.166~18.04.120 linux-headers-lowlatency-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-lowlatency-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-oem-osp1 - 5.4.0.149.166~18.04.120 linux-snapdragon-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-lowlatency-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-generic-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-snapdragon-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-oem - 5.4.0.149.166~18.04.120 linux-tools-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-headers-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-generic-lpae-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-tools-oem-osp1 - 5.4.0.149.166~18.04.120 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-oem - 5.4.0.149.166~18.04.120 linux-image-extra-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-generic-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-generic-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-generic-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-snapdragon-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-tools-oem - 5.4.0.149.166~18.04.120 linux-headers-oem-osp1 - 5.4.0.149.166~18.04.120 linux-generic-lpae-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-tools-generic-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-generic-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-image-lowlatency-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-tools-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-lowlatency-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-generic-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.149.166~18.04.120 linux-image-virtual-hwe-18.04-edge - 5.4.0.149.166~18.04.120 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.149.166~18.04.120 No subscription required Medium CVE-2022-3707 CVE-2023-0459 CVE-2023-1075 CVE-2023-1078 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6095-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-raspi2-headers-4.15.0-1132 - 4.15.0-1132.140 linux-tools-4.15.0-1132-raspi2 - 4.15.0-1132.140 linux-headers-4.15.0-1132-raspi2 - 4.15.0-1132.140 linux-buildinfo-4.15.0-1132-raspi2 - 4.15.0-1132.140 linux-modules-4.15.0-1132-raspi2 - 4.15.0-1132.140 linux-raspi2-tools-4.15.0-1132 - 4.15.0-1132.140 linux-image-4.15.0-1132-raspi2 - 4.15.0-1132.140 No subscription required linux-snapdragon-headers-4.15.0-1150 - 4.15.0-1150.160 linux-image-4.15.0-1150-snapdragon - 4.15.0-1150.160 linux-headers-4.15.0-1150-snapdragon - 4.15.0-1150.160 linux-tools-4.15.0-1150-snapdragon - 4.15.0-1150.160 linux-modules-4.15.0-1150-snapdragon - 4.15.0-1150.160 linux-buildinfo-4.15.0-1150-snapdragon - 4.15.0-1150.160 linux-snapdragon-tools-4.15.0-1150 - 4.15.0-1150.160 No subscription required linux-raspi2 - 4.15.0.1132.127 linux-headers-raspi2 - 4.15.0.1132.127 linux-image-raspi2 - 4.15.0.1132.127 linux-tools-raspi2 - 4.15.0.1132.127 No subscription required linux-snapdragon - 4.15.0.1150.149 linux-image-snapdragon - 4.15.0.1150.149 linux-headers-snapdragon - 4.15.0.1150.149 linux-tools-snapdragon - 4.15.0.1150.149 No subscription required Medium CVE-2023-0459 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service. Update Instructions: Run `sudo pro fix USN-6097-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linuxptp - 1.8-1ubuntu0.1 No subscription required Medium CVE-2021-3570 Ubuntu 18.04 LTS It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-19035) It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301) It was discovered that Jhead did not properly handle certain crafted images while processing IPTC data. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing the DQT data. An attacker could cause Jhead to crash. (CVE-2020-6624) Binbin Li discovered that Jhead did not properly handle certain crafted images while processing longitude data. An attacker could cause Jhead to crash. (CVE-2020-6625) Feng Zhao Yang discovered that Jhead did not properly handle certain crafted images while reading JPEG sections. An attacker could cause Jhead to crash. (CVE-2020-26208) It was discovered that Jhead did not properly handle certain crafted images while processing Canon images. An attacker could cause Jhead to crash. (CVE-2021-28276) It was discovered that Jhead did not properly handle certain crafted images when removing a certain type of sections. An attacker could cause Jhead to crash. (CVE-2021-28278) Update Instructions: Run `sudo pro fix USN-6098-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-8~ubuntu0.1 No subscription required Medium CVE-2019-1010301 CVE-2019-1010302 CVE-2019-19035 CVE-2020-26208 CVE-2020-6624 CVE-2020-6625 CVE-2021-28276 CVE-2021-28278 Ubuntu 18.04 LTS It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update Instructions: Run `sudo pro fix USN-6099-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 6.1-1ubuntu1.18.04.1 lib32tinfo-dev - 6.1-1ubuntu1.18.04.1 ncurses-examples - 6.1-1ubuntu1.18.04.1 ncurses-bin - 6.1-1ubuntu1.18.04.1 lib32ncurses5-dev - 6.1-1ubuntu1.18.04.1 lib32ncursesw5 - 6.1-1ubuntu1.18.04.1 libtinfo-dev - 6.1-1ubuntu1.18.04.1 lib32ncursesw5-dev - 6.1-1ubuntu1.18.04.1 lib32tinfo5 - 6.1-1ubuntu1.18.04.1 libtinfo5 - 6.1-1ubuntu1.18.04.1 lib32ncurses5 - 6.1-1ubuntu1.18.04.1 lib64tinfo5 - 6.1-1ubuntu1.18.04.1 libncurses5-dev - 6.1-1ubuntu1.18.04.1 lib64ncurses5 - 6.1-1ubuntu1.18.04.1 lib64ncurses5-dev - 6.1-1ubuntu1.18.04.1 libncurses5 - 6.1-1ubuntu1.18.04.1 libx32ncurses5-dev - 6.1-1ubuntu1.18.04.1 libncursesw5 - 6.1-1ubuntu1.18.04.1 ncurses-base - 6.1-1ubuntu1.18.04.1 libx32tinfo-dev - 6.1-1ubuntu1.18.04.1 ncurses-doc - 6.1-1ubuntu1.18.04.1 libx32ncursesw5 - 6.1-1ubuntu1.18.04.1 libx32ncursesw5-dev - 6.1-1ubuntu1.18.04.1 libx32tinfo5 - 6.1-1ubuntu1.18.04.1 libncursesw5-dev - 6.1-1ubuntu1.18.04.1 ncurses-term - 6.1-1ubuntu1.18.04.1 No subscription required Medium CVE-2019-17594 CVE-2019-17595 CVE-2021-39537 CVE-2022-29458 CVE-2023-29491 Ubuntu 18.04 LTS It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service (ReDoS). Update Instructions: Run `sudo pro fix USN-6100-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhtml-stripscripts-perl - 1.06-1ubuntu0.18.04.1 No subscription required Medium CVE-2023-24038 Ubuntu 18.04 LTS It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. (CVE-2023-1579) It was discovered that GNU binutils did not properly verify the version definitions in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-1972) It was discovered that GNU binutils did not properly validate the size of length parameter in vms-alpha. An attacker could possibly use this issue to cause a crash or access sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-25584) It was discovered that GNU binutils did not properly initialized the file_table field of struct module and the_bfd field of asymbol. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-25585, CVE-2023-25588) Update Instructions: Run `sudo pro fix USN-6101-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils-dev - 2.30-21ubuntu1~18.04.9 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.9 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-multiarch - 2.30-21ubuntu1~18.04.9 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-for-build - 2.30-21ubuntu1~18.04.9 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.9 binutils-i686-gnu - 2.30-21ubuntu1~18.04.9 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-for-host - 2.30-21ubuntu1~18.04.9 binutils-doc - 2.30-21ubuntu1~18.04.9 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-source - 2.30-21ubuntu1~18.04.9 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-common - 2.30-21ubuntu1~18.04.9 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.9 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.9 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.9 libbinutils - 2.30-21ubuntu1~18.04.9 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.9 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.9 binutils - 2.30-21ubuntu1~18.04.9 No subscription required Medium CVE-2023-1579 CVE-2023-1972 CVE-2023-25584 CVE-2023-25585 CVE-2023-25588 Ubuntu 18.04 LTS It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6103-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-json-schema - 0.2.3-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2021-3918 Ubuntu 18.04 LTS Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. (CVE-2023-2454) Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security policies. An authenticated user could possibly use this issue to complete otherwise forbidden reads and modifications. (CVE-2023-2455) Update Instructions: Run `sudo pro fix USN-6104-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postgresql-server-dev-10 - 10.23-0ubuntu0.18.04.2 postgresql-pltcl-10 - 10.23-0ubuntu0.18.04.2 libecpg6 - 10.23-0ubuntu0.18.04.2 libpq-dev - 10.23-0ubuntu0.18.04.2 libpgtypes3 - 10.23-0ubuntu0.18.04.2 postgresql-10 - 10.23-0ubuntu0.18.04.2 postgresql-plperl-10 - 10.23-0ubuntu0.18.04.2 libecpg-dev - 10.23-0ubuntu0.18.04.2 postgresql-plpython3-10 - 10.23-0ubuntu0.18.04.2 libpq5 - 10.23-0ubuntu0.18.04.2 postgresql-plpython-10 - 10.23-0ubuntu0.18.04.2 postgresql-doc-10 - 10.23-0ubuntu0.18.04.2 postgresql-client-10 - 10.23-0ubuntu0.18.04.2 libecpg-compat3 - 10.23-0ubuntu0.18.04.2 No subscription required Medium CVE-2023-2454 CVE-2023-2455 Ubuntu 18.04 LTS The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle. Update Instructions: Run `sudo pro fix USN-6105-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ca-certificates - 20230311ubuntu0.18.04.1 No subscription required None https://launchpad.net/bugs/2020089 Ubuntu 18.04 LTS It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-34055) Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2022-41751) Update Instructions: Run `sudo pro fix USN-6108-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-8~ubuntu0.2 No subscription required Medium CVE-2021-34055 CVE-2022-41751 Ubuntu 18.04 LTS Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6109-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1085-raspi - 5.4.0-1085.96~18.04.1 linux-buildinfo-5.4.0-1085-raspi - 5.4.0-1085.96~18.04.1 linux-tools-5.4.0-1085-raspi - 5.4.0-1085.96~18.04.1 linux-modules-5.4.0-1085-raspi - 5.4.0-1085.96~18.04.1 linux-raspi-5.4-headers-5.4.0-1085 - 5.4.0-1085.96~18.04.1 linux-raspi-5.4-tools-5.4.0-1085 - 5.4.0-1085.96~18.04.1 linux-image-5.4.0-1085-raspi - 5.4.0-1085.96~18.04.1 No subscription required linux-image-raspi-hwe-18.04-edge - 5.4.0.1085.82 linux-tools-raspi-hwe-18.04 - 5.4.0.1085.82 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1085.82 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1085.82 linux-raspi-hwe-18.04-edge - 5.4.0.1085.82 linux-raspi-hwe-18.04 - 5.4.0.1085.82 linux-headers-raspi-hwe-18.04 - 5.4.0.1085.82 linux-image-raspi-hwe-18.04 - 5.4.0.1085.82 No subscription required Medium CVE-2022-3707 CVE-2023-0459 CVE-2023-1075 CVE-2023-1078 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-3496) It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 20.04. (CVE-2021-28275) It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-28277) Kyle Brown discovered that Jhead did not properly handle certain crafted images when editing their comments. An attacker could possibly use this to crash Jhead, resulting in a denial of service. (LP: #2020068) Update Instructions: Run `sudo pro fix USN-6110-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jhead - 1:3.00-8~ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-28275 CVE-2021-28277 CVE-2021-3496 https://launchpad.net/bugs/2020068 Ubuntu 18.04 LTS It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules. Update Instructions: Run `sudo pro fix USN-6112-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.26.1-6ubuntu0.7 perl-modules-5.26 - 5.26.1-6ubuntu0.7 perl-doc - 5.26.1-6ubuntu0.7 perl - 5.26.1-6ubuntu0.7 perl-base - 5.26.1-6ubuntu0.7 libperl5.26 - 5.26.1-6ubuntu0.7 perl-debug - 5.26.1-6ubuntu0.7 No subscription required Medium CVE-2023-31484 Ubuntu 18.04 LTS Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6114-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-nth-check - 1.0.1-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2021-3803 Ubuntu 18.04 LTS Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands. Update Instructions: Run `sudo pro fix USN-6115-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libptexenc-dev - 2017.20170613.44572-8ubuntu0.2 libkpathsea-dev - 2017.20170613.44572-8ubuntu0.2 texlive-binaries - 2017.20170613.44572-8ubuntu0.2 libtexluajit2 - 2017.20170613.44572-8ubuntu0.2 libtexluajit-dev - 2017.20170613.44572-8ubuntu0.2 libptexenc1 - 2017.20170613.44572-8ubuntu0.2 libtexlua52-dev - 2017.20170613.44572-8ubuntu0.2 libtexlua52 - 2017.20170613.44572-8ubuntu0.2 libsynctex-dev - 2017.20170613.44572-8ubuntu0.2 libkpathsea6 - 2017.20170613.44572-8ubuntu0.2 libsynctex1 - 2017.20170613.44572-8ubuntu0.2 No subscription required Medium CVE-2023-32700 Ubuntu 18.04 LTS It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6116-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-hawk - 6.0.1+dfsg-1+deb10u1build0.18.04.1 No subscription required Medium CVE-2022-29167 Ubuntu 18.04 LTS It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648) It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. (CVE-2022-40146) It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890) Update Instructions: Run `sudo pro fix USN-6117-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libbatik-java - 1.10-2~18.04.1 No subscription required Medium CVE-2019-17566 CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146 CVE-2022-41704 CVE-2022-42890 Ubuntu 18.04 LTS Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6118-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-image-unsigned-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-oracle-5.4-headers-5.4.0-1101 - 5.4.0-1101.110~18.04.1 linux-tools-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-modules-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-image-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-modules-extra-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-oracle-5.4-tools-5.4.0-1101 - 5.4.0-1101.110~18.04.1 linux-buildinfo-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 linux-headers-5.4.0-1101-oracle - 5.4.0-1101.110~18.04.1 No subscription required linux-modules-extra-oracle - 5.4.0.1101.110~18.04.73 linux-signed-oracle-edge - 5.4.0.1101.110~18.04.73 linux-headers-oracle - 5.4.0.1101.110~18.04.73 linux-image-oracle - 5.4.0.1101.110~18.04.73 linux-signed-image-oracle-edge - 5.4.0.1101.110~18.04.73 linux-signed-oracle - 5.4.0.1101.110~18.04.73 linux-tools-oracle - 5.4.0.1101.110~18.04.73 linux-tools-oracle-edge - 5.4.0.1101.110~18.04.73 linux-oracle-edge - 5.4.0.1101.110~18.04.73 linux-modules-extra-oracle-edge - 5.4.0.1101.110~18.04.73 linux-signed-image-oracle - 5.4.0.1101.110~18.04.73 linux-image-oracle-edge - 5.4.0.1101.110~18.04.73 linux-oracle - 5.4.0.1101.110~18.04.73 linux-headers-oracle-edge - 5.4.0.1101.110~18.04.73 No subscription required Medium CVE-2022-3707 CVE-2023-0459 CVE-2023-1075 CVE-2023-1078 CVE-2023-1118 CVE-2023-1513 CVE-2023-2162 CVE-2023-32269 Ubuntu 18.04 LTS Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2023-2650) Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1255) Update Instructions: Run `sudo pro fix USN-6119-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0.0 - 1.0.2n-1ubuntu5.13 libssl1.0-dev - 1.0.2n-1ubuntu5.13 openssl1.0 - 1.0.2n-1ubuntu5.13 No subscription required libssl-dev - 1.1.1-1ubuntu2.1~18.04.23 openssl - 1.1.1-1ubuntu2.1~18.04.23 libssl-doc - 1.1.1-1ubuntu2.1~18.04.23 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23 No subscription required Medium CVE-2023-1255 CVE-2023-2650 Ubuntu 18.04 LTS It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Update Instructions: Run `sudo pro fix USN-6125-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ubuntu-core-snapd-units - 2.58+18.04.1 ubuntu-core-launcher - 2.58+18.04.1 snap-confine - 2.58+18.04.1 ubuntu-snappy-cli - 2.58+18.04.1 golang-github-snapcore-snapd-dev - 2.58+18.04.1 snapd-xdg-open - 2.58+18.04.1 snapd - 2.58+18.04.1 golang-github-ubuntu-core-snappy-dev - 2.58+18.04.1 ubuntu-snappy - 2.58+18.04.1 No subscription required Medium CVE-2023-1523 Ubuntu 18.04 LTS It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6128-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcupscgi1 - 2.2.7-1ubuntu2.10 libcups2-dev - 2.2.7-1ubuntu2.10 cups-bsd - 2.2.7-1ubuntu2.10 cups-common - 2.2.7-1ubuntu2.10 cups-core-drivers - 2.2.7-1ubuntu2.10 cups-server-common - 2.2.7-1ubuntu2.10 libcupsimage2 - 2.2.7-1ubuntu2.10 cups-client - 2.2.7-1ubuntu2.10 libcupsmime1 - 2.2.7-1ubuntu2.10 cups-ipp-utils - 2.2.7-1ubuntu2.10 libcups2 - 2.2.7-1ubuntu2.10 cups-ppdc - 2.2.7-1ubuntu2.10 libcupsppdc1 - 2.2.7-1ubuntu2.10 cups - 2.2.7-1ubuntu2.10 libcupsimage2-dev - 2.2.7-1ubuntu2.10 cups-daemon - 2.2.7-1ubuntu2.10 No subscription required Medium CVE-2023-32324 Ubuntu 18.04 LTS USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6129-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.7-3.1ubuntu1.3+esm1 avahi-daemon - 0.7-3.1ubuntu1.3+esm1 avahi-discover - 0.7-3.1ubuntu1.3+esm1 avahi-dnsconfd - 0.7-3.1ubuntu1.3+esm1 avahi-ui-utils - 0.7-3.1ubuntu1.3+esm1 avahi-utils - 0.7-3.1ubuntu1.3+esm1 gir1.2-avahi-0.6 - 0.7-3.1ubuntu1.3+esm1 libavahi-client-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-client3 - 0.7-3.1ubuntu1.3+esm1 libavahi-common-data - 0.7-3.1ubuntu1.3+esm1 libavahi-common-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-common3 - 0.7-3.1ubuntu1.3+esm1 libavahi-compat-libdnssd-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-compat-libdnssd1 - 0.7-3.1ubuntu1.3+esm1 libavahi-core-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-core7 - 0.7-3.1ubuntu1.3+esm1 libavahi-glib-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-glib1 - 0.7-3.1ubuntu1.3+esm1 libavahi-gobject-dev - 0.7-3.1ubuntu1.3+esm1 libavahi-gobject0 - 0.7-3.1ubuntu1.3+esm1 libavahi-ui-gtk3-0 - 0.7-3.1ubuntu1.3+esm1 libavahi-ui-gtk3-dev - 0.7-3.1ubuntu1.3+esm1 python-avahi - 0.7-3.1ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1981 Ubuntu 18.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Update Instructions: Run `sudo pro fix USN-6130-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1120-oracle - 4.15.0-1120.131 linux-oracle-headers-4.15.0-1120 - 4.15.0-1120.131 linux-modules-4.15.0-1120-oracle - 4.15.0-1120.131 linux-image-unsigned-4.15.0-1120-oracle - 4.15.0-1120.131 linux-modules-extra-4.15.0-1120-oracle - 4.15.0-1120.131 linux-tools-4.15.0-1120-oracle - 4.15.0-1120.131 linux-oracle-tools-4.15.0-1120 - 4.15.0-1120.131 linux-image-4.15.0-1120-oracle - 4.15.0-1120.131 linux-headers-4.15.0-1120-oracle - 4.15.0-1120.131 No subscription required linux-modules-4.15.0-1141-kvm - 4.15.0-1141.146 linux-kvm-headers-4.15.0-1141 - 4.15.0-1141.146 linux-buildinfo-4.15.0-1141-kvm - 4.15.0-1141.146 linux-tools-4.15.0-1141-kvm - 4.15.0-1141.146 linux-kvm-tools-4.15.0-1141 - 4.15.0-1141.146 linux-headers-4.15.0-1141-kvm - 4.15.0-1141.146 linux-image-4.15.0-1141-kvm - 4.15.0-1141.146 No subscription required linux-snapdragon-headers-4.15.0-1151 - 4.15.0-1151.161 linux-snapdragon-tools-4.15.0-1151 - 4.15.0-1151.161 linux-image-4.15.0-1151-snapdragon - 4.15.0-1151.161 linux-headers-4.15.0-1151-snapdragon - 4.15.0-1151.161 linux-tools-4.15.0-1151-snapdragon - 4.15.0-1151.161 linux-buildinfo-4.15.0-1151-snapdragon - 4.15.0-1151.161 linux-modules-4.15.0-1151-snapdragon - 4.15.0-1151.161 No subscription required linux-image-4.15.0-1151-gcp - 4.15.0-1151.167 linux-modules-extra-4.15.0-1151-gcp - 4.15.0-1151.167 linux-headers-4.15.0-1151-gcp - 4.15.0-1151.167 linux-buildinfo-4.15.0-1151-gcp - 4.15.0-1151.167 linux-tools-4.15.0-1151-gcp - 4.15.0-1151.167 linux-gcp-4.15-headers-4.15.0-1151 - 4.15.0-1151.167 linux-modules-4.15.0-1151-gcp - 4.15.0-1151.167 linux-gcp-4.15-tools-4.15.0-1151 - 4.15.0-1151.167 linux-image-unsigned-4.15.0-1151-gcp - 4.15.0-1151.167 No subscription required linux-aws-headers-4.15.0-1157 - 4.15.0-1157.170 linux-headers-4.15.0-1157-aws - 4.15.0-1157.170 linux-cloud-tools-4.15.0-1157-aws - 4.15.0-1157.170 linux-image-4.15.0-1157-aws - 4.15.0-1157.170 linux-modules-extra-4.15.0-1157-aws - 4.15.0-1157.170 linux-aws-cloud-tools-4.15.0-1157 - 4.15.0-1157.170 linux-buildinfo-4.15.0-1157-aws - 4.15.0-1157.170 linux-modules-4.15.0-1157-aws - 4.15.0-1157.170 linux-aws-tools-4.15.0-1157 - 4.15.0-1157.170 linux-tools-4.15.0-1157-aws - 4.15.0-1157.170 linux-image-unsigned-4.15.0-1157-aws - 4.15.0-1157.170 No subscription required linux-azure-4.15-headers-4.15.0-1166 - 4.15.0-1166.181 linux-image-4.15.0-1166-azure - 4.15.0-1166.181 linux-image-unsigned-4.15.0-1166-azure - 4.15.0-1166.181 linux-headers-4.15.0-1166-azure - 4.15.0-1166.181 linux-modules-4.15.0-1166-azure - 4.15.0-1166.181 linux-azure-4.15-cloud-tools-4.15.0-1166 - 4.15.0-1166.181 linux-modules-extra-4.15.0-1166-azure - 4.15.0-1166.181 linux-cloud-tools-4.15.0-1166-azure - 4.15.0-1166.181 linux-buildinfo-4.15.0-1166-azure - 4.15.0-1166.181 linux-tools-4.15.0-1166-azure - 4.15.0-1166.181 linux-azure-4.15-tools-4.15.0-1166 - 4.15.0-1166.181 No subscription required linux-headers-4.15.0-212-lowlatency - 4.15.0-212.223 linux-tools-common - 4.15.0-212.223 linux-modules-4.15.0-212-lowlatency - 4.15.0-212.223 linux-tools-host - 4.15.0-212.223 linux-headers-4.15.0-212 - 4.15.0-212.223 linux-doc - 4.15.0-212.223 linux-buildinfo-4.15.0-212-generic - 4.15.0-212.223 linux-tools-4.15.0-212-generic - 4.15.0-212.223 linux-tools-4.15.0-212 - 4.15.0-212.223 linux-image-unsigned-4.15.0-212-generic - 4.15.0-212.223 linux-cloud-tools-4.15.0-212-generic - 4.15.0-212.223 linux-modules-4.15.0-212-generic-lpae - 4.15.0-212.223 linux-buildinfo-4.15.0-212-generic-lpae - 4.15.0-212.223 linux-cloud-tools-4.15.0-212 - 4.15.0-212.223 linux-headers-4.15.0-212-generic - 4.15.0-212.223 linux-libc-dev - 4.15.0-212.223 linux-modules-extra-4.15.0-212-generic - 4.15.0-212.223 linux-image-4.15.0-212-lowlatency - 4.15.0-212.223 linux-image-4.15.0-212-generic - 4.15.0-212.223 linux-tools-4.15.0-212-generic-lpae - 4.15.0-212.223 linux-modules-4.15.0-212-generic - 4.15.0-212.223 linux-cloud-tools-4.15.0-212-lowlatency - 4.15.0-212.223 linux-cloud-tools-common - 4.15.0-212.223 linux-image-unsigned-4.15.0-212-lowlatency - 4.15.0-212.223 linux-buildinfo-4.15.0-212-lowlatency - 4.15.0-212.223 linux-image-4.15.0-212-generic-lpae - 4.15.0-212.223 linux-tools-4.15.0-212-lowlatency - 4.15.0-212.223 linux-source-4.15.0 - 4.15.0-212.223 linux-headers-4.15.0-212-generic-lpae - 4.15.0-212.223 No subscription required linux-oracle-lts-18.04 - 4.15.0.1120.125 linux-image-oracle-lts-18.04 - 4.15.0.1120.125 linux-signed-image-oracle-lts-18.04 - 4.15.0.1120.125 linux-signed-oracle-lts-18.04 - 4.15.0.1120.125 linux-headers-oracle-lts-18.04 - 4.15.0.1120.125 linux-tools-oracle-lts-18.04 - 4.15.0.1120.125 No subscription required linux-kvm - 4.15.0.1141.132 linux-headers-kvm - 4.15.0.1141.132 linux-image-kvm - 4.15.0.1141.132 linux-tools-kvm - 4.15.0.1141.132 No subscription required linux-snapdragon - 4.15.0.1151.150 linux-headers-snapdragon - 4.15.0.1151.150 linux-tools-snapdragon - 4.15.0.1151.150 linux-image-snapdragon - 4.15.0.1151.150 No subscription required linux-modules-extra-gcp-lts-18.04 - 4.15.0.1151.165 linux-gcp-lts-18.04 - 4.15.0.1151.165 linux-tools-gcp-lts-18.04 - 4.15.0.1151.165 linux-image-gcp-lts-18.04 - 4.15.0.1151.165 linux-headers-gcp-lts-18.04 - 4.15.0.1151.165 No subscription required linux-image-aws-lts-18.04 - 4.15.0.1157.155 linux-headers-aws-lts-18.04 - 4.15.0.1157.155 linux-aws-lts-18.04 - 4.15.0.1157.155 linux-modules-extra-aws-lts-18.04 - 4.15.0.1157.155 linux-tools-aws-lts-18.04 - 4.15.0.1157.155 No subscription required linux-modules-extra-azure-lts-18.04 - 4.15.0.1166.134 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1166.134 linux-headers-azure-lts-18.04 - 4.15.0.1166.134 linux-signed-image-azure-lts-18.04 - 4.15.0.1166.134 linux-tools-azure-lts-18.04 - 4.15.0.1166.134 linux-azure-lts-18.04 - 4.15.0.1166.134 linux-signed-azure-lts-18.04 - 4.15.0.1166.134 linux-image-azure-lts-18.04 - 4.15.0.1166.134 No subscription required linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-image-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-cloud-tools-virtual - 4.15.0.212.195 linux-headers-generic-lpae - 4.15.0.212.195 linux-image-extra-virtual-hwe-16.04 - 4.15.0.212.195 linux-image-virtual - 4.15.0.212.195 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.212.195 linux-image-generic - 4.15.0.212.195 linux-tools-lowlatency - 4.15.0.212.195 linux-tools-generic-hwe-16.04-edge - 4.15.0.212.195 linux-headers-generic-hwe-16.04-edge - 4.15.0.212.195 linux-generic-lpae-hwe-16.04 - 4.15.0.212.195 linux-tools-generic-hwe-16.04 - 4.15.0.212.195 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-image-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-generic-lpae-hwe-16.04-edge - 4.15.0.212.195 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.212.195 linux-signed-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-crashdump - 4.15.0.212.195 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.212.195 linux-source - 4.15.0.212.195 linux-signed-image-generic - 4.15.0.212.195 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.212.195 linux-cloud-tools-generic - 4.15.0.212.195 linux-generic-hwe-16.04-edge - 4.15.0.212.195 linux-tools-virtual - 4.15.0.212.195 linux-headers-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-tools-generic-lpae - 4.15.0.212.195 linux-tools-virtual-hwe-16.04 - 4.15.0.212.195 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.212.195 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.212.195 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-generic-lpae - 4.15.0.212.195 linux-image-extra-virtual - 4.15.0.212.195 linux-generic - 4.15.0.212.195 linux-virtual - 4.15.0.212.195 linux-signed-image-generic-hwe-16.04 - 4.15.0.212.195 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.212.195 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-signed-generic-hwe-16.04-edge - 4.15.0.212.195 linux-headers-lowlatency - 4.15.0.212.195 linux-headers-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-headers-generic-hwe-16.04 - 4.15.0.212.195 linux-generic-hwe-16.04 - 4.15.0.212.195 linux-tools-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-tools-generic - 4.15.0.212.195 linux-virtual-hwe-16.04 - 4.15.0.212.195 linux-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-cloud-tools-lowlatency - 4.15.0.212.195 linux-image-generic-hwe-16.04 - 4.15.0.212.195 linux-image-generic-hwe-16.04-edge - 4.15.0.212.195 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-signed-image-lowlatency - 4.15.0.212.195 linux-image-generic-lpae-hwe-16.04 - 4.15.0.212.195 linux-tools-lowlatency-hwe-16.04 - 4.15.0.212.195 linux-signed-generic - 4.15.0.212.195 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.212.195 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.212.195 linux-headers-generic - 4.15.0.212.195 linux-headers-virtual-hwe-16.04 - 4.15.0.212.195 linux-virtual-hwe-16.04-edge - 4.15.0.212.195 linux-image-virtual-hwe-16.04 - 4.15.0.212.195 linux-headers-virtual - 4.15.0.212.195 linux-signed-generic-hwe-16.04 - 4.15.0.212.195 linux-image-generic-lpae - 4.15.0.212.195 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.212.195 linux-signed-lowlatency - 4.15.0.212.195 linux-lowlatency - 4.15.0.212.195 linux-image-lowlatency - 4.15.0.212.195 No subscription required High CVE-2023-1380 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 18.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2612) Update Instructions: Run `sudo pro fix USN-6131-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-headers-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-ibm-5.4-tools-5.4.0-1050 - 5.4.0-1050.55~18.04.1 linux-image-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-ibm-5.4-headers-5.4.0-1050 - 5.4.0-1050.55~18.04.1 linux-modules-extra-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-buildinfo-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-tools-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1050.55~18.04.1 linux-modules-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1050.55~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1050.55~18.04.1 linux-image-unsigned-5.4.0-1050-ibm - 5.4.0-1050.55~18.04.1 No subscription required linux-modules-extra-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-tools-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-image-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-modules-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-headers-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-oracle-5.4-headers-5.4.0-1102 - 5.4.0-1102.111~18.04.1 linux-buildinfo-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-image-unsigned-5.4.0-1102-oracle - 5.4.0-1102.111~18.04.1 linux-oracle-5.4-tools-5.4.0-1102 - 5.4.0-1102.111~18.04.1 No subscription required linux-gcp-5.4-headers-5.4.0-1106 - 5.4.0-1106.115~18.04.1 linux-image-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-image-unsigned-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-headers-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-modules-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-tools-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-buildinfo-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 linux-gcp-5.4-tools-5.4.0-1106 - 5.4.0-1106.115~18.04.1 linux-modules-extra-5.4.0-1106-gcp - 5.4.0-1106.115~18.04.1 No subscription required linux-buildinfo-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-tools-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-image-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-azure-5.4-tools-5.4.0-1109 - 5.4.0-1109.115~18.04.1 linux-azure-5.4-headers-5.4.0-1109 - 5.4.0-1109.115~18.04.1 linux-modules-extra-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-headers-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-image-unsigned-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-modules-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 linux-azure-5.4-cloud-tools-5.4.0-1109 - 5.4.0-1109.115~18.04.1 linux-cloud-tools-5.4.0-1109-azure - 5.4.0-1109.115~18.04.1 No subscription required linux-hwe-5.4-cloud-tools-common - 5.4.0-150.167~18.04.1 linux-cloud-tools-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-modules-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-headers-5.4.0-150-generic-lpae - 5.4.0-150.167~18.04.1 linux-headers-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-buildinfo-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-tools-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-buildinfo-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-image-unsigned-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-hwe-5.4-tools-5.4.0-150 - 5.4.0-150.167~18.04.1 linux-hwe-5.4-headers-5.4.0-150 - 5.4.0-150.167~18.04.1 linux-cloud-tools-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-tools-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-image-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-image-unsigned-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-150.167~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-150 - 5.4.0-150.167~18.04.1 linux-image-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-tools-5.4.0-150-generic-lpae - 5.4.0-150.167~18.04.1 linux-modules-5.4.0-150-lowlatency - 5.4.0-150.167~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-150.167~18.04.1 linux-headers-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-modules-extra-5.4.0-150-generic - 5.4.0-150.167~18.04.1 linux-modules-5.4.0-150-generic-lpae - 5.4.0-150.167~18.04.1 linux-image-5.4.0-150-generic-lpae - 5.4.0-150.167~18.04.1 linux-buildinfo-5.4.0-150-generic-lpae - 5.4.0-150.167~18.04.1 No subscription required linux-image-ibm - 5.4.0.1050.61 linux-tools-ibm-edge - 5.4.0.1050.61 linux-headers-ibm-edge - 5.4.0.1050.61 linux-modules-extra-ibm-edge - 5.4.0.1050.61 linux-ibm - 5.4.0.1050.61 linux-modules-extra-ibm - 5.4.0.1050.61 linux-ibm-edge - 5.4.0.1050.61 linux-headers-ibm - 5.4.0.1050.61 linux-tools-ibm - 5.4.0.1050.61 linux-image-ibm-edge - 5.4.0.1050.61 No subscription required linux-headers-oracle - 5.4.0.1102.111~18.04.74 linux-tools-oracle - 5.4.0.1102.111~18.04.74 linux-signed-image-oracle - 5.4.0.1102.111~18.04.74 linux-signed-oracle - 5.4.0.1102.111~18.04.74 linux-tools-oracle-edge - 5.4.0.1102.111~18.04.74 linux-oracle-edge - 5.4.0.1102.111~18.04.74 linux-image-oracle-edge - 5.4.0.1102.111~18.04.74 linux-modules-extra-oracle-edge - 5.4.0.1102.111~18.04.74 linux-modules-extra-oracle - 5.4.0.1102.111~18.04.74 linux-signed-oracle-edge - 5.4.0.1102.111~18.04.74 linux-signed-image-oracle-edge - 5.4.0.1102.111~18.04.74 linux-headers-oracle-edge - 5.4.0.1102.111~18.04.74 linux-image-oracle - 5.4.0.1102.111~18.04.74 linux-oracle - 5.4.0.1102.111~18.04.74 No subscription required linux-image-gcp-edge - 5.4.0.1106.82 linux-tools-gcp-edge - 5.4.0.1106.82 linux-modules-extra-gcp - 5.4.0.1106.82 linux-headers-gcp-edge - 5.4.0.1106.82 linux-tools-gcp - 5.4.0.1106.82 linux-modules-extra-gcp-edge - 5.4.0.1106.82 linux-gcp - 5.4.0.1106.82 linux-headers-gcp - 5.4.0.1106.82 linux-image-gcp - 5.4.0.1106.82 linux-gcp-edge - 5.4.0.1106.82 No subscription required linux-signed-azure - 5.4.0.1109.82 linux-tools-azure-edge - 5.4.0.1109.82 linux-cloud-tools-azure - 5.4.0.1109.82 linux-tools-azure - 5.4.0.1109.82 linux-image-azure-edge - 5.4.0.1109.82 linux-cloud-tools-azure-edge - 5.4.0.1109.82 linux-modules-extra-azure - 5.4.0.1109.82 linux-headers-azure - 5.4.0.1109.82 linux-azure - 5.4.0.1109.82 linux-image-azure - 5.4.0.1109.82 linux-signed-image-azure - 5.4.0.1109.82 linux-signed-image-azure-edge - 5.4.0.1109.82 linux-azure-edge - 5.4.0.1109.82 linux-modules-extra-azure-edge - 5.4.0.1109.82 linux-headers-azure-edge - 5.4.0.1109.82 linux-signed-azure-edge - 5.4.0.1109.82 No subscription required linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-headers-snapdragon-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-snapdragon-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-snapdragon-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-image-oem - 5.4.0.150.167~18.04.121 linux-tools-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-tools-lowlatency-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-lowlatency-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-lowlatency-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-extra-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-oem - 5.4.0.150.167~18.04.121 linux-image-oem-osp1 - 5.4.0.150.167~18.04.121 linux-image-generic-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-snapdragon-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-generic-lpae-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-generic-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-tools-oem-osp1 - 5.4.0.150.167~18.04.121 linux-tools-snapdragon-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-image-lowlatency-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-generic-lpae-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-oem - 5.4.0.150.167~18.04.121 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-tools-generic-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-headers-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-image-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-generic-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-generic-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-tools-oem - 5.4.0.150.167~18.04.121 linux-headers-oem-osp1 - 5.4.0.150.167~18.04.121 linux-tools-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-generic-lpae-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-generic-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-oem-osp1 - 5.4.0.150.167~18.04.121 linux-tools-generic-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-cloud-tools-generic-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-lowlatency-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.150.167~18.04.121 linux-generic-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.150.167~18.04.121 linux-image-virtual-hwe-18.04-edge - 5.4.0.150.167~18.04.121 No subscription required High CVE-2023-1380 CVE-2023-2612 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 Ubuntu 18.04 LTS Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2612) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118) Update Instructions: Run `sudo pro fix USN-6132-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-modules-extra-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-aws-5.4-tools-5.4.0-1103 - 5.4.0-1103.111~18.04.1 linux-image-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-aws-5.4-headers-5.4.0-1103 - 5.4.0-1103.111~18.04.1 linux-buildinfo-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-tools-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-cloud-tools-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-modules-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-aws-5.4-cloud-tools-5.4.0-1103 - 5.4.0-1103.111~18.04.1 linux-headers-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 linux-image-unsigned-5.4.0-1103-aws - 5.4.0-1103.111~18.04.1 No subscription required linux-modules-extra-aws - 5.4.0.1103.81 linux-aws-edge - 5.4.0.1103.81 linux-modules-extra-aws-edge - 5.4.0.1103.81 linux-tools-aws-edge - 5.4.0.1103.81 linux-image-aws-edge - 5.4.0.1103.81 linux-aws - 5.4.0.1103.81 linux-tools-aws - 5.4.0.1103.81 linux-headers-aws - 5.4.0.1103.81 linux-headers-aws-edge - 5.4.0.1103.81 linux-image-aws - 5.4.0.1103.81 No subscription required High CVE-2022-3707 CVE-2023-0459 CVE-2023-1075 CVE-2023-1078 CVE-2023-1118 CVE-2023-1380 CVE-2023-1513 CVE-2023-2162 CVE-2023-2612 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233 CVE-2023-32269 Ubuntu 18.04 LTS Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. (CVE-2023-24329) Update Instructions: Run `sudo pro fix USN-6139-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python2.7-dev - 2.7.17-1~18.04ubuntu1.13 python2.7-doc - 2.7.17-1~18.04ubuntu1.13 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.13 libpython2.7 - 2.7.17-1~18.04ubuntu1.13 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.13 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.13 python2.7 - 2.7.17-1~18.04ubuntu1.13 idle-python2.7 - 2.7.17-1~18.04ubuntu1.13 python2.7-examples - 2.7.17-1~18.04ubuntu1.13 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.13 python2.7-minimal - 2.7.17-1~18.04ubuntu1.13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro python3.6-dev - 3.6.9-1~18.04ubuntu1.13 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.13 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.13 python3.6-examples - 3.6.9-1~18.04ubuntu1.13 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.13 python3.6-venv - 3.6.9-1~18.04ubuntu1.13 python3.6-minimal - 3.6.9-1~18.04ubuntu1.13 python3.6 - 3.6.9-1~18.04ubuntu1.13 idle-python3.6 - 3.6.9-1~18.04ubuntu1.13 python3.6-doc - 3.6.9-1~18.04ubuntu1.13 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.13 libpython3.6 - 3.6.9-1~18.04ubuntu1.13 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24329 Ubuntu 18.04 LTS Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6142-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.30.0-1ubuntu1+esm1 libnghttp2-doc - 1.30.0-1ubuntu1+esm1 libnghttp2-dev - 1.30.0-1ubuntu1+esm1 nghttp2-proxy - 1.30.0-1ubuntu1+esm1 nghttp2 - 1.30.0-1ubuntu1+esm1 nghttp2-client - 1.30.0-1ubuntu1+esm1 nghttp2-server - 1.30.0-1ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-11080 Ubuntu 18.04 LTS It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377) It was discovered that Sysstat incorrectly handled certain arithmetic multiplications in 64-bit systems, as a result of an incomplete fix for CVE-2022-39377. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-33204) Update Instructions: Run `sudo pro fix USN-6145-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: isag - 11.6.1-1ubuntu0.2+esm1 sysstat - 11.6.1-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-39377 CVE-2023-33204 Ubuntu 18.04 LTS It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-31439) It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0194) It was discovered that Netatalk did not properly handle errors when parsing AppleDouble entries. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23121) It was discovered that Netatalk did not properly validate the length of user-supplied data in the setfilparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23122) It was discovered that Netatalk did not properly validate the length of user-supplied data in the getdirparams function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123) It was discovered that Netatalk did not properly validate the length of user-supplied data in the get_finderinfo function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23124) It was discovered that Netatalk did not properly validate the length of user-supplied data in the copyapplfile function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125) It was discovered that Netatalk did not properly validate the length of user-supplied data in the dsi_writeinit function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43634) It was discovered that Netatalk did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted .appl file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-45188) Update Instructions: Run `sudo pro fix USN-6146-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: netatalk - 2.2.6-1ubuntu0.18.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 Ubuntu 18.04 LTS It was discovered that SNI Proxy did not properly handle wildcard backend hosts. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6148-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sniproxy - 0.5.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2023-25076 Ubuntu 18.04 LTS It was discovered that Jupyter Core executed untrusted files in the current working directory. An attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6153-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jupyter-core-doc - 4.4.0-2ubuntu0.1~esm1 python3-jupyter-core - 4.4.0-2ubuntu0.1~esm1 jupyter - 4.4.0-2ubuntu0.1~esm1 jupyter-core - 4.4.0-2ubuntu0.1~esm1 python-jupyter-core - 4.4.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-39286 Ubuntu 18.04 LTS It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. (CVE-2023-2426) It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-2609) It was discovered that Vim was not properly limiting the length of substitution expression strings, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-2610) Update Instructions: Run `sudo pro fix USN-6154-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim-common - 2:8.0.1453-1ubuntu1.13+esm1 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm1 vim-athena - 2:8.0.1453-1ubuntu1.13+esm1 xxd - 2:8.0.1453-1ubuntu1.13+esm1 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm1 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm1 vim - 2:8.0.1453-1ubuntu1.13+esm1 vim-doc - 2:8.0.1453-1ubuntu1.13+esm1 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm1 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm1 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm1 vim-nox - 2:8.0.1453-1ubuntu1.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 Ubuntu 18.04 LTS USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6155-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-requests - 2.18.4-2ubuntu0.1+esm1 python-requests - 2.18.4-2ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32681 Ubuntu 18.04 LTS It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6158-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-fetch - 1.7.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-0235 Ubuntu 18.04 LTS It was discovered that pano13 did not properly validate the prefix provided for PTcrop's output. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307) It was discovered that pano13 did not properly handle certain crafted TIFF images. An attacker could use this issue to cause pano13 to crash, resulting in a denial of service. (CVE-2021-33293) Update Instructions: Run `sudo pro fix USN-6163-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpano13-dev - 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 libpano13-bin - 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 libpano13-3 - 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-20307 CVE-2021-33293 Ubuntu 18.04 LTS USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-31130) Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service. (CVE-2023-32067) Update Instructions: Run `sudo pro fix USN-6164-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.14.0-1ubuntu0.2+esm1 libc-ares2 - 1.14.0-1ubuntu0.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31130 CVE-2023-32067 Ubuntu 18.04 LTS USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks. Update Instructions: Run `sudo pro fix USN-6165-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libglib2.0-0 - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-bin - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-data - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-dev - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-dev-bin - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-doc - 2.56.4-0ubuntu0.18.04.9+esm3 libglib2.0-tests - 2.56.4-0ubuntu0.18.04.9+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32643 CVE-2023-32665 Ubuntu 18.04 LTS USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-2603) Update Instructions: Run `sudo pro fix USN-6166-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcap2 - 1:2.25-1.2ubuntu0.1~esm1 libcap2-bin - 1:2.25-1.2ubuntu0.1~esm1 libpam-cap - 1:2.25-1.2ubuntu0.1~esm1 libcap-dev - 1:2.25-1.2ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2603 Ubuntu 18.04 LTS It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-1050) It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4144) It was discovered that QEMU did not properly manage memory in the ACPI Error Record Serialization Table (ERST) device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-4172) It was discovered that QEMU did not properly manage memory when DMA memory writes happen repeatedly in the lsi53c895a device. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2023-0330) Update Instructions: Run `sudo pro fix USN-6167-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: qemu-system-common - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-user-static - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-misc - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-block-extra - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-kvm - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-user - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-guest-agent - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-utils - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-user-binfmt - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-arm - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.42+esm1 qemu-system-mips - 1:2.11+dfsg-1ubuntu7.42+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1050 CVE-2022-4144 CVE-2022-4172 CVE-2023-0330 Ubuntu 18.04 LTS USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6168-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.4-3ubuntu0.4+esm1 libx11-data - 2:1.6.4-3ubuntu0.4+esm1 libx11-dev - 2:1.6.4-3ubuntu0.4+esm1 libx11-doc - 2:1.6.4-3ubuntu0.4+esm1 libx11-xcb-dev - 2:1.6.4-3ubuntu0.4+esm1 libx11-xcb1 - 2:1.6.4-3ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3138 Ubuntu 18.04 LTS It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6169-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgsasl7 - 1.8.0-8ubuntu3+esm2 libgsasl7-dev - 1.8.0-8ubuntu3+esm2 gsasl - 1.8.0-8ubuntu3+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2022-2469 Ubuntu 18.04 LTS It was discovered that PyPDF2 incorrectly handled certain PDF files. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6176-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-pypdf2 - 1.26.0-2ubuntu0.1~esm1 python-pypdf2 - 1.26.0-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24859 Ubuntu 18.04 LTS It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6177-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjettison-java - 1.4.0-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40149 CVE-2022-40150 CVE-2022-45685 CVE-2022-45693 Ubuntu 18.04 LTS It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-6246) It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow. (CVE-2021-44960) Update Instructions: Run `sudo pro fix USN-6178-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsvgpp-doc - 1.2.3+dfsg1-3ubuntu1+esm1 libsvgpp-dev - 1.2.3+dfsg1-3ubuntu1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Negligible CVE-2019-6246 CVE-2021-44960 Ubuntu 18.04 LTS It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6179-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjettison-java - 1.4.0-1ubuntu0.18.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-1436 Ubuntu 18.04 LTS It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721) It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13428) It was discovered that VLC could be made to read out of bounds when processing AVI video files. If a user were tricked into opening a crafted AVI video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801, CVE-2021-25802, CVE-2021-25803, CVE-2021-25804) It was discovered that the VNC module of VLC contained an arithmetic overflow. If a user were tricked into opening a crafted playlist or connecting to a rouge VNC server, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2022-41325) Update Instructions: Run `sudo pro fix USN-6180-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvlc-bin - 3.0.8-0ubuntu18.04.1+esm1 libvlc-dev - 3.0.8-0ubuntu18.04.1+esm1 libvlc5 - 3.0.8-0ubuntu18.04.1+esm1 libvlccore-dev - 3.0.8-0ubuntu18.04.1+esm1 libvlccore9 - 3.0.8-0ubuntu18.04.1+esm1 vlc - 3.0.8-0ubuntu18.04.1+esm1 vlc-bin - 3.0.8-0ubuntu18.04.1+esm1 vlc-data - 3.0.8-0ubuntu18.04.1+esm1 vlc-l10n - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-access-extra - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-base - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-fluidsynth - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-jack - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-notify - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-qt - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-samba - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-skins2 - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-svg - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-video-output - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-video-splitter - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-visualization - 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-zvbi - 3.0.8-0ubuntu18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-19721 CVE-2020-13428 CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804 CVE-2022-41325 Ubuntu 18.04 LTS It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6182-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pngcheck - 2.3.0-7ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-27818 CVE-2020-35511 Ubuntu 18.04 LTS USN-6183-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-2828) It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-2911) Update Instructions: Run `sudo pro fix USN-6183-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.19+esm1 bind9-host - 1:9.11.3+dfsg-1ubuntu1.19+esm1 bind9utils - 1:9.11.3+dfsg-1ubuntu1.19+esm1 dnsutils - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libirs160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisc169 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.19+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2828 Ubuntu 18.04 LTS USN-6184-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to possibly obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6184-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.2.7-1ubuntu2.10+esm1 cups-bsd - 2.2.7-1ubuntu2.10+esm1 cups-client - 2.2.7-1ubuntu2.10+esm1 cups-common - 2.2.7-1ubuntu2.10+esm1 cups-core-drivers - 2.2.7-1ubuntu2.10+esm1 cups-daemon - 2.2.7-1ubuntu2.10+esm1 cups-ipp-utils - 2.2.7-1ubuntu2.10+esm1 cups-ppdc - 2.2.7-1ubuntu2.10+esm1 cups-server-common - 2.2.7-1ubuntu2.10+esm1 libcups2 - 2.2.7-1ubuntu2.10+esm1 libcups2-dev - 2.2.7-1ubuntu2.10+esm1 libcupscgi1 - 2.2.7-1ubuntu2.10+esm1 libcupsimage2 - 2.2.7-1ubuntu2.10+esm1 libcupsimage2-dev - 2.2.7-1ubuntu2.10+esm1 libcupsmime1 - 2.2.7-1ubuntu2.10+esm1 libcupsppdc1 - 2.2.7-1ubuntu2.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34241 Ubuntu 18.04 LTS It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd. Update Instructions: Run `sudo pro fix USN-6189-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: etcd - 3.2.17+dfsg-1ubuntu0.1+esm2 etcd-client - 3.2.17+dfsg-1ubuntu0.1+esm2 etcd-server - 3.2.17+dfsg-1ubuntu0.1+esm2 golang-etcd-server-dev - 3.2.17+dfsg-1ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-28235 Ubuntu 18.04 LTS USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6190-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: accountsservice - 0.6.45-1ubuntu1.3+esm1 gir1.2-accountsservice-1.0 - 0.6.45-1ubuntu1.3+esm1 libaccountsservice-dev - 0.6.45-1ubuntu1.3+esm1 libaccountsservice-doc - 0.6.45-1ubuntu1.3+esm1 libaccountsservice0 - 0.6.45-1ubuntu1.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3297 Ubuntu 18.04 LTS USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message. Update Instructions: Run `sudo pro fix USN-6191-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1067-dell300x - 4.15.0-1067.72 linux-dell300x-headers-4.15.0-1067 - 4.15.0-1067.72 linux-dell300x-tools-4.15.0-1067 - 4.15.0-1067.72 linux-headers-4.15.0-1067-dell300x - 4.15.0-1067.72 linux-image-4.15.0-1067-dell300x - 4.15.0-1067.72 linux-image-unsigned-4.15.0-1067-dell300x - 4.15.0-1067.72 linux-modules-4.15.0-1067-dell300x - 4.15.0-1067.72 linux-tools-4.15.0-1067-dell300x - 4.15.0-1067.72 No subscription required linux-buildinfo-4.15.0-1121-oracle - 4.15.0-1121.132 linux-headers-4.15.0-1121-oracle - 4.15.0-1121.132 linux-image-4.15.0-1121-oracle - 4.15.0-1121.132 linux-image-unsigned-4.15.0-1121-oracle - 4.15.0-1121.132 linux-modules-4.15.0-1121-oracle - 4.15.0-1121.132 linux-modules-extra-4.15.0-1121-oracle - 4.15.0-1121.132 linux-oracle-headers-4.15.0-1121 - 4.15.0-1121.132 linux-oracle-tools-4.15.0-1121 - 4.15.0-1121.132 linux-tools-4.15.0-1121-oracle - 4.15.0-1121.132 No subscription required linux-buildinfo-4.15.0-1134-raspi2 - 4.15.0-1134.142 linux-headers-4.15.0-1134-raspi2 - 4.15.0-1134.142 linux-image-4.15.0-1134-raspi2 - 4.15.0-1134.142 linux-modules-4.15.0-1134-raspi2 - 4.15.0-1134.142 linux-raspi2-headers-4.15.0-1134 - 4.15.0-1134.142 linux-raspi2-tools-4.15.0-1134 - 4.15.0-1134.142 linux-tools-4.15.0-1134-raspi2 - 4.15.0-1134.142 No subscription required linux-buildinfo-4.15.0-1142-kvm - 4.15.0-1142.147 linux-headers-4.15.0-1142-kvm - 4.15.0-1142.147 linux-image-4.15.0-1142-kvm - 4.15.0-1142.147 linux-kvm-headers-4.15.0-1142 - 4.15.0-1142.147 linux-kvm-tools-4.15.0-1142 - 4.15.0-1142.147 linux-modules-4.15.0-1142-kvm - 4.15.0-1142.147 linux-tools-4.15.0-1142-kvm - 4.15.0-1142.147 No subscription required linux-buildinfo-4.15.0-1152-snapdragon - 4.15.0-1152.162 linux-headers-4.15.0-1152-snapdragon - 4.15.0-1152.162 linux-image-4.15.0-1152-snapdragon - 4.15.0-1152.162 linux-modules-4.15.0-1152-snapdragon - 4.15.0-1152.162 linux-snapdragon-headers-4.15.0-1152 - 4.15.0-1152.162 linux-snapdragon-tools-4.15.0-1152 - 4.15.0-1152.162 linux-tools-4.15.0-1152-snapdragon - 4.15.0-1152.162 No subscription required linux-buildinfo-4.15.0-1152-gcp - 4.15.0-1152.168 linux-gcp-4.15-headers-4.15.0-1152 - 4.15.0-1152.168 linux-gcp-4.15-tools-4.15.0-1152 - 4.15.0-1152.168 linux-headers-4.15.0-1152-gcp - 4.15.0-1152.168 linux-image-4.15.0-1152-gcp - 4.15.0-1152.168 linux-image-unsigned-4.15.0-1152-gcp - 4.15.0-1152.168 linux-modules-4.15.0-1152-gcp - 4.15.0-1152.168 linux-modules-extra-4.15.0-1152-gcp - 4.15.0-1152.168 linux-tools-4.15.0-1152-gcp - 4.15.0-1152.168 No subscription required linux-aws-cloud-tools-4.15.0-1158 - 4.15.0-1158.171 linux-aws-headers-4.15.0-1158 - 4.15.0-1158.171 linux-aws-tools-4.15.0-1158 - 4.15.0-1158.171 linux-buildinfo-4.15.0-1158-aws - 4.15.0-1158.171 linux-cloud-tools-4.15.0-1158-aws - 4.15.0-1158.171 linux-headers-4.15.0-1158-aws - 4.15.0-1158.171 linux-image-4.15.0-1158-aws - 4.15.0-1158.171 linux-image-unsigned-4.15.0-1158-aws - 4.15.0-1158.171 linux-modules-4.15.0-1158-aws - 4.15.0-1158.171 linux-modules-extra-4.15.0-1158-aws - 4.15.0-1158.171 linux-tools-4.15.0-1158-aws - 4.15.0-1158.171 No subscription required linux-azure-4.15-cloud-tools-4.15.0-1167 - 4.15.0-1167.182 linux-azure-4.15-headers-4.15.0-1167 - 4.15.0-1167.182 linux-azure-4.15-tools-4.15.0-1167 - 4.15.0-1167.182 linux-buildinfo-4.15.0-1167-azure - 4.15.0-1167.182 linux-cloud-tools-4.15.0-1167-azure - 4.15.0-1167.182 linux-headers-4.15.0-1167-azure - 4.15.0-1167.182 linux-image-4.15.0-1167-azure - 4.15.0-1167.182 linux-image-unsigned-4.15.0-1167-azure - 4.15.0-1167.182 linux-modules-4.15.0-1167-azure - 4.15.0-1167.182 linux-modules-extra-4.15.0-1167-azure - 4.15.0-1167.182 linux-tools-4.15.0-1167-azure - 4.15.0-1167.182 No subscription required linux-buildinfo-4.15.0-213-generic - 4.15.0-213.224 linux-buildinfo-4.15.0-213-generic-lpae - 4.15.0-213.224 linux-buildinfo-4.15.0-213-lowlatency - 4.15.0-213.224 linux-cloud-tools-4.15.0-213 - 4.15.0-213.224 linux-cloud-tools-4.15.0-213-generic - 4.15.0-213.224 linux-cloud-tools-4.15.0-213-lowlatency - 4.15.0-213.224 linux-cloud-tools-common - 4.15.0-213.224 linux-doc - 4.15.0-213.224 linux-headers-4.15.0-213 - 4.15.0-213.224 linux-headers-4.15.0-213-generic - 4.15.0-213.224 linux-headers-4.15.0-213-generic-lpae - 4.15.0-213.224 linux-headers-4.15.0-213-lowlatency - 4.15.0-213.224 linux-image-4.15.0-213-generic - 4.15.0-213.224 linux-image-4.15.0-213-generic-lpae - 4.15.0-213.224 linux-image-4.15.0-213-lowlatency - 4.15.0-213.224 linux-image-unsigned-4.15.0-213-generic - 4.15.0-213.224 linux-image-unsigned-4.15.0-213-lowlatency - 4.15.0-213.224 linux-libc-dev - 4.15.0-213.224 linux-modules-4.15.0-213-generic - 4.15.0-213.224 linux-modules-4.15.0-213-generic-lpae - 4.15.0-213.224 linux-modules-4.15.0-213-lowlatency - 4.15.0-213.224 linux-modules-extra-4.15.0-213-generic - 4.15.0-213.224 linux-source-4.15.0 - 4.15.0-213.224 linux-tools-4.15.0-213 - 4.15.0-213.224 linux-tools-4.15.0-213-generic - 4.15.0-213.224 linux-tools-4.15.0-213-generic-lpae - 4.15.0-213.224 linux-tools-4.15.0-213-lowlatency - 4.15.0-213.224 linux-tools-common - 4.15.0-213.224 linux-tools-host - 4.15.0-213.224 No subscription required linux-dell300x - 4.15.0.1067.66 linux-headers-dell300x - 4.15.0.1067.66 linux-image-dell300x - 4.15.0.1067.66 linux-tools-dell300x - 4.15.0.1067.66 No subscription required linux-headers-oracle-lts-18.04 - 4.15.0.1121.126 linux-image-oracle-lts-18.04 - 4.15.0.1121.126 linux-oracle-lts-18.04 - 4.15.0.1121.126 linux-signed-image-oracle-lts-18.04 - 4.15.0.1121.126 linux-signed-oracle-lts-18.04 - 4.15.0.1121.126 linux-tools-oracle-lts-18.04 - 4.15.0.1121.126 No subscription required linux-headers-raspi2 - 4.15.0.1134.129 linux-image-raspi2 - 4.15.0.1134.129 linux-raspi2 - 4.15.0.1134.129 linux-tools-raspi2 - 4.15.0.1134.129 No subscription required linux-headers-kvm - 4.15.0.1142.133 linux-image-kvm - 4.15.0.1142.133 linux-kvm - 4.15.0.1142.133 linux-tools-kvm - 4.15.0.1142.133 No subscription required linux-headers-snapdragon - 4.15.0.1152.151 linux-image-snapdragon - 4.15.0.1152.151 linux-snapdragon - 4.15.0.1152.151 linux-tools-snapdragon - 4.15.0.1152.151 No subscription required linux-gcp-lts-18.04 - 4.15.0.1152.166 linux-headers-gcp-lts-18.04 - 4.15.0.1152.166 linux-image-gcp-lts-18.04 - 4.15.0.1152.166 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1152.166 linux-tools-gcp-lts-18.04 - 4.15.0.1152.166 No subscription required linux-aws-lts-18.04 - 4.15.0.1158.156 linux-headers-aws-lts-18.04 - 4.15.0.1158.156 linux-image-aws-lts-18.04 - 4.15.0.1158.156 linux-modules-extra-aws-lts-18.04 - 4.15.0.1158.156 linux-tools-aws-lts-18.04 - 4.15.0.1158.156 No subscription required linux-azure-lts-18.04 - 4.15.0.1167.135 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1167.135 linux-headers-azure-lts-18.04 - 4.15.0.1167.135 linux-image-azure-lts-18.04 - 4.15.0.1167.135 linux-modules-extra-azure-lts-18.04 - 4.15.0.1167.135 linux-signed-azure-lts-18.04 - 4.15.0.1167.135 linux-signed-image-azure-lts-18.04 - 4.15.0.1167.135 linux-tools-azure-lts-18.04 - 4.15.0.1167.135 No subscription required linux-cloud-tools-generic - 4.15.0.213.196 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.213.196 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.213.196 linux-cloud-tools-lowlatency - 4.15.0.213.196 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-cloud-tools-virtual - 4.15.0.213.196 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.213.196 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.213.196 linux-crashdump - 4.15.0.213.196 linux-generic - 4.15.0.213.196 linux-generic-hwe-16.04 - 4.15.0.213.196 linux-generic-hwe-16.04-edge - 4.15.0.213.196 linux-generic-lpae - 4.15.0.213.196 linux-generic-lpae-hwe-16.04 - 4.15.0.213.196 linux-generic-lpae-hwe-16.04-edge - 4.15.0.213.196 linux-headers-generic - 4.15.0.213.196 linux-headers-generic-hwe-16.04 - 4.15.0.213.196 linux-headers-generic-hwe-16.04-edge - 4.15.0.213.196 linux-headers-generic-lpae - 4.15.0.213.196 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.213.196 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.213.196 linux-headers-lowlatency - 4.15.0.213.196 linux-headers-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-headers-virtual - 4.15.0.213.196 linux-headers-virtual-hwe-16.04 - 4.15.0.213.196 linux-headers-virtual-hwe-16.04-edge - 4.15.0.213.196 linux-image-extra-virtual - 4.15.0.213.196 linux-image-extra-virtual-hwe-16.04 - 4.15.0.213.196 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.213.196 linux-image-generic - 4.15.0.213.196 linux-image-generic-hwe-16.04 - 4.15.0.213.196 linux-image-generic-hwe-16.04-edge - 4.15.0.213.196 linux-image-generic-lpae - 4.15.0.213.196 linux-image-generic-lpae-hwe-16.04 - 4.15.0.213.196 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.213.196 linux-image-lowlatency - 4.15.0.213.196 linux-image-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-image-virtual - 4.15.0.213.196 linux-image-virtual-hwe-16.04 - 4.15.0.213.196 linux-image-virtual-hwe-16.04-edge - 4.15.0.213.196 linux-lowlatency - 4.15.0.213.196 linux-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-signed-generic - 4.15.0.213.196 linux-signed-generic-hwe-16.04 - 4.15.0.213.196 linux-signed-generic-hwe-16.04-edge - 4.15.0.213.196 linux-signed-image-generic - 4.15.0.213.196 linux-signed-image-generic-hwe-16.04 - 4.15.0.213.196 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.213.196 linux-signed-image-lowlatency - 4.15.0.213.196 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-signed-lowlatency - 4.15.0.213.196 linux-signed-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-source - 4.15.0.213.196 linux-tools-generic - 4.15.0.213.196 linux-tools-generic-hwe-16.04 - 4.15.0.213.196 linux-tools-generic-hwe-16.04-edge - 4.15.0.213.196 linux-tools-generic-lpae - 4.15.0.213.196 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.213.196 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.213.196 linux-tools-lowlatency - 4.15.0.213.196 linux-tools-lowlatency-hwe-16.04 - 4.15.0.213.196 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.213.196 linux-tools-virtual - 4.15.0.213.196 linux-tools-virtual-hwe-16.04 - 4.15.0.213.196 linux-tools-virtual-hwe-16.04-edge - 4.15.0.213.196 linux-virtual - 4.15.0.213.196 linux-virtual-hwe-16.04 - 4.15.0.213.196 linux-virtual-hwe-16.04-edge - 4.15.0.213.196 No subscription required None https://launchpad.net/bugs/2020279 Ubuntu 18.04 LTS Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35788, LP: #2023577) It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information (kernel memory) or possibly cause undesired behaviors. (LP: #2023220) Update Instructions: Run `sudo pro fix USN-6193-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-headers-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1052.57~18.04.1 linux-ibm-5.4-headers-5.4.0-1052 - 5.4.0-1052.57~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1052.57~18.04.1 linux-ibm-5.4-tools-5.4.0-1052 - 5.4.0-1052.57~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1052.57~18.04.1 linux-image-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-image-unsigned-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-modules-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-modules-extra-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 linux-tools-5.4.0-1052-ibm - 5.4.0-1052.57~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1089-raspi - 5.4.0-1089.100~18.04.1 linux-headers-5.4.0-1089-raspi - 5.4.0-1089.100~18.04.1 linux-image-5.4.0-1089-raspi - 5.4.0-1089.100~18.04.1 linux-modules-5.4.0-1089-raspi - 5.4.0-1089.100~18.04.1 linux-raspi-5.4-headers-5.4.0-1089 - 5.4.0-1089.100~18.04.1 linux-raspi-5.4-tools-5.4.0-1089 - 5.4.0-1089.100~18.04.1 linux-tools-5.4.0-1089-raspi - 5.4.0-1089.100~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-headers-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-image-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-image-unsigned-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-modules-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-modules-extra-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 linux-oracle-5.4-headers-5.4.0-1104 - 5.4.0-1104.113~18.04.1 linux-oracle-5.4-tools-5.4.0-1104 - 5.4.0-1104.113~18.04.1 linux-tools-5.4.0-1104-oracle - 5.4.0-1104.113~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1105 - 5.4.0-1105.113~18.04.1 linux-aws-5.4-headers-5.4.0-1105 - 5.4.0-1105.113~18.04.1 linux-aws-5.4-tools-5.4.0-1105 - 5.4.0-1105.113~18.04.1 linux-buildinfo-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-cloud-tools-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-headers-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-image-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-image-unsigned-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-modules-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-modules-extra-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 linux-tools-5.4.0-1105-aws - 5.4.0-1105.113~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-gcp-5.4-headers-5.4.0-1108 - 5.4.0-1108.117~18.04.1 linux-gcp-5.4-tools-5.4.0-1108 - 5.4.0-1108.117~18.04.1 linux-headers-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-image-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-image-unsigned-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-modules-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-modules-extra-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 linux-tools-5.4.0-1108-gcp - 5.4.0-1108.117~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1111 - 5.4.0-1111.117~18.04.1 linux-azure-5.4-headers-5.4.0-1111 - 5.4.0-1111.117~18.04.1 linux-azure-5.4-tools-5.4.0-1111 - 5.4.0-1111.117~18.04.1 linux-buildinfo-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-cloud-tools-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-headers-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-image-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-image-unsigned-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-modules-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-modules-extra-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 linux-tools-5.4.0-1111-azure - 5.4.0-1111.117~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-buildinfo-5.4.0-153-generic-lpae - 5.4.0-153.170~18.04.1 linux-buildinfo-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-cloud-tools-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-cloud-tools-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-headers-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-headers-5.4.0-153-generic-lpae - 5.4.0-153.170~18.04.1 linux-headers-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-153 - 5.4.0-153.170~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-153.170~18.04.1 linux-hwe-5.4-headers-5.4.0-153 - 5.4.0-153.170~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-153.170~18.04.1 linux-hwe-5.4-tools-5.4.0-153 - 5.4.0-153.170~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-153.170~18.04.1 linux-image-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-image-5.4.0-153-generic-lpae - 5.4.0-153.170~18.04.1 linux-image-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-image-unsigned-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-image-unsigned-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-modules-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-modules-5.4.0-153-generic-lpae - 5.4.0-153.170~18.04.1 linux-modules-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 linux-modules-extra-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-tools-5.4.0-153-generic - 5.4.0-153.170~18.04.1 linux-tools-5.4.0-153-generic-lpae - 5.4.0-153.170~18.04.1 linux-tools-5.4.0-153-lowlatency - 5.4.0-153.170~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1052.63 linux-headers-ibm-edge - 5.4.0.1052.63 linux-ibm - 5.4.0.1052.63 linux-ibm-edge - 5.4.0.1052.63 linux-image-ibm - 5.4.0.1052.63 linux-image-ibm-edge - 5.4.0.1052.63 linux-modules-extra-ibm - 5.4.0.1052.63 linux-modules-extra-ibm-edge - 5.4.0.1052.63 linux-tools-ibm - 5.4.0.1052.63 linux-tools-ibm-edge - 5.4.0.1052.63 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1089.86 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1089.86 linux-image-raspi-hwe-18.04 - 5.4.0.1089.86 linux-image-raspi-hwe-18.04-edge - 5.4.0.1089.86 linux-raspi-hwe-18.04 - 5.4.0.1089.86 linux-raspi-hwe-18.04-edge - 5.4.0.1089.86 linux-tools-raspi-hwe-18.04 - 5.4.0.1089.86 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1089.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1104.113~18.04.76 linux-headers-oracle-edge - 5.4.0.1104.113~18.04.76 linux-image-oracle - 5.4.0.1104.113~18.04.76 linux-image-oracle-edge - 5.4.0.1104.113~18.04.76 linux-modules-extra-oracle - 5.4.0.1104.113~18.04.76 linux-modules-extra-oracle-edge - 5.4.0.1104.113~18.04.76 linux-oracle - 5.4.0.1104.113~18.04.76 linux-oracle-edge - 5.4.0.1104.113~18.04.76 linux-signed-image-oracle - 5.4.0.1104.113~18.04.76 linux-signed-image-oracle-edge - 5.4.0.1104.113~18.04.76 linux-signed-oracle - 5.4.0.1104.113~18.04.76 linux-signed-oracle-edge - 5.4.0.1104.113~18.04.76 linux-tools-oracle - 5.4.0.1104.113~18.04.76 linux-tools-oracle-edge - 5.4.0.1104.113~18.04.76 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1105.83 linux-aws-edge - 5.4.0.1105.83 linux-headers-aws - 5.4.0.1105.83 linux-headers-aws-edge - 5.4.0.1105.83 linux-image-aws - 5.4.0.1105.83 linux-image-aws-edge - 5.4.0.1105.83 linux-modules-extra-aws - 5.4.0.1105.83 linux-modules-extra-aws-edge - 5.4.0.1105.83 linux-tools-aws - 5.4.0.1105.83 linux-tools-aws-edge - 5.4.0.1105.83 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1108.84 linux-gcp-edge - 5.4.0.1108.84 linux-headers-gcp - 5.4.0.1108.84 linux-headers-gcp-edge - 5.4.0.1108.84 linux-image-gcp - 5.4.0.1108.84 linux-image-gcp-edge - 5.4.0.1108.84 linux-modules-extra-gcp - 5.4.0.1108.84 linux-modules-extra-gcp-edge - 5.4.0.1108.84 linux-tools-gcp - 5.4.0.1108.84 linux-tools-gcp-edge - 5.4.0.1108.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1111.84 linux-azure-edge - 5.4.0.1111.84 linux-cloud-tools-azure - 5.4.0.1111.84 linux-cloud-tools-azure-edge - 5.4.0.1111.84 linux-headers-azure - 5.4.0.1111.84 linux-headers-azure-edge - 5.4.0.1111.84 linux-image-azure - 5.4.0.1111.84 linux-image-azure-edge - 5.4.0.1111.84 linux-modules-extra-azure - 5.4.0.1111.84 linux-modules-extra-azure-edge - 5.4.0.1111.84 linux-signed-azure - 5.4.0.1111.84 linux-signed-azure-edge - 5.4.0.1111.84 linux-signed-image-azure - 5.4.0.1111.84 linux-signed-image-azure-edge - 5.4.0.1111.84 linux-tools-azure - 5.4.0.1111.84 linux-tools-azure-edge - 5.4.0.1111.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-generic-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-generic-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-generic-lpae-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-generic-lpae-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-headers-generic-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-headers-generic-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-headers-lowlatency-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-headers-oem - 5.4.0.153.170~18.04.124 linux-headers-oem-osp1 - 5.4.0.153.170~18.04.124 linux-headers-snapdragon-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-headers-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-headers-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-extra-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-generic-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-generic-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-generic-lpae-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-lowlatency-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-oem - 5.4.0.153.170~18.04.124 linux-image-oem-osp1 - 5.4.0.153.170~18.04.124 linux-image-snapdragon-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-image-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-image-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-lowlatency-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-lowlatency-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-oem - 5.4.0.153.170~18.04.124 linux-oem-osp1 - 5.4.0.153.170~18.04.124 linux-snapdragon-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-snapdragon-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-tools-generic-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-tools-generic-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-tools-lowlatency-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-tools-oem - 5.4.0.153.170~18.04.124 linux-tools-oem-osp1 - 5.4.0.153.170~18.04.124 linux-tools-snapdragon-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-tools-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-tools-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 linux-virtual-hwe-18.04 - 5.4.0.153.170~18.04.124 linux-virtual-hwe-18.04-edge - 5.4.0.153.170~18.04.124 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-35788 https://launchpad.net/bugs/2023577 https://launchpad.net/bugs/2023220 Ubuntu 18.04 LTS It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6197-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ldap-utils - 2.4.45+dfsg-1ubuntu1.11+esm1 libldap-2.4-2 - 2.4.45+dfsg-1ubuntu1.11+esm1 libldap-common - 2.4.45+dfsg-1ubuntu1.11+esm1 libldap2-dev - 2.4.45+dfsg-1ubuntu1.11+esm1 slapd - 2.4.45+dfsg-1ubuntu1.11+esm1 slapd-smbk5pwd - 2.4.45+dfsg-1ubuntu1.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-2953 Ubuntu 18.04 LTS It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application. Update Instructions: Run `sudo pro fix USN-6198-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: screen - 4.6.2-1ubuntu1.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-24626 Ubuntu 18.04 LTS USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6199-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.17+esm1 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2 - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-bz2 - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-cgi - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-cli - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-common - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-curl - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-dba - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-dev - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-enchant - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-fpm - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-gd - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-gmp - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-imap - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-interbase - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-intl - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-json - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-ldap - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-mysql - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-odbc - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-opcache - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-pspell - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-readline - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-recode - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-snmp - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-soap - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-sybase - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-tidy - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-xml - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-xsl - 7.2.24-0ubuntu0.18.04.17+esm1 php7.2-zip - 7.2.24-0ubuntu0.18.04.17+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3247 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243) It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20244, CVE-2021-20309) It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20246) It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20312) It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20313) It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-39212) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906, CVE-2023-3428) It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted tiff file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2023-34151) Update Instructions: Run `sudo pro fix USN-6200-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-29599 CVE-2021-20224 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-3610 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVE-2023-1289 CVE-2023-1906 CVE-2023-3195 CVE-2023-34151 CVE-2023-3428 Ubuntu 18.04 LTS David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. (CVE-2023-25153) It was discovered that containerd incorrectly set up supplementary groups inside a container. An attacker with direct access to the container could possibly use this issue to obtain sensitive information or execute code with higher privileges. (CVE-2023-25173) Update Instructions: Run `sudo pro fix USN-6202-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: containerd - 1.6.12-0ubuntu1~18.04.1+esm1 golang-github-containerd-containerd-dev - 1.6.12-0ubuntu1~18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-25153 CVE-2023-25173 Ubuntu 18.04 LTS USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-6203-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django - 1:1.11.11-1ubuntu1.21+esm1 python-django-common - 1:1.11.11-1ubuntu1.21+esm1 python-django-doc - 1:1.11.11-1ubuntu1.21+esm1 python3-django - 1:1.11.11-1ubuntu1.21+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36053 Ubuntu 18.04 LTS It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6208-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-gorilla-websocket-dev - 1.2.0-1ubuntu2+esm1 golang-websocket-dev - 1.2.0-1ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-27813 Ubuntu 18.04 LTS Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40391, CVE-2021-40394) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40393) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information. (CVE-2021-40400, CVE-2021-40403) Claudio Bozzato discovered that Gerbv incorrectly handled certain Gerber files. An attacker could possibly use this issue to disclose information, crash Gerbv (resulting in a denial of service), or execute arbitrary code. (CVE-2021-40401) Update Instructions: Run `sudo pro fix USN-6209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.1-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-40391 CVE-2021-40393 CVE-2021-40394 CVE-2021-40400 CVE-2021-40401 CVE-2021-40403 Ubuntu 18.04 LTS It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6210-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-doorkeeper - 4.3.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2023-34246 Ubuntu 18.04 LTS It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-3534, CVE-2022-3606) Update Instructions: Run `sudo pro fix USN-6215-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dwarves - 1.21-0ubuntu1~18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-3534 CVE-2022-3606 Ubuntu 18.04 LTS It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue exists because of an incomplete fix for CVE-2023-28755. (CVE-2023-36617) Update Instructions: Run `sudo pro fix USN-6219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libruby2.5 - 2.5.1-1ubuntu1.16+esm1 ruby2.5 - 2.5.1-1ubuntu1.16+esm1 ruby2.5-dev - 2.5.1-1ubuntu1.16+esm1 ruby2.5-doc - 2.5.1-1ubuntu1.16+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28755 CVE-2023-36617 Ubuntu 18.04 LTS It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service. Update Instructions: Run `sudo pro fix USN-6225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: knot-resolver - 2.1.1-1ubuntu0.1~esm2 knot-resolver-doc - 2.1.1-1ubuntu0.1~esm2 knot-resolver-module-http - 2.1.1-1ubuntu0.1~esm2 libkres-dev - 2.1.1-1ubuntu0.1~esm2 libkres6 - 2.1.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-40188 Ubuntu 18.04 LTS It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-25433, CVE-2023-26965) It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service (CVE-2023-26966) It was discovered that LibTIFF was not properly performing bounds checks when closing a previously opened TIFF file, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3316) Update Instructions: Run `sudo pro fix USN-6229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-dev - 4.0.9-5ubuntu0.10+esm1 libtiff-doc - 4.0.9-5ubuntu0.10+esm1 libtiff-opengl - 4.0.9-5ubuntu0.10+esm1 libtiff-tools - 4.0.9-5ubuntu0.10+esm1 libtiff5 - 4.0.9-5ubuntu0.10+esm1 libtiff5-dev - 4.0.9-5ubuntu0.10+esm1 libtiffxx5 - 4.0.9-5ubuntu0.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-3316 Ubuntu 18.04 LTS It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: wkhtmltopdf - 0.12.4-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-21365 Ubuntu 18.04 LTS It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service (application abort). (CVE-2017-16516) It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-24795) It was discovered that memory leaks existed in one of the YAJL parsing functions. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2023-33460) Update Instructions: Run `sudo pro fix USN-6233-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libyajl-dev - 2.1.0-2ubuntu0.18.04.1~esm1 libyajl-doc - 2.1.0-2ubuntu0.18.04.1~esm1 libyajl2 - 2.1.0-2ubuntu0.18.04.1~esm1 yajl-tools - 2.1.0-2ubuntu0.18.04.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-16516 CVE-2022-24795 CVE-2023-33460 Ubuntu 18.04 LTS It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488) Update Instructions: Run `sudo pro fix USN-6236-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: connman - 1.35-6ubuntu0.1~esm1 connman-dev - 1.35-6ubuntu0.1~esm1 connman-doc - 1.35-6ubuntu0.1~esm1 connman-vpn - 1.35-6ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-26675 CVE-2021-26676 CVE-2021-33833 CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 CVE-2022-32292 CVE-2022-32293 CVE-2023-28488 Ubuntu 18.04 LTS USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. (CVE-2023-28321) Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. (CVE-2023-28322) It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001) Update Instructions: Run `sudo pro fix USN-6237-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.58.0-2ubuntu3.24+esm1 libcurl3-gnutls - 7.58.0-2ubuntu3.24+esm1 libcurl3-nss - 7.58.0-2ubuntu3.24+esm1 libcurl4 - 7.58.0-2ubuntu3.24+esm1 libcurl4-doc - 7.58.0-2ubuntu3.24+esm1 libcurl4-gnutls-dev - 7.58.0-2ubuntu3.24+esm1 libcurl4-nss-dev - 7.58.0-2ubuntu3.24+esm1 libcurl4-openssl-dev - 7.58.0-2ubuntu3.24+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-28321 CVE-2023-28322 Ubuntu 18.04 LTS It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification. Update Instructions: Run `sudo pro fix USN-6239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ecdsautils - 0.3.2+git20151018-2ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24884 Ubuntu 18.04 LTS USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6242-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.6p1-4ubuntu0.7+esm1 openssh-server - 1:7.6p1-4ubuntu0.7+esm1 openssh-sftp-server - 1:7.6p1-4ubuntu0.7+esm1 ssh - 1:7.6p1-4ubuntu0.7+esm1 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.7+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38408 Ubuntu 18.04 LTS It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638) It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2022-4728, CVE-2022-4729, CVE-2022-4730) Update Instructions: Run `sudo pro fix USN-6243-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphite-web - 1.0.2+debian-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-18638 CVE-2022-4728 CVE-2022-4729 CVE-2022-4730 Ubuntu 18.04 LTS USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the applied fix was incomplete. This update fixes the problem. Original advisory details: It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638) It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2022-4728, CVE-2022-4729, CVE-2022-4730) Update Instructions: Run `sudo pro fix USN-6243-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphite-web - 1.0.2+debian-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro None https://launchpad.net/bugs/2030807 Ubuntu 18.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6244-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 Ubuntu 18.04 LTS It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6251-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-headers-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1053.58~18.04.1 linux-ibm-5.4-headers-5.4.0-1053 - 5.4.0-1053.58~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1053.58~18.04.1 linux-ibm-5.4-tools-5.4.0-1053 - 5.4.0-1053.58~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1053.58~18.04.1 linux-image-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-image-unsigned-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-modules-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-modules-extra-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 linux-tools-5.4.0-1053-ibm - 5.4.0-1053.58~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1090-raspi - 5.4.0-1090.101~18.04.1 linux-headers-5.4.0-1090-raspi - 5.4.0-1090.101~18.04.1 linux-image-5.4.0-1090-raspi - 5.4.0-1090.101~18.04.1 linux-modules-5.4.0-1090-raspi - 5.4.0-1090.101~18.04.1 linux-raspi-5.4-headers-5.4.0-1090 - 5.4.0-1090.101~18.04.1 linux-raspi-5.4-tools-5.4.0-1090 - 5.4.0-1090.101~18.04.1 linux-tools-5.4.0-1090-raspi - 5.4.0-1090.101~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-headers-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-image-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-image-unsigned-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-modules-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-modules-extra-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 linux-oracle-5.4-headers-5.4.0-1105 - 5.4.0-1105.114~18.04.1 linux-oracle-5.4-tools-5.4.0-1105 - 5.4.0-1105.114~18.04.1 linux-tools-5.4.0-1105-oracle - 5.4.0-1105.114~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1106 - 5.4.0-1106.114~18.04.1 linux-aws-5.4-headers-5.4.0-1106 - 5.4.0-1106.114~18.04.1 linux-aws-5.4-tools-5.4.0-1106 - 5.4.0-1106.114~18.04.1 linux-buildinfo-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-cloud-tools-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-headers-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-image-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-image-unsigned-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-modules-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-modules-extra-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 linux-tools-5.4.0-1106-aws - 5.4.0-1106.114~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-gcp-5.4-headers-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-gcp-5.4-tools-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-headers-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-image-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-image-unsigned-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-modules-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-modules-extra-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 linux-tools-5.4.0-1109-gcp - 5.4.0-1109.118~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1112 - 5.4.0-1112.118~18.04.1 linux-azure-5.4-headers-5.4.0-1112 - 5.4.0-1112.118~18.04.1 linux-azure-5.4-tools-5.4.0-1112 - 5.4.0-1112.118~18.04.1 linux-buildinfo-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-cloud-tools-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-headers-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-image-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-image-unsigned-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-modules-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-modules-extra-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 linux-tools-5.4.0-1112-azure - 5.4.0-1112.118~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-buildinfo-5.4.0-155-generic-lpae - 5.4.0-155.172~18.04.1 linux-buildinfo-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-cloud-tools-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-cloud-tools-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-headers-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-headers-5.4.0-155-generic-lpae - 5.4.0-155.172~18.04.1 linux-headers-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-155 - 5.4.0-155.172~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-155.172~18.04.1 linux-hwe-5.4-headers-5.4.0-155 - 5.4.0-155.172~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-155.172~18.04.1 linux-hwe-5.4-tools-5.4.0-155 - 5.4.0-155.172~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-155.172~18.04.1 linux-image-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-image-5.4.0-155-generic-lpae - 5.4.0-155.172~18.04.1 linux-image-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-image-unsigned-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-image-unsigned-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-modules-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-modules-5.4.0-155-generic-lpae - 5.4.0-155.172~18.04.1 linux-modules-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 linux-modules-extra-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-tools-5.4.0-155-generic - 5.4.0-155.172~18.04.1 linux-tools-5.4.0-155-generic-lpae - 5.4.0-155.172~18.04.1 linux-tools-5.4.0-155-lowlatency - 5.4.0-155.172~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1053.64 linux-headers-ibm-edge - 5.4.0.1053.64 linux-ibm - 5.4.0.1053.64 linux-ibm-edge - 5.4.0.1053.64 linux-image-ibm - 5.4.0.1053.64 linux-image-ibm-edge - 5.4.0.1053.64 linux-modules-extra-ibm - 5.4.0.1053.64 linux-modules-extra-ibm-edge - 5.4.0.1053.64 linux-tools-ibm - 5.4.0.1053.64 linux-tools-ibm-edge - 5.4.0.1053.64 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1090.87 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1090.87 linux-image-raspi-hwe-18.04 - 5.4.0.1090.87 linux-image-raspi-hwe-18.04-edge - 5.4.0.1090.87 linux-raspi-hwe-18.04 - 5.4.0.1090.87 linux-raspi-hwe-18.04-edge - 5.4.0.1090.87 linux-tools-raspi-hwe-18.04 - 5.4.0.1090.87 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1090.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1105.114~18.04.77 linux-headers-oracle-edge - 5.4.0.1105.114~18.04.77 linux-image-oracle - 5.4.0.1105.114~18.04.77 linux-image-oracle-edge - 5.4.0.1105.114~18.04.77 linux-modules-extra-oracle - 5.4.0.1105.114~18.04.77 linux-modules-extra-oracle-edge - 5.4.0.1105.114~18.04.77 linux-oracle - 5.4.0.1105.114~18.04.77 linux-oracle-edge - 5.4.0.1105.114~18.04.77 linux-signed-image-oracle - 5.4.0.1105.114~18.04.77 linux-signed-image-oracle-edge - 5.4.0.1105.114~18.04.77 linux-signed-oracle - 5.4.0.1105.114~18.04.77 linux-signed-oracle-edge - 5.4.0.1105.114~18.04.77 linux-tools-oracle - 5.4.0.1105.114~18.04.77 linux-tools-oracle-edge - 5.4.0.1105.114~18.04.77 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1106.84 linux-aws-edge - 5.4.0.1106.84 linux-headers-aws - 5.4.0.1106.84 linux-headers-aws-edge - 5.4.0.1106.84 linux-image-aws - 5.4.0.1106.84 linux-image-aws-edge - 5.4.0.1106.84 linux-modules-extra-aws - 5.4.0.1106.84 linux-modules-extra-aws-edge - 5.4.0.1106.84 linux-tools-aws - 5.4.0.1106.84 linux-tools-aws-edge - 5.4.0.1106.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1109.85 linux-gcp-edge - 5.4.0.1109.85 linux-headers-gcp - 5.4.0.1109.85 linux-headers-gcp-edge - 5.4.0.1109.85 linux-image-gcp - 5.4.0.1109.85 linux-image-gcp-edge - 5.4.0.1109.85 linux-modules-extra-gcp - 5.4.0.1109.85 linux-modules-extra-gcp-edge - 5.4.0.1109.85 linux-tools-gcp - 5.4.0.1109.85 linux-tools-gcp-edge - 5.4.0.1109.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1112.85 linux-azure-edge - 5.4.0.1112.85 linux-cloud-tools-azure - 5.4.0.1112.85 linux-cloud-tools-azure-edge - 5.4.0.1112.85 linux-headers-azure - 5.4.0.1112.85 linux-headers-azure-edge - 5.4.0.1112.85 linux-image-azure - 5.4.0.1112.85 linux-image-azure-edge - 5.4.0.1112.85 linux-modules-extra-azure - 5.4.0.1112.85 linux-modules-extra-azure-edge - 5.4.0.1112.85 linux-signed-azure - 5.4.0.1112.85 linux-signed-azure-edge - 5.4.0.1112.85 linux-signed-image-azure - 5.4.0.1112.85 linux-signed-image-azure-edge - 5.4.0.1112.85 linux-tools-azure - 5.4.0.1112.85 linux-tools-azure-edge - 5.4.0.1112.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-generic-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-generic-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-generic-lpae-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-generic-lpae-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-headers-generic-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-headers-generic-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-headers-lowlatency-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-headers-oem - 5.4.0.155.172~18.04.125 linux-headers-oem-osp1 - 5.4.0.155.172~18.04.125 linux-headers-snapdragon-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-headers-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-headers-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-extra-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-generic-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-generic-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-generic-lpae-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-lowlatency-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-oem - 5.4.0.155.172~18.04.125 linux-image-oem-osp1 - 5.4.0.155.172~18.04.125 linux-image-snapdragon-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-image-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-image-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-lowlatency-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-lowlatency-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-oem - 5.4.0.155.172~18.04.125 linux-oem-osp1 - 5.4.0.155.172~18.04.125 linux-snapdragon-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-snapdragon-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-tools-generic-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-tools-generic-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-tools-lowlatency-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-tools-oem - 5.4.0.155.172~18.04.125 linux-tools-oem-osp1 - 5.4.0.155.172~18.04.125 linux-tools-snapdragon-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-tools-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-tools-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 linux-virtual-hwe-18.04 - 5.4.0.155.172~18.04.125 linux-virtual-hwe-18.04-edge - 5.4.0.155.172~18.04.125 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-3090 CVE-2023-32629 CVE-2023-3390 CVE-2023-35001 Ubuntu 18.04 LTS It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3303) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2023-1859) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Update Instructions: Run `sudo pro fix USN-6252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1068-dell300x - 4.15.0-1068.73 linux-dell300x-headers-4.15.0-1068 - 4.15.0-1068.73 linux-dell300x-tools-4.15.0-1068 - 4.15.0-1068.73 linux-headers-4.15.0-1068-dell300x - 4.15.0-1068.73 linux-image-4.15.0-1068-dell300x - 4.15.0-1068.73 linux-image-unsigned-4.15.0-1068-dell300x - 4.15.0-1068.73 linux-modules-4.15.0-1068-dell300x - 4.15.0-1068.73 linux-tools-4.15.0-1068-dell300x - 4.15.0-1068.73 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1122-oracle - 4.15.0-1122.133 linux-headers-4.15.0-1122-oracle - 4.15.0-1122.133 linux-image-4.15.0-1122-oracle - 4.15.0-1122.133 linux-image-unsigned-4.15.0-1122-oracle - 4.15.0-1122.133 linux-modules-4.15.0-1122-oracle - 4.15.0-1122.133 linux-modules-extra-4.15.0-1122-oracle - 4.15.0-1122.133 linux-oracle-headers-4.15.0-1122 - 4.15.0-1122.133 linux-oracle-tools-4.15.0-1122 - 4.15.0-1122.133 linux-tools-4.15.0-1122-oracle - 4.15.0-1122.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1143-kvm - 4.15.0-1143.148 linux-headers-4.15.0-1143-kvm - 4.15.0-1143.148 linux-image-4.15.0-1143-kvm - 4.15.0-1143.148 linux-kvm-headers-4.15.0-1143 - 4.15.0-1143.148 linux-kvm-tools-4.15.0-1143 - 4.15.0-1143.148 linux-modules-4.15.0-1143-kvm - 4.15.0-1143.148 linux-tools-4.15.0-1143-kvm - 4.15.0-1143.148 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1153-snapdragon - 4.15.0-1153.163 linux-headers-4.15.0-1153-snapdragon - 4.15.0-1153.163 linux-image-4.15.0-1153-snapdragon - 4.15.0-1153.163 linux-modules-4.15.0-1153-snapdragon - 4.15.0-1153.163 linux-snapdragon-headers-4.15.0-1153 - 4.15.0-1153.163 linux-snapdragon-tools-4.15.0-1153 - 4.15.0-1153.163 linux-tools-4.15.0-1153-snapdragon - 4.15.0-1153.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1153-gcp - 4.15.0-1153.170 linux-gcp-4.15-headers-4.15.0-1153 - 4.15.0-1153.170 linux-gcp-4.15-tools-4.15.0-1153 - 4.15.0-1153.170 linux-headers-4.15.0-1153-gcp - 4.15.0-1153.170 linux-image-4.15.0-1153-gcp - 4.15.0-1153.170 linux-image-unsigned-4.15.0-1153-gcp - 4.15.0-1153.170 linux-modules-4.15.0-1153-gcp - 4.15.0-1153.170 linux-modules-extra-4.15.0-1153-gcp - 4.15.0-1153.170 linux-tools-4.15.0-1153-gcp - 4.15.0-1153.170 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1159 - 4.15.0-1159.172 linux-aws-headers-4.15.0-1159 - 4.15.0-1159.172 linux-aws-tools-4.15.0-1159 - 4.15.0-1159.172 linux-buildinfo-4.15.0-1159-aws - 4.15.0-1159.172 linux-cloud-tools-4.15.0-1159-aws - 4.15.0-1159.172 linux-headers-4.15.0-1159-aws - 4.15.0-1159.172 linux-image-4.15.0-1159-aws - 4.15.0-1159.172 linux-image-unsigned-4.15.0-1159-aws - 4.15.0-1159.172 linux-modules-4.15.0-1159-aws - 4.15.0-1159.172 linux-modules-extra-4.15.0-1159-aws - 4.15.0-1159.172 linux-tools-4.15.0-1159-aws - 4.15.0-1159.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1168 - 4.15.0-1168.183 linux-azure-4.15-headers-4.15.0-1168 - 4.15.0-1168.183 linux-azure-4.15-tools-4.15.0-1168 - 4.15.0-1168.183 linux-buildinfo-4.15.0-1168-azure - 4.15.0-1168.183 linux-cloud-tools-4.15.0-1168-azure - 4.15.0-1168.183 linux-headers-4.15.0-1168-azure - 4.15.0-1168.183 linux-image-4.15.0-1168-azure - 4.15.0-1168.183 linux-image-unsigned-4.15.0-1168-azure - 4.15.0-1168.183 linux-modules-4.15.0-1168-azure - 4.15.0-1168.183 linux-modules-extra-4.15.0-1168-azure - 4.15.0-1168.183 linux-tools-4.15.0-1168-azure - 4.15.0-1168.183 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-214-generic - 4.15.0-214.225 linux-buildinfo-4.15.0-214-generic-lpae - 4.15.0-214.225 linux-buildinfo-4.15.0-214-lowlatency - 4.15.0-214.225 linux-cloud-tools-4.15.0-214 - 4.15.0-214.225 linux-cloud-tools-4.15.0-214-generic - 4.15.0-214.225 linux-cloud-tools-4.15.0-214-lowlatency - 4.15.0-214.225 linux-cloud-tools-common - 4.15.0-214.225 linux-doc - 4.15.0-214.225 linux-headers-4.15.0-214 - 4.15.0-214.225 linux-headers-4.15.0-214-generic - 4.15.0-214.225 linux-headers-4.15.0-214-generic-lpae - 4.15.0-214.225 linux-headers-4.15.0-214-lowlatency - 4.15.0-214.225 linux-image-4.15.0-214-generic - 4.15.0-214.225 linux-image-4.15.0-214-generic-lpae - 4.15.0-214.225 linux-image-4.15.0-214-lowlatency - 4.15.0-214.225 linux-image-unsigned-4.15.0-214-generic - 4.15.0-214.225 linux-image-unsigned-4.15.0-214-lowlatency - 4.15.0-214.225 linux-libc-dev - 4.15.0-214.225 linux-modules-4.15.0-214-generic - 4.15.0-214.225 linux-modules-4.15.0-214-generic-lpae - 4.15.0-214.225 linux-modules-4.15.0-214-lowlatency - 4.15.0-214.225 linux-modules-extra-4.15.0-214-generic - 4.15.0-214.225 linux-source-4.15.0 - 4.15.0-214.225 linux-tools-4.15.0-214 - 4.15.0-214.225 linux-tools-4.15.0-214-generic - 4.15.0-214.225 linux-tools-4.15.0-214-generic-lpae - 4.15.0-214.225 linux-tools-4.15.0-214-lowlatency - 4.15.0-214.225 linux-tools-common - 4.15.0-214.225 linux-tools-host - 4.15.0-214.225 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-dell300x - 4.15.0.1068.67 linux-headers-dell300x - 4.15.0.1068.67 linux-image-dell300x - 4.15.0.1068.67 linux-tools-dell300x - 4.15.0.1068.67 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1122.127 linux-image-oracle-lts-18.04 - 4.15.0.1122.127 linux-oracle-lts-18.04 - 4.15.0.1122.127 linux-signed-image-oracle-lts-18.04 - 4.15.0.1122.127 linux-signed-oracle-lts-18.04 - 4.15.0.1122.127 linux-tools-oracle-lts-18.04 - 4.15.0.1122.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1143.134 linux-image-kvm - 4.15.0.1143.134 linux-kvm - 4.15.0.1143.134 linux-tools-kvm - 4.15.0.1143.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-snapdragon - 4.15.0.1153.152 linux-image-snapdragon - 4.15.0.1153.152 linux-snapdragon - 4.15.0.1153.152 linux-tools-snapdragon - 4.15.0.1153.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1153.167 linux-headers-gcp-lts-18.04 - 4.15.0.1153.167 linux-image-gcp-lts-18.04 - 4.15.0.1153.167 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1153.167 linux-tools-gcp-lts-18.04 - 4.15.0.1153.167 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1159.157 linux-headers-aws-lts-18.04 - 4.15.0.1159.157 linux-image-aws-lts-18.04 - 4.15.0.1159.157 linux-modules-extra-aws-lts-18.04 - 4.15.0.1159.157 linux-tools-aws-lts-18.04 - 4.15.0.1159.157 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1168.136 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1168.136 linux-headers-azure-lts-18.04 - 4.15.0.1168.136 linux-image-azure-lts-18.04 - 4.15.0.1168.136 linux-modules-extra-azure-lts-18.04 - 4.15.0.1168.136 linux-signed-azure-lts-18.04 - 4.15.0.1168.136 linux-signed-image-azure-lts-18.04 - 4.15.0.1168.136 linux-tools-azure-lts-18.04 - 4.15.0.1168.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.214.197 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.214.197 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.214.197 linux-cloud-tools-lowlatency - 4.15.0.214.197 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-cloud-tools-virtual - 4.15.0.214.197 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.214.197 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.214.197 linux-crashdump - 4.15.0.214.197 linux-generic - 4.15.0.214.197 linux-generic-hwe-16.04 - 4.15.0.214.197 linux-generic-hwe-16.04-edge - 4.15.0.214.197 linux-generic-lpae - 4.15.0.214.197 linux-generic-lpae-hwe-16.04 - 4.15.0.214.197 linux-generic-lpae-hwe-16.04-edge - 4.15.0.214.197 linux-headers-generic - 4.15.0.214.197 linux-headers-generic-hwe-16.04 - 4.15.0.214.197 linux-headers-generic-hwe-16.04-edge - 4.15.0.214.197 linux-headers-generic-lpae - 4.15.0.214.197 linux-headers-generic-lpae-hwe-16.04 - 4.15.0.214.197 linux-headers-generic-lpae-hwe-16.04-edge - 4.15.0.214.197 linux-headers-lowlatency - 4.15.0.214.197 linux-headers-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-headers-virtual - 4.15.0.214.197 linux-headers-virtual-hwe-16.04 - 4.15.0.214.197 linux-headers-virtual-hwe-16.04-edge - 4.15.0.214.197 linux-image-extra-virtual - 4.15.0.214.197 linux-image-extra-virtual-hwe-16.04 - 4.15.0.214.197 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.214.197 linux-image-generic - 4.15.0.214.197 linux-image-generic-hwe-16.04 - 4.15.0.214.197 linux-image-generic-hwe-16.04-edge - 4.15.0.214.197 linux-image-generic-lpae - 4.15.0.214.197 linux-image-generic-lpae-hwe-16.04 - 4.15.0.214.197 linux-image-generic-lpae-hwe-16.04-edge - 4.15.0.214.197 linux-image-lowlatency - 4.15.0.214.197 linux-image-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-image-virtual - 4.15.0.214.197 linux-image-virtual-hwe-16.04 - 4.15.0.214.197 linux-image-virtual-hwe-16.04-edge - 4.15.0.214.197 linux-lowlatency - 4.15.0.214.197 linux-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-signed-generic - 4.15.0.214.197 linux-signed-generic-hwe-16.04 - 4.15.0.214.197 linux-signed-generic-hwe-16.04-edge - 4.15.0.214.197 linux-signed-image-generic - 4.15.0.214.197 linux-signed-image-generic-hwe-16.04 - 4.15.0.214.197 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.214.197 linux-signed-image-lowlatency - 4.15.0.214.197 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-signed-lowlatency - 4.15.0.214.197 linux-signed-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-source - 4.15.0.214.197 linux-tools-generic - 4.15.0.214.197 linux-tools-generic-hwe-16.04 - 4.15.0.214.197 linux-tools-generic-hwe-16.04-edge - 4.15.0.214.197 linux-tools-generic-lpae - 4.15.0.214.197 linux-tools-generic-lpae-hwe-16.04 - 4.15.0.214.197 linux-tools-generic-lpae-hwe-16.04-edge - 4.15.0.214.197 linux-tools-lowlatency - 4.15.0.214.197 linux-tools-lowlatency-hwe-16.04 - 4.15.0.214.197 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.214.197 linux-tools-virtual - 4.15.0.214.197 linux-tools-virtual-hwe-16.04 - 4.15.0.214.197 linux-tools-virtual-hwe-16.04-edge - 4.15.0.214.197 linux-virtual - 4.15.0.214.197 linux-virtual-hwe-16.04 - 4.15.0.214.197 linux-virtual-hwe-16.04-edge - 4.15.0.214.197 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-1184 CVE-2022-3303 CVE-2023-1611 CVE-2023-1670 CVE-2023-1859 CVE-2023-1990 CVE-2023-2124 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 Ubuntu 18.04 LTS It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. (CVE-2023-20867) Update Instructions: Run `sudo pro fix USN-6257-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:11.0.5-4ubuntu0.18.04.3+esm1 open-vm-tools-desktop - 2:11.0.5-4ubuntu0.18.04.3+esm1 open-vm-tools-dev - 2:11.0.5-4ubuntu0.18.04.3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-20867 Ubuntu 18.04 LTS Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987) Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988) Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437) Update Instructions: Run `sudo pro fix USN-6259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iscsiuio - 2.0.874-5ubuntu2.11+esm1 open-iscsi - 2.0.874-5ubuntu2.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 Ubuntu 18.04 LTS It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-13164) It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-15466) It was discovered that Wireshark did not properly handle certain Kafka packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-17498) It was discovered that Wireshark did not properly handle certain TCP packages containing an invalid 0xFFFF checksum. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25862) It was discovered that Wireshark did not properly handle certain MIME packages containing invalid parts. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. (CVE-2020-25863) Update Instructions: Run `sudo pro fix USN-6262-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwireshark-data - 2.6.10-1~ubuntu18.04.0+esm1 libwireshark-dev - 2.6.10-1~ubuntu18.04.0+esm1 libwireshark11 - 2.6.10-1~ubuntu18.04.0+esm1 libwiretap-dev - 2.6.10-1~ubuntu18.04.0+esm1 libwiretap8 - 2.6.10-1~ubuntu18.04.0+esm1 libwscodecs2 - 2.6.10-1~ubuntu18.04.0+esm1 libwsutil-dev - 2.6.10-1~ubuntu18.04.0+esm1 libwsutil9 - 2.6.10-1~ubuntu18.04.0+esm1 tshark - 2.6.10-1~ubuntu18.04.0+esm1 wireshark - 2.6.10-1~ubuntu18.04.0+esm1 wireshark-common - 2.6.10-1~ubuntu18.04.0+esm1 wireshark-dev - 2.6.10-1~ubuntu18.04.0+esm1 wireshark-doc - 2.6.10-1~ubuntu18.04.0+esm1 wireshark-gtk - 2.6.10-1~ubuntu18.04.0+esm1 wireshark-qt - 2.6.10-1~ubuntu18.04.0+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13164 CVE-2020-15466 CVE-2020-17498 CVE-2020-25862 CVE-2020-25863 Ubuntu 18.04 LTS Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006) Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22036) David Stancu discovered that OpenJDK had a flaw in the AES cipher implementation. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22041) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses when using the binary '%' operator. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2023-22044) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22045) It was discovered that OpenJDK incorrectly sanitized URIs strings. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22049) It was discovered that OpenJDK incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-25193) Update Instructions: Run `sudo pro fix USN-6263-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.20+8-1ubuntu1~18.04 openjdk-11-doc - 11.0.20+8-1ubuntu1~18.04 openjdk-11-jdk - 11.0.20+8-1ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.20+8-1ubuntu1~18.04 openjdk-11-jre - 11.0.20+8-1ubuntu1~18.04 openjdk-11-jre-headless - 11.0.20+8-1ubuntu1~18.04 openjdk-11-jre-zero - 11.0.20+8-1ubuntu1~18.04 openjdk-11-source - 11.0.20+8-1ubuntu1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro openjdk-17-demo - 17.0.8+7-1~18.04 openjdk-17-doc - 17.0.8+7-1~18.04 openjdk-17-jdk - 17.0.8+7-1~18.04 openjdk-17-jdk-headless - 17.0.8+7-1~18.04 openjdk-17-jre - 17.0.8+7-1~18.04 openjdk-17-jre-headless - 17.0.8+7-1~18.04 openjdk-17-jre-zero - 17.0.8+7-1~18.04 openjdk-17-source - 17.0.8+7-1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro openjdk-8-demo - 8u382-ga-1~18.04.1 openjdk-8-doc - 8u382-ga-1~18.04.1 openjdk-8-jdk - 8u382-ga-1~18.04.1 openjdk-8-jdk-headless - 8u382-ga-1~18.04.1 openjdk-8-jre - 8u382-ga-1~18.04.1 openjdk-8-jre-headless - 8u382-ga-1~18.04.1 openjdk-8-jre-zero - 8u382-ga-1~18.04.1 openjdk-8-source - 8u382-ga-1~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 Ubuntu 18.04 LTS USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006) Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22036) David Stancu discovered that OpenJDK had a flaw in the AES cipher implementation. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22041) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses when using the binary '%' operator. An attacker could possibly use this issue to obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2023-22044) Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2023-22045) It was discovered that OpenJDK incorrectly sanitized URIs strings. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2023-22049) It was discovered that OpenJDK incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-25193) Update Instructions: Run `sudo pro fix USN-6263-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-doc - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-jdk - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-jre - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.20.1+1-0ubuntu1~18.04 openjdk-11-source - 11.0.20.1+1-0ubuntu1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro openjdk-17-demo - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-doc - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-jdk - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-jdk-headless - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-jre - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-jre-headless - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-jre-zero - 17.0.8.1+1~us1-0ubuntu1~18.04 openjdk-17-source - 17.0.8.1+1~us1-0ubuntu1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2032865 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2182) It was discovered that Vim incorrectly handled memory when deleting buffers in diff mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2208) It was discovered that Vim incorrectly handled memory access. An attacker could possibly use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2210) It was discovered that Vim incorrectly handled memory when using nested :source. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2231) It was discovered that Vim did not properly perform bounds checks when processing a menu item with the only modifier. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2257) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. (CVE-2022-2264, CVE-2022-2284, CVE-2022-2289) It was discovered that Vim did not properly perform bounds checks when going over the end of the typahead. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2285) It was discovered that Vim did not properly perform bounds checks when reading the provided string. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2286) It was discovered that Vim incorrectly handled memory when adding words with a control character to the internal spell word list. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-2287) Update Instructions: Run `sudo pro fix USN-6270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm3 vim-athena - 2:8.0.1453-1ubuntu1.13+esm3 vim-common - 2:8.0.1453-1ubuntu1.13+esm3 vim-doc - 2:8.0.1453-1ubuntu1.13+esm3 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm3 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm3 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm3 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm3 vim-nox - 2:8.0.1453-1ubuntu1.13+esm3 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm3 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm3 xxd - 2:8.0.1453-1ubuntu1.13+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2182 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2289 Ubuntu 18.04 LTS Xiang Li discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-30256) Huascar Tejeda discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-31137) Update Instructions: Run `sudo pro fix USN-6271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: duende - 2.0.13-1.2ubuntu0.1~esm1 maradns - 2.0.13-1.2ubuntu0.1~esm1 maradns-deadwood - 2.0.13-1.2ubuntu0.1~esm1 maradns-docs - 2.0.13-1.2ubuntu0.1~esm1 maradns-zoneserver - 2.0.13-1.2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-30256 CVE-2023-31137 Ubuntu 18.04 LTS Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user. Update Instructions: Run `sudo pro fix USN-6275-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cargo - 0.66.0+ds0ubuntu0.libgit2-0ubuntu0.18.04.1~esm1 cargo-doc - 0.66.0+ds0ubuntu0.libgit2-0ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-38497 Ubuntu 18.04 LTS It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013) It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-3838) It was discovered that Dompdf was not properly validating processed HTML content that referenced both a remote base and a local file, which could result in the bypass of a chroot check. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-2400) Update Instructions: Run `sudo pro fix USN-6277-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: php-dompdf - 0.6.2+dfsg-3ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2014-5011 CVE-2014-5012 CVE-2014-5013 CVE-2021-3838 CVE-2022-2400 Ubuntu 18.04 LTS It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the best-preference default algorithm. Update Instructions: Run `sudo pro fix USN-6279-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.6p1-4ubuntu0.7+esm2 openssh-server - 1:7.6p1-4ubuntu0.7+esm2 openssh-sftp-server - 1:7.6p1-4ubuntu0.7+esm2 ssh - 1:7.6p1-4ubuntu0.7+esm2 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.7+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2030275 Ubuntu 18.04 LTS It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6280-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pypdf2 - 1.26.0-2ubuntu0.1~esm2 python3-pypdf2 - 1.26.0-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-36810 Ubuntu 18.04 LTS Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6281-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: velocity - 1.7-5ubuntu0.18.04.1~esm1 velocity-doc - 1.7-5ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13936 Ubuntu 18.04 LTS Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvelocity-tools-java - 2.0-7ubuntu0.18.04.1~esm1 libvelocity-tools-java-doc - 2.0-7ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13959 Ubuntu 18.04 LTS It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service (infinite recursion). (CVE-2020-36691) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0168) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that a race condition existed in the qdisc implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0590) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) Update Instructions: Run `sudo pro fix USN-6284-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1091-raspi - 5.4.0-1091.102~18.04.1 linux-headers-5.4.0-1091-raspi - 5.4.0-1091.102~18.04.1 linux-image-5.4.0-1091-raspi - 5.4.0-1091.102~18.04.1 linux-modules-5.4.0-1091-raspi - 5.4.0-1091.102~18.04.1 linux-raspi-5.4-headers-5.4.0-1091 - 5.4.0-1091.102~18.04.1 linux-raspi-5.4-tools-5.4.0-1091 - 5.4.0-1091.102~18.04.1 linux-tools-5.4.0-1091-raspi - 5.4.0-1091.102~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-headers-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-image-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-image-unsigned-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-modules-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-modules-extra-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 linux-oracle-5.4-headers-5.4.0-1106 - 5.4.0-1106.115~18.04.1 linux-oracle-5.4-tools-5.4.0-1106 - 5.4.0-1106.115~18.04.1 linux-tools-5.4.0-1106-oracle - 5.4.0-1106.115~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1107 - 5.4.0-1107.115~18.04.1 linux-aws-5.4-headers-5.4.0-1107 - 5.4.0-1107.115~18.04.1 linux-aws-5.4-tools-5.4.0-1107 - 5.4.0-1107.115~18.04.1 linux-buildinfo-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-cloud-tools-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-headers-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-image-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-image-unsigned-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-modules-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-modules-extra-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 linux-tools-5.4.0-1107-aws - 5.4.0-1107.115~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-gcp-5.4-headers-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-gcp-5.4-tools-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-headers-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-image-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-image-unsigned-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-modules-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-modules-extra-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 linux-tools-5.4.0-1110-gcp - 5.4.0-1110.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1091.88 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1091.88 linux-image-raspi-hwe-18.04 - 5.4.0.1091.88 linux-image-raspi-hwe-18.04-edge - 5.4.0.1091.88 linux-raspi-hwe-18.04 - 5.4.0.1091.88 linux-raspi-hwe-18.04-edge - 5.4.0.1091.88 linux-tools-raspi-hwe-18.04 - 5.4.0.1091.88 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1091.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1106.115~18.04.78 linux-headers-oracle-edge - 5.4.0.1106.115~18.04.78 linux-image-oracle - 5.4.0.1106.115~18.04.78 linux-image-oracle-edge - 5.4.0.1106.115~18.04.78 linux-modules-extra-oracle - 5.4.0.1106.115~18.04.78 linux-modules-extra-oracle-edge - 5.4.0.1106.115~18.04.78 linux-oracle - 5.4.0.1106.115~18.04.78 linux-oracle-edge - 5.4.0.1106.115~18.04.78 linux-signed-image-oracle - 5.4.0.1106.115~18.04.78 linux-signed-image-oracle-edge - 5.4.0.1106.115~18.04.78 linux-signed-oracle - 5.4.0.1106.115~18.04.78 linux-signed-oracle-edge - 5.4.0.1106.115~18.04.78 linux-tools-oracle - 5.4.0.1106.115~18.04.78 linux-tools-oracle-edge - 5.4.0.1106.115~18.04.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1107.85 linux-aws-edge - 5.4.0.1107.85 linux-headers-aws - 5.4.0.1107.85 linux-headers-aws-edge - 5.4.0.1107.85 linux-image-aws - 5.4.0.1107.85 linux-image-aws-edge - 5.4.0.1107.85 linux-modules-extra-aws - 5.4.0.1107.85 linux-modules-extra-aws-edge - 5.4.0.1107.85 linux-tools-aws - 5.4.0.1107.85 linux-tools-aws-edge - 5.4.0.1107.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1110.86 linux-gcp-edge - 5.4.0.1110.86 linux-headers-gcp - 5.4.0.1110.86 linux-headers-gcp-edge - 5.4.0.1110.86 linux-image-gcp - 5.4.0.1110.86 linux-image-gcp-edge - 5.4.0.1110.86 linux-modules-extra-gcp - 5.4.0.1110.86 linux-modules-extra-gcp-edge - 5.4.0.1110.86 linux-tools-gcp - 5.4.0.1110.86 linux-tools-gcp-edge - 5.4.0.1110.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36691 CVE-2022-0168 CVE-2022-1184 CVE-2022-27672 CVE-2022-4269 CVE-2023-0590 CVE-2023-1611 CVE-2023-1855 CVE-2023-1990 CVE-2023-2124 CVE-2023-2194 CVE-2023-28466 CVE-2023-30772 CVE-2023-3111 CVE-2023-3141 CVE-2023-33203 Ubuntu 18.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) It was discovered that some Intel(R) Xeon(R) Processors did not properly restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged user could use this to further escalate their privileges. (CVE-2022-41804) It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors did not properly restrict access in some situations. A local privileged attacker could use this to obtain sensitive information. (CVE-2023-23908) Update Instructions: Run `sudo pro fix USN-6286-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20230808.0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40982 CVE-2022-41804 CVE-2023-23908 Ubuntu 18.04 LTS Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2021-4235) It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2022-3064) Update Instructions: Run `sudo pro fix USN-6287-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-gopkg-yaml.v2-dev - 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 golang-yaml.v2-dev - 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-4235 CVE-2022-3064 Ubuntu 18.04 LTS USN-6288-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.43 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html https://www.oracle.com/security-alerts/cpujul2023.html Update Instructions: Run `sudo pro fix USN-6288-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 5.7.43-0ubuntu0.18.04.1+esm1 libmysqlclient20 - 5.7.43-0ubuntu0.18.04.1+esm1 libmysqld-dev - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-client - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-client-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-client-core-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-server - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-server-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-server-core-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-source-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-testsuite - 5.7.43-0ubuntu0.18.04.1+esm1 mysql-testsuite-5.7 - 5.7.43-0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22015 CVE-2023-22026 CVE-2023-22053 Ubuntu 18.04 LTS It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-48281) It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-2731) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-2908) It was discovered that LibTIFF incorrectly handled certain file paths. If a user were tricked into specifying certain output paths, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2023-3618) It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-25433, CVE-2023-26966) It was discovered that LibTIFF did not properly managed memory when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-26965) It was discovered that LibTIFF contained an arithmetic overflow. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-38288, CVE-2023-38289) Update Instructions: Run `sudo pro fix USN-6290-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-dev - 4.0.9-5ubuntu0.10+esm2 libtiff-doc - 4.0.9-5ubuntu0.10+esm2 libtiff-opengl - 4.0.9-5ubuntu0.10+esm2 libtiff-tools - 4.0.9-5ubuntu0.10+esm2 libtiff5 - 4.0.9-5ubuntu0.10+esm2 libtiff5-dev - 4.0.9-5ubuntu0.10+esm2 libtiffxx5 - 4.0.9-5ubuntu0.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48281 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-2731 CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-38288 CVE-2023-38289 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6297-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38559 Ubuntu 18.04 LTS Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7727) YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-18442) Update Instructions: Run `sudo pro fix USN-6298-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzzip-0-13 - 0.13.62-3.1ubuntu0.18.04.1+esm1 libzzip-dev - 0.13.62-3.1ubuntu0.18.04.1+esm1 zziplib-bin - 0.13.62-3.1ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2018-7727 CVE-2020-18442 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-36023, CVE-2020-36024) Update Instructions: Run `sudo pro fix USN-6299-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.14+esm1 libpoppler-cpp-dev - 0.62.0-2ubuntu2.14+esm1 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.14+esm1 libpoppler-dev - 0.62.0-2ubuntu2.14+esm1 libpoppler-glib-dev - 0.62.0-2ubuntu2.14+esm1 libpoppler-glib-doc - 0.62.0-2ubuntu2.14+esm1 libpoppler-glib8 - 0.62.0-2ubuntu2.14+esm1 libpoppler-private-dev - 0.62.0-2ubuntu2.14+esm1 libpoppler-qt5-1 - 0.62.0-2ubuntu2.14+esm1 libpoppler-qt5-dev - 0.62.0-2ubuntu2.14+esm1 libpoppler73 - 0.62.0-2ubuntu2.14+esm1 poppler-utils - 0.62.0-2ubuntu2.14+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36023 CVE-2020-36024 Ubuntu 18.04 LTS It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service (infinite recursion). (CVE-2020-36691) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0168) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that a race condition existed in the qdisc implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0590) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) Update Instructions: Run `sudo pro fix USN-6301-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-buildinfo-5.4.0-156-generic-lpae - 5.4.0-156.173~18.04.1 linux-buildinfo-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-cloud-tools-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-cloud-tools-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-headers-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-headers-5.4.0-156-generic-lpae - 5.4.0-156.173~18.04.1 linux-headers-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-156 - 5.4.0-156.173~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-156.173~18.04.1 linux-hwe-5.4-headers-5.4.0-156 - 5.4.0-156.173~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-156.173~18.04.1 linux-hwe-5.4-tools-5.4.0-156 - 5.4.0-156.173~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-156.173~18.04.1 linux-image-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-image-5.4.0-156-generic-lpae - 5.4.0-156.173~18.04.1 linux-image-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-image-unsigned-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-image-unsigned-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-modules-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-modules-5.4.0-156-generic-lpae - 5.4.0-156.173~18.04.1 linux-modules-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 linux-modules-extra-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-tools-5.4.0-156-generic - 5.4.0-156.173~18.04.1 linux-tools-5.4.0-156-generic-lpae - 5.4.0-156.173~18.04.1 linux-tools-5.4.0-156-lowlatency - 5.4.0-156.173~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-generic-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-generic-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-generic-lpae-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-generic-lpae-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-headers-generic-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-headers-generic-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-headers-lowlatency-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-headers-oem - 5.4.0.156.173~18.04.126 linux-headers-oem-osp1 - 5.4.0.156.173~18.04.126 linux-headers-snapdragon-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-headers-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-headers-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-extra-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-generic-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-generic-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-generic-lpae-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-lowlatency-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-oem - 5.4.0.156.173~18.04.126 linux-image-oem-osp1 - 5.4.0.156.173~18.04.126 linux-image-snapdragon-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-image-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-image-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-lowlatency-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-lowlatency-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-oem - 5.4.0.156.173~18.04.126 linux-oem-osp1 - 5.4.0.156.173~18.04.126 linux-snapdragon-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-snapdragon-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-tools-generic-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-tools-generic-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-tools-lowlatency-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-tools-oem - 5.4.0.156.173~18.04.126 linux-tools-oem-osp1 - 5.4.0.156.173~18.04.126 linux-tools-snapdragon-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-tools-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-tools-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 linux-virtual-hwe-18.04 - 5.4.0.156.173~18.04.126 linux-virtual-hwe-18.04-edge - 5.4.0.156.173~18.04.126 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36691 CVE-2022-0168 CVE-2022-1184 CVE-2022-27672 CVE-2022-4269 CVE-2023-0590 CVE-2023-1611 CVE-2023-1855 CVE-2023-1990 CVE-2023-2124 CVE-2023-2194 CVE-2023-28466 CVE-2023-30772 CVE-2023-3111 CVE-2023-3141 CVE-2023-33203 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2522, CVE-2022-2580, CVE-2022-2817, CVE-2022-2819, CVE-2022-2862, CVE-2022-2889, CVE-2022-2982, CVE-2022-3134) It was discovered that Vim did not properly perform bounds checks in the diff mode in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2598) It was discovered that Vim did not properly perform bounds checks in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2816) It was discovered that Vim incorrectly handled memory when skipping compiled code. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2874) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3016, CVE-2022-3037) It was discovered that Vim incorrectly handled memory when invalid line number on ":for" is ignored. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3099) It was discovered that Vim incorrectly handled memory when passing invalid arguments to the assert_fails() method. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3153) Update Instructions: Run `sudo pro fix USN-6302-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm4 vim-athena - 2:8.0.1453-1ubuntu1.13+esm4 vim-common - 2:8.0.1453-1ubuntu1.13+esm4 vim-doc - 2:8.0.1453-1ubuntu1.13+esm4 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm4 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm4 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm4 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm4 vim-nox - 2:8.0.1453-1ubuntu1.13+esm4 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm4 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm4 xxd - 2:8.0.1453-1ubuntu1.13+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-2522 CVE-2022-2580 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 Ubuntu 18.04 LTS USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6303-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: clamav - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-base - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-daemon - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-docs - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-freshclam - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-milter - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamav-testfiles - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 clamdscan - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 libclamav-dev - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 libclamav9 - 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20197 Ubuntu 18.04 LTS USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-3823) It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2023-3824) Update Instructions: Run `sudo pro fix USN-6305-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.17+esm2 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2 - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-bz2 - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-cgi - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-cli - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-common - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-curl - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-dba - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-dev - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-enchant - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-fpm - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-gd - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-gmp - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-imap - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-interbase - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-intl - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-json - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-ldap - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-mysql - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-odbc - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-opcache - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-pspell - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-readline - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-recode - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-snmp - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-soap - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-sybase - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-tidy - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-xml - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-xsl - 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-zip - 7.2.24-0ubuntu0.18.04.17+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3823 CVE-2023-3824 https://launchpad.net/bugs/2054511 Ubuntu 18.04 LTS It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service (system crash) or might expose sensitive information. Update Instructions: Run `sudo pro fix USN-6307-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcjose-dev - 0.6.0+dfsg1-1ubuntu0.1~esm1 libcjose0 - 0.6.0+dfsg1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-37464 Ubuntu 18.04 LTS It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service (infinite recursion). (CVE-2020-36691) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0168) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that a race condition existed in the qdisc implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0590) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) Update Instructions: Run `sudo pro fix USN-6312-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-headers-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1054.59~18.04.1 linux-ibm-5.4-headers-5.4.0-1054 - 5.4.0-1054.59~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1054.59~18.04.1 linux-ibm-5.4-tools-5.4.0-1054 - 5.4.0-1054.59~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1054.59~18.04.1 linux-image-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-image-unsigned-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-modules-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-modules-extra-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 linux-tools-5.4.0-1054-ibm - 5.4.0-1054.59~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1054.65 linux-headers-ibm-edge - 5.4.0.1054.65 linux-ibm - 5.4.0.1054.65 linux-ibm-edge - 5.4.0.1054.65 linux-image-ibm - 5.4.0.1054.65 linux-image-ibm-edge - 5.4.0.1054.65 linux-modules-extra-ibm - 5.4.0.1054.65 linux-modules-extra-ibm-edge - 5.4.0.1054.65 linux-tools-ibm - 5.4.0.1054.65 linux-tools-ibm-edge - 5.4.0.1054.65 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36691 CVE-2022-0168 CVE-2022-1184 CVE-2022-27672 CVE-2022-4269 CVE-2023-0590 CVE-2023-1611 CVE-2023-1855 CVE-2023-1990 CVE-2023-2124 CVE-2023-2194 CVE-2023-28466 CVE-2023-30772 CVE-2023-3111 CVE-2023-3141 CVE-2023-33203 Ubuntu 18.04 LTS It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277, CVE-2021-32278, CVE-2023-38857, CVE-2023-38858) It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-32276) Update Instructions: Run `sudo pro fix USN-6313-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: faad - 2.8.8-1ubuntu0.1~esm1 libfaad-dev - 2.8.8-1ubuntu0.1~esm1 libfaad2 - 2.8.8-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-32272 CVE-2021-32273 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278 CVE-2023-38857 CVE-2023-38858 Ubuntu 18.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6317-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-5.4-cloud-tools-5.4.0-1108 - 5.4.0-1108.116~18.04.1 linux-aws-5.4-headers-5.4.0-1108 - 5.4.0-1108.116~18.04.1 linux-aws-5.4-tools-5.4.0-1108 - 5.4.0-1108.116~18.04.1 linux-buildinfo-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-cloud-tools-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-headers-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-image-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-image-unsigned-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-modules-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-modules-extra-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 linux-tools-5.4.0-1108-aws - 5.4.0-1108.116~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-buildinfo-5.4.0-159-generic-lpae - 5.4.0-159.176~18.04.1 linux-buildinfo-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-cloud-tools-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-cloud-tools-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-headers-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-headers-5.4.0-159-generic-lpae - 5.4.0-159.176~18.04.1 linux-headers-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-159 - 5.4.0-159.176~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-159.176~18.04.1 linux-hwe-5.4-headers-5.4.0-159 - 5.4.0-159.176~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-159.176~18.04.1 linux-hwe-5.4-tools-5.4.0-159 - 5.4.0-159.176~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-159.176~18.04.1 linux-image-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-image-5.4.0-159-generic-lpae - 5.4.0-159.176~18.04.1 linux-image-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-image-unsigned-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-image-unsigned-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-modules-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-modules-5.4.0-159-generic-lpae - 5.4.0-159.176~18.04.1 linux-modules-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 linux-modules-extra-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-tools-5.4.0-159-generic - 5.4.0-159.176~18.04.1 linux-tools-5.4.0-159-generic-lpae - 5.4.0-159.176~18.04.1 linux-tools-5.4.0-159-lowlatency - 5.4.0-159.176~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1108.86 linux-aws-edge - 5.4.0.1108.86 linux-headers-aws - 5.4.0.1108.86 linux-headers-aws-edge - 5.4.0.1108.86 linux-image-aws - 5.4.0.1108.86 linux-image-aws-edge - 5.4.0.1108.86 linux-modules-extra-aws - 5.4.0.1108.86 linux-modules-extra-aws-edge - 5.4.0.1108.86 linux-tools-aws - 5.4.0.1108.86 linux-tools-aws-edge - 5.4.0.1108.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-generic-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-generic-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-generic-lpae-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-generic-lpae-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-headers-generic-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-headers-generic-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-headers-generic-lpae-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-headers-generic-lpae-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-headers-lowlatency-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-headers-oem - 5.4.0.159.176~18.04.127 linux-headers-oem-osp1 - 5.4.0.159.176~18.04.127 linux-headers-snapdragon-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-headers-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-headers-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-extra-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-generic-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-generic-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-generic-lpae-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-generic-lpae-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-lowlatency-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-oem - 5.4.0.159.176~18.04.127 linux-image-oem-osp1 - 5.4.0.159.176~18.04.127 linux-image-snapdragon-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-image-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-image-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-lowlatency-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-lowlatency-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-oem - 5.4.0.159.176~18.04.127 linux-oem-osp1 - 5.4.0.159.176~18.04.127 linux-snapdragon-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-snapdragon-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-tools-generic-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-tools-generic-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-tools-generic-lpae-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-tools-generic-lpae-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-tools-lowlatency-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-tools-oem - 5.4.0.159.176~18.04.127 linux-tools-oem-osp1 - 5.4.0.159.176~18.04.127 linux-tools-snapdragon-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-tools-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-tools-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 linux-virtual-hwe-18.04 - 5.4.0.159.176~18.04.127 linux-virtual-hwe-18.04-edge - 5.4.0.159.176~18.04.127 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-20593 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. Update Instructions: Run `sudo pro fix USN-6319-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amd64-microcode - 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20569 Ubuntu 18.04 LTS It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665) It was discovered that elfutils incorrectly handled bounds checks in certain functions when processing malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. (CVE-2020-21047, CVE-2021-33294) Update Instructions: Run `sudo pro fix USN-6322-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: elfutils - 0.170-0.4ubuntu0.1+esm1 libasm-dev - 0.170-0.4ubuntu0.1+esm1 libasm1 - 0.170-0.4ubuntu0.1+esm1 libdw-dev - 0.170-0.4ubuntu0.1+esm1 libdw1 - 0.170-0.4ubuntu0.1+esm1 libelf-dev - 0.170-0.4ubuntu0.1+esm1 libelf1 - 0.170-0.4ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 CVE-2020-21047 CVE-2021-33294 Ubuntu 18.04 LTS It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6326-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-git - 2.1.8-1ubuntu0.1~esm2 python-git-doc - 2.1.8-1ubuntu0.1~esm2 python3-git - 2.1.8-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-40267 Ubuntu 18.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6329-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-headers-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-image-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-image-unsigned-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-modules-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-modules-extra-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 linux-oracle-5.4-headers-5.4.0-1107 - 5.4.0-1107.116~18.04.1 linux-oracle-5.4-tools-5.4.0-1107 - 5.4.0-1107.116~18.04.1 linux-tools-5.4.0-1107-oracle - 5.4.0-1107.116~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-gcp-5.4-headers-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-gcp-5.4-tools-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-headers-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-image-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-image-unsigned-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-modules-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-modules-extra-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 linux-tools-5.4.0-1111-gcp - 5.4.0-1111.120~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1107.116~18.04.79 linux-headers-oracle-edge - 5.4.0.1107.116~18.04.79 linux-image-oracle - 5.4.0.1107.116~18.04.79 linux-image-oracle-edge - 5.4.0.1107.116~18.04.79 linux-modules-extra-oracle - 5.4.0.1107.116~18.04.79 linux-modules-extra-oracle-edge - 5.4.0.1107.116~18.04.79 linux-oracle - 5.4.0.1107.116~18.04.79 linux-oracle-edge - 5.4.0.1107.116~18.04.79 linux-signed-image-oracle - 5.4.0.1107.116~18.04.79 linux-signed-image-oracle-edge - 5.4.0.1107.116~18.04.79 linux-signed-oracle - 5.4.0.1107.116~18.04.79 linux-signed-oracle-edge - 5.4.0.1107.116~18.04.79 linux-tools-oracle - 5.4.0.1107.116~18.04.79 linux-tools-oracle-edge - 5.4.0.1107.116~18.04.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1111.87 linux-gcp-edge - 5.4.0.1111.87 linux-headers-gcp - 5.4.0.1111.87 linux-headers-gcp-edge - 5.4.0.1111.87 linux-image-gcp - 5.4.0.1111.87 linux-image-gcp-edge - 5.4.0.1111.87 linux-modules-extra-gcp - 5.4.0.1111.87 linux-modules-extra-gcp-edge - 5.4.0.1111.87 linux-tools-gcp - 5.4.0.1111.87 linux-tools-gcp-edge - 5.4.0.1111.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-20593 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2020-6097) Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. (CVE-2021-41054) Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data. (CVE-2021-46671) Update Instructions: Run `sudo pro fix USN-6334-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: atftp - 0.7.git20120829-3.1~0.18.04.1+esm1 atftpd - 0.7.git20120829-3.1~0.18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-6097 CVE-2021-41054 CVE-2021-46671 Ubuntu 18.04 LTS It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-28831) It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2022-48174) Update Instructions: Run `sudo pro fix USN-6335-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: busybox - 1:1.27.2-2ubuntu3.4+esm1 busybox-initramfs - 1:1.27.2-2ubuntu3.4+esm1 busybox-static - 1:1.27.2-2ubuntu3.4+esm1 busybox-syslogd - 1:1.27.2-2ubuntu3.4+esm1 udhcpc - 1:1.27.2-2ubuntu3.4+esm1 udhcpd - 1:1.27.2-2ubuntu3.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2021-28831 CVE-2022-48174 Ubuntu 18.04 LTS It was discovered that Docker Registry incorrectly handled certain crafted input, A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11468) It was discovered that Docker Registry incorrectly handled certain crafted input. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-2253) Update Instructions: Run `sudo pro fix USN-6336-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: docker-registry - 2.6.2~ds1-1ubuntu0.1~esm1 golang-github-docker-distribution-dev - 2.6.2~ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-11468 CVE-2023-2253 Ubuntu 18.04 LTS It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service (infinite recursion). (CVE-2020-36691) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-0168) It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). (CVE-2022-1184) It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that a race condition existed in the qdisc implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0590) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the btrfs file system implementation in the Linux kernel did not properly handle error conditions in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-3111) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) Update Instructions: Run `sudo pro fix USN-6337-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-5.4-cloud-tools-5.4.0-1113 - 5.4.0-1113.119~18.04.1 linux-azure-5.4-headers-5.4.0-1113 - 5.4.0-1113.119~18.04.1 linux-azure-5.4-tools-5.4.0-1113 - 5.4.0-1113.119~18.04.1 linux-buildinfo-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-cloud-tools-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-headers-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-image-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-image-unsigned-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-modules-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-modules-extra-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 linux-tools-5.4.0-1113-azure - 5.4.0-1113.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1113.86 linux-azure-edge - 5.4.0.1113.86 linux-cloud-tools-azure - 5.4.0.1113.86 linux-cloud-tools-azure-edge - 5.4.0.1113.86 linux-headers-azure - 5.4.0.1113.86 linux-headers-azure-edge - 5.4.0.1113.86 linux-image-azure - 5.4.0.1113.86 linux-image-azure-edge - 5.4.0.1113.86 linux-modules-extra-azure - 5.4.0.1113.86 linux-modules-extra-azure-edge - 5.4.0.1113.86 linux-signed-azure - 5.4.0.1113.86 linux-signed-azure-edge - 5.4.0.1113.86 linux-signed-image-azure - 5.4.0.1113.86 linux-signed-image-azure-edge - 5.4.0.1113.86 linux-tools-azure - 5.4.0.1113.86 linux-tools-azure-edge - 5.4.0.1113.86 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-36691 CVE-2022-0168 CVE-2022-1184 CVE-2022-27672 CVE-2022-4269 CVE-2023-0590 CVE-2023-1611 CVE-2023-1855 CVE-2023-1990 CVE-2023-2124 CVE-2023-2194 CVE-2023-28466 CVE-2023-30772 CVE-2023-3111 CVE-2023-3141 CVE-2023-33203 Ubuntu 18.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21255) Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the video4linux driver for Philips based TV cards in the Linux kernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35823) It was discovered that the SDMC DM1105 PCI device driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35824) It was discovered that the Renesas USB controller driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35828) Update Instructions: Run `sudo pro fix USN-6340-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-headers-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-image-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-image-unsigned-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-modules-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-modules-extra-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 linux-oracle-5.4-headers-5.4.0-1108 - 5.4.0-1108.117~18.04.1 linux-oracle-5.4-tools-5.4.0-1108 - 5.4.0-1108.117~18.04.1 linux-tools-5.4.0-1108-oracle - 5.4.0-1108.117~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-aws-5.4-headers-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-aws-5.4-tools-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-buildinfo-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-cloud-tools-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-headers-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-image-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-image-unsigned-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-modules-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-modules-extra-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 linux-tools-5.4.0-1109-aws - 5.4.0-1109.118~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-buildinfo-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-cloud-tools-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-cloud-tools-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-headers-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-headers-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-162 - 5.4.0-162.179~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-162.179~18.04.1 linux-hwe-5.4-headers-5.4.0-162 - 5.4.0-162.179~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-162.179~18.04.1 linux-hwe-5.4-tools-5.4.0-162 - 5.4.0-162.179~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-162.179~18.04.1 linux-image-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-image-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-image-unsigned-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-image-unsigned-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-modules-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-modules-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 linux-modules-extra-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-tools-5.4.0-162-generic - 5.4.0-162.179~18.04.1 linux-tools-5.4.0-162-lowlatency - 5.4.0-162.179~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1108.117~18.04.80 linux-headers-oracle-edge - 5.4.0.1108.117~18.04.80 linux-image-oracle - 5.4.0.1108.117~18.04.80 linux-image-oracle-edge - 5.4.0.1108.117~18.04.80 linux-modules-extra-oracle - 5.4.0.1108.117~18.04.80 linux-modules-extra-oracle-edge - 5.4.0.1108.117~18.04.80 linux-oracle - 5.4.0.1108.117~18.04.80 linux-oracle-edge - 5.4.0.1108.117~18.04.80 linux-signed-image-oracle - 5.4.0.1108.117~18.04.80 linux-signed-image-oracle-edge - 5.4.0.1108.117~18.04.80 linux-signed-oracle - 5.4.0.1108.117~18.04.80 linux-signed-oracle-edge - 5.4.0.1108.117~18.04.80 linux-tools-oracle - 5.4.0.1108.117~18.04.80 linux-tools-oracle-edge - 5.4.0.1108.117~18.04.80 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1109.87 linux-aws-edge - 5.4.0.1109.87 linux-headers-aws - 5.4.0.1109.87 linux-headers-aws-edge - 5.4.0.1109.87 linux-image-aws - 5.4.0.1109.87 linux-image-aws-edge - 5.4.0.1109.87 linux-modules-extra-aws - 5.4.0.1109.87 linux-modules-extra-aws-edge - 5.4.0.1109.87 linux-tools-aws - 5.4.0.1109.87 linux-tools-aws-edge - 5.4.0.1109.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-generic-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-generic-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-headers-generic-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-headers-generic-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-headers-lowlatency-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-headers-oem - 5.4.0.162.179~18.04.129 linux-headers-oem-osp1 - 5.4.0.162.179~18.04.129 linux-headers-snapdragon-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-headers-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-headers-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-image-extra-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-image-generic-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-image-generic-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-image-lowlatency-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-image-oem - 5.4.0.162.179~18.04.129 linux-image-oem-osp1 - 5.4.0.162.179~18.04.129 linux-image-snapdragon-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-image-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-image-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-lowlatency-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-lowlatency-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-oem - 5.4.0.162.179~18.04.129 linux-oem-osp1 - 5.4.0.162.179~18.04.129 linux-snapdragon-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-snapdragon-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-tools-generic-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-tools-generic-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-tools-lowlatency-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-tools-oem - 5.4.0.162.179~18.04.129 linux-tools-oem-osp1 - 5.4.0.162.179~18.04.129 linux-tools-snapdragon-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-tools-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-tools-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 linux-virtual-hwe-18.04 - 5.4.0.162.179~18.04.129 linux-virtual-hwe-18.04-edge - 5.4.0.162.179~18.04.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2002 CVE-2023-21255 CVE-2023-2163 CVE-2023-2269 CVE-2023-31084 CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 Ubuntu 18.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21255) Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the video4linux driver for Philips based TV cards in the Linux kernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35823) It was discovered that the SDMC DM1105 PCI device driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35824) It was discovered that the Renesas USB controller driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35828) Update Instructions: Run `sudo pro fix USN-6340-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1093-raspi - 5.4.0-1093.104~18.04.1 linux-headers-5.4.0-1093-raspi - 5.4.0-1093.104~18.04.1 linux-image-5.4.0-1093-raspi - 5.4.0-1093.104~18.04.1 linux-modules-5.4.0-1093-raspi - 5.4.0-1093.104~18.04.1 linux-raspi-5.4-headers-5.4.0-1093 - 5.4.0-1093.104~18.04.1 linux-raspi-5.4-tools-5.4.0-1093 - 5.4.0-1093.104~18.04.1 linux-tools-5.4.0-1093-raspi - 5.4.0-1093.104~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-gcp-5.4-headers-5.4.0-1112 - 5.4.0-1112.121~18.04.1 linux-gcp-5.4-tools-5.4.0-1112 - 5.4.0-1112.121~18.04.1 linux-headers-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-image-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-image-unsigned-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-modules-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-modules-extra-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 linux-tools-5.4.0-1112-gcp - 5.4.0-1112.121~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1115 - 5.4.0-1115.122~18.04.1 linux-azure-5.4-headers-5.4.0-1115 - 5.4.0-1115.122~18.04.1 linux-azure-5.4-tools-5.4.0-1115 - 5.4.0-1115.122~18.04.1 linux-buildinfo-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-cloud-tools-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-headers-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-image-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-image-unsigned-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-modules-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-modules-extra-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 linux-tools-5.4.0-1115-azure - 5.4.0-1115.122~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1093.90 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1093.90 linux-image-raspi-hwe-18.04 - 5.4.0.1093.90 linux-image-raspi-hwe-18.04-edge - 5.4.0.1093.90 linux-raspi-hwe-18.04 - 5.4.0.1093.90 linux-raspi-hwe-18.04-edge - 5.4.0.1093.90 linux-tools-raspi-hwe-18.04 - 5.4.0.1093.90 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1093.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1112.88 linux-gcp-edge - 5.4.0.1112.88 linux-headers-gcp - 5.4.0.1112.88 linux-headers-gcp-edge - 5.4.0.1112.88 linux-image-gcp - 5.4.0.1112.88 linux-image-gcp-edge - 5.4.0.1112.88 linux-modules-extra-gcp - 5.4.0.1112.88 linux-modules-extra-gcp-edge - 5.4.0.1112.88 linux-tools-gcp - 5.4.0.1112.88 linux-tools-gcp-edge - 5.4.0.1112.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1115.88 linux-azure-edge - 5.4.0.1115.88 linux-cloud-tools-azure - 5.4.0.1115.88 linux-cloud-tools-azure-edge - 5.4.0.1115.88 linux-headers-azure - 5.4.0.1115.88 linux-headers-azure-edge - 5.4.0.1115.88 linux-image-azure - 5.4.0.1115.88 linux-image-azure-edge - 5.4.0.1115.88 linux-modules-extra-azure - 5.4.0.1115.88 linux-modules-extra-azure-edge - 5.4.0.1115.88 linux-signed-azure - 5.4.0.1115.88 linux-signed-azure-edge - 5.4.0.1115.88 linux-signed-image-azure - 5.4.0.1115.88 linux-signed-image-azure-edge - 5.4.0.1115.88 linux-tools-azure - 5.4.0.1115.88 linux-tools-azure-edge - 5.4.0.1115.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-2002 CVE-2023-21255 CVE-2023-2163 CVE-2023-2269 CVE-2023-31084 CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 Ubuntu 18.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6342-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1123-oracle - 4.15.0-1123.134 linux-headers-4.15.0-1123-oracle - 4.15.0-1123.134 linux-image-4.15.0-1123-oracle - 4.15.0-1123.134 linux-image-unsigned-4.15.0-1123-oracle - 4.15.0-1123.134 linux-modules-4.15.0-1123-oracle - 4.15.0-1123.134 linux-modules-extra-4.15.0-1123-oracle - 4.15.0-1123.134 linux-oracle-headers-4.15.0-1123 - 4.15.0-1123.134 linux-oracle-tools-4.15.0-1123 - 4.15.0-1123.134 linux-tools-4.15.0-1123-oracle - 4.15.0-1123.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1144-kvm - 4.15.0-1144.149 linux-headers-4.15.0-1144-kvm - 4.15.0-1144.149 linux-image-4.15.0-1144-kvm - 4.15.0-1144.149 linux-kvm-headers-4.15.0-1144 - 4.15.0-1144.149 linux-kvm-tools-4.15.0-1144 - 4.15.0-1144.149 linux-modules-4.15.0-1144-kvm - 4.15.0-1144.149 linux-tools-4.15.0-1144-kvm - 4.15.0-1144.149 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1154-gcp - 4.15.0-1154.171 linux-gcp-4.15-headers-4.15.0-1154 - 4.15.0-1154.171 linux-gcp-4.15-tools-4.15.0-1154 - 4.15.0-1154.171 linux-headers-4.15.0-1154-gcp - 4.15.0-1154.171 linux-image-4.15.0-1154-gcp - 4.15.0-1154.171 linux-image-unsigned-4.15.0-1154-gcp - 4.15.0-1154.171 linux-modules-4.15.0-1154-gcp - 4.15.0-1154.171 linux-modules-extra-4.15.0-1154-gcp - 4.15.0-1154.171 linux-tools-4.15.0-1154-gcp - 4.15.0-1154.171 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1160 - 4.15.0-1160.173 linux-aws-headers-4.15.0-1160 - 4.15.0-1160.173 linux-aws-tools-4.15.0-1160 - 4.15.0-1160.173 linux-buildinfo-4.15.0-1160-aws - 4.15.0-1160.173 linux-cloud-tools-4.15.0-1160-aws - 4.15.0-1160.173 linux-headers-4.15.0-1160-aws - 4.15.0-1160.173 linux-image-4.15.0-1160-aws - 4.15.0-1160.173 linux-image-unsigned-4.15.0-1160-aws - 4.15.0-1160.173 linux-modules-4.15.0-1160-aws - 4.15.0-1160.173 linux-modules-extra-4.15.0-1160-aws - 4.15.0-1160.173 linux-tools-4.15.0-1160-aws - 4.15.0-1160.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-216-generic - 4.15.0-216.227 linux-buildinfo-4.15.0-216-lowlatency - 4.15.0-216.227 linux-cloud-tools-4.15.0-216 - 4.15.0-216.227 linux-cloud-tools-4.15.0-216-generic - 4.15.0-216.227 linux-cloud-tools-4.15.0-216-lowlatency - 4.15.0-216.227 linux-cloud-tools-common - 4.15.0-216.227 linux-doc - 4.15.0-216.227 linux-headers-4.15.0-216 - 4.15.0-216.227 linux-headers-4.15.0-216-generic - 4.15.0-216.227 linux-headers-4.15.0-216-lowlatency - 4.15.0-216.227 linux-image-4.15.0-216-generic - 4.15.0-216.227 linux-image-4.15.0-216-lowlatency - 4.15.0-216.227 linux-image-unsigned-4.15.0-216-generic - 4.15.0-216.227 linux-image-unsigned-4.15.0-216-lowlatency - 4.15.0-216.227 linux-libc-dev - 4.15.0-216.227 linux-modules-4.15.0-216-generic - 4.15.0-216.227 linux-modules-4.15.0-216-lowlatency - 4.15.0-216.227 linux-modules-extra-4.15.0-216-generic - 4.15.0-216.227 linux-source-4.15.0 - 4.15.0-216.227 linux-tools-4.15.0-216 - 4.15.0-216.227 linux-tools-4.15.0-216-generic - 4.15.0-216.227 linux-tools-4.15.0-216-lowlatency - 4.15.0-216.227 linux-tools-common - 4.15.0-216.227 linux-tools-host - 4.15.0-216.227 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1123.128 linux-image-oracle-lts-18.04 - 4.15.0.1123.128 linux-oracle-lts-18.04 - 4.15.0.1123.128 linux-signed-image-oracle-lts-18.04 - 4.15.0.1123.128 linux-signed-oracle-lts-18.04 - 4.15.0.1123.128 linux-tools-oracle-lts-18.04 - 4.15.0.1123.128 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1144.135 linux-image-kvm - 4.15.0.1144.135 linux-kvm - 4.15.0.1144.135 linux-tools-kvm - 4.15.0.1144.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1154.168 linux-headers-gcp-lts-18.04 - 4.15.0.1154.168 linux-image-gcp-lts-18.04 - 4.15.0.1154.168 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1154.168 linux-tools-gcp-lts-18.04 - 4.15.0.1154.168 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1160.158 linux-headers-aws-lts-18.04 - 4.15.0.1160.158 linux-image-aws-lts-18.04 - 4.15.0.1160.158 linux-modules-extra-aws-lts-18.04 - 4.15.0.1160.158 linux-tools-aws-lts-18.04 - 4.15.0.1160.158 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.216.200 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.216.200 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.216.200 linux-cloud-tools-lowlatency - 4.15.0.216.200 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-cloud-tools-virtual - 4.15.0.216.200 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.216.200 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.216.200 linux-crashdump - 4.15.0.216.200 linux-generic - 4.15.0.216.200 linux-generic-hwe-16.04 - 4.15.0.216.200 linux-generic-hwe-16.04-edge - 4.15.0.216.200 linux-headers-generic - 4.15.0.216.200 linux-headers-generic-hwe-16.04 - 4.15.0.216.200 linux-headers-generic-hwe-16.04-edge - 4.15.0.216.200 linux-headers-lowlatency - 4.15.0.216.200 linux-headers-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-headers-virtual - 4.15.0.216.200 linux-headers-virtual-hwe-16.04 - 4.15.0.216.200 linux-headers-virtual-hwe-16.04-edge - 4.15.0.216.200 linux-image-extra-virtual - 4.15.0.216.200 linux-image-extra-virtual-hwe-16.04 - 4.15.0.216.200 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.216.200 linux-image-generic - 4.15.0.216.200 linux-image-generic-hwe-16.04 - 4.15.0.216.200 linux-image-generic-hwe-16.04-edge - 4.15.0.216.200 linux-image-lowlatency - 4.15.0.216.200 linux-image-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-image-virtual - 4.15.0.216.200 linux-image-virtual-hwe-16.04 - 4.15.0.216.200 linux-image-virtual-hwe-16.04-edge - 4.15.0.216.200 linux-lowlatency - 4.15.0.216.200 linux-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-signed-generic - 4.15.0.216.200 linux-signed-generic-hwe-16.04 - 4.15.0.216.200 linux-signed-generic-hwe-16.04-edge - 4.15.0.216.200 linux-signed-image-generic - 4.15.0.216.200 linux-signed-image-generic-hwe-16.04 - 4.15.0.216.200 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.216.200 linux-signed-image-lowlatency - 4.15.0.216.200 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-signed-lowlatency - 4.15.0.216.200 linux-signed-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-source - 4.15.0.216.200 linux-tools-generic - 4.15.0.216.200 linux-tools-generic-hwe-16.04 - 4.15.0.216.200 linux-tools-generic-hwe-16.04-edge - 4.15.0.216.200 linux-tools-lowlatency - 4.15.0.216.200 linux-tools-lowlatency-hwe-16.04 - 4.15.0.216.200 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.216.200 linux-tools-virtual - 4.15.0.216.200 linux-tools-virtual-hwe-16.04 - 4.15.0.216.200 linux-tools-virtual-hwe-16.04-edge - 4.15.0.216.200 linux-virtual - 4.15.0.216.200 linux-virtual-hwe-16.04 - 4.15.0.216.200 linux-virtual-hwe-16.04-edge - 4.15.0.216.200 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6342-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-4.15-cloud-tools-4.15.0-1169 - 4.15.0-1169.184 linux-azure-4.15-headers-4.15.0-1169 - 4.15.0-1169.184 linux-azure-4.15-tools-4.15.0-1169 - 4.15.0-1169.184 linux-buildinfo-4.15.0-1169-azure - 4.15.0-1169.184 linux-cloud-tools-4.15.0-1169-azure - 4.15.0-1169.184 linux-headers-4.15.0-1169-azure - 4.15.0-1169.184 linux-image-4.15.0-1169-azure - 4.15.0-1169.184 linux-image-unsigned-4.15.0-1169-azure - 4.15.0-1169.184 linux-modules-4.15.0-1169-azure - 4.15.0-1169.184 linux-modules-extra-4.15.0-1169-azure - 4.15.0-1169.184 linux-tools-4.15.0-1169-azure - 4.15.0-1169.184 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1169.137 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1169.137 linux-headers-azure-lts-18.04 - 4.15.0.1169.137 linux-image-azure-lts-18.04 - 4.15.0.1169.137 linux-modules-extra-azure-lts-18.04 - 4.15.0.1169.137 linux-signed-azure-lts-18.04 - 4.15.0.1169.137 linux-signed-image-azure-lts-18.04 - 4.15.0.1169.137 linux-tools-azure-lts-18.04 - 4.15.0.1169.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20593 CVE-2023-2269 CVE-2023-2985 CVE-2023-31084 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6345-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsox-dev - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-all - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-alsa - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-ao - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-base - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-mp3 - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-oss - 14.4.2-3ubuntu0.18.04.3+esm1 libsox-fmt-pulse - 14.4.2-3ubuntu0.18.04.3+esm1 libsox3 - 14.4.2-3ubuntu0.18.04.3+esm1 sox - 14.4.2-3ubuntu0.18.04.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-32627 Ubuntu 18.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6346-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1092-raspi - 5.4.0-1092.103~18.04.1 linux-headers-5.4.0-1092-raspi - 5.4.0-1092.103~18.04.1 linux-image-5.4.0-1092-raspi - 5.4.0-1092.103~18.04.1 linux-modules-5.4.0-1092-raspi - 5.4.0-1092.103~18.04.1 linux-raspi-5.4-headers-5.4.0-1092 - 5.4.0-1092.103~18.04.1 linux-raspi-5.4-tools-5.4.0-1092 - 5.4.0-1092.103~18.04.1 linux-tools-5.4.0-1092-raspi - 5.4.0-1092.103~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1092.89 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1092.89 linux-image-raspi-hwe-18.04 - 5.4.0.1092.89 linux-image-raspi-hwe-18.04-edge - 5.4.0.1092.89 linux-raspi-hwe-18.04 - 5.4.0.1092.89 linux-raspi-hwe-18.04-edge - 5.4.0.1092.89 linux-tools-raspi-hwe-18.04 - 5.4.0.1092.89 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1092.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-20593 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS It was discovered that Apache Shiro incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to bypass security restrictions. (CVE-2020-13933, CVE-2020-17510) Update Instructions: Run `sudo pro fix USN-6352-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libshiro-java - 1.3.2-3ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-13933 CVE-2020-17510 Ubuntu 18.04 LTS Wooseok Kang discovered that PLIB did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TGA file, an attacker could possibly use this issue to cause applications using PLIB to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6353-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libplib-dev - 1.8.5-8ubuntu0.18.04.1~esm1 libplib1 - 1.8.5-8ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-38714 Ubuntu 18.04 LTS It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity (XXE) injection, resulting in a denial of service or information disclosure. Update Instructions: Run `sudo pro fix USN-6354-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.17-1~18.04ubuntu1.13+esm1 libpython2.7 - 2.7.17-1~18.04ubuntu1.13+esm1 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm1 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm1 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.13+esm1 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.13+esm1 python2.7 - 2.7.17-1~18.04ubuntu1.13+esm1 python2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm1 python2.7-doc - 2.7.17-1~18.04ubuntu1.13+esm1 python2.7-examples - 2.7.17-1~18.04ubuntu1.13+esm1 python2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48565 Ubuntu 18.04 LTS Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into receiving crafted inputs, an attacker could possibly use this to falsify the domain of an e-mails origin. (CVE-2020-12272) Patrik Lantz discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-12460) Update Instructions: Run `sudo pro fix USN-6356-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopendmarc-dev - 1.3.2-3ubuntu0.2 libopendmarc2 - 1.3.2-3ubuntu0.2 opendmarc - 1.3.2-3ubuntu0.2 rddmarc - 1.3.2-3ubuntu0.2 No subscription required Medium CVE-2020-12272 CVE-2020-12460 Ubuntu 18.04 LTS Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21255) Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the video4linux driver for Philips based TV cards in the Linux kernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35823) It was discovered that the SDMC DM1105 PCI device driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35824) It was discovered that the Renesas USB controller driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35828) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Update Instructions: Run `sudo pro fix USN-6357-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-headers-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1056.61~18.04.1 linux-ibm-5.4-headers-5.4.0-1056 - 5.4.0-1056.61~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1056.61~18.04.1 linux-ibm-5.4-tools-5.4.0-1056 - 5.4.0-1056.61~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1056.61~18.04.1 linux-image-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-image-unsigned-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-modules-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-modules-extra-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 linux-tools-5.4.0-1056-ibm - 5.4.0-1056.61~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1056.67 linux-headers-ibm-edge - 5.4.0.1056.67 linux-ibm - 5.4.0.1056.67 linux-ibm-edge - 5.4.0.1056.67 linux-image-ibm - 5.4.0.1056.67 linux-image-ibm-edge - 5.4.0.1056.67 linux-modules-extra-ibm - 5.4.0.1056.67 linux-modules-extra-ibm-edge - 5.4.0.1056.67 linux-tools-ibm - 5.4.0.1056.67 linux-tools-ibm-edge - 5.4.0.1056.67 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-40982 CVE-2023-2002 CVE-2023-20593 CVE-2023-21255 CVE-2023-2163 CVE-2023-2269 CVE-2023-31084 CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 Ubuntu 18.04 LTS It was discovered that RedCloth incorrectly handled certain inputs during html sanitisation. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6358-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-redcloth - 4.3.2-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-31606 Ubuntu 18.04 LTS USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6360-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: flac - 1.3.2-1ubuntu0.1+esm1 libflac++-dev - 1.3.2-1ubuntu0.1+esm1 libflac++6v5 - 1.3.2-1ubuntu0.1+esm1 libflac-dev - 1.3.2-1ubuntu0.1+esm1 libflac-doc - 1.3.2-1ubuntu0.1+esm1 libflac8 - 1.3.2-1ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-22219 Ubuntu 18.04 LTS USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents. Update Instructions: Run `sudo pro fix USN-6361-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.2.7-1ubuntu2.10+esm3 cups-bsd - 2.2.7-1ubuntu2.10+esm3 cups-client - 2.2.7-1ubuntu2.10+esm3 cups-common - 2.2.7-1ubuntu2.10+esm3 cups-core-drivers - 2.2.7-1ubuntu2.10+esm3 cups-daemon - 2.2.7-1ubuntu2.10+esm3 cups-ipp-utils - 2.2.7-1ubuntu2.10+esm3 cups-ppdc - 2.2.7-1ubuntu2.10+esm3 cups-server-common - 2.2.7-1ubuntu2.10+esm3 libcups2 - 2.2.7-1ubuntu2.10+esm3 libcups2-dev - 2.2.7-1ubuntu2.10+esm3 libcupscgi1 - 2.2.7-1ubuntu2.10+esm3 libcupsimage2 - 2.2.7-1ubuntu2.10+esm3 libcupsimage2-dev - 2.2.7-1ubuntu2.10+esm3 libcupsmime1 - 2.2.7-1ubuntu2.10+esm3 libcupsppdc1 - 2.2.7-1ubuntu2.10+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-32360 Ubuntu 18.04 LTS It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-21710) It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2020-21890) Update Instructions: Run `sudo pro fix USN-6364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ghostscript - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 ghostscript-doc - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 ghostscript-x - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 libgs-dev - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 libgs9 - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 libgs9-common - 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-21710 CVE-2020-21890 Ubuntu 18.04 LTS USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations. Update Instructions: Run `sudo pro fix USN-6365-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:11.0.5-4ubuntu0.18.04.3+esm2 open-vm-tools-desktop - 2:11.0.5-4ubuntu0.18.04.3+esm2 open-vm-tools-dev - 2:11.0.5-4ubuntu0.18.04.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-20900 Ubuntu 18.04 LTS USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6369-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libwebp-dev - 0.6.1-2ubuntu0.18.04.2+esm1 libwebp6 - 0.6.1-2ubuntu0.18.04.2+esm1 libwebpdemux2 - 0.6.1-2ubuntu0.18.04.2+esm1 libwebpmux3 - 0.6.1-2ubuntu0.18.04.2+esm1 webp - 0.6.1-2ubuntu0.18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4863 Ubuntu 18.04 LTS It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42717) It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions. (CVE-2022-48279) It was discovered that ModSecurity incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause a buffer overflow and a firewall failure. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-24021) Update Instructions: Run `sudo pro fix USN-6370-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-security2 - 2.9.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-42717 CVE-2022-48279 CVE-2023-24021 Ubuntu 18.04 LTS It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6371-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh2-1 - 1.8.0-1ubuntu0.1 libssh2-1-dev - 1.8.0-1ubuntu0.1 No subscription required Medium CVE-2020-22218 Ubuntu 18.04 LTS It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6373-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gawk - 1:4.1.4+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4156 Ubuntu 18.04 LTS It was discovered that Mutt incorrectly handled certain email header contents. If a user were tricked into opening a specially crafted message, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-4874, CVE-2023-4875) Update Instructions: Run `sudo pro fix USN-6374-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mutt - 1.9.4-3ubuntu0.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4874 CVE-2023-4875 Ubuntu 18.04 LTS Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15604) Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15605) Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15606) Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8174) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-8265, CVE-2020-8287) Update Instructions: Run `sudo pro fix USN-6380-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 8.10.0~dfsg-2ubuntu0.4+esm2 nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm2 nodejs-doc - 8.10.0~dfsg-2ubuntu0.4+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2020-8174 CVE-2020-8265 CVE-2020-8287 Ubuntu 18.04 LTS It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490) It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. (CVE-2020-19726, CVE-2021-46174, CVE-2022-45703) It was discovered that GNU binutils was not properly initializing heap memory when processing certain print instructions. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-35342) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-44840) It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-47695) Update Instructions: Run `sudo pro fix USN-6381-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.30-21ubuntu1~18.04.9+esm1 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.9+esm1 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.9+esm1 binutils-common - 2.30-21ubuntu1~18.04.9+esm1 binutils-dev - 2.30-21ubuntu1~18.04.9+esm1 binutils-doc - 2.30-21ubuntu1~18.04.9+esm1 binutils-for-build - 2.30-21ubuntu1~18.04.9+esm1 binutils-for-host - 2.30-21ubuntu1~18.04.9+esm1 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-i686-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm1 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm1 binutils-multiarch - 2.30-21ubuntu1~18.04.9+esm1 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.9+esm1 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.9+esm1 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-source - 2.30-21ubuntu1~18.04.9+esm1 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm1 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.9+esm1 libbinutils - 2.30-21ubuntu1~18.04.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19724 CVE-2020-19726 CVE-2020-21490 CVE-2020-35342 CVE-2021-46174 CVE-2022-44840 CVE-2022-45703 CVE-2022-47695 Ubuntu 18.04 LTS It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6382-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: memcached - 1.5.6-0ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48571 Ubuntu 18.04 LTS Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6387-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-headers-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1057.62~18.04.1 linux-ibm-5.4-headers-5.4.0-1057 - 5.4.0-1057.62~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1057.62~18.04.1 linux-ibm-5.4-tools-5.4.0-1057 - 5.4.0-1057.62~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1057.62~18.04.1 linux-image-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-image-unsigned-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-modules-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-modules-extra-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 linux-tools-5.4.0-1057-ibm - 5.4.0-1057.62~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-headers-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-image-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-image-unsigned-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-modules-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-modules-extra-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 linux-oracle-5.4-headers-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-oracle-5.4-tools-5.4.0-1109 - 5.4.0-1109.118~18.04.1 linux-tools-5.4.0-1109-oracle - 5.4.0-1109.118~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-aws-5.4-headers-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-aws-5.4-tools-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-buildinfo-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-cloud-tools-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-headers-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-image-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-image-unsigned-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-modules-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-modules-extra-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 linux-tools-5.4.0-1110-aws - 5.4.0-1110.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-gcp-5.4-headers-5.4.0-1113 - 5.4.0-1113.122~18.04.1 linux-gcp-5.4-tools-5.4.0-1113 - 5.4.0-1113.122~18.04.1 linux-headers-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-image-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-image-unsigned-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-modules-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-modules-extra-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 linux-tools-5.4.0-1113-gcp - 5.4.0-1113.122~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1116 - 5.4.0-1116.123~18.04.1 linux-azure-5.4-headers-5.4.0-1116 - 5.4.0-1116.123~18.04.1 linux-azure-5.4-tools-5.4.0-1116 - 5.4.0-1116.123~18.04.1 linux-buildinfo-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-cloud-tools-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-headers-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-image-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-image-unsigned-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-modules-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-modules-extra-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 linux-tools-5.4.0-1116-azure - 5.4.0-1116.123~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-buildinfo-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-cloud-tools-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-cloud-tools-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-headers-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-headers-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-163 - 5.4.0-163.180~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-163.180~18.04.1 linux-hwe-5.4-headers-5.4.0-163 - 5.4.0-163.180~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-163.180~18.04.1 linux-hwe-5.4-tools-5.4.0-163 - 5.4.0-163.180~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-163.180~18.04.1 linux-image-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-image-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-image-unsigned-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-image-unsigned-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-modules-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-modules-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 linux-modules-extra-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-tools-5.4.0-163-generic - 5.4.0-163.180~18.04.1 linux-tools-5.4.0-163-lowlatency - 5.4.0-163.180~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1057.68 linux-headers-ibm-edge - 5.4.0.1057.68 linux-ibm - 5.4.0.1057.68 linux-ibm-edge - 5.4.0.1057.68 linux-image-ibm - 5.4.0.1057.68 linux-image-ibm-edge - 5.4.0.1057.68 linux-modules-extra-ibm - 5.4.0.1057.68 linux-modules-extra-ibm-edge - 5.4.0.1057.68 linux-tools-ibm - 5.4.0.1057.68 linux-tools-ibm-edge - 5.4.0.1057.68 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1109.118~18.04.81 linux-headers-oracle-edge - 5.4.0.1109.118~18.04.81 linux-image-oracle - 5.4.0.1109.118~18.04.81 linux-image-oracle-edge - 5.4.0.1109.118~18.04.81 linux-modules-extra-oracle - 5.4.0.1109.118~18.04.81 linux-modules-extra-oracle-edge - 5.4.0.1109.118~18.04.81 linux-oracle - 5.4.0.1109.118~18.04.81 linux-oracle-edge - 5.4.0.1109.118~18.04.81 linux-signed-image-oracle - 5.4.0.1109.118~18.04.81 linux-signed-image-oracle-edge - 5.4.0.1109.118~18.04.81 linux-signed-oracle - 5.4.0.1109.118~18.04.81 linux-signed-oracle-edge - 5.4.0.1109.118~18.04.81 linux-tools-oracle - 5.4.0.1109.118~18.04.81 linux-tools-oracle-edge - 5.4.0.1109.118~18.04.81 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1110.88 linux-aws-edge - 5.4.0.1110.88 linux-headers-aws - 5.4.0.1110.88 linux-headers-aws-edge - 5.4.0.1110.88 linux-image-aws - 5.4.0.1110.88 linux-image-aws-edge - 5.4.0.1110.88 linux-modules-extra-aws - 5.4.0.1110.88 linux-modules-extra-aws-edge - 5.4.0.1110.88 linux-tools-aws - 5.4.0.1110.88 linux-tools-aws-edge - 5.4.0.1110.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1113.89 linux-gcp-edge - 5.4.0.1113.89 linux-headers-gcp - 5.4.0.1113.89 linux-headers-gcp-edge - 5.4.0.1113.89 linux-image-gcp - 5.4.0.1113.89 linux-image-gcp-edge - 5.4.0.1113.89 linux-modules-extra-gcp - 5.4.0.1113.89 linux-modules-extra-gcp-edge - 5.4.0.1113.89 linux-tools-gcp - 5.4.0.1113.89 linux-tools-gcp-edge - 5.4.0.1113.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1116.89 linux-azure-edge - 5.4.0.1116.89 linux-cloud-tools-azure - 5.4.0.1116.89 linux-cloud-tools-azure-edge - 5.4.0.1116.89 linux-headers-azure - 5.4.0.1116.89 linux-headers-azure-edge - 5.4.0.1116.89 linux-image-azure - 5.4.0.1116.89 linux-image-azure-edge - 5.4.0.1116.89 linux-modules-extra-azure - 5.4.0.1116.89 linux-modules-extra-azure-edge - 5.4.0.1116.89 linux-signed-azure - 5.4.0.1116.89 linux-signed-azure-edge - 5.4.0.1116.89 linux-signed-image-azure - 5.4.0.1116.89 linux-signed-image-azure-edge - 5.4.0.1116.89 linux-tools-azure - 5.4.0.1116.89 linux-tools-azure-edge - 5.4.0.1116.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-generic-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-generic-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-headers-generic-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-headers-generic-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-headers-lowlatency-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-headers-oem - 5.4.0.163.180~18.04.130 linux-headers-oem-osp1 - 5.4.0.163.180~18.04.130 linux-headers-snapdragon-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-headers-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-headers-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-image-extra-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-image-generic-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-image-generic-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-image-lowlatency-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-image-oem - 5.4.0.163.180~18.04.130 linux-image-oem-osp1 - 5.4.0.163.180~18.04.130 linux-image-snapdragon-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-image-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-image-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-lowlatency-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-lowlatency-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-oem - 5.4.0.163.180~18.04.130 linux-oem-osp1 - 5.4.0.163.180~18.04.130 linux-snapdragon-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-snapdragon-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-tools-generic-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-tools-generic-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-tools-lowlatency-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-tools-oem - 5.4.0.163.180~18.04.130 linux-tools-oem-osp1 - 5.4.0.163.180~18.04.130 linux-tools-snapdragon-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-tools-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-tools-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 linux-virtual-hwe-18.04 - 5.4.0.163.180~18.04.130 linux-virtual-hwe-18.04-edge - 5.4.0.163.180~18.04.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20588 CVE-2023-40283 Ubuntu 18.04 LTS Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6387-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1094-raspi - 5.4.0-1094.105~18.04.1 linux-headers-5.4.0-1094-raspi - 5.4.0-1094.105~18.04.1 linux-image-5.4.0-1094-raspi - 5.4.0-1094.105~18.04.1 linux-modules-5.4.0-1094-raspi - 5.4.0-1094.105~18.04.1 linux-raspi-5.4-headers-5.4.0-1094 - 5.4.0-1094.105~18.04.1 linux-raspi-5.4-tools-5.4.0-1094 - 5.4.0-1094.105~18.04.1 linux-tools-5.4.0-1094-raspi - 5.4.0-1094.105~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1094.91 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1094.91 linux-image-raspi-hwe-18.04 - 5.4.0.1094.91 linux-image-raspi-hwe-18.04-edge - 5.4.0.1094.91 linux-raspi-hwe-18.04 - 5.4.0.1094.91 linux-raspi-hwe-18.04-edge - 5.4.0.1094.91 linux-tools-raspi-hwe-18.04 - 5.4.0.1094.91 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1094.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-20588 CVE-2023-40283 Ubuntu 18.04 LTS USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6391-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: cups - 2.2.7-1ubuntu2.10+esm2 cups-bsd - 2.2.7-1ubuntu2.10+esm2 cups-client - 2.2.7-1ubuntu2.10+esm2 cups-common - 2.2.7-1ubuntu2.10+esm2 cups-core-drivers - 2.2.7-1ubuntu2.10+esm2 cups-daemon - 2.2.7-1ubuntu2.10+esm2 cups-ipp-utils - 2.2.7-1ubuntu2.10+esm2 cups-ppdc - 2.2.7-1ubuntu2.10+esm2 cups-server-common - 2.2.7-1ubuntu2.10+esm2 libcups2 - 2.2.7-1ubuntu2.10+esm2 libcups2-dev - 2.2.7-1ubuntu2.10+esm2 libcupscgi1 - 2.2.7-1ubuntu2.10+esm2 libcupsimage2 - 2.2.7-1ubuntu2.10+esm2 libcupsimage2-dev - 2.2.7-1ubuntu2.10+esm2 libcupsmime1 - 2.2.7-1ubuntu2.10+esm2 libcupsppdc1 - 2.2.7-1ubuntu2.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4504 Ubuntu 18.04 LTS It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. Update Instructions: Run `sudo pro fix USN-6393-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2022-48541 Ubuntu 18.04 LTS USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6394-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.17-1~18.04ubuntu1.13+esm3 libpython2.7 - 2.7.17-1~18.04ubuntu1.13+esm3 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm3 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm3 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.13+esm3 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.13+esm3 python2.7 - 2.7.17-1~18.04ubuntu1.13+esm3 python2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm3 python2.7-doc - 2.7.17-1~18.04ubuntu1.13+esm3 python2.7-examples - 2.7.17-1~18.04ubuntu1.13+esm3 python2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48560 Ubuntu 18.04 LTS It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6396-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1124-oracle - 4.15.0-1124.135 linux-headers-4.15.0-1124-oracle - 4.15.0-1124.135 linux-image-4.15.0-1124-oracle - 4.15.0-1124.135 linux-image-unsigned-4.15.0-1124-oracle - 4.15.0-1124.135 linux-modules-4.15.0-1124-oracle - 4.15.0-1124.135 linux-modules-extra-4.15.0-1124-oracle - 4.15.0-1124.135 linux-oracle-headers-4.15.0-1124 - 4.15.0-1124.135 linux-oracle-tools-4.15.0-1124 - 4.15.0-1124.135 linux-tools-4.15.0-1124-oracle - 4.15.0-1124.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1155-gcp - 4.15.0-1155.172 linux-gcp-4.15-headers-4.15.0-1155 - 4.15.0-1155.172 linux-gcp-4.15-tools-4.15.0-1155 - 4.15.0-1155.172 linux-headers-4.15.0-1155-gcp - 4.15.0-1155.172 linux-image-4.15.0-1155-gcp - 4.15.0-1155.172 linux-image-unsigned-4.15.0-1155-gcp - 4.15.0-1155.172 linux-modules-4.15.0-1155-gcp - 4.15.0-1155.172 linux-modules-extra-4.15.0-1155-gcp - 4.15.0-1155.172 linux-tools-4.15.0-1155-gcp - 4.15.0-1155.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1161 - 4.15.0-1161.174 linux-aws-headers-4.15.0-1161 - 4.15.0-1161.174 linux-aws-tools-4.15.0-1161 - 4.15.0-1161.174 linux-buildinfo-4.15.0-1161-aws - 4.15.0-1161.174 linux-cloud-tools-4.15.0-1161-aws - 4.15.0-1161.174 linux-headers-4.15.0-1161-aws - 4.15.0-1161.174 linux-image-4.15.0-1161-aws - 4.15.0-1161.174 linux-image-unsigned-4.15.0-1161-aws - 4.15.0-1161.174 linux-modules-4.15.0-1161-aws - 4.15.0-1161.174 linux-modules-extra-4.15.0-1161-aws - 4.15.0-1161.174 linux-tools-4.15.0-1161-aws - 4.15.0-1161.174 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1170 - 4.15.0-1170.185 linux-azure-4.15-headers-4.15.0-1170 - 4.15.0-1170.185 linux-azure-4.15-tools-4.15.0-1170 - 4.15.0-1170.185 linux-buildinfo-4.15.0-1170-azure - 4.15.0-1170.185 linux-cloud-tools-4.15.0-1170-azure - 4.15.0-1170.185 linux-headers-4.15.0-1170-azure - 4.15.0-1170.185 linux-image-4.15.0-1170-azure - 4.15.0-1170.185 linux-image-unsigned-4.15.0-1170-azure - 4.15.0-1170.185 linux-modules-4.15.0-1170-azure - 4.15.0-1170.185 linux-modules-extra-4.15.0-1170-azure - 4.15.0-1170.185 linux-tools-4.15.0-1170-azure - 4.15.0-1170.185 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-218-generic - 4.15.0-218.229 linux-buildinfo-4.15.0-218-lowlatency - 4.15.0-218.229 linux-cloud-tools-4.15.0-218 - 4.15.0-218.229 linux-cloud-tools-4.15.0-218-generic - 4.15.0-218.229 linux-cloud-tools-4.15.0-218-lowlatency - 4.15.0-218.229 linux-cloud-tools-common - 4.15.0-218.229 linux-doc - 4.15.0-218.229 linux-headers-4.15.0-218 - 4.15.0-218.229 linux-headers-4.15.0-218-generic - 4.15.0-218.229 linux-headers-4.15.0-218-lowlatency - 4.15.0-218.229 linux-image-4.15.0-218-generic - 4.15.0-218.229 linux-image-4.15.0-218-lowlatency - 4.15.0-218.229 linux-image-unsigned-4.15.0-218-generic - 4.15.0-218.229 linux-image-unsigned-4.15.0-218-lowlatency - 4.15.0-218.229 linux-libc-dev - 4.15.0-218.229 linux-modules-4.15.0-218-generic - 4.15.0-218.229 linux-modules-4.15.0-218-lowlatency - 4.15.0-218.229 linux-modules-extra-4.15.0-218-generic - 4.15.0-218.229 linux-source-4.15.0 - 4.15.0-218.229 linux-tools-4.15.0-218 - 4.15.0-218.229 linux-tools-4.15.0-218-generic - 4.15.0-218.229 linux-tools-4.15.0-218-lowlatency - 4.15.0-218.229 linux-tools-common - 4.15.0-218.229 linux-tools-host - 4.15.0-218.229 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1124.129 linux-image-oracle-lts-18.04 - 4.15.0.1124.129 linux-oracle-lts-18.04 - 4.15.0.1124.129 linux-signed-image-oracle-lts-18.04 - 4.15.0.1124.129 linux-signed-oracle-lts-18.04 - 4.15.0.1124.129 linux-tools-oracle-lts-18.04 - 4.15.0.1124.129 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1155.169 linux-headers-gcp-lts-18.04 - 4.15.0.1155.169 linux-image-gcp-lts-18.04 - 4.15.0.1155.169 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1155.169 linux-tools-gcp-lts-18.04 - 4.15.0.1155.169 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1161.159 linux-headers-aws-lts-18.04 - 4.15.0.1161.159 linux-image-aws-lts-18.04 - 4.15.0.1161.159 linux-modules-extra-aws-lts-18.04 - 4.15.0.1161.159 linux-tools-aws-lts-18.04 - 4.15.0.1161.159 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1170.138 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1170.138 linux-headers-azure-lts-18.04 - 4.15.0.1170.138 linux-image-azure-lts-18.04 - 4.15.0.1170.138 linux-modules-extra-azure-lts-18.04 - 4.15.0.1170.138 linux-signed-azure-lts-18.04 - 4.15.0.1170.138 linux-signed-image-azure-lts-18.04 - 4.15.0.1170.138 linux-tools-azure-lts-18.04 - 4.15.0.1170.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.218.202 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.218.202 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.218.202 linux-cloud-tools-lowlatency - 4.15.0.218.202 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-cloud-tools-virtual - 4.15.0.218.202 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.218.202 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.218.202 linux-crashdump - 4.15.0.218.202 linux-generic - 4.15.0.218.202 linux-generic-hwe-16.04 - 4.15.0.218.202 linux-generic-hwe-16.04-edge - 4.15.0.218.202 linux-headers-generic - 4.15.0.218.202 linux-headers-generic-hwe-16.04 - 4.15.0.218.202 linux-headers-generic-hwe-16.04-edge - 4.15.0.218.202 linux-headers-lowlatency - 4.15.0.218.202 linux-headers-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-headers-virtual - 4.15.0.218.202 linux-headers-virtual-hwe-16.04 - 4.15.0.218.202 linux-headers-virtual-hwe-16.04-edge - 4.15.0.218.202 linux-image-extra-virtual - 4.15.0.218.202 linux-image-extra-virtual-hwe-16.04 - 4.15.0.218.202 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.218.202 linux-image-generic - 4.15.0.218.202 linux-image-generic-hwe-16.04 - 4.15.0.218.202 linux-image-generic-hwe-16.04-edge - 4.15.0.218.202 linux-image-lowlatency - 4.15.0.218.202 linux-image-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-image-virtual - 4.15.0.218.202 linux-image-virtual-hwe-16.04 - 4.15.0.218.202 linux-image-virtual-hwe-16.04-edge - 4.15.0.218.202 linux-lowlatency - 4.15.0.218.202 linux-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-signed-generic - 4.15.0.218.202 linux-signed-generic-hwe-16.04 - 4.15.0.218.202 linux-signed-generic-hwe-16.04-edge - 4.15.0.218.202 linux-signed-image-generic - 4.15.0.218.202 linux-signed-image-generic-hwe-16.04 - 4.15.0.218.202 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.218.202 linux-signed-image-lowlatency - 4.15.0.218.202 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-signed-lowlatency - 4.15.0.218.202 linux-signed-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-source - 4.15.0.218.202 linux-tools-generic - 4.15.0.218.202 linux-tools-generic-hwe-16.04 - 4.15.0.218.202 linux-tools-generic-hwe-16.04-edge - 4.15.0.218.202 linux-tools-lowlatency - 4.15.0.218.202 linux-tools-lowlatency-hwe-16.04 - 4.15.0.218.202 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.218.202 linux-tools-virtual - 4.15.0.218.202 linux-tools-virtual-hwe-16.04 - 4.15.0.218.202 linux-tools-virtual-hwe-16.04-edge - 4.15.0.218.202 linux-virtual - 4.15.0.218.202 linux-virtual-hwe-16.04 - 4.15.0.218.202 linux-virtual-hwe-16.04-edge - 4.15.0.218.202 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-27672 CVE-2022-40982 CVE-2023-3212 CVE-2023-3863 CVE-2023-40283 Ubuntu 18.04 LTS It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Update Instructions: Run `sudo pro fix USN-6396-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1145-kvm - 4.15.0-1145.150 linux-headers-4.15.0-1145-kvm - 4.15.0-1145.150 linux-image-4.15.0-1145-kvm - 4.15.0-1145.150 linux-kvm-headers-4.15.0-1145 - 4.15.0-1145.150 linux-kvm-tools-4.15.0-1145 - 4.15.0-1145.150 linux-modules-4.15.0-1145-kvm - 4.15.0-1145.150 linux-tools-4.15.0-1145-kvm - 4.15.0-1145.150 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1145.136 linux-image-kvm - 4.15.0.1145.136 linux-kvm - 4.15.0.1145.136 linux-tools-kvm - 4.15.0.1145.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2022-27672 CVE-2022-40982 CVE-2023-3212 CVE-2023-3863 CVE-2023-40283 Ubuntu 18.04 LTS It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505) It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes. (CVE-2023-33476) Update Instructions: Run `sudo pro fix USN-6398-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: minidlna - 1.2.1+dfsg-1ubuntu0.18.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-26505 CVE-2023-33476 Ubuntu 18.04 LTS It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information. Update Instructions: Run `sudo pro fix USN-6400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.17-1~18.04ubuntu1.13+esm2 libpython2.7 - 2.7.17-1~18.04ubuntu1.13+esm2 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm2 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm2 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.13+esm2 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.13+esm2 python2.7 - 2.7.17-1~18.04ubuntu1.13+esm2 python2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm2 python2.7-doc - 2.7.17-1~18.04ubuntu1.13+esm2 python2.7-examples - 2.7.17-1~18.04ubuntu1.13+esm2 python2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48566 Ubuntu 18.04 LTS It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354, CVE-2023-40181, CVE-2023-40188, CVE-2023-40589) It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-40186, CVE-2023-40567, CVE-2023-40569) Update Instructions: Run `sudo pro fix USN-6401-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-39350 CVE-2023-39351 CVE-2023-39353 CVE-2023-39354 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40567 CVE-2023-40569 CVE-2023-40589 Ubuntu 18.04 LTS It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service (DoS). Update Instructions: Run `sudo pro fix USN-6402-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtommath-dev - 1.0.1-1ubuntu0.1~esm1 libtommath-docs - 1.0.1-1ubuntu0.1~esm1 libtommath1 - 1.0.1-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36328 Ubuntu 18.04 LTS USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6403-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libvpx-dev - 1.7.0-3ubuntu0.18.04.1+esm1 libvpx-doc - 1.7.0-3ubuntu0.18.04.1+esm1 libvpx5 - 1.7.0-3ubuntu0.18.04.1+esm1 vpx-tools - 1.7.0-3ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-44488 CVE-2023-5217 Ubuntu 18.04 LTS USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-43785) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libx11 to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Update Instructions: Run `sudo pro fix USN-6407-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx11-6 - 2:1.6.4-3ubuntu0.4+esm2 libx11-data - 2:1.6.4-3ubuntu0.4+esm2 libx11-dev - 2:1.6.4-3ubuntu0.4+esm2 libx11-doc - 2:1.6.4-3ubuntu0.4+esm2 libx11-xcb-dev - 2:1.6.4-3ubuntu0.4+esm2 libx11-xcb1 - 2:1.6.4-3ubuntu0.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 Ubuntu 18.04 LTS USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. (CVE-2023-43786) Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2023-43787) Alan Coopersmith discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to cause libXpm to crash, leading to a denial of service. (CVE-2023-43788, CVE-2023-43789) Update Instructions: Run `sudo pro fix USN-6408-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxpm-dev - 1:3.5.12-1ubuntu0.18.04.2+esm1 libxpm4 - 1:3.5.12-1ubuntu0.18.04.2+esm1 xpmutils - 1:3.5.12-1ubuntu0.18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43786 CVE-2023-43787 CVE-2023-43788 CVE-2023-43789 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds reads, resulting in information leakage. (CVE-2023-42114) It was discovered that Exim incorrectly handled validation of user-supplied data. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-42115) It was discovered that Exim incorrectly handled certain challenge requests. A remote attacker could possibly use this issue to perform out-of-bounds writes, resulting in arbitrary code execution. (CVE-2023-42116) Update Instructions: Run `sudo pro fix USN-6411-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.90.1-1ubuntu1.10+esm1 exim4-base - 4.90.1-1ubuntu1.10+esm1 exim4-config - 4.90.1-1ubuntu1.10+esm1 exim4-daemon-heavy - 4.90.1-1ubuntu1.10+esm1 exim4-daemon-light - 4.90.1-1ubuntu1.10+esm1 exim4-dev - 4.90.1-1ubuntu1.10+esm1 eximon4 - 4.90.1-1ubuntu1.10+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 Ubuntu 18.04 LTS It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-17122, CVE-2017-8421) It was discovered that GNU binutils was not properly performing bounds checks when processing debug sections with objdump, which could lead to an overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-20671, CVE-2018-6543) It was discovered that GNU binutils contained a reachable assertion, which could lead to an intentional assertion failure when processing certain crafted DWARF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-35205) It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could lead to excessive memory consumption due to memory leaks. An attacker could possibly use these issues to cause a denial of service. (CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011) It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-48063) Update Instructions: Run `sudo pro fix USN-6413-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.30-21ubuntu1~18.04.9+esm3 binutils-aarch64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-alpha-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-arm-linux-gnueabi - 2.30-21ubuntu1~18.04.9+esm3 binutils-arm-linux-gnueabihf - 2.30-21ubuntu1~18.04.9+esm3 binutils-common - 2.30-21ubuntu1~18.04.9+esm3 binutils-dev - 2.30-21ubuntu1~18.04.9+esm3 binutils-doc - 2.30-21ubuntu1~18.04.9+esm3 binutils-for-build - 2.30-21ubuntu1~18.04.9+esm3 binutils-for-host - 2.30-21ubuntu1~18.04.9+esm3 binutils-hppa-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-hppa64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-i686-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-i686-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-i686-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-ia64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-m68k-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-mips-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-mips64-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mips64-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mips64el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mips64el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsel-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa32r6-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa32r6el-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa64r6-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa64r6-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa64r6el-linux-gnuabi64 - 2.30-21ubuntu1~18.04.9+esm3 binutils-mipsisa64r6el-linux-gnuabin32 - 2.30-21ubuntu1~18.04.9+esm3 binutils-multiarch - 2.30-21ubuntu1~18.04.9+esm3 binutils-multiarch-dev - 2.30-21ubuntu1~18.04.9+esm3 binutils-powerpc-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-powerpc-linux-gnuspe - 2.30-21ubuntu1~18.04.9+esm3 binutils-powerpc64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-powerpc64le-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-riscv64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-s390x-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-sh4-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-source - 2.30-21ubuntu1~18.04.9+esm3 binutils-sparc64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-x86-64-kfreebsd-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-x86-64-linux-gnu - 2.30-21ubuntu1~18.04.9+esm3 binutils-x86-64-linux-gnux32 - 2.30-21ubuntu1~18.04.9+esm3 libbinutils - 2.30-21ubuntu1~18.04.9+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2017-17122 CVE-2017-8421 CVE-2018-20671 CVE-2018-6543 CVE-2022-35205 CVE-2022-47007 CVE-2022-47008 CVE-2022-47010 CVE-2022-47011 CVE-2022-48063 Ubuntu 18.04 LTS USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. It was discovered that Django incorrectly handled certain URIs with a very large number of Unicode characters. A remote attacker could possibly use this issue to cause Django to consume resources or crash, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-6414-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django - 1:1.11.11-1ubuntu1.21+esm2 python-django-common - 1:1.11.11-1ubuntu1.21+esm2 python-django-doc - 1:1.11.11-1ubuntu1.21+esm2 python3-django - 1:1.11.11-1ubuntu1.21+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-41164 CVE-2023-43665 Ubuntu 18.04 LTS It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps. (CVE-2021-4001) It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) Davide Ornaghi discovered that the DECnet network protocol implementation in the Linux kernel contained a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Please note that kernel support for the DECnet has been removed to resolve this CVE. (CVE-2023-3338) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-4194) Update Instructions: Run `sudo pro fix USN-6417-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-headers-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1058.63~18.04.1 linux-ibm-5.4-headers-5.4.0-1058 - 5.4.0-1058.63~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1058.63~18.04.1 linux-ibm-5.4-tools-5.4.0-1058 - 5.4.0-1058.63~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1058.63~18.04.1 linux-image-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-image-unsigned-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-modules-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-modules-extra-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 linux-tools-5.4.0-1058-ibm - 5.4.0-1058.63~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1095-raspi - 5.4.0-1095.106~18.04.1 linux-headers-5.4.0-1095-raspi - 5.4.0-1095.106~18.04.1 linux-image-5.4.0-1095-raspi - 5.4.0-1095.106~18.04.1 linux-modules-5.4.0-1095-raspi - 5.4.0-1095.106~18.04.1 linux-raspi-5.4-headers-5.4.0-1095 - 5.4.0-1095.106~18.04.1 linux-raspi-5.4-tools-5.4.0-1095 - 5.4.0-1095.106~18.04.1 linux-tools-5.4.0-1095-raspi - 5.4.0-1095.106~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-headers-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-image-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-image-unsigned-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-modules-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-modules-extra-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 linux-oracle-5.4-headers-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-oracle-5.4-tools-5.4.0-1110 - 5.4.0-1110.119~18.04.1 linux-tools-5.4.0-1110-oracle - 5.4.0-1110.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-aws-5.4-headers-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-aws-5.4-tools-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-buildinfo-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-cloud-tools-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-headers-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-image-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-image-unsigned-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-modules-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-modules-extra-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 linux-tools-5.4.0-1111-aws - 5.4.0-1111.120~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-gcp-5.4-headers-5.4.0-1115 - 5.4.0-1115.124~18.04.1 linux-gcp-5.4-tools-5.4.0-1115 - 5.4.0-1115.124~18.04.1 linux-headers-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-image-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-image-unsigned-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-modules-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-modules-extra-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 linux-tools-5.4.0-1115-gcp - 5.4.0-1115.124~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1117 - 5.4.0-1117.124~18.04.1 linux-azure-5.4-headers-5.4.0-1117 - 5.4.0-1117.124~18.04.1 linux-azure-5.4-tools-5.4.0-1117 - 5.4.0-1117.124~18.04.1 linux-buildinfo-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-cloud-tools-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-headers-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-image-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-image-unsigned-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-modules-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-modules-extra-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 linux-tools-5.4.0-1117-azure - 5.4.0-1117.124~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-buildinfo-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-cloud-tools-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-cloud-tools-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-headers-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-headers-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-164 - 5.4.0-164.181~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-164.181~18.04.1 linux-hwe-5.4-headers-5.4.0-164 - 5.4.0-164.181~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-164.181~18.04.1 linux-hwe-5.4-tools-5.4.0-164 - 5.4.0-164.181~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-164.181~18.04.1 linux-image-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-image-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-image-unsigned-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-image-unsigned-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-modules-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-modules-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 linux-modules-extra-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-tools-5.4.0-164-generic - 5.4.0-164.181~18.04.1 linux-tools-5.4.0-164-lowlatency - 5.4.0-164.181~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1058.69 linux-headers-ibm-edge - 5.4.0.1058.69 linux-ibm - 5.4.0.1058.69 linux-ibm-edge - 5.4.0.1058.69 linux-image-ibm - 5.4.0.1058.69 linux-image-ibm-edge - 5.4.0.1058.69 linux-modules-extra-ibm - 5.4.0.1058.69 linux-modules-extra-ibm-edge - 5.4.0.1058.69 linux-tools-ibm - 5.4.0.1058.69 linux-tools-ibm-edge - 5.4.0.1058.69 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1095.92 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1095.92 linux-image-raspi-hwe-18.04 - 5.4.0.1095.92 linux-image-raspi-hwe-18.04-edge - 5.4.0.1095.92 linux-raspi-hwe-18.04 - 5.4.0.1095.92 linux-raspi-hwe-18.04-edge - 5.4.0.1095.92 linux-tools-raspi-hwe-18.04 - 5.4.0.1095.92 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1095.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1110.119~18.04.82 linux-headers-oracle-edge - 5.4.0.1110.119~18.04.82 linux-image-oracle - 5.4.0.1110.119~18.04.82 linux-image-oracle-edge - 5.4.0.1110.119~18.04.82 linux-modules-extra-oracle - 5.4.0.1110.119~18.04.82 linux-modules-extra-oracle-edge - 5.4.0.1110.119~18.04.82 linux-oracle - 5.4.0.1110.119~18.04.82 linux-oracle-edge - 5.4.0.1110.119~18.04.82 linux-signed-image-oracle - 5.4.0.1110.119~18.04.82 linux-signed-image-oracle-edge - 5.4.0.1110.119~18.04.82 linux-signed-oracle - 5.4.0.1110.119~18.04.82 linux-signed-oracle-edge - 5.4.0.1110.119~18.04.82 linux-tools-oracle - 5.4.0.1110.119~18.04.82 linux-tools-oracle-edge - 5.4.0.1110.119~18.04.82 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1111.89 linux-aws-edge - 5.4.0.1111.89 linux-headers-aws - 5.4.0.1111.89 linux-headers-aws-edge - 5.4.0.1111.89 linux-image-aws - 5.4.0.1111.89 linux-image-aws-edge - 5.4.0.1111.89 linux-modules-extra-aws - 5.4.0.1111.89 linux-modules-extra-aws-edge - 5.4.0.1111.89 linux-tools-aws - 5.4.0.1111.89 linux-tools-aws-edge - 5.4.0.1111.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1115.91 linux-gcp-edge - 5.4.0.1115.91 linux-headers-gcp - 5.4.0.1115.91 linux-headers-gcp-edge - 5.4.0.1115.91 linux-image-gcp - 5.4.0.1115.91 linux-image-gcp-edge - 5.4.0.1115.91 linux-modules-extra-gcp - 5.4.0.1115.91 linux-modules-extra-gcp-edge - 5.4.0.1115.91 linux-tools-gcp - 5.4.0.1115.91 linux-tools-gcp-edge - 5.4.0.1115.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1117.90 linux-azure-edge - 5.4.0.1117.90 linux-cloud-tools-azure - 5.4.0.1117.90 linux-cloud-tools-azure-edge - 5.4.0.1117.90 linux-headers-azure - 5.4.0.1117.90 linux-headers-azure-edge - 5.4.0.1117.90 linux-image-azure - 5.4.0.1117.90 linux-image-azure-edge - 5.4.0.1117.90 linux-modules-extra-azure - 5.4.0.1117.90 linux-modules-extra-azure-edge - 5.4.0.1117.90 linux-signed-azure - 5.4.0.1117.90 linux-signed-azure-edge - 5.4.0.1117.90 linux-signed-image-azure - 5.4.0.1117.90 linux-signed-image-azure-edge - 5.4.0.1117.90 linux-tools-azure - 5.4.0.1117.90 linux-tools-azure-edge - 5.4.0.1117.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-generic-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-generic-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-headers-generic-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-headers-generic-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-headers-lowlatency-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-headers-oem - 5.4.0.164.181~18.04.131 linux-headers-oem-osp1 - 5.4.0.164.181~18.04.131 linux-headers-snapdragon-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-headers-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-headers-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-image-extra-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-image-generic-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-image-generic-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-image-lowlatency-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-image-oem - 5.4.0.164.181~18.04.131 linux-image-oem-osp1 - 5.4.0.164.181~18.04.131 linux-image-snapdragon-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-image-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-image-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-lowlatency-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-lowlatency-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-oem - 5.4.0.164.181~18.04.131 linux-oem-osp1 - 5.4.0.164.181~18.04.131 linux-snapdragon-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-snapdragon-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-tools-generic-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-tools-generic-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-tools-lowlatency-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-tools-oem - 5.4.0.164.181~18.04.131 linux-tools-oem-osp1 - 5.4.0.164.181~18.04.131 linux-tools-snapdragon-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-tools-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-tools-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 linux-virtual-hwe-18.04 - 5.4.0.164.181~18.04.131 linux-virtual-hwe-18.04-edge - 5.4.0.164.181~18.04.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2021-4001 CVE-2023-1206 CVE-2023-3212 CVE-2023-3338 CVE-2023-3863 CVE-2023-4194 Ubuntu 18.04 LTS It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 LTS. (CVE-2021-22883) Vít Šesták discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-22884) Update Instructions: Run `sudo pro fix USN-6418-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 8.10.0~dfsg-2ubuntu0.4+esm3 nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm3 nodejs-doc - 8.10.0~dfsg-2ubuntu0.4+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-22883 CVE-2021-22884 Ubuntu 18.04 LTS Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103) Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-41182, CVE-2021-41183) It was discovered that jQuery UI did not properly validate values from untrusted sources. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41184) It was discovered that the jQuery UI checkboxradio widget did not properly decode certain values from HTML entities. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-31160) Update Instructions: Run `sudo pro fix USN-6419-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-jquery-ui - 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 libjs-jquery-ui-docs - 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 node-jquery-ui - 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2016-7103 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160 Ubuntu 18.04 LTS It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278, CVE-2022-3297, CVE-2022-3491) It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3352, CVE-2022-4292) It was discovered that Vim incorrectly handled memory when replacing in virtualedit mode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234) It was discovered that Vim incorrectly handled memory when autocmd changes mark. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3256) It was discovered that Vim did not properly perform checks on array index with negative width window. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-3324) It was discovered that Vim did not properly perform checks on a put command column with a visual block. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3520) It was discovered that Vim incorrectly handled memory when using autocommand to open a window. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-3591) It was discovered that Vim incorrectly handled memory when updating buffer of the component autocmd handler. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3705) It was discovered that Vim incorrectly handled floating point comparison with incorrect operator. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu 22.04 LTS. (CVE-2022-4293) Update Instructions: Run `sudo pro fix USN-6420-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm5 vim-athena - 2:8.0.1453-1ubuntu1.13+esm5 vim-common - 2:8.0.1453-1ubuntu1.13+esm5 vim-doc - 2:8.0.1453-1ubuntu1.13+esm5 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm5 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm5 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm5 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm5 vim-nox - 2:8.0.1453-1ubuntu1.13+esm5 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm5 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm5 xxd - 2:8.0.1453-1ubuntu1.13+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-3234 CVE-2022-3235 CVE-2022-3256 CVE-2022-3278 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4292 CVE-2022-4293 Ubuntu 18.04 LTS It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6421-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.19+esm2 bind9-host - 1:9.11.3+dfsg-1ubuntu1.19+esm2 bind9utils - 1:9.11.3+dfsg-1ubuntu1.19+esm2 dnsutils - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libirs160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisc169 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.19+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3341 Ubuntu 18.04 LTS It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-37706) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031, CVE-2022-39244) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722) It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-27585) Update Instructions: Run `sudo pro fix USN-6422-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ring - 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 ring-daemon - 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23537 CVE-2022-23547 CVE-2022-23608 CVE-2022-24754 CVE-2022-24763 CVE-2022-24764 CVE-2022-24793 CVE-2022-31031 CVE-2022-39244 CVE-2023-27585 Ubuntu 18.04 LTS It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6428-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-dev - 4.0.9-5ubuntu0.10+esm3 libtiff-doc - 4.0.9-5ubuntu0.10+esm3 libtiff-opengl - 4.0.9-5ubuntu0.10+esm3 libtiff-tools - 4.0.9-5ubuntu0.10+esm3 libtiff5 - 4.0.9-5ubuntu0.10+esm3 libtiff5-dev - 4.0.9-5ubuntu0.10+esm3 libtiffxx5 - 4.0.9-5ubuntu0.10+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-1916 Ubuntu 18.04 LTS USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections. (CVE-2023-38546) Update Instructions: Run `sudo pro fix USN-6429-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.58.0-2ubuntu3.24+esm2 libcurl3-gnutls - 7.58.0-2ubuntu3.24+esm2 libcurl3-nss - 7.58.0-2ubuntu3.24+esm2 libcurl4 - 7.58.0-2ubuntu3.24+esm2 libcurl4-doc - 7.58.0-2ubuntu3.24+esm2 libcurl4-gnutls-dev - 7.58.0-2ubuntu3.24+esm2 libcurl4-nss-dev - 7.58.0-2ubuntu3.24+esm2 libcurl4-openssl-dev - 7.58.0-2ubuntu3.24+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-38546 Ubuntu 18.04 LTS It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22024) It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22039) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in frame.c. An attacker could possibly use this issue to cause a denial of service via application crash. This issue affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22040) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in fifo.c. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22043) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in vf_tile.c. If a user or automated system were tricked into processing a specially crafted MOV file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22051) It was discovered that FFmpeg incorrectly handled certain MOV files in timecode.c, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service using a crafted MOV file. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-28429) Update Instructions: Run `sudo pro fix USN-6430-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:3.4.11-0ubuntu0.1+esm2 ffmpeg-doc - 7:3.4.11-0ubuntu0.1+esm2 libavcodec-dev - 7:3.4.11-0ubuntu0.1+esm2 libavcodec-extra - 7:3.4.11-0ubuntu0.1+esm2 libavcodec-extra57 - 7:3.4.11-0ubuntu0.1+esm2 libavcodec57 - 7:3.4.11-0ubuntu0.1+esm2 libavdevice-dev - 7:3.4.11-0ubuntu0.1+esm2 libavdevice57 - 7:3.4.11-0ubuntu0.1+esm2 libavfilter-dev - 7:3.4.11-0ubuntu0.1+esm2 libavfilter-extra - 7:3.4.11-0ubuntu0.1+esm2 libavfilter-extra6 - 7:3.4.11-0ubuntu0.1+esm2 libavfilter6 - 7:3.4.11-0ubuntu0.1+esm2 libavformat-dev - 7:3.4.11-0ubuntu0.1+esm2 libavformat57 - 7:3.4.11-0ubuntu0.1+esm2 libavresample-dev - 7:3.4.11-0ubuntu0.1+esm2 libavresample3 - 7:3.4.11-0ubuntu0.1+esm2 libavutil-dev - 7:3.4.11-0ubuntu0.1+esm2 libavutil55 - 7:3.4.11-0ubuntu0.1+esm2 libpostproc-dev - 7:3.4.11-0ubuntu0.1+esm2 libpostproc54 - 7:3.4.11-0ubuntu0.1+esm2 libswresample-dev - 7:3.4.11-0ubuntu0.1+esm2 libswresample2 - 7:3.4.11-0ubuntu0.1+esm2 libswscale-dev - 7:3.4.11-0ubuntu0.1+esm2 libswscale4 - 7:3.4.11-0ubuntu0.1+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-22024 CVE-2020-22039 CVE-2020-22040 CVE-2020-22043 CVE-2020-22051 CVE-2021-28429 Ubuntu 18.04 LTS It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-38403) Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. (LP: #2038654) Update Instructions: Run `sudo pro fix USN-6431-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: iperf3 - 3.1.3-1ubuntu0.1~esm1 libiperf-dev - 3.1.3-1ubuntu0.1~esm1 libiperf0 - 3.1.3-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-38403 https://launchpad.net/bugs/2038654 Ubuntu 18.04 LTS It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-41358) It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of ORF header. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-41360) Update Instructions: Run `sudo pro fix USN-6432-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: quagga - 1.2.4-1ubuntu0.1~esm1 quagga-bgpd - 1.2.4-1ubuntu0.1~esm1 quagga-core - 1.2.4-1ubuntu0.1~esm1 quagga-doc - 1.2.4-1ubuntu0.1~esm1 quagga-isisd - 1.2.4-1ubuntu0.1~esm1 quagga-ospf6d - 1.2.4-1ubuntu0.1~esm1 quagga-ospfd - 1.2.4-1ubuntu0.1~esm1 quagga-pimd - 1.2.4-1ubuntu0.1~esm1 quagga-ripd - 1.2.4-1ubuntu0.1~esm1 quagga-ripngd - 1.2.4-1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-41358 CVE-2023-41360 Ubuntu 18.04 LTS Francois Diakhate discovered that PMIx did not properly handle race conditions in the pmix library, which could lead to unwanted privilege escalation. An attacker could possibly use this issue to obtain ownership of an arbitrary file on the filesystem, under the default configuration of the application. Update Instructions: Run `sudo pro fix USN-6434-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpmi-pmix-dev - 2.1.1~rc1-1ubuntu0.1~esm1 libpmi1-pmix - 2.1.1~rc1-1ubuntu0.1~esm1 libpmi2-pmix - 2.1.1~rc1-1ubuntu0.1~esm1 libpmix-dev - 2.1.1~rc1-1ubuntu0.1~esm1 libpmix2 - 2.1.1~rc1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2023-41915 Ubuntu 18.04 LTS It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3446) Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-3817) Update Instructions: Run `sudo pro fix USN-6435-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.1.1-1ubuntu2.1~18.04.23+esm3 libssl-doc - 1.1.1-1ubuntu2.1~18.04.23+esm3 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23+esm3 openssl - 1.1.1-1ubuntu2.1~18.04.23+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-3446 CVE-2023-3817 Ubuntu 18.04 LTS Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032) Update Instructions: Run `sudo pro fix USN-6437-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-vips-8.0 - 8.4.5-1ubuntu0.1~esm1 libvips-dev - 8.4.5-1ubuntu0.1~esm1 libvips-doc - 8.4.5-1ubuntu0.1~esm1 libvips-tools - 8.4.5-1ubuntu0.1~esm1 libvips42 - 8.4.5-1ubuntu0.1~esm1 python-vipscc - 8.4.5-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-7998 CVE-2019-6976 CVE-2020-20739 CVE-2021-27847 CVE-2023-40032 Ubuntu 18.04 LTS Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6440-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1125-oracle - 4.15.0-1125.136 linux-headers-4.15.0-1125-oracle - 4.15.0-1125.136 linux-image-4.15.0-1125-oracle - 4.15.0-1125.136 linux-image-unsigned-4.15.0-1125-oracle - 4.15.0-1125.136 linux-modules-4.15.0-1125-oracle - 4.15.0-1125.136 linux-modules-extra-4.15.0-1125-oracle - 4.15.0-1125.136 linux-oracle-headers-4.15.0-1125 - 4.15.0-1125.136 linux-oracle-tools-4.15.0-1125 - 4.15.0-1125.136 linux-tools-4.15.0-1125-oracle - 4.15.0-1125.136 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1146-kvm - 4.15.0-1146.151 linux-headers-4.15.0-1146-kvm - 4.15.0-1146.151 linux-image-4.15.0-1146-kvm - 4.15.0-1146.151 linux-kvm-headers-4.15.0-1146 - 4.15.0-1146.151 linux-kvm-tools-4.15.0-1146 - 4.15.0-1146.151 linux-modules-4.15.0-1146-kvm - 4.15.0-1146.151 linux-tools-4.15.0-1146-kvm - 4.15.0-1146.151 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1156-gcp - 4.15.0-1156.173 linux-gcp-4.15-headers-4.15.0-1156 - 4.15.0-1156.173 linux-gcp-4.15-tools-4.15.0-1156 - 4.15.0-1156.173 linux-headers-4.15.0-1156-gcp - 4.15.0-1156.173 linux-image-4.15.0-1156-gcp - 4.15.0-1156.173 linux-image-unsigned-4.15.0-1156-gcp - 4.15.0-1156.173 linux-modules-4.15.0-1156-gcp - 4.15.0-1156.173 linux-modules-extra-4.15.0-1156-gcp - 4.15.0-1156.173 linux-tools-4.15.0-1156-gcp - 4.15.0-1156.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1162 - 4.15.0-1162.175 linux-aws-headers-4.15.0-1162 - 4.15.0-1162.175 linux-aws-tools-4.15.0-1162 - 4.15.0-1162.175 linux-buildinfo-4.15.0-1162-aws - 4.15.0-1162.175 linux-cloud-tools-4.15.0-1162-aws - 4.15.0-1162.175 linux-headers-4.15.0-1162-aws - 4.15.0-1162.175 linux-image-4.15.0-1162-aws - 4.15.0-1162.175 linux-image-unsigned-4.15.0-1162-aws - 4.15.0-1162.175 linux-modules-4.15.0-1162-aws - 4.15.0-1162.175 linux-modules-extra-4.15.0-1162-aws - 4.15.0-1162.175 linux-tools-4.15.0-1162-aws - 4.15.0-1162.175 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1171 - 4.15.0-1171.186 linux-azure-4.15-headers-4.15.0-1171 - 4.15.0-1171.186 linux-azure-4.15-tools-4.15.0-1171 - 4.15.0-1171.186 linux-buildinfo-4.15.0-1171-azure - 4.15.0-1171.186 linux-cloud-tools-4.15.0-1171-azure - 4.15.0-1171.186 linux-headers-4.15.0-1171-azure - 4.15.0-1171.186 linux-image-4.15.0-1171-azure - 4.15.0-1171.186 linux-image-unsigned-4.15.0-1171-azure - 4.15.0-1171.186 linux-modules-4.15.0-1171-azure - 4.15.0-1171.186 linux-modules-extra-4.15.0-1171-azure - 4.15.0-1171.186 linux-tools-4.15.0-1171-azure - 4.15.0-1171.186 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-219-generic - 4.15.0-219.230 linux-buildinfo-4.15.0-219-lowlatency - 4.15.0-219.230 linux-cloud-tools-4.15.0-219 - 4.15.0-219.230 linux-cloud-tools-4.15.0-219-generic - 4.15.0-219.230 linux-cloud-tools-4.15.0-219-lowlatency - 4.15.0-219.230 linux-cloud-tools-common - 4.15.0-219.230 linux-doc - 4.15.0-219.230 linux-headers-4.15.0-219 - 4.15.0-219.230 linux-headers-4.15.0-219-generic - 4.15.0-219.230 linux-headers-4.15.0-219-lowlatency - 4.15.0-219.230 linux-image-4.15.0-219-generic - 4.15.0-219.230 linux-image-4.15.0-219-lowlatency - 4.15.0-219.230 linux-image-unsigned-4.15.0-219-generic - 4.15.0-219.230 linux-image-unsigned-4.15.0-219-lowlatency - 4.15.0-219.230 linux-libc-dev - 4.15.0-219.230 linux-modules-4.15.0-219-generic - 4.15.0-219.230 linux-modules-4.15.0-219-lowlatency - 4.15.0-219.230 linux-modules-extra-4.15.0-219-generic - 4.15.0-219.230 linux-source-4.15.0 - 4.15.0-219.230 linux-tools-4.15.0-219 - 4.15.0-219.230 linux-tools-4.15.0-219-generic - 4.15.0-219.230 linux-tools-4.15.0-219-lowlatency - 4.15.0-219.230 linux-tools-common - 4.15.0-219.230 linux-tools-host - 4.15.0-219.230 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1125.130 linux-image-oracle-lts-18.04 - 4.15.0.1125.130 linux-oracle-lts-18.04 - 4.15.0.1125.130 linux-signed-image-oracle-lts-18.04 - 4.15.0.1125.130 linux-signed-oracle-lts-18.04 - 4.15.0.1125.130 linux-tools-oracle-lts-18.04 - 4.15.0.1125.130 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1146.137 linux-image-kvm - 4.15.0.1146.137 linux-kvm - 4.15.0.1146.137 linux-tools-kvm - 4.15.0.1146.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1156.170 linux-headers-gcp-lts-18.04 - 4.15.0.1156.170 linux-image-gcp-lts-18.04 - 4.15.0.1156.170 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1156.170 linux-tools-gcp-lts-18.04 - 4.15.0.1156.170 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1162.160 linux-headers-aws-lts-18.04 - 4.15.0.1162.160 linux-image-aws-lts-18.04 - 4.15.0.1162.160 linux-modules-extra-aws-lts-18.04 - 4.15.0.1162.160 linux-tools-aws-lts-18.04 - 4.15.0.1162.160 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1171.139 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1171.139 linux-headers-azure-lts-18.04 - 4.15.0.1171.139 linux-image-azure-lts-18.04 - 4.15.0.1171.139 linux-modules-extra-azure-lts-18.04 - 4.15.0.1171.139 linux-signed-azure-lts-18.04 - 4.15.0.1171.139 linux-signed-image-azure-lts-18.04 - 4.15.0.1171.139 linux-tools-azure-lts-18.04 - 4.15.0.1171.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.219.203 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.219.203 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.219.203 linux-cloud-tools-lowlatency - 4.15.0.219.203 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-cloud-tools-virtual - 4.15.0.219.203 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.219.203 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.219.203 linux-crashdump - 4.15.0.219.203 linux-generic - 4.15.0.219.203 linux-generic-hwe-16.04 - 4.15.0.219.203 linux-generic-hwe-16.04-edge - 4.15.0.219.203 linux-headers-generic - 4.15.0.219.203 linux-headers-generic-hwe-16.04 - 4.15.0.219.203 linux-headers-generic-hwe-16.04-edge - 4.15.0.219.203 linux-headers-lowlatency - 4.15.0.219.203 linux-headers-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-headers-virtual - 4.15.0.219.203 linux-headers-virtual-hwe-16.04 - 4.15.0.219.203 linux-headers-virtual-hwe-16.04-edge - 4.15.0.219.203 linux-image-extra-virtual - 4.15.0.219.203 linux-image-extra-virtual-hwe-16.04 - 4.15.0.219.203 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.219.203 linux-image-generic - 4.15.0.219.203 linux-image-generic-hwe-16.04 - 4.15.0.219.203 linux-image-generic-hwe-16.04-edge - 4.15.0.219.203 linux-image-lowlatency - 4.15.0.219.203 linux-image-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-image-virtual - 4.15.0.219.203 linux-image-virtual-hwe-16.04 - 4.15.0.219.203 linux-image-virtual-hwe-16.04-edge - 4.15.0.219.203 linux-lowlatency - 4.15.0.219.203 linux-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-signed-generic - 4.15.0.219.203 linux-signed-generic-hwe-16.04 - 4.15.0.219.203 linux-signed-generic-hwe-16.04-edge - 4.15.0.219.203 linux-signed-image-generic - 4.15.0.219.203 linux-signed-image-generic-hwe-16.04 - 4.15.0.219.203 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.219.203 linux-signed-image-lowlatency - 4.15.0.219.203 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-signed-lowlatency - 4.15.0.219.203 linux-signed-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-source - 4.15.0.219.203 linux-tools-generic - 4.15.0.219.203 linux-tools-generic-hwe-16.04 - 4.15.0.219.203 linux-tools-generic-hwe-16.04-edge - 4.15.0.219.203 linux-tools-lowlatency - 4.15.0.219.203 linux-tools-lowlatency-hwe-16.04 - 4.15.0.219.203 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.219.203 linux-tools-virtual - 4.15.0.219.203 linux-tools-virtual-hwe-16.04 - 4.15.0.219.203 linux-tools-virtual-hwe-16.04-edge - 4.15.0.219.203 linux-virtual - 4.15.0.219.203 linux-virtual-hwe-16.04 - 4.15.0.219.203 linux-virtual-hwe-16.04-edge - 4.15.0.219.203 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-0597 CVE-2023-1206 CVE-2023-31083 CVE-2023-34319 CVE-2023-3772 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 18.04 LTS Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-42756) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6441-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-headers-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1059.64~18.04.1 linux-ibm-5.4-headers-5.4.0-1059 - 5.4.0-1059.64~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1059.64~18.04.1 linux-ibm-5.4-tools-5.4.0-1059 - 5.4.0-1059.64~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1059.64~18.04.1 linux-image-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-image-unsigned-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-modules-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-modules-extra-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 linux-tools-5.4.0-1059-ibm - 5.4.0-1059.64~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-headers-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-image-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-image-unsigned-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-modules-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-modules-extra-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 linux-oracle-5.4-headers-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-oracle-5.4-tools-5.4.0-1111 - 5.4.0-1111.120~18.04.1 linux-tools-5.4.0-1111-oracle - 5.4.0-1111.120~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1112 - 5.4.0-1112.121~18.04.2 linux-aws-5.4-headers-5.4.0-1112 - 5.4.0-1112.121~18.04.2 linux-aws-5.4-tools-5.4.0-1112 - 5.4.0-1112.121~18.04.2 linux-buildinfo-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-cloud-tools-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-headers-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-image-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-image-unsigned-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-modules-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-modules-extra-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 linux-tools-5.4.0-1112-aws - 5.4.0-1112.121~18.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1118 - 5.4.0-1118.125~18.04.1 linux-azure-5.4-headers-5.4.0-1118 - 5.4.0-1118.125~18.04.1 linux-azure-5.4-tools-5.4.0-1118 - 5.4.0-1118.125~18.04.1 linux-buildinfo-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-cloud-tools-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-headers-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-image-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-image-unsigned-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-modules-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-modules-extra-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 linux-tools-5.4.0-1118-azure - 5.4.0-1118.125~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-buildinfo-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-cloud-tools-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-cloud-tools-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-headers-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-headers-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-165 - 5.4.0-165.182~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-165.182~18.04.1 linux-hwe-5.4-headers-5.4.0-165 - 5.4.0-165.182~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-165.182~18.04.1 linux-hwe-5.4-tools-5.4.0-165 - 5.4.0-165.182~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-165.182~18.04.1 linux-image-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-image-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-image-unsigned-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-image-unsigned-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-modules-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-modules-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 linux-modules-extra-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-tools-5.4.0-165-generic - 5.4.0-165.182~18.04.1 linux-tools-5.4.0-165-lowlatency - 5.4.0-165.182~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1059.70 linux-headers-ibm-edge - 5.4.0.1059.70 linux-ibm - 5.4.0.1059.70 linux-ibm-edge - 5.4.0.1059.70 linux-image-ibm - 5.4.0.1059.70 linux-image-ibm-edge - 5.4.0.1059.70 linux-modules-extra-ibm - 5.4.0.1059.70 linux-modules-extra-ibm-edge - 5.4.0.1059.70 linux-tools-ibm - 5.4.0.1059.70 linux-tools-ibm-edge - 5.4.0.1059.70 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1111.120~18.04.83 linux-headers-oracle-edge - 5.4.0.1111.120~18.04.83 linux-image-oracle - 5.4.0.1111.120~18.04.83 linux-image-oracle-edge - 5.4.0.1111.120~18.04.83 linux-modules-extra-oracle - 5.4.0.1111.120~18.04.83 linux-modules-extra-oracle-edge - 5.4.0.1111.120~18.04.83 linux-oracle - 5.4.0.1111.120~18.04.83 linux-oracle-edge - 5.4.0.1111.120~18.04.83 linux-signed-image-oracle - 5.4.0.1111.120~18.04.83 linux-signed-image-oracle-edge - 5.4.0.1111.120~18.04.83 linux-signed-oracle - 5.4.0.1111.120~18.04.83 linux-signed-oracle-edge - 5.4.0.1111.120~18.04.83 linux-tools-oracle - 5.4.0.1111.120~18.04.83 linux-tools-oracle-edge - 5.4.0.1111.120~18.04.83 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1112.90 linux-aws-edge - 5.4.0.1112.90 linux-headers-aws - 5.4.0.1112.90 linux-headers-aws-edge - 5.4.0.1112.90 linux-image-aws - 5.4.0.1112.90 linux-image-aws-edge - 5.4.0.1112.90 linux-modules-extra-aws - 5.4.0.1112.90 linux-modules-extra-aws-edge - 5.4.0.1112.90 linux-tools-aws - 5.4.0.1112.90 linux-tools-aws-edge - 5.4.0.1112.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1118.91 linux-azure-edge - 5.4.0.1118.91 linux-cloud-tools-azure - 5.4.0.1118.91 linux-cloud-tools-azure-edge - 5.4.0.1118.91 linux-headers-azure - 5.4.0.1118.91 linux-headers-azure-edge - 5.4.0.1118.91 linux-image-azure - 5.4.0.1118.91 linux-image-azure-edge - 5.4.0.1118.91 linux-modules-extra-azure - 5.4.0.1118.91 linux-modules-extra-azure-edge - 5.4.0.1118.91 linux-signed-azure - 5.4.0.1118.91 linux-signed-azure-edge - 5.4.0.1118.91 linux-signed-image-azure - 5.4.0.1118.91 linux-signed-image-azure-edge - 5.4.0.1118.91 linux-tools-azure - 5.4.0.1118.91 linux-tools-azure-edge - 5.4.0.1118.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-generic-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-generic-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-headers-generic-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-headers-generic-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-headers-lowlatency-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-headers-oem - 5.4.0.165.182~18.04.132 linux-headers-oem-osp1 - 5.4.0.165.182~18.04.132 linux-headers-snapdragon-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-headers-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-headers-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-image-extra-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-image-generic-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-image-generic-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-image-lowlatency-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-image-oem - 5.4.0.165.182~18.04.132 linux-image-oem-osp1 - 5.4.0.165.182~18.04.132 linux-image-snapdragon-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-image-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-image-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-lowlatency-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-lowlatency-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-oem - 5.4.0.165.182~18.04.132 linux-oem-osp1 - 5.4.0.165.182~18.04.132 linux-snapdragon-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-snapdragon-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-tools-generic-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-tools-generic-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-tools-lowlatency-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-tools-oem - 5.4.0.165.182~18.04.132 linux-tools-oem-osp1 - 5.4.0.165.182~18.04.132 linux-tools-snapdragon-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-tools-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-tools-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 linux-virtual-hwe-18.04 - 5.4.0.165.182~18.04.132 linux-virtual-hwe-18.04-edge - 5.4.0.165.182~18.04.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-34319 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-42756 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 18.04 LTS Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-42756) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6441-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-gcp-5.4-headers-5.4.0-1116 - 5.4.0-1116.125~18.04.1 linux-gcp-5.4-tools-5.4.0-1116 - 5.4.0-1116.125~18.04.1 linux-headers-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-image-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-image-unsigned-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-modules-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-modules-extra-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 linux-tools-5.4.0-1116-gcp - 5.4.0-1116.125~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1116.92 linux-gcp-edge - 5.4.0.1116.92 linux-headers-gcp - 5.4.0.1116.92 linux-headers-gcp-edge - 5.4.0.1116.92 linux-image-gcp - 5.4.0.1116.92 linux-image-gcp-edge - 5.4.0.1116.92 linux-modules-extra-gcp - 5.4.0.1116.92 linux-modules-extra-gcp-edge - 5.4.0.1116.92 linux-tools-gcp - 5.4.0.1116.92 linux-tools-gcp-edge - 5.4.0.1116.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-34319 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-42756 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 18.04 LTS Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code. (CVE-2023-34319) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42753) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-42756) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-4881) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) Update Instructions: Run `sudo pro fix USN-6441-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1096-raspi - 5.4.0-1096.107~18.04.1 linux-headers-5.4.0-1096-raspi - 5.4.0-1096.107~18.04.1 linux-image-5.4.0-1096-raspi - 5.4.0-1096.107~18.04.1 linux-modules-5.4.0-1096-raspi - 5.4.0-1096.107~18.04.1 linux-raspi-5.4-headers-5.4.0-1096 - 5.4.0-1096.107~18.04.1 linux-raspi-5.4-tools-5.4.0-1096 - 5.4.0-1096.107~18.04.1 linux-tools-5.4.0-1096-raspi - 5.4.0-1096.107~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1096.93 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1096.93 linux-image-raspi-hwe-18.04 - 5.4.0.1096.93 linux-image-raspi-hwe-18.04-edge - 5.4.0.1096.93 linux-raspi-hwe-18.04 - 5.4.0.1096.93 linux-raspi-hwe-18.04-edge - 5.4.0.1096.93 linux-tools-raspi-hwe-18.04 - 5.4.0.1096.93 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1096.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-34319 CVE-2023-42752 CVE-2023-42753 CVE-2023-42755 CVE-2023-42756 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921 Ubuntu 18.04 LTS Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6448-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsofia-sip-ua-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 libsofia-sip-ua-glib-dev - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 libsofia-sip-ua-glib3 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 libsofia-sip-ua0 - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 sofia-sip-bin - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 sofia-sip-doc - 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-32307 Ubuntu 18.04 LTS It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038) It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090, CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094) It was discovered that FFmpeg incorrectly managed memory, resulting in a memory leak. If a user or automated system were tricked into processing a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-48434) Update Instructions: Run `sudo pro fix USN-6449-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:3.4.11-0ubuntu0.1+esm3 ffmpeg-doc - 7:3.4.11-0ubuntu0.1+esm3 libavcodec-dev - 7:3.4.11-0ubuntu0.1+esm3 libavcodec-extra - 7:3.4.11-0ubuntu0.1+esm3 libavcodec-extra57 - 7:3.4.11-0ubuntu0.1+esm3 libavcodec57 - 7:3.4.11-0ubuntu0.1+esm3 libavdevice-dev - 7:3.4.11-0ubuntu0.1+esm3 libavdevice57 - 7:3.4.11-0ubuntu0.1+esm3 libavfilter-dev - 7:3.4.11-0ubuntu0.1+esm3 libavfilter-extra - 7:3.4.11-0ubuntu0.1+esm3 libavfilter-extra6 - 7:3.4.11-0ubuntu0.1+esm3 libavfilter6 - 7:3.4.11-0ubuntu0.1+esm3 libavformat-dev - 7:3.4.11-0ubuntu0.1+esm3 libavformat57 - 7:3.4.11-0ubuntu0.1+esm3 libavresample-dev - 7:3.4.11-0ubuntu0.1+esm3 libavresample3 - 7:3.4.11-0ubuntu0.1+esm3 libavutil-dev - 7:3.4.11-0ubuntu0.1+esm3 libavutil55 - 7:3.4.11-0ubuntu0.1+esm3 libpostproc-dev - 7:3.4.11-0ubuntu0.1+esm3 libpostproc54 - 7:3.4.11-0ubuntu0.1+esm3 libswresample-dev - 7:3.4.11-0ubuntu0.1+esm3 libswresample2 - 7:3.4.11-0ubuntu0.1+esm3 libswscale-dev - 7:3.4.11-0ubuntu0.1+esm3 libswscale4 - 7:3.4.11-0ubuntu0.1+esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-20898 CVE-2020-22038 CVE-2021-38090 CVE-2021-38091 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 CVE-2022-48434 Ubuntu 18.04 LTS USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038) It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090, CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094) It was discovered that FFmpeg incorrectly managed memory, resulting in a memory leak. If a user or automated system were tricked into processing a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-48434) Update Instructions: Run `sudo pro fix USN-6449-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:3.4.11-0ubuntu0.1+esm4 ffmpeg-doc - 7:3.4.11-0ubuntu0.1+esm4 libavcodec-dev - 7:3.4.11-0ubuntu0.1+esm4 libavcodec-extra - 7:3.4.11-0ubuntu0.1+esm4 libavcodec-extra57 - 7:3.4.11-0ubuntu0.1+esm4 libavcodec57 - 7:3.4.11-0ubuntu0.1+esm4 libavdevice-dev - 7:3.4.11-0ubuntu0.1+esm4 libavdevice57 - 7:3.4.11-0ubuntu0.1+esm4 libavfilter-dev - 7:3.4.11-0ubuntu0.1+esm4 libavfilter-extra - 7:3.4.11-0ubuntu0.1+esm4 libavfilter-extra6 - 7:3.4.11-0ubuntu0.1+esm4 libavfilter6 - 7:3.4.11-0ubuntu0.1+esm4 libavformat-dev - 7:3.4.11-0ubuntu0.1+esm4 libavformat57 - 7:3.4.11-0ubuntu0.1+esm4 libavresample-dev - 7:3.4.11-0ubuntu0.1+esm4 libavresample3 - 7:3.4.11-0ubuntu0.1+esm4 libavutil-dev - 7:3.4.11-0ubuntu0.1+esm4 libavutil55 - 7:3.4.11-0ubuntu0.1+esm4 libpostproc-dev - 7:3.4.11-0ubuntu0.1+esm4 libpostproc54 - 7:3.4.11-0ubuntu0.1+esm4 libswresample-dev - 7:3.4.11-0ubuntu0.1+esm4 libswresample2 - 7:3.4.11-0ubuntu0.1+esm4 libswscale-dev - 7:3.4.11-0ubuntu0.1+esm4 libswscale4 - 7:3.4.11-0ubuntu0.1+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro None https://launchpad.net/bugs/2042743 Ubuntu 18.04 LTS It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6451-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 6.1-1ubuntu1.18.04.1+esm1 lib32ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm1 lib32ncursesw5 - 6.1-1ubuntu1.18.04.1+esm1 lib32ncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm1 lib32tinfo-dev - 6.1-1ubuntu1.18.04.1+esm1 lib32tinfo5 - 6.1-1ubuntu1.18.04.1+esm1 lib64ncurses5 - 6.1-1ubuntu1.18.04.1+esm1 lib64ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm1 lib64tinfo5 - 6.1-1ubuntu1.18.04.1+esm1 libncurses5 - 6.1-1ubuntu1.18.04.1+esm1 libncurses5-dev - 6.1-1ubuntu1.18.04.1+esm1 libncursesw5 - 6.1-1ubuntu1.18.04.1+esm1 libncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm1 libtinfo-dev - 6.1-1ubuntu1.18.04.1+esm1 libtinfo5 - 6.1-1ubuntu1.18.04.1+esm1 libx32ncurses5 - 6.1-1ubuntu1.18.04.1+esm1 libx32ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm1 libx32ncursesw5 - 6.1-1ubuntu1.18.04.1+esm1 libx32ncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm1 libx32tinfo-dev - 6.1-1ubuntu1.18.04.1+esm1 libx32tinfo5 - 6.1-1ubuntu1.18.04.1+esm1 ncurses-base - 6.1-1ubuntu1.18.04.1+esm1 ncurses-bin - 6.1-1ubuntu1.18.04.1+esm1 ncurses-doc - 6.1-1ubuntu1.18.04.1+esm1 ncurses-examples - 6.1-1ubuntu1.18.04.1+esm1 ncurses-term - 6.1-1ubuntu1.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-19189 Ubuntu 18.04 LTS It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-3896) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4733, CVE-2023-4750) It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4734) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4735, CVE-2023-5344) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-4738) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-4751) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781) It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-5441) Update Instructions: Run `sudo pro fix USN-6452-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm6 vim-athena - 2:8.0.1453-1ubuntu1.13+esm6 vim-common - 2:8.0.1453-1ubuntu1.13+esm6 vim-doc - 2:8.0.1453-1ubuntu1.13+esm6 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm6 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm6 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm6 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm6 vim-nox - 2:8.0.1453-1ubuntu1.13+esm6 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm6 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm6 xxd - 2:8.0.1453-1ubuntu1.13+esm6 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-3896 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4751 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2023-5441 CVE-2023-5535 Ubuntu 18.04 LTS USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5367) Sri discovered that the X.Org X Server incorrectly handled detroying windows in certain legacy multi-screen setups. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-5380) Update Instructions: Run `sudo pro fix USN-6453-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm1 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm1 xmir - 2:1.19.6-1ubuntu4.15+esm1 xnest - 2:1.19.6-1ubuntu4.15+esm1 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm1 xserver-common - 2:1.19.6-1ubuntu4.15+esm1 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm1 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm1 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm1 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm1 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm1 xvfb - 2:1.19.6-1ubuntu4.15+esm1 xwayland - 2:1.19.6-1ubuntu4.15+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5367 CVE-2023-5380 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update Instructions: Run `sudo pro fix USN-6455-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.90.1-1ubuntu1.10+esm2 exim4-base - 4.90.1-1ubuntu1.10+esm2 exim4-config - 4.90.1-1ubuntu1.10+esm2 exim4-daemon-heavy - 4.90.1-1ubuntu1.10+esm2 exim4-daemon-light - 4.90.1-1ubuntu1.10+esm2 exim4-dev - 4.90.1-1ubuntu1.10+esm2 eximon4 - 4.90.1-1ubuntu1.10+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-42117 CVE-2023-42119 Ubuntu 18.04 LTS Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Update Instructions: Run `sudo pro fix USN-6462-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-headers-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1060.65~18.04.1 linux-ibm-5.4-headers-5.4.0-1060 - 5.4.0-1060.65~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1060.65~18.04.1 linux-ibm-5.4-tools-5.4.0-1060 - 5.4.0-1060.65~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1060.65~18.04.1 linux-image-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-image-unsigned-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-modules-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-modules-extra-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 linux-tools-5.4.0-1060-ibm - 5.4.0-1060.65~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1097-raspi - 5.4.0-1097.109~18.04.2 linux-headers-5.4.0-1097-raspi - 5.4.0-1097.109~18.04.2 linux-image-5.4.0-1097-raspi - 5.4.0-1097.109~18.04.2 linux-modules-5.4.0-1097-raspi - 5.4.0-1097.109~18.04.2 linux-raspi-5.4-headers-5.4.0-1097 - 5.4.0-1097.109~18.04.2 linux-raspi-5.4-tools-5.4.0-1097 - 5.4.0-1097.109~18.04.2 linux-tools-5.4.0-1097-raspi - 5.4.0-1097.109~18.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-headers-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-image-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-image-unsigned-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-modules-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-modules-extra-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 linux-oracle-5.4-headers-5.4.0-1112 - 5.4.0-1112.121~18.04.4 linux-oracle-5.4-tools-5.4.0-1112 - 5.4.0-1112.121~18.04.4 linux-tools-5.4.0-1112-oracle - 5.4.0-1112.121~18.04.4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1113 - 5.4.0-1113.123~18.04.1 linux-aws-5.4-headers-5.4.0-1113 - 5.4.0-1113.123~18.04.1 linux-aws-5.4-tools-5.4.0-1113 - 5.4.0-1113.123~18.04.1 linux-buildinfo-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-cloud-tools-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-headers-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-image-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-image-unsigned-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-modules-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-modules-extra-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 linux-tools-5.4.0-1113-aws - 5.4.0-1113.123~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-gcp-5.4-headers-5.4.0-1117 - 5.4.0-1117.126~18.04.1 linux-gcp-5.4-tools-5.4.0-1117 - 5.4.0-1117.126~18.04.1 linux-headers-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-image-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-image-unsigned-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-modules-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-modules-extra-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 linux-tools-5.4.0-1117-gcp - 5.4.0-1117.126~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1119 - 5.4.0-1119.126~18.04.2 linux-azure-5.4-headers-5.4.0-1119 - 5.4.0-1119.126~18.04.2 linux-azure-5.4-tools-5.4.0-1119 - 5.4.0-1119.126~18.04.2 linux-buildinfo-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-cloud-tools-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-headers-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-image-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-image-unsigned-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-modules-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-modules-extra-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 linux-tools-5.4.0-1119-azure - 5.4.0-1119.126~18.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-buildinfo-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-cloud-tools-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-cloud-tools-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-headers-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-headers-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-hwe-5.4-cloud-tools-5.4.0-166 - 5.4.0-166.183~18.04.2 linux-hwe-5.4-cloud-tools-common - 5.4.0-166.183~18.04.2 linux-hwe-5.4-headers-5.4.0-166 - 5.4.0-166.183~18.04.2 linux-hwe-5.4-source-5.4.0 - 5.4.0-166.183~18.04.2 linux-hwe-5.4-tools-5.4.0-166 - 5.4.0-166.183~18.04.2 linux-hwe-5.4-tools-common - 5.4.0-166.183~18.04.2 linux-image-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-image-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-image-unsigned-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-image-unsigned-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-modules-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-modules-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 linux-modules-extra-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-tools-5.4.0-166-generic - 5.4.0-166.183~18.04.2 linux-tools-5.4.0-166-lowlatency - 5.4.0-166.183~18.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1060.71 linux-headers-ibm-edge - 5.4.0.1060.71 linux-ibm - 5.4.0.1060.71 linux-ibm-edge - 5.4.0.1060.71 linux-image-ibm - 5.4.0.1060.71 linux-image-ibm-edge - 5.4.0.1060.71 linux-modules-extra-ibm - 5.4.0.1060.71 linux-modules-extra-ibm-edge - 5.4.0.1060.71 linux-tools-ibm - 5.4.0.1060.71 linux-tools-ibm-edge - 5.4.0.1060.71 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1097.94 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1097.94 linux-image-raspi-hwe-18.04 - 5.4.0.1097.94 linux-image-raspi-hwe-18.04-edge - 5.4.0.1097.94 linux-raspi-hwe-18.04 - 5.4.0.1097.94 linux-raspi-hwe-18.04-edge - 5.4.0.1097.94 linux-tools-raspi-hwe-18.04 - 5.4.0.1097.94 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1097.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1112.121~18.04.84 linux-headers-oracle-edge - 5.4.0.1112.121~18.04.84 linux-image-oracle - 5.4.0.1112.121~18.04.84 linux-image-oracle-edge - 5.4.0.1112.121~18.04.84 linux-modules-extra-oracle - 5.4.0.1112.121~18.04.84 linux-modules-extra-oracle-edge - 5.4.0.1112.121~18.04.84 linux-oracle - 5.4.0.1112.121~18.04.84 linux-oracle-edge - 5.4.0.1112.121~18.04.84 linux-signed-image-oracle - 5.4.0.1112.121~18.04.84 linux-signed-image-oracle-edge - 5.4.0.1112.121~18.04.84 linux-signed-oracle - 5.4.0.1112.121~18.04.84 linux-signed-oracle-edge - 5.4.0.1112.121~18.04.84 linux-tools-oracle - 5.4.0.1112.121~18.04.84 linux-tools-oracle-edge - 5.4.0.1112.121~18.04.84 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1113.91 linux-aws-edge - 5.4.0.1113.91 linux-headers-aws - 5.4.0.1113.91 linux-headers-aws-edge - 5.4.0.1113.91 linux-image-aws - 5.4.0.1113.91 linux-image-aws-edge - 5.4.0.1113.91 linux-modules-extra-aws - 5.4.0.1113.91 linux-modules-extra-aws-edge - 5.4.0.1113.91 linux-tools-aws - 5.4.0.1113.91 linux-tools-aws-edge - 5.4.0.1113.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1117.93 linux-gcp-edge - 5.4.0.1117.93 linux-headers-gcp - 5.4.0.1117.93 linux-headers-gcp-edge - 5.4.0.1117.93 linux-image-gcp - 5.4.0.1117.93 linux-image-gcp-edge - 5.4.0.1117.93 linux-modules-extra-gcp - 5.4.0.1117.93 linux-modules-extra-gcp-edge - 5.4.0.1117.93 linux-tools-gcp - 5.4.0.1117.93 linux-tools-gcp-edge - 5.4.0.1117.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1119.92 linux-azure-edge - 5.4.0.1119.92 linux-cloud-tools-azure - 5.4.0.1119.92 linux-cloud-tools-azure-edge - 5.4.0.1119.92 linux-headers-azure - 5.4.0.1119.92 linux-headers-azure-edge - 5.4.0.1119.92 linux-image-azure - 5.4.0.1119.92 linux-image-azure-edge - 5.4.0.1119.92 linux-modules-extra-azure - 5.4.0.1119.92 linux-modules-extra-azure-edge - 5.4.0.1119.92 linux-signed-azure - 5.4.0.1119.92 linux-signed-azure-edge - 5.4.0.1119.92 linux-signed-image-azure - 5.4.0.1119.92 linux-signed-image-azure-edge - 5.4.0.1119.92 linux-tools-azure - 5.4.0.1119.92 linux-tools-azure-edge - 5.4.0.1119.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-generic-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-generic-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-headers-generic-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-headers-generic-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-headers-lowlatency-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-headers-oem - 5.4.0.166.183~18.04.134 linux-headers-oem-osp1 - 5.4.0.166.183~18.04.134 linux-headers-snapdragon-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-headers-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-headers-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-image-extra-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-image-generic-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-image-generic-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-image-lowlatency-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-image-oem - 5.4.0.166.183~18.04.134 linux-image-oem-osp1 - 5.4.0.166.183~18.04.134 linux-image-snapdragon-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-image-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-image-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-lowlatency-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-lowlatency-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-oem - 5.4.0.166.183~18.04.134 linux-oem-osp1 - 5.4.0.166.183~18.04.134 linux-snapdragon-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-snapdragon-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-tools-generic-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-tools-generic-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-tools-lowlatency-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-tools-oem - 5.4.0.166.183~18.04.134 linux-tools-oem-osp1 - 5.4.0.166.183~18.04.134 linux-tools-snapdragon-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-tools-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-tools-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 linux-virtual-hwe-18.04 - 5.4.0.166.183~18.04.134 linux-virtual-hwe-18.04-edge - 5.4.0.166.183~18.04.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-0597 CVE-2023-31083 CVE-2023-3772 CVE-2023-4132 Ubuntu 18.04 LTS USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges. (CVE-2023-34058) Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A local attacker could possibly use this issue to hijack /dev/uinput and simulate user inputs. (CVE-2023-34059) Update Instructions: Run `sudo pro fix USN-6463-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:11.0.5-4ubuntu0.18.04.3+esm3 open-vm-tools-desktop - 2:11.0.5-4ubuntu0.18.04.3+esm3 open-vm-tools-dev - 2:11.0.5-4ubuntu0.18.04.3+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34058 CVE-2023-34059 Ubuntu 18.04 LTS Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: krb5-admin-server - 1.16-2ubuntu0.4+esm1 krb5-doc - 1.16-2ubuntu0.4+esm1 krb5-gss-samples - 1.16-2ubuntu0.4+esm1 krb5-k5tls - 1.16-2ubuntu0.4+esm1 krb5-kdc - 1.16-2ubuntu0.4+esm1 krb5-kdc-ldap - 1.16-2ubuntu0.4+esm1 krb5-kpropd - 1.16-2ubuntu0.4+esm1 krb5-locales - 1.16-2ubuntu0.4+esm1 krb5-multidev - 1.16-2ubuntu0.4+esm1 krb5-otp - 1.16-2ubuntu0.4+esm1 krb5-pkinit - 1.16-2ubuntu0.4+esm1 krb5-user - 1.16-2ubuntu0.4+esm1 libgssapi-krb5-2 - 1.16-2ubuntu0.4+esm1 libgssrpc4 - 1.16-2ubuntu0.4+esm1 libk5crypto3 - 1.16-2ubuntu0.4+esm1 libkadm5clnt-mit11 - 1.16-2ubuntu0.4+esm1 libkadm5srv-mit11 - 1.16-2ubuntu0.4+esm1 libkdb5-9 - 1.16-2ubuntu0.4+esm1 libkrad-dev - 1.16-2ubuntu0.4+esm1 libkrad0 - 1.16-2ubuntu0.4+esm1 libkrb5-3 - 1.16-2ubuntu0.4+esm1 libkrb5-dev - 1.16-2ubuntu0.4+esm1 libkrb5support0 - 1.16-2ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-36054 Ubuntu 18.04 LTS Ashley Newson discovered that xrdp incorrectly handled memory when processing certain incoming connections. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6469-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xorgxrdp - 0.9.5-2ubuntu0.1~esm1 xrdp - 0.9.5-2ubuntu0.1~esm1 xrdp-pulseaudio-installer - 0.9.5-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-4044 Ubuntu 18.04 LTS It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-40743) Update Instructions: Run `sudo pro fix USN-6470-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libaxis-java - 1.4-25ubuntu0.1~esm1 libaxis-java-doc - 1.4-25ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-40743 Ubuntu 18.04 LTS It was discovered that libsndfile contained multiple arithmetic overflows. If a user or automated system were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsndfile1 - 1.0.28-4ubuntu0.18.04.2+esm1 libsndfile1-dev - 1.0.28-4ubuntu0.18.04.2+esm1 sndfile-programs - 1.0.28-4ubuntu0.18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-33065 Ubuntu 18.04 LTS It was discovered that GNU Scientific Library incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6472-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gsl-bin - 2.4+dfsg-6ubuntu0.1~esm1 libgsl-dev - 2.4+dfsg-6ubuntu0.1~esm1 libgsl23 - 2.4+dfsg-6ubuntu0.1~esm1 libgslcblas0 - 2.4+dfsg-6ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-35357 Ubuntu 18.04 LTS It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091) It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-43804) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-45803) Update Instructions: Run `sudo pro fix USN-6473-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-urllib3 - 1.22-1ubuntu0.18.04.2+esm1 python3-urllib3 - 1.22-1ubuntu0.18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2018-25091 CVE-2023-43804 CVE-2023-45803 Ubuntu 18.04 LTS USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091) It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-43804) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-45803) Update Instructions: Run `sudo pro fix USN-6473-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pip - 9.0.1-2.3~ubuntu1.18.04.8+esm2 python-pip-whl - 9.0.1-2.3~ubuntu1.18.04.8+esm2 python3-pip - 9.0.1-2.3~ubuntu1.18.04.8+esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-25091 CVE-2023-43804 CVE-2023-45803 Ubuntu 18.04 LTS It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822) It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23478) It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613) Update Instructions: Run `sudo pro fix USN-6474-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xorgxrdp - 0.9.5-2ubuntu0.1~esm2 xrdp - 0.9.5-2ubuntu0.1~esm2 xrdp-pulseaudio-installer - 0.9.5-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 CVE-2022-23613 CVE-2023-40184 CVE-2023-42822 Ubuntu 18.04 LTS It was discovered that the procps-ng ps tool incorrectly handled memory. An attacker could possibly use this issue to cause procps-ng to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libprocps-dev - 2:3.3.12-3ubuntu1.2+esm1 libprocps6 - 2:3.3.12-3ubuntu1.2+esm1 procps - 2:3.3.12-3ubuntu1.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4016 Ubuntu 18.04 LTS It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6478-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: traceroute - 1:2.1.0-2ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-46316 Ubuntu 18.04 LTS Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel(R) Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang (resulting in a denial of service), gain access to sensitive information or possibly escalate their privileges. Update Instructions: Run `sudo pro fix USN-6485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20231114.0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-23583 Ubuntu 18.04 LTS Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473) Update Instructions: Run `sudo pro fix USN-6487-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.7-3.1ubuntu1.3+esm2 avahi-daemon - 0.7-3.1ubuntu1.3+esm2 avahi-discover - 0.7-3.1ubuntu1.3+esm2 avahi-dnsconfd - 0.7-3.1ubuntu1.3+esm2 avahi-ui-utils - 0.7-3.1ubuntu1.3+esm2 avahi-utils - 0.7-3.1ubuntu1.3+esm2 gir1.2-avahi-0.6 - 0.7-3.1ubuntu1.3+esm2 libavahi-client-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-client3 - 0.7-3.1ubuntu1.3+esm2 libavahi-common-data - 0.7-3.1ubuntu1.3+esm2 libavahi-common-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-common3 - 0.7-3.1ubuntu1.3+esm2 libavahi-compat-libdnssd-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-compat-libdnssd1 - 0.7-3.1ubuntu1.3+esm2 libavahi-core-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-core7 - 0.7-3.1ubuntu1.3+esm2 libavahi-glib-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-glib1 - 0.7-3.1ubuntu1.3+esm2 libavahi-gobject-dev - 0.7-3.1ubuntu1.3+esm2 libavahi-gobject0 - 0.7-3.1ubuntu1.3+esm2 libavahi-ui-gtk3-0 - 0.7-3.1ubuntu1.3+esm2 libavahi-ui-gtk3-dev - 0.7-3.1ubuntu1.3+esm2 python-avahi - 0.7-3.1ubuntu1.3+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 Ubuntu 18.04 LTS USN-6488-1 fixed a vulnerability in strongSwan. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6488-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: charon-cmd - 5.6.2-1ubuntu2.9+esm1 charon-systemd - 5.6.2-1ubuntu2.9+esm1 libcharon-extra-plugins - 5.6.2-1ubuntu2.9+esm1 libcharon-standard-plugins - 5.6.2-1ubuntu2.9+esm1 libstrongswan - 5.6.2-1ubuntu2.9+esm1 libstrongswan-extra-plugins - 5.6.2-1ubuntu2.9+esm1 libstrongswan-standard-plugins - 5.6.2-1ubuntu2.9+esm1 strongswan - 5.6.2-1ubuntu2.9+esm1 strongswan-charon - 5.6.2-1ubuntu2.9+esm1 strongswan-libcharon - 5.6.2-1ubuntu2.9+esm1 strongswan-nm - 5.6.2-1ubuntu2.9+esm1 strongswan-pki - 5.6.2-1ubuntu2.9+esm1 strongswan-scepclient - 5.6.2-1ubuntu2.9+esm1 strongswan-starter - 5.6.2-1ubuntu2.9+esm1 strongswan-swanctl - 5.6.2-1ubuntu2.9+esm1 strongswan-tnc-base - 5.6.2-1ubuntu2.9+esm1 strongswan-tnc-client - 5.6.2-1ubuntu2.9+esm1 strongswan-tnc-ifmap - 5.6.2-1ubuntu2.9+esm1 strongswan-tnc-pdp - 5.6.2-1ubuntu2.9+esm1 strongswan-tnc-server - 5.6.2-1ubuntu2.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-41913 Ubuntu 18.04 LTS Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys. Update Instructions: Run `sudo pro fix USN-6489-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tang - 6-1ubuntu0.1~esm1 tang-nagios - 6-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-1672 Ubuntu 18.04 LTS Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-32212) Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548) Update Instructions: Run `sudo pro fix USN-6491-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-doc - 8.10.0~dfsg-2ubuntu0.4+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35256 CVE-2022-43548 Ubuntu 18.04 LTS USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured. Update Instructions: Run `sudo pro fix USN-6493-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: hibagent - 1.0.1-0ubuntu1.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2043739 Ubuntu 18.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6494-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1126-oracle - 4.15.0-1126.137 linux-headers-4.15.0-1126-oracle - 4.15.0-1126.137 linux-image-4.15.0-1126-oracle - 4.15.0-1126.137 linux-image-unsigned-4.15.0-1126-oracle - 4.15.0-1126.137 linux-modules-4.15.0-1126-oracle - 4.15.0-1126.137 linux-modules-extra-4.15.0-1126-oracle - 4.15.0-1126.137 linux-oracle-headers-4.15.0-1126 - 4.15.0-1126.137 linux-oracle-tools-4.15.0-1126 - 4.15.0-1126.137 linux-tools-4.15.0-1126-oracle - 4.15.0-1126.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1147-kvm - 4.15.0-1147.152 linux-headers-4.15.0-1147-kvm - 4.15.0-1147.152 linux-image-4.15.0-1147-kvm - 4.15.0-1147.152 linux-kvm-headers-4.15.0-1147 - 4.15.0-1147.152 linux-kvm-tools-4.15.0-1147 - 4.15.0-1147.152 linux-modules-4.15.0-1147-kvm - 4.15.0-1147.152 linux-tools-4.15.0-1147-kvm - 4.15.0-1147.152 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1163 - 4.15.0-1163.176 linux-aws-headers-4.15.0-1163 - 4.15.0-1163.176 linux-aws-tools-4.15.0-1163 - 4.15.0-1163.176 linux-buildinfo-4.15.0-1163-aws - 4.15.0-1163.176 linux-cloud-tools-4.15.0-1163-aws - 4.15.0-1163.176 linux-headers-4.15.0-1163-aws - 4.15.0-1163.176 linux-image-4.15.0-1163-aws - 4.15.0-1163.176 linux-image-unsigned-4.15.0-1163-aws - 4.15.0-1163.176 linux-modules-4.15.0-1163-aws - 4.15.0-1163.176 linux-modules-extra-4.15.0-1163-aws - 4.15.0-1163.176 linux-tools-4.15.0-1163-aws - 4.15.0-1163.176 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-220-generic - 4.15.0-220.231 linux-buildinfo-4.15.0-220-lowlatency - 4.15.0-220.231 linux-cloud-tools-4.15.0-220 - 4.15.0-220.231 linux-cloud-tools-4.15.0-220-generic - 4.15.0-220.231 linux-cloud-tools-4.15.0-220-lowlatency - 4.15.0-220.231 linux-cloud-tools-common - 4.15.0-220.231 linux-doc - 4.15.0-220.231 linux-headers-4.15.0-220 - 4.15.0-220.231 linux-headers-4.15.0-220-generic - 4.15.0-220.231 linux-headers-4.15.0-220-lowlatency - 4.15.0-220.231 linux-image-4.15.0-220-generic - 4.15.0-220.231 linux-image-4.15.0-220-lowlatency - 4.15.0-220.231 linux-image-unsigned-4.15.0-220-generic - 4.15.0-220.231 linux-image-unsigned-4.15.0-220-lowlatency - 4.15.0-220.231 linux-libc-dev - 4.15.0-220.231 linux-modules-4.15.0-220-generic - 4.15.0-220.231 linux-modules-4.15.0-220-lowlatency - 4.15.0-220.231 linux-modules-extra-4.15.0-220-generic - 4.15.0-220.231 linux-source-4.15.0 - 4.15.0-220.231 linux-tools-4.15.0-220 - 4.15.0-220.231 linux-tools-4.15.0-220-generic - 4.15.0-220.231 linux-tools-4.15.0-220-lowlatency - 4.15.0-220.231 linux-tools-common - 4.15.0-220.231 linux-tools-host - 4.15.0-220.231 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1126.131 linux-image-oracle-lts-18.04 - 4.15.0.1126.131 linux-oracle-lts-18.04 - 4.15.0.1126.131 linux-signed-image-oracle-lts-18.04 - 4.15.0.1126.131 linux-signed-oracle-lts-18.04 - 4.15.0.1126.131 linux-tools-oracle-lts-18.04 - 4.15.0.1126.131 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1147.138 linux-image-kvm - 4.15.0.1147.138 linux-kvm - 4.15.0.1147.138 linux-tools-kvm - 4.15.0.1147.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1163.161 linux-headers-aws-lts-18.04 - 4.15.0.1163.161 linux-image-aws-lts-18.04 - 4.15.0.1163.161 linux-modules-extra-aws-lts-18.04 - 4.15.0.1163.161 linux-tools-aws-lts-18.04 - 4.15.0.1163.161 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.220.204 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.220.204 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.220.204 linux-cloud-tools-lowlatency - 4.15.0.220.204 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-cloud-tools-virtual - 4.15.0.220.204 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.220.204 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.220.204 linux-crashdump - 4.15.0.220.204 linux-generic - 4.15.0.220.204 linux-generic-hwe-16.04 - 4.15.0.220.204 linux-generic-hwe-16.04-edge - 4.15.0.220.204 linux-headers-generic - 4.15.0.220.204 linux-headers-generic-hwe-16.04 - 4.15.0.220.204 linux-headers-generic-hwe-16.04-edge - 4.15.0.220.204 linux-headers-lowlatency - 4.15.0.220.204 linux-headers-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-headers-virtual - 4.15.0.220.204 linux-headers-virtual-hwe-16.04 - 4.15.0.220.204 linux-headers-virtual-hwe-16.04-edge - 4.15.0.220.204 linux-image-extra-virtual - 4.15.0.220.204 linux-image-extra-virtual-hwe-16.04 - 4.15.0.220.204 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.220.204 linux-image-generic - 4.15.0.220.204 linux-image-generic-hwe-16.04 - 4.15.0.220.204 linux-image-generic-hwe-16.04-edge - 4.15.0.220.204 linux-image-lowlatency - 4.15.0.220.204 linux-image-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-image-virtual - 4.15.0.220.204 linux-image-virtual-hwe-16.04 - 4.15.0.220.204 linux-image-virtual-hwe-16.04-edge - 4.15.0.220.204 linux-lowlatency - 4.15.0.220.204 linux-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-signed-generic - 4.15.0.220.204 linux-signed-generic-hwe-16.04 - 4.15.0.220.204 linux-signed-generic-hwe-16.04-edge - 4.15.0.220.204 linux-signed-image-generic - 4.15.0.220.204 linux-signed-image-generic-hwe-16.04 - 4.15.0.220.204 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.220.204 linux-signed-image-lowlatency - 4.15.0.220.204 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-signed-lowlatency - 4.15.0.220.204 linux-signed-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-source - 4.15.0.220.204 linux-tools-generic - 4.15.0.220.204 linux-tools-generic-hwe-16.04 - 4.15.0.220.204 linux-tools-generic-hwe-16.04-edge - 4.15.0.220.204 linux-tools-lowlatency - 4.15.0.220.204 linux-tools-lowlatency-hwe-16.04 - 4.15.0.220.204 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.220.204 linux-tools-virtual - 4.15.0.220.204 linux-tools-virtual-hwe-16.04 - 4.15.0.220.204 linux-tools-virtual-hwe-16.04-edge - 4.15.0.220.204 linux-virtual - 4.15.0.220.204 linux-virtual-hwe-16.04 - 4.15.0.220.204 linux-virtual-hwe-16.04-edge - 4.15.0.220.204 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 18.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update Instructions: Run `sudo pro fix USN-6494-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1157-gcp - 4.15.0-1157.174 linux-gcp-4.15-headers-4.15.0-1157 - 4.15.0-1157.174 linux-gcp-4.15-tools-4.15.0-1157 - 4.15.0-1157.174 linux-headers-4.15.0-1157-gcp - 4.15.0-1157.174 linux-image-4.15.0-1157-gcp - 4.15.0-1157.174 linux-image-unsigned-4.15.0-1157-gcp - 4.15.0-1157.174 linux-modules-4.15.0-1157-gcp - 4.15.0-1157.174 linux-modules-extra-4.15.0-1157-gcp - 4.15.0-1157.174 linux-tools-4.15.0-1157-gcp - 4.15.0-1157.174 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1172 - 4.15.0-1172.187 linux-azure-4.15-headers-4.15.0-1172 - 4.15.0-1172.187 linux-azure-4.15-tools-4.15.0-1172 - 4.15.0-1172.187 linux-buildinfo-4.15.0-1172-azure - 4.15.0-1172.187 linux-cloud-tools-4.15.0-1172-azure - 4.15.0-1172.187 linux-headers-4.15.0-1172-azure - 4.15.0-1172.187 linux-image-4.15.0-1172-azure - 4.15.0-1172.187 linux-image-unsigned-4.15.0-1172-azure - 4.15.0-1172.187 linux-modules-4.15.0-1172-azure - 4.15.0-1172.187 linux-modules-extra-4.15.0-1172-azure - 4.15.0-1172.187 linux-tools-4.15.0-1172-azure - 4.15.0-1172.187 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1157.171 linux-headers-gcp-lts-18.04 - 4.15.0.1157.171 linux-image-gcp-lts-18.04 - 4.15.0.1157.171 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1157.171 linux-tools-gcp-lts-18.04 - 4.15.0.1157.171 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1172.140 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1172.140 linux-headers-azure-lts-18.04 - 4.15.0.1172.140 linux-image-azure-lts-18.04 - 4.15.0.1172.140 linux-modules-extra-azure-lts-18.04 - 4.15.0.1172.140 linux-signed-azure-lts-18.04 - 4.15.0.1172.140 linux-signed-image-azure-lts-18.04 - 4.15.0.1172.140 linux-tools-azure-lts-18.04 - 4.15.0.1172.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862 CVE-2023-45871 CVE-2023-5717 Ubuntu 18.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Update Instructions: Run `sudo pro fix USN-6495-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-headers-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1061.66~18.04.1 linux-ibm-5.4-headers-5.4.0-1061 - 5.4.0-1061.66~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1061.66~18.04.1 linux-ibm-5.4-tools-5.4.0-1061 - 5.4.0-1061.66~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1061.66~18.04.1 linux-image-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-image-unsigned-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-modules-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-modules-extra-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 linux-tools-5.4.0-1061-ibm - 5.4.0-1061.66~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1098-raspi - 5.4.0-1098.110~18.04.2 linux-headers-5.4.0-1098-raspi - 5.4.0-1098.110~18.04.2 linux-image-5.4.0-1098-raspi - 5.4.0-1098.110~18.04.2 linux-modules-5.4.0-1098-raspi - 5.4.0-1098.110~18.04.2 linux-raspi-5.4-headers-5.4.0-1098 - 5.4.0-1098.110~18.04.2 linux-raspi-5.4-tools-5.4.0-1098 - 5.4.0-1098.110~18.04.2 linux-tools-5.4.0-1098-raspi - 5.4.0-1098.110~18.04.2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-headers-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-image-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-image-unsigned-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-modules-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-modules-extra-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 linux-oracle-5.4-headers-5.4.0-1113 - 5.4.0-1113.122~18.04.1 linux-oracle-5.4-tools-5.4.0-1113 - 5.4.0-1113.122~18.04.1 linux-tools-5.4.0-1113-oracle - 5.4.0-1113.122~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1114 - 5.4.0-1114.124~18.04.1 linux-aws-5.4-headers-5.4.0-1114 - 5.4.0-1114.124~18.04.1 linux-aws-5.4-tools-5.4.0-1114 - 5.4.0-1114.124~18.04.1 linux-buildinfo-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-cloud-tools-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-headers-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-image-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-image-unsigned-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-modules-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-modules-extra-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 linux-tools-5.4.0-1114-aws - 5.4.0-1114.124~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-buildinfo-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-cloud-tools-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-cloud-tools-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-headers-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-headers-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-167 - 5.4.0-167.184~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-167.184~18.04.1 linux-hwe-5.4-headers-5.4.0-167 - 5.4.0-167.184~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-167.184~18.04.1 linux-hwe-5.4-tools-5.4.0-167 - 5.4.0-167.184~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-167.184~18.04.1 linux-image-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-image-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-image-unsigned-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-image-unsigned-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-modules-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-modules-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 linux-modules-extra-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-tools-5.4.0-167-generic - 5.4.0-167.184~18.04.1 linux-tools-5.4.0-167-lowlatency - 5.4.0-167.184~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1061.72 linux-headers-ibm-edge - 5.4.0.1061.72 linux-ibm - 5.4.0.1061.72 linux-ibm-edge - 5.4.0.1061.72 linux-image-ibm - 5.4.0.1061.72 linux-image-ibm-edge - 5.4.0.1061.72 linux-modules-extra-ibm - 5.4.0.1061.72 linux-modules-extra-ibm-edge - 5.4.0.1061.72 linux-tools-ibm - 5.4.0.1061.72 linux-tools-ibm-edge - 5.4.0.1061.72 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1098.95 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1098.95 linux-image-raspi-hwe-18.04 - 5.4.0.1098.95 linux-image-raspi-hwe-18.04-edge - 5.4.0.1098.95 linux-raspi-hwe-18.04 - 5.4.0.1098.95 linux-raspi-hwe-18.04-edge - 5.4.0.1098.95 linux-tools-raspi-hwe-18.04 - 5.4.0.1098.95 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1098.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1113.122~18.04.85 linux-headers-oracle-edge - 5.4.0.1113.122~18.04.85 linux-image-oracle - 5.4.0.1113.122~18.04.85 linux-image-oracle-edge - 5.4.0.1113.122~18.04.85 linux-modules-extra-oracle - 5.4.0.1113.122~18.04.85 linux-modules-extra-oracle-edge - 5.4.0.1113.122~18.04.85 linux-oracle - 5.4.0.1113.122~18.04.85 linux-oracle-edge - 5.4.0.1113.122~18.04.85 linux-signed-image-oracle - 5.4.0.1113.122~18.04.85 linux-signed-image-oracle-edge - 5.4.0.1113.122~18.04.85 linux-signed-oracle - 5.4.0.1113.122~18.04.85 linux-signed-oracle-edge - 5.4.0.1113.122~18.04.85 linux-tools-oracle - 5.4.0.1113.122~18.04.85 linux-tools-oracle-edge - 5.4.0.1113.122~18.04.85 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1114.92 linux-aws-edge - 5.4.0.1114.92 linux-headers-aws - 5.4.0.1114.92 linux-headers-aws-edge - 5.4.0.1114.92 linux-image-aws - 5.4.0.1114.92 linux-image-aws-edge - 5.4.0.1114.92 linux-modules-extra-aws - 5.4.0.1114.92 linux-modules-extra-aws-edge - 5.4.0.1114.92 linux-tools-aws - 5.4.0.1114.92 linux-tools-aws-edge - 5.4.0.1114.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-generic-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-generic-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-headers-generic-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-headers-generic-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-headers-lowlatency-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-headers-oem - 5.4.0.167.184~18.04.135 linux-headers-oem-osp1 - 5.4.0.167.184~18.04.135 linux-headers-snapdragon-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-headers-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-headers-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-image-extra-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-image-generic-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-image-generic-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-image-lowlatency-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-image-oem - 5.4.0.167.184~18.04.135 linux-image-oem-osp1 - 5.4.0.167.184~18.04.135 linux-image-snapdragon-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-image-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-image-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-lowlatency-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-lowlatency-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-oem - 5.4.0.167.184~18.04.135 linux-oem-osp1 - 5.4.0.167.184~18.04.135 linux-snapdragon-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-snapdragon-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-tools-generic-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-tools-generic-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-tools-lowlatency-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-tools-oem - 5.4.0.167.184~18.04.135 linux-tools-oem-osp1 - 5.4.0.167.184~18.04.135 linux-tools-snapdragon-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-tools-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-tools-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 linux-virtual-hwe-18.04 - 5.4.0.167.184~18.04.135 linux-virtual-hwe-18.04-edge - 5.4.0.167.184~18.04.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-45871 Ubuntu 18.04 LTS Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Update Instructions: Run `sudo pro fix USN-6495-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-gcp-5.4-headers-5.4.0-1118 - 5.4.0-1118.127~18.04.1 linux-gcp-5.4-tools-5.4.0-1118 - 5.4.0-1118.127~18.04.1 linux-headers-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-image-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-image-unsigned-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-modules-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-modules-extra-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 linux-tools-5.4.0-1118-gcp - 5.4.0-1118.127~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1120 - 5.4.0-1120.127~18.04.1 linux-azure-5.4-headers-5.4.0-1120 - 5.4.0-1120.127~18.04.1 linux-azure-5.4-tools-5.4.0-1120 - 5.4.0-1120.127~18.04.1 linux-buildinfo-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-cloud-tools-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-headers-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-image-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-image-unsigned-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-modules-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-modules-extra-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 linux-tools-5.4.0-1120-azure - 5.4.0-1120.127~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1118.94 linux-gcp-edge - 5.4.0.1118.94 linux-headers-gcp - 5.4.0.1118.94 linux-headers-gcp-edge - 5.4.0.1118.94 linux-image-gcp - 5.4.0.1118.94 linux-image-gcp-edge - 5.4.0.1118.94 linux-modules-extra-gcp - 5.4.0.1118.94 linux-modules-extra-gcp-edge - 5.4.0.1118.94 linux-tools-gcp - 5.4.0.1118.94 linux-tools-gcp-edge - 5.4.0.1118.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1120.93 linux-azure-edge - 5.4.0.1120.93 linux-cloud-tools-azure - 5.4.0.1120.93 linux-cloud-tools-azure-edge - 5.4.0.1120.93 linux-headers-azure - 5.4.0.1120.93 linux-headers-azure-edge - 5.4.0.1120.93 linux-image-azure - 5.4.0.1120.93 linux-image-azure-edge - 5.4.0.1120.93 linux-modules-extra-azure - 5.4.0.1120.93 linux-modules-extra-azure-edge - 5.4.0.1120.93 linux-signed-azure - 5.4.0.1120.93 linux-signed-azure-edge - 5.4.0.1120.93 linux-signed-image-azure - 5.4.0.1120.93 linux-signed-image-azure-edge - 5.4.0.1120.93 linux-tools-azure - 5.4.0.1120.93 linux-tools-azure-edge - 5.4.0.1120.93 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-31085 CVE-2023-45871 Ubuntu 18.04 LTS USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information. Update Instructions: Run `sudo pro fix USN-6499-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnutls-bin - 3.5.18-1ubuntu1.6+esm1 gnutls-doc - 3.5.18-1ubuntu1.6+esm1 libgnutls-dane0 - 3.5.18-1ubuntu1.6+esm1 libgnutls-openssl27 - 3.5.18-1ubuntu1.6+esm1 libgnutls28-dev - 3.5.18-1ubuntu1.6+esm1 libgnutls30 - 3.5.18-1ubuntu1.6+esm1 libgnutlsxx28 - 3.5.18-1ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5981 Ubuntu 18.04 LTS USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. (CVE-2023-46728) Joshua Rogers discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46847) Update Instructions: Run `sudo pro fix USN-6500-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: squid - 3.5.27-1ubuntu1.14+esm1 squid3 - 3.5.27-1ubuntu1.14+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46728 CVE-2023-46847 Ubuntu 18.04 LTS It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-23804) It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-37050, CVE-2022-37051, CVE-2022-37052, CVE-2022-38349) Update Instructions: Run `sudo pro fix USN-6508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.14+esm2 libpoppler-cpp-dev - 0.62.0-2ubuntu2.14+esm2 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.14+esm2 libpoppler-dev - 0.62.0-2ubuntu2.14+esm2 libpoppler-glib-dev - 0.62.0-2ubuntu2.14+esm2 libpoppler-glib-doc - 0.62.0-2ubuntu2.14+esm2 libpoppler-glib8 - 0.62.0-2ubuntu2.14+esm2 libpoppler-private-dev - 0.62.0-2ubuntu2.14+esm2 libpoppler-qt5-1 - 0.62.0-2ubuntu2.14+esm2 libpoppler-qt5-dev - 0.62.0-2ubuntu2.14+esm2 libpoppler73 - 0.62.0-2ubuntu2.14+esm2 poppler-utils - 0.62.0-2ubuntu2.14+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-23804 CVE-2022-37050 CVE-2022-37051 CVE-2022-37052 CVE-2022-38349 Ubuntu 18.04 LTS USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-23804) It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-37050, CVE-2022-37051, CVE-2022-37052, CVE-2022-38349) Update Instructions: Run `sudo pro fix USN-6508-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 0.62.0-2ubuntu2.14+esm3 libpoppler-cpp-dev - 0.62.0-2ubuntu2.14+esm3 libpoppler-cpp0v5 - 0.62.0-2ubuntu2.14+esm3 libpoppler-dev - 0.62.0-2ubuntu2.14+esm3 libpoppler-glib-dev - 0.62.0-2ubuntu2.14+esm3 libpoppler-glib-doc - 0.62.0-2ubuntu2.14+esm3 libpoppler-glib8 - 0.62.0-2ubuntu2.14+esm3 libpoppler-private-dev - 0.62.0-2ubuntu2.14+esm3 libpoppler-qt5-1 - 0.62.0-2ubuntu2.14+esm3 libpoppler-qt5-dev - 0.62.0-2ubuntu2.14+esm3 libpoppler73 - 0.62.0-2ubuntu2.14+esm3 poppler-utils - 0.62.0-2ubuntu2.14+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2045027 Ubuntu 18.04 LTS David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6510-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2 - 2.4.29-1ubuntu4.27+esm1 apache2-bin - 2.4.29-1ubuntu4.27+esm1 apache2-data - 2.4.29-1ubuntu4.27+esm1 apache2-dev - 2.4.29-1ubuntu4.27+esm1 apache2-doc - 2.4.29-1ubuntu4.27+esm1 apache2-ssl-dev - 2.4.29-1ubuntu4.27+esm1 apache2-suexec-custom - 2.4.29-1ubuntu4.27+esm1 apache2-suexec-pristine - 2.4.29-1ubuntu4.27+esm1 apache2-utils - 2.4.29-1ubuntu4.27+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-31122 Ubuntu 18.04 LTS It was discovered that LibTIFF could be made to run into an infinite loop. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-40090) It was discovered that LibTIFF could be made leak memory. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-3576) Update Instructions: Run `sudo pro fix USN-6512-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-dev - 4.0.9-5ubuntu0.10+esm4 libtiff-doc - 4.0.9-5ubuntu0.10+esm4 libtiff-opengl - 4.0.9-5ubuntu0.10+esm4 libtiff-tools - 4.0.9-5ubuntu0.10+esm4 libtiff5 - 4.0.9-5ubuntu0.10+esm4 libtiff5-dev - 4.0.9-5ubuntu0.10+esm4 libtiffxx5 - 4.0.9-5ubuntu0.10+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-40090 CVE-2023-3576 Ubuntu 18.04 LTS It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. (CVE-2022-48564) It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217) Update Instructions: Run `sudo pro fix USN-6513-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python2.7 - 2.7.17-1~18.04ubuntu1.13+esm4 libpython2.7 - 2.7.17-1~18.04ubuntu1.13+esm4 libpython2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm4 libpython2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm4 libpython2.7-stdlib - 2.7.17-1~18.04ubuntu1.13+esm4 libpython2.7-testsuite - 2.7.17-1~18.04ubuntu1.13+esm4 python2.7 - 2.7.17-1~18.04ubuntu1.13+esm4 python2.7-dev - 2.7.17-1~18.04ubuntu1.13+esm4 python2.7-doc - 2.7.17-1~18.04ubuntu1.13+esm4 python2.7-examples - 2.7.17-1~18.04ubuntu1.13+esm4 python2.7-minimal - 2.7.17-1~18.04ubuntu1.13+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro idle-python3.6 - 3.6.9-1~18.04ubuntu1.13+esm1 libpython3.6 - 3.6.9-1~18.04ubuntu1.13+esm1 libpython3.6-dev - 3.6.9-1~18.04ubuntu1.13+esm1 libpython3.6-minimal - 3.6.9-1~18.04ubuntu1.13+esm1 libpython3.6-stdlib - 3.6.9-1~18.04ubuntu1.13+esm1 libpython3.6-testsuite - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6 - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6-dev - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6-doc - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6-examples - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6-minimal - 3.6.9-1~18.04ubuntu1.13+esm1 python3.6-venv - 3.6.9-1~18.04ubuntu1.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48564 CVE-2023-40217 Ubuntu 18.04 LTS It was discovered that Open vSwitch did not correctly handle OpenFlow rules for ICMPv6 Neighbour Advertisement packets. A local attacker could possibly use this issue to redirect traffic to arbitrary IP addresses. Update Instructions: Run `sudo pro fix USN-6514-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvswitch-common - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-doc - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-pki - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-switch - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-switch-dpdk - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-test - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-testcontroller - 2.9.8-0ubuntu0.18.04.5+esm1 openvswitch-vtep - 2.9.8-0ubuntu0.18.04.5+esm1 ovn-central - 2.9.8-0ubuntu0.18.04.5+esm1 ovn-common - 2.9.8-0ubuntu0.18.04.5+esm1 ovn-controller-vtep - 2.9.8-0ubuntu0.18.04.5+esm1 ovn-docker - 2.9.8-0ubuntu0.18.04.5+esm1 ovn-host - 2.9.8-0ubuntu0.18.04.5+esm1 python-openvswitch - 2.9.8-0ubuntu0.18.04.5+esm1 python3-openvswitch - 2.9.8-0ubuntu0.18.04.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5366 Ubuntu 18.04 LTS Luis Rocha discovered that AFFLIB incorrectly handled certain input files. If a user or automated system were tricked into processing a specially crafted AFF image file, a remote attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2018-8050) Update Instructions: Run `sudo pro fix USN-6518-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: afflib-tools - 3.7.16-2ubuntu0.1~esm1 libafflib-dev - 3.7.16-2ubuntu0.1~esm1 libafflib0v5 - 3.7.16-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-8050 Ubuntu 18.04 LTS The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. Update Instructions: Run `sudo pro fix USN-6519-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ec2-hibinit-agent - 1.0.0-0ubuntu4~18.04.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/1941785 Ubuntu 18.04 LTS USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2022-41877) It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-39352, CVE-2023-39356) Update Instructions: Run `sudo pro fix USN-6522-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freerdp2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 freerdp2-shadow-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 freerdp2-wayland - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 freerdp2-x11 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libfreerdp-client2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libfreerdp-server2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libfreerdp-shadow-subsystem2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libfreerdp-shadow2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libfreerdp2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libuwac0-0 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libuwac0-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libwinpr-tools2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libwinpr2-2 - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 libwinpr2-dev - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 winpr-utils - 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-41877 CVE-2023-39352 CVE-2023-39356 Ubuntu 18.04 LTS Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. (CVE-2023-22025) It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service. (CVE-2023-22081) Update Instructions: Run `sudo pro fix USN-6527-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.21+9-0ubuntu1~18.04 openjdk-11-doc - 11.0.21+9-0ubuntu1~18.04 openjdk-11-jdk - 11.0.21+9-0ubuntu1~18.04 openjdk-11-jdk-headless - 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre - 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre-headless - 11.0.21+9-0ubuntu1~18.04 openjdk-11-jre-zero - 11.0.21+9-0ubuntu1~18.04 openjdk-11-source - 11.0.21+9-0ubuntu1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro openjdk-17-demo - 17.0.9+9-1~18.04 openjdk-17-doc - 17.0.9+9-1~18.04 openjdk-17-jdk - 17.0.9+9-1~18.04 openjdk-17-jdk-headless - 17.0.9+9-1~18.04 openjdk-17-jre - 17.0.9+9-1~18.04 openjdk-17-jre-headless - 17.0.9+9-1~18.04 openjdk-17-jre-zero - 17.0.9+9-1~18.04 openjdk-17-source - 17.0.9+9-1~18.04 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22025 CVE-2023-22081 Ubuntu 18.04 LTS It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. (CVE-2022-40433) Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. (CVE-2023-22025) It was discovered that the CORBA implementation in OpenJDK did not properly perform deserialization of IOR string objects. An attacker could possibly use this to bypass Java sandbox restrictions. (CVE-2023-22067) It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service. (CVE-2023-22081) Update Instructions: Run `sudo pro fix USN-6528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u392-ga-1~18.04 openjdk-8-doc - 8u392-ga-1~18.04 openjdk-8-jdk - 8u392-ga-1~18.04 openjdk-8-jdk-headless - 8u392-ga-1~18.04 openjdk-8-jre - 8u392-ga-1~18.04 openjdk-8-jre-headless - 8u392-ga-1~18.04 openjdk-8-jre-zero - 8u392-ga-1~18.04 openjdk-8-source - 8u392-ga-1~18.04 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-22025 CVE-2023-22067 CVE-2023-22081 Ubuntu 18.04 LTS It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260) Update Instructions: Run `sudo pro fix USN-6529-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: request-tracker4 - 4.4.2-2ubuntu0.1~esm1 rt4-apache2 - 4.4.2-2ubuntu0.1~esm1 rt4-clients - 4.4.2-2ubuntu0.1~esm1 rt4-db-mysql - 4.4.2-2ubuntu0.1~esm1 rt4-db-postgresql - 4.4.2-2ubuntu0.1~esm1 rt4-db-sqlite - 4.4.2-2ubuntu0.1~esm1 rt4-doc-html - 4.4.2-2ubuntu0.1~esm1 rt4-fcgi - 4.4.2-2ubuntu0.1~esm1 rt4-standalone - 4.4.2-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-38562 CVE-2022-25802 CVE-2023-41259 CVE-2023-41260 Ubuntu 18.04 LTS Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. (CVE-2022-24834) SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash. (CVE-2022-35977) Tom Levy discovered that Redis incorrectly handled crafted string matching patterns. An attacker could possibly use this issue to cause Redis to hang, resulting in a denial of service. (CVE-2022-36021) Yupeng Yang discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, resulting in a denial of service via an application crash. (CVE-2023-25155) It was discovered that Redis incorrectly handled a specially crafted command. An attacker could possibly use this issue to create an invalid hash field, which could potentially cause Redis to crash on future access. (CVE-2023-28856) Alexander Aleksandrovič Klimov discovered that Redis incorrectly listened to a Unix socket before setting proper permissions. A local attacker could possibly use this issue to connect, bypassing intended permissions. (CVE-2023-45145) Update Instructions: Run `sudo pro fix USN-6531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: redis - 5:4.0.9-1ubuntu0.2+esm4 redis-sentinel - 5:4.0.9-1ubuntu0.2+esm4 redis-server - 5:4.0.9-1ubuntu0.2+esm4 redis-tools - 5:4.0.9-1ubuntu0.2+esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-24834 CVE-2022-35977 CVE-2022-36021 CVE-2023-25155 CVE-2023-28856 CVE-2023-45145 Ubuntu 18.04 LTS USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-5868) Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870) Update Instructions: Run `sudo pro fix USN-6538-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 10.23-0ubuntu0.18.04.2+esm1 libecpg-dev - 10.23-0ubuntu0.18.04.2+esm1 libecpg6 - 10.23-0ubuntu0.18.04.2+esm1 libpgtypes3 - 10.23-0ubuntu0.18.04.2+esm1 libpq-dev - 10.23-0ubuntu0.18.04.2+esm1 libpq5 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-client-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-doc-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-plperl-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-plpython-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-plpython3-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-pltcl-10 - 10.23-0ubuntu0.18.04.2+esm1 postgresql-server-dev-10 - 10.23-0ubuntu0.18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 Ubuntu 18.04 LTS It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable. Update Instructions: Run `sudo pro fix USN-6540-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bluetooth - 5.48-0ubuntu3.9+esm1 bluez - 5.48-0ubuntu3.9+esm1 bluez-cups - 5.48-0ubuntu3.9+esm1 bluez-hcidump - 5.48-0ubuntu3.9+esm1 bluez-obexd - 5.48-0ubuntu3.9+esm1 bluez-tests - 5.48-0ubuntu3.9+esm1 libbluetooth-dev - 5.48-0ubuntu3.9+esm1 libbluetooth3 - 5.48-0ubuntu3.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-45866 Ubuntu 18.04 LTS It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of service (application crash). (CVE-2023-4806, CVE-2023-4813) It was discovered that the GNU C library was not properly implementing a fix for CVE-2023-4806 in certain cases, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service (application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-5156) Update Instructions: Run `sudo pro fix USN-6541-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.27-3ubuntu1.6+esm1 glibc-source - 2.27-3ubuntu1.6+esm1 libc-bin - 2.27-3ubuntu1.6+esm1 libc-dev-bin - 2.27-3ubuntu1.6+esm1 libc6 - 2.27-3ubuntu1.6+esm1 libc6-amd64 - 2.27-3ubuntu1.6+esm1 libc6-armel - 2.27-3ubuntu1.6+esm1 libc6-dev - 2.27-3ubuntu1.6+esm1 libc6-dev-amd64 - 2.27-3ubuntu1.6+esm1 libc6-dev-armel - 2.27-3ubuntu1.6+esm1 libc6-dev-i386 - 2.27-3ubuntu1.6+esm1 libc6-dev-s390 - 2.27-3ubuntu1.6+esm1 libc6-dev-x32 - 2.27-3ubuntu1.6+esm1 libc6-i386 - 2.27-3ubuntu1.6+esm1 libc6-lse - 2.27-3ubuntu1.6+esm1 libc6-pic - 2.27-3ubuntu1.6+esm1 libc6-s390 - 2.27-3ubuntu1.6+esm1 libc6-x32 - 2.27-3ubuntu1.6+esm1 locales - 2.27-3ubuntu1.6+esm1 locales-all - 2.27-3ubuntu1.6+esm1 multiarch-support - 2.27-3ubuntu1.6+esm1 nscd - 2.27-3ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4806 CVE-2023-4813 CVE-2023-5156 Ubuntu 18.04 LTS Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6542-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtinyxml-dev - 2.6.2-4ubuntu0.18.04.1~esm1 libtinyxml-doc - 2.6.2-4ubuntu0.18.04.1~esm1 libtinyxml2.6.2v5 - 2.6.2-4ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-42260 Ubuntu 18.04 LTS It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar - 1.29b-2ubuntu0.4+esm1 tar-scripts - 1.29b-2ubuntu0.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-39804 Ubuntu 18.04 LTS It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-37453) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6176) Update Instructions: Run `sudo pro fix USN-6548-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-headers-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1063.68~18.04.1 linux-ibm-5.4-headers-5.4.0-1063 - 5.4.0-1063.68~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1063.68~18.04.1 linux-ibm-5.4-tools-5.4.0-1063 - 5.4.0-1063.68~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1063.68~18.04.1 linux-image-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-image-unsigned-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-modules-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-modules-extra-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 linux-tools-5.4.0-1063-ibm - 5.4.0-1063.68~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1116 - 5.4.0-1116.126~18.04.1 linux-aws-5.4-headers-5.4.0-1116 - 5.4.0-1116.126~18.04.1 linux-aws-5.4-tools-5.4.0-1116 - 5.4.0-1116.126~18.04.1 linux-buildinfo-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-cloud-tools-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-headers-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-image-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-image-unsigned-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-modules-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-modules-extra-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 linux-tools-5.4.0-1116-aws - 5.4.0-1116.126~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-gcp-5.4-headers-5.4.0-1120 - 5.4.0-1120.129~18.04.1 linux-gcp-5.4-tools-5.4.0-1120 - 5.4.0-1120.129~18.04.1 linux-headers-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-image-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-image-unsigned-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-modules-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-modules-extra-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 linux-tools-5.4.0-1120-gcp - 5.4.0-1120.129~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1121 - 5.4.0-1121.128~18.04.1 linux-azure-5.4-headers-5.4.0-1121 - 5.4.0-1121.128~18.04.1 linux-azure-5.4-tools-5.4.0-1121 - 5.4.0-1121.128~18.04.1 linux-buildinfo-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-cloud-tools-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-headers-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-image-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-image-unsigned-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-modules-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-modules-extra-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 linux-tools-5.4.0-1121-azure - 5.4.0-1121.128~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-buildinfo-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-cloud-tools-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-cloud-tools-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-headers-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-headers-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-169 - 5.4.0-169.187~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-169.187~18.04.1 linux-hwe-5.4-headers-5.4.0-169 - 5.4.0-169.187~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-169.187~18.04.1 linux-hwe-5.4-tools-5.4.0-169 - 5.4.0-169.187~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-169.187~18.04.1 linux-image-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-image-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-image-unsigned-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-image-unsigned-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-modules-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-modules-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 linux-modules-extra-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-tools-5.4.0-169-generic - 5.4.0-169.187~18.04.1 linux-tools-5.4.0-169-lowlatency - 5.4.0-169.187~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1063.73 linux-headers-ibm-edge - 5.4.0.1063.73 linux-ibm - 5.4.0.1063.73 linux-ibm-edge - 5.4.0.1063.73 linux-image-ibm - 5.4.0.1063.73 linux-image-ibm-edge - 5.4.0.1063.73 linux-modules-extra-ibm - 5.4.0.1063.73 linux-modules-extra-ibm-edge - 5.4.0.1063.73 linux-tools-ibm - 5.4.0.1063.73 linux-tools-ibm-edge - 5.4.0.1063.73 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1116.94 linux-aws-edge - 5.4.0.1116.94 linux-headers-aws - 5.4.0.1116.94 linux-headers-aws-edge - 5.4.0.1116.94 linux-image-aws - 5.4.0.1116.94 linux-image-aws-edge - 5.4.0.1116.94 linux-modules-extra-aws - 5.4.0.1116.94 linux-modules-extra-aws-edge - 5.4.0.1116.94 linux-tools-aws - 5.4.0.1116.94 linux-tools-aws-edge - 5.4.0.1116.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1120.96 linux-gcp-edge - 5.4.0.1120.96 linux-headers-gcp - 5.4.0.1120.96 linux-headers-gcp-edge - 5.4.0.1120.96 linux-image-gcp - 5.4.0.1120.96 linux-image-gcp-edge - 5.4.0.1120.96 linux-modules-extra-gcp - 5.4.0.1120.96 linux-modules-extra-gcp-edge - 5.4.0.1120.96 linux-tools-gcp - 5.4.0.1120.96 linux-tools-gcp-edge - 5.4.0.1120.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1121.94 linux-azure-edge - 5.4.0.1121.94 linux-cloud-tools-azure - 5.4.0.1121.94 linux-cloud-tools-azure-edge - 5.4.0.1121.94 linux-headers-azure - 5.4.0.1121.94 linux-headers-azure-edge - 5.4.0.1121.94 linux-image-azure - 5.4.0.1121.94 linux-image-azure-edge - 5.4.0.1121.94 linux-modules-extra-azure - 5.4.0.1121.94 linux-modules-extra-azure-edge - 5.4.0.1121.94 linux-signed-azure - 5.4.0.1121.94 linux-signed-azure-edge - 5.4.0.1121.94 linux-signed-image-azure - 5.4.0.1121.94 linux-signed-image-azure-edge - 5.4.0.1121.94 linux-tools-azure - 5.4.0.1121.94 linux-tools-azure-edge - 5.4.0.1121.94 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-generic-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-generic-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-headers-generic-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-headers-generic-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-headers-lowlatency-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-headers-oem - 5.4.0.169.187~18.04.137 linux-headers-oem-osp1 - 5.4.0.169.187~18.04.137 linux-headers-snapdragon-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-headers-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-headers-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-image-extra-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-image-generic-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-image-generic-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-image-lowlatency-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-image-oem - 5.4.0.169.187~18.04.137 linux-image-oem-osp1 - 5.4.0.169.187~18.04.137 linux-image-snapdragon-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-image-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-image-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-lowlatency-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-lowlatency-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-oem - 5.4.0.169.187~18.04.137 linux-oem-osp1 - 5.4.0.169.187~18.04.137 linux-snapdragon-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-snapdragon-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-tools-generic-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-tools-generic-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-tools-lowlatency-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-tools-oem - 5.4.0.169.187~18.04.137 linux-tools-oem-osp1 - 5.4.0.169.187~18.04.137 linux-tools-snapdragon-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-tools-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-tools-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 linux-virtual-hwe-18.04 - 5.4.0.169.187~18.04.137 linux-virtual-hwe-18.04-edge - 5.4.0.169.187~18.04.137 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-3006 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-5178 CVE-2023-5717 CVE-2023-6176 Ubuntu 18.04 LTS It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-37453) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6176) Update Instructions: Run `sudo pro fix USN-6548-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1100-raspi - 5.4.0-1100.112~18.04.1 linux-headers-5.4.0-1100-raspi - 5.4.0-1100.112~18.04.1 linux-image-5.4.0-1100-raspi - 5.4.0-1100.112~18.04.1 linux-modules-5.4.0-1100-raspi - 5.4.0-1100.112~18.04.1 linux-raspi-5.4-headers-5.4.0-1100 - 5.4.0-1100.112~18.04.1 linux-raspi-5.4-tools-5.4.0-1100 - 5.4.0-1100.112~18.04.1 linux-tools-5.4.0-1100-raspi - 5.4.0-1100.112~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-headers-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-image-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-image-unsigned-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-modules-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-modules-extra-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 linux-oracle-5.4-headers-5.4.0-1115 - 5.4.0-1115.124~18.04.1 linux-oracle-5.4-tools-5.4.0-1115 - 5.4.0-1115.124~18.04.1 linux-tools-5.4.0-1115-oracle - 5.4.0-1115.124~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1100.97 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1100.97 linux-image-raspi-hwe-18.04 - 5.4.0.1100.97 linux-image-raspi-hwe-18.04-edge - 5.4.0.1100.97 linux-raspi-hwe-18.04 - 5.4.0.1100.97 linux-raspi-hwe-18.04-edge - 5.4.0.1100.97 linux-tools-raspi-hwe-18.04 - 5.4.0.1100.97 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1100.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1115.124~18.04.87 linux-headers-oracle-edge - 5.4.0.1115.124~18.04.87 linux-image-oracle - 5.4.0.1115.124~18.04.87 linux-image-oracle-edge - 5.4.0.1115.124~18.04.87 linux-modules-extra-oracle - 5.4.0.1115.124~18.04.87 linux-modules-extra-oracle-edge - 5.4.0.1115.124~18.04.87 linux-oracle - 5.4.0.1115.124~18.04.87 linux-oracle-edge - 5.4.0.1115.124~18.04.87 linux-signed-image-oracle - 5.4.0.1115.124~18.04.87 linux-signed-image-oracle-edge - 5.4.0.1115.124~18.04.87 linux-signed-oracle - 5.4.0.1115.124~18.04.87 linux-signed-oracle-edge - 5.4.0.1115.124~18.04.87 linux-tools-oracle - 5.4.0.1115.124~18.04.87 linux-tools-oracle-edge - 5.4.0.1115.124~18.04.87 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-3006 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-5178 CVE-2023-5717 CVE-2023-6176 Ubuntu 18.04 LTS It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221) It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-31129) It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447) Update Instructions: Run `sudo pro fix USN-6550-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfixadmin - 3.0.2-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2022-29221 CVE-2022-31129 CVE-2023-28447 Ubuntu 18.04 LTS USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. (CVE-2023-6377) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information. (CVE-2023-6478) Update Instructions: Run `sudo pro fix USN-6555-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm3 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm3 xmir - 2:1.19.6-1ubuntu4.15+esm3 xnest - 2:1.19.6-1ubuntu4.15+esm3 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm3 xserver-common - 2:1.19.6-1ubuntu4.15+esm3 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm3 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm3 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm3 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm3 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm3 xvfb - 2:1.19.6-1ubuntu4.15+esm3 xwayland - 2:1.19.6-1ubuntu4.15+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6377 CVE-2023-6478 Ubuntu 18.04 LTS It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725) It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771) It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000) It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231) It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232) It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237) It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706) Update Instructions: Run `sudo pro fix USN-6557-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm7 vim-athena - 2:8.0.1453-1ubuntu1.13+esm7 vim-common - 2:8.0.1453-1ubuntu1.13+esm7 vim-doc - 2:8.0.1453-1ubuntu1.13+esm7 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm7 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm7 vim-nox - 2:8.0.1453-1ubuntu1.13+esm7 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm7 xxd - 2:8.0.1453-1ubuntu1.13+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-1725 CVE-2022-1771 CVE-2022-1886 CVE-2022-1897 CVE-2022-2000 CVE-2022-2042 CVE-2023-46246 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 Ubuntu 18.04 LTS It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-13440) It was discovered that audiofile could be made to write out of bounds. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-17095) It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2019-13147) It was discovered that audiofile could be made to leak memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2022-24599) Update Instructions: Run `sudo pro fix USN-6558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools - 0.3.6-4ubuntu0.1~esm1 libaudiofile-dev - 0.3.6-4ubuntu0.1~esm1 libaudiofile1 - 0.3.6-4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-13440 CVE-2018-17095 CVE-2019-13147 CVE-2022-24599 Ubuntu 18.04 LTS It was discovered that ZooKeeper incorrectly handled authorization for the getACL() command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-0201) Damien Diederen discovered that ZooKeeper incorrectly handled authorization if SASL Quorum Peer authentication is enabled. An attacker could possibly use this issue to bypass ZooKeeper's authorization system. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-44981) Update Instructions: Run `sudo pro fix USN-6559-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libzookeeper-java - 3.4.13-3ubuntu0.1~esm1 libzookeeper-java-doc - 3.4.13-3ubuntu0.1~esm1 libzookeeper-mt-dev - 3.4.13-3ubuntu0.1~esm1 libzookeeper-mt2 - 3.4.13-3ubuntu0.1~esm1 libzookeeper-st-dev - 3.4.13-3ubuntu0.1~esm1 libzookeeper-st2 - 3.4.13-3ubuntu0.1~esm1 python-zookeeper - 3.4.13-3ubuntu0.1~esm1 zookeeper - 3.4.13-3ubuntu0.1~esm1 zookeeper-bin - 3.4.13-3ubuntu0.1~esm1 zookeeperd - 3.4.13-3ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-0201 CVE-2023-44981 Ubuntu 18.04 LTS USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. (CVE-2023-48795) It was discovered that OpenSSH incorrectly handled user names or host names with shell metacharacters. An attacker could possibly use this issue to perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385) Update Instructions: Run `sudo pro fix USN-6560-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:7.6p1-4ubuntu0.7+esm3 openssh-server - 1:7.6p1-4ubuntu0.7+esm3 openssh-sftp-server - 1:7.6p1-4ubuntu0.7+esm3 ssh - 1:7.6p1-4ubuntu0.7+esm3 ssh-askpass-gnome - 1:7.6p1-4ubuntu0.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-48795 CVE-2023-51385 Ubuntu 18.04 LTS Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password. Update Instructions: Run `sudo pro fix USN-6571-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: monit - 1:5.25.1-1ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-26563 Ubuntu 18.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6579-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.2.0+debian-2ubuntu0.1~esm2 libxerces-c-doc - 3.2.0+debian-2ubuntu0.1~esm2 libxerces-c-samples - 3.2.0+debian-2ubuntu0.1~esm2 libxerces-c3.2 - 3.2.0+debian-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1311 Ubuntu 18.04 LTS It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6580-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: w3m - 0.5.3-36ubuntu0.1+esm1 w3m-img - 0.5.3-36ubuntu0.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-4255 Ubuntu 18.04 LTS Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.44 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-44.html https://www.oracle.com/security-alerts/cpuoct2023.html Update Instructions: Run `sudo pro fix USN-6583-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 5.7.44-0ubuntu0.18.04.1+esm1 libmysqlclient20 - 5.7.44-0ubuntu0.18.04.1+esm1 libmysqld-dev - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-client - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-client-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-client-core-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-server - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-server-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-server-core-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-source-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-testsuite - 5.7.44-0ubuntu0.18.04.1+esm1 mysql-testsuite-5.7 - 5.7.44-0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-22028 CVE-2023-22084 Ubuntu 18.04 LTS Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-20314) It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913) Update Instructions: Run `sudo pro fix USN-6584-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmail-spf-xs-perl - 1.2.10-7ubuntu0.18.04.1~esm1 libspf2-2 - 1.2.10-7ubuntu0.18.04.1~esm1 libspf2-dev - 1.2.10-7ubuntu0.18.04.1~esm1 spfquery - 1.2.10-7ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-20314 CVE-2021-33912 CVE-2021-33913 Ubuntu 18.04 LTS It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211) It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21427, CVE-2020-21428) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted PFM file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22524) Update Instructions: Run `sudo pro fix USN-6586-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfreeimage-dev - 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 libfreeimage3 - 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 libfreeimageplus-dev - 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 libfreeimageplus-doc - 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 libfreeimageplus3 - 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-12211 CVE-2019-12213 CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 Ubuntu 18.04 LTS USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update Instructions: Run `sudo pro fix USN-6587-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm4 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm4 xmir - 2:1.19.6-1ubuntu4.15+esm4 xnest - 2:1.19.6-1ubuntu4.15+esm4 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm4 xserver-common - 2:1.19.6-1ubuntu4.15+esm4 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm4 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm4 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm4 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm4 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm4 xvfb - 2:1.19.6-1ubuntu4.15+esm4 xwayland - 2:1.19.6-1ubuntu4.15+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886 Ubuntu 18.04 LTS USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update Instructions: Run `sudo pro fix USN-6587-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm5 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm5 xmir - 2:1.19.6-1ubuntu4.15+esm5 xnest - 2:1.19.6-1ubuntu4.15+esm5 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm5 xserver-common - 2:1.19.6-1ubuntu4.15+esm5 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm5 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm5 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm5 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm5 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm5 xvfb - 2:1.19.6-1ubuntu4.15+esm5 xwayland - 2:1.19.6-1ubuntu4.15+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2051536 Ubuntu 18.04 LTS USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6588-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpam-cracklib - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam-doc - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam-modules - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam-modules-bin - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam-runtime - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam0g - 1.1.8-3.6ubuntu2.18.04.6+esm1 libpam0g-dev - 1.1.8-3.6ubuntu2.18.04.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-22365 Ubuntu 18.04 LTS It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311) It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-37536) Update Instructions: Run `sudo pro fix USN-6590-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxerces-c-dev - 3.2.0+debian-2ubuntu0.1~esm3 libxerces-c-doc - 3.2.0+debian-2ubuntu0.1~esm3 libxerces-c-samples - 3.2.0+debian-2ubuntu0.1~esm3 libxerces-c3.2 - 3.2.0+debian-2ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2018-1311 CVE-2023-37536 Ubuntu 18.04 LTS Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 3.3.0-1ubuntu0.4+esm2 postfix-cdb - 3.3.0-1ubuntu0.4+esm2 postfix-doc - 3.3.0-1ubuntu0.4+esm2 postfix-ldap - 3.3.0-1ubuntu0.4+esm2 postfix-lmdb - 3.3.0-1ubuntu0.4+esm2 postfix-mysql - 3.3.0-1ubuntu0.4+esm2 postfix-pcre - 3.3.0-1ubuntu0.4+esm2 postfix-pgsql - 3.3.0-1ubuntu0.4+esm2 postfix-sqlite - 3.3.0-1ubuntu0.4+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 Ubuntu 18.04 LTS USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory details: Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility. Information can be found at https://www.postfix.org/smtp-smuggling.html. Update Instructions: Run `sudo pro fix USN-6591-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 3.3.0-1ubuntu0.4+esm3 postfix-cdb - 3.3.0-1ubuntu0.4+esm3 postfix-doc - 3.3.0-1ubuntu0.4+esm3 postfix-ldap - 3.3.0-1ubuntu0.4+esm3 postfix-lmdb - 3.3.0-1ubuntu0.4+esm3 postfix-mysql - 3.3.0-1ubuntu0.4+esm3 postfix-pcre - 3.3.0-1ubuntu0.4+esm3 postfix-pgsql - 3.3.0-1ubuntu0.4+esm3 postfix-sqlite - 3.3.0-1ubuntu0.4+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51764 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2049337 https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/2050834 Ubuntu 18.04 LTS USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. (CVE-2023-6004) It was discovered that libssh incorrectly handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6918) Update Instructions: Run `sudo pro fix USN-6592-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 libssh-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 libssh-doc - 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 libssh-gcrypt-4 - 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 libssh-gcrypt-dev - 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-6004 CVE-2023-6918 Ubuntu 18.04 LTS It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-6596-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache-session-ldap-perl - 0.4-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-36658 Ubuntu 18.04 LTS Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28493) It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS. (CVE-2024-22195) Update Instructions: Run `sudo pro fix USN-6599-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-jinja2 - 2.10-1ubuntu0.18.04.1+esm1 python-jinja2-doc - 2.10-1ubuntu0.18.04.1+esm1 python3-jinja2 - 2.10-1ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2020-28493 CVE-2024-22195 Ubuntu 18.04 LTS It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6604-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1127-oracle - 4.15.0-1127.138 linux-headers-4.15.0-1127-oracle - 4.15.0-1127.138 linux-image-4.15.0-1127-oracle - 4.15.0-1127.138 linux-image-unsigned-4.15.0-1127-oracle - 4.15.0-1127.138 linux-modules-4.15.0-1127-oracle - 4.15.0-1127.138 linux-modules-extra-4.15.0-1127-oracle - 4.15.0-1127.138 linux-oracle-headers-4.15.0-1127 - 4.15.0-1127.138 linux-oracle-tools-4.15.0-1127 - 4.15.0-1127.138 linux-tools-4.15.0-1127-oracle - 4.15.0-1127.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1148-kvm - 4.15.0-1148.153 linux-headers-4.15.0-1148-kvm - 4.15.0-1148.153 linux-image-4.15.0-1148-kvm - 4.15.0-1148.153 linux-kvm-headers-4.15.0-1148 - 4.15.0-1148.153 linux-kvm-tools-4.15.0-1148 - 4.15.0-1148.153 linux-modules-4.15.0-1148-kvm - 4.15.0-1148.153 linux-tools-4.15.0-1148-kvm - 4.15.0-1148.153 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1158-gcp - 4.15.0-1158.175 linux-gcp-4.15-headers-4.15.0-1158 - 4.15.0-1158.175 linux-gcp-4.15-tools-4.15.0-1158 - 4.15.0-1158.175 linux-headers-4.15.0-1158-gcp - 4.15.0-1158.175 linux-image-4.15.0-1158-gcp - 4.15.0-1158.175 linux-image-unsigned-4.15.0-1158-gcp - 4.15.0-1158.175 linux-modules-4.15.0-1158-gcp - 4.15.0-1158.175 linux-modules-extra-4.15.0-1158-gcp - 4.15.0-1158.175 linux-tools-4.15.0-1158-gcp - 4.15.0-1158.175 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1164 - 4.15.0-1164.177 linux-aws-headers-4.15.0-1164 - 4.15.0-1164.177 linux-aws-tools-4.15.0-1164 - 4.15.0-1164.177 linux-buildinfo-4.15.0-1164-aws - 4.15.0-1164.177 linux-cloud-tools-4.15.0-1164-aws - 4.15.0-1164.177 linux-headers-4.15.0-1164-aws - 4.15.0-1164.177 linux-image-4.15.0-1164-aws - 4.15.0-1164.177 linux-image-unsigned-4.15.0-1164-aws - 4.15.0-1164.177 linux-modules-4.15.0-1164-aws - 4.15.0-1164.177 linux-modules-extra-4.15.0-1164-aws - 4.15.0-1164.177 linux-tools-4.15.0-1164-aws - 4.15.0-1164.177 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-221-generic - 4.15.0-221.232 linux-buildinfo-4.15.0-221-lowlatency - 4.15.0-221.232 linux-cloud-tools-4.15.0-221 - 4.15.0-221.232 linux-cloud-tools-4.15.0-221-generic - 4.15.0-221.232 linux-cloud-tools-4.15.0-221-lowlatency - 4.15.0-221.232 linux-cloud-tools-common - 4.15.0-221.232 linux-doc - 4.15.0-221.232 linux-headers-4.15.0-221 - 4.15.0-221.232 linux-headers-4.15.0-221-generic - 4.15.0-221.232 linux-headers-4.15.0-221-lowlatency - 4.15.0-221.232 linux-image-4.15.0-221-generic - 4.15.0-221.232 linux-image-4.15.0-221-lowlatency - 4.15.0-221.232 linux-image-unsigned-4.15.0-221-generic - 4.15.0-221.232 linux-image-unsigned-4.15.0-221-lowlatency - 4.15.0-221.232 linux-libc-dev - 4.15.0-221.232 linux-modules-4.15.0-221-generic - 4.15.0-221.232 linux-modules-4.15.0-221-lowlatency - 4.15.0-221.232 linux-modules-extra-4.15.0-221-generic - 4.15.0-221.232 linux-source-4.15.0 - 4.15.0-221.232 linux-tools-4.15.0-221 - 4.15.0-221.232 linux-tools-4.15.0-221-generic - 4.15.0-221.232 linux-tools-4.15.0-221-lowlatency - 4.15.0-221.232 linux-tools-common - 4.15.0-221.232 linux-tools-host - 4.15.0-221.232 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1127.132 linux-image-oracle-lts-18.04 - 4.15.0.1127.132 linux-oracle-lts-18.04 - 4.15.0.1127.132 linux-signed-image-oracle-lts-18.04 - 4.15.0.1127.132 linux-signed-oracle-lts-18.04 - 4.15.0.1127.132 linux-tools-oracle-lts-18.04 - 4.15.0.1127.132 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1148.139 linux-image-kvm - 4.15.0.1148.139 linux-kvm - 4.15.0.1148.139 linux-tools-kvm - 4.15.0.1148.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1158.172 linux-headers-gcp-lts-18.04 - 4.15.0.1158.172 linux-image-gcp-lts-18.04 - 4.15.0.1158.172 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1158.172 linux-tools-gcp-lts-18.04 - 4.15.0.1158.172 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1164.162 linux-headers-aws-lts-18.04 - 4.15.0.1164.162 linux-image-aws-lts-18.04 - 4.15.0.1164.162 linux-modules-extra-aws-lts-18.04 - 4.15.0.1164.162 linux-tools-aws-lts-18.04 - 4.15.0.1164.162 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.221.205 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.221.205 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.221.205 linux-cloud-tools-lowlatency - 4.15.0.221.205 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-cloud-tools-virtual - 4.15.0.221.205 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.221.205 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.221.205 linux-crashdump - 4.15.0.221.205 linux-generic - 4.15.0.221.205 linux-generic-hwe-16.04 - 4.15.0.221.205 linux-generic-hwe-16.04-edge - 4.15.0.221.205 linux-headers-generic - 4.15.0.221.205 linux-headers-generic-hwe-16.04 - 4.15.0.221.205 linux-headers-generic-hwe-16.04-edge - 4.15.0.221.205 linux-headers-lowlatency - 4.15.0.221.205 linux-headers-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-headers-virtual - 4.15.0.221.205 linux-headers-virtual-hwe-16.04 - 4.15.0.221.205 linux-headers-virtual-hwe-16.04-edge - 4.15.0.221.205 linux-image-extra-virtual - 4.15.0.221.205 linux-image-extra-virtual-hwe-16.04 - 4.15.0.221.205 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.221.205 linux-image-generic - 4.15.0.221.205 linux-image-generic-hwe-16.04 - 4.15.0.221.205 linux-image-generic-hwe-16.04-edge - 4.15.0.221.205 linux-image-lowlatency - 4.15.0.221.205 linux-image-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-image-virtual - 4.15.0.221.205 linux-image-virtual-hwe-16.04 - 4.15.0.221.205 linux-image-virtual-hwe-16.04-edge - 4.15.0.221.205 linux-lowlatency - 4.15.0.221.205 linux-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-signed-generic - 4.15.0.221.205 linux-signed-generic-hwe-16.04 - 4.15.0.221.205 linux-signed-generic-hwe-16.04-edge - 4.15.0.221.205 linux-signed-image-generic - 4.15.0.221.205 linux-signed-image-generic-hwe-16.04 - 4.15.0.221.205 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.221.205 linux-signed-image-lowlatency - 4.15.0.221.205 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-signed-lowlatency - 4.15.0.221.205 linux-signed-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-source - 4.15.0.221.205 linux-tools-generic - 4.15.0.221.205 linux-tools-generic-hwe-16.04 - 4.15.0.221.205 linux-tools-generic-hwe-16.04-edge - 4.15.0.221.205 linux-tools-lowlatency - 4.15.0.221.205 linux-tools-lowlatency-hwe-16.04 - 4.15.0.221.205 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.221.205 linux-tools-virtual - 4.15.0.221.205 linux-tools-virtual-hwe-16.04 - 4.15.0.221.205 linux-tools-virtual-hwe-16.04-edge - 4.15.0.221.205 linux-virtual - 4.15.0.221.205 linux-virtual-hwe-16.04 - 4.15.0.221.205 linux-virtual-hwe-16.04-edge - 4.15.0.221.205 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1079 CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 18.04 LTS It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6604-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-4.15-cloud-tools-4.15.0-1173 - 4.15.0-1173.188 linux-azure-4.15-headers-4.15.0-1173 - 4.15.0-1173.188 linux-azure-4.15-tools-4.15.0-1173 - 4.15.0-1173.188 linux-buildinfo-4.15.0-1173-azure - 4.15.0-1173.188 linux-cloud-tools-4.15.0-1173-azure - 4.15.0-1173.188 linux-headers-4.15.0-1173-azure - 4.15.0-1173.188 linux-image-4.15.0-1173-azure - 4.15.0-1173.188 linux-image-unsigned-4.15.0-1173-azure - 4.15.0-1173.188 linux-modules-4.15.0-1173-azure - 4.15.0-1173.188 linux-modules-extra-4.15.0-1173-azure - 4.15.0-1173.188 linux-tools-4.15.0-1173-azure - 4.15.0-1173.188 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1173.141 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1173.141 linux-headers-azure-lts-18.04 - 4.15.0.1173.141 linux-image-azure-lts-18.04 - 4.15.0.1173.141 linux-modules-extra-azure-lts-18.04 - 4.15.0.1173.141 linux-signed-azure-lts-18.04 - 4.15.0.1173.141 linux-signed-image-azure-lts-18.04 - 4.15.0.1173.141 linux-tools-azure-lts-18.04 - 4.15.0.1173.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-1079 CVE-2023-20588 CVE-2023-45863 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 18.04 LTS Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6040) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606) Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931) It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932) Update Instructions: Run `sudo pro fix USN-6605-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-headers-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1064.69~18.04.1 linux-ibm-5.4-headers-5.4.0-1064 - 5.4.0-1064.69~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1064.69~18.04.1 linux-ibm-5.4-tools-5.4.0-1064 - 5.4.0-1064.69~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1064.69~18.04.1 linux-image-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-image-unsigned-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-modules-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-modules-extra-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 linux-tools-5.4.0-1064-ibm - 5.4.0-1064.69~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1101-raspi - 5.4.0-1101.113~18.04.1 linux-headers-5.4.0-1101-raspi - 5.4.0-1101.113~18.04.1 linux-image-5.4.0-1101-raspi - 5.4.0-1101.113~18.04.1 linux-modules-5.4.0-1101-raspi - 5.4.0-1101.113~18.04.1 linux-raspi-5.4-headers-5.4.0-1101 - 5.4.0-1101.113~18.04.1 linux-raspi-5.4-tools-5.4.0-1101 - 5.4.0-1101.113~18.04.1 linux-tools-5.4.0-1101-raspi - 5.4.0-1101.113~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-headers-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-image-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-image-unsigned-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-modules-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-modules-extra-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 linux-oracle-5.4-headers-5.4.0-1116 - 5.4.0-1116.125~18.04.1 linux-oracle-5.4-tools-5.4.0-1116 - 5.4.0-1116.125~18.04.1 linux-tools-5.4.0-1116-oracle - 5.4.0-1116.125~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1117 - 5.4.0-1117.127~18.04.1 linux-aws-5.4-headers-5.4.0-1117 - 5.4.0-1117.127~18.04.1 linux-aws-5.4-tools-5.4.0-1117 - 5.4.0-1117.127~18.04.1 linux-buildinfo-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-cloud-tools-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-headers-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-image-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-image-unsigned-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-modules-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-modules-extra-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 linux-tools-5.4.0-1117-aws - 5.4.0-1117.127~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-gcp-5.4-headers-5.4.0-1121 - 5.4.0-1121.130~18.04.1 linux-gcp-5.4-tools-5.4.0-1121 - 5.4.0-1121.130~18.04.1 linux-headers-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-image-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-image-unsigned-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-modules-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-modules-extra-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 linux-tools-5.4.0-1121-gcp - 5.4.0-1121.130~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1122 - 5.4.0-1122.129~18.04.1 linux-azure-5.4-headers-5.4.0-1122 - 5.4.0-1122.129~18.04.1 linux-azure-5.4-tools-5.4.0-1122 - 5.4.0-1122.129~18.04.1 linux-buildinfo-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-cloud-tools-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-headers-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-image-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-image-unsigned-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-modules-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-modules-extra-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 linux-tools-5.4.0-1122-azure - 5.4.0-1122.129~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-buildinfo-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-cloud-tools-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-cloud-tools-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-headers-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-headers-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-170 - 5.4.0-170.188~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-170.188~18.04.1 linux-hwe-5.4-headers-5.4.0-170 - 5.4.0-170.188~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-170.188~18.04.1 linux-hwe-5.4-tools-5.4.0-170 - 5.4.0-170.188~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-170.188~18.04.1 linux-image-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-image-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-image-unsigned-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-image-unsigned-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-modules-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-modules-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 linux-modules-extra-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-tools-5.4.0-170-generic - 5.4.0-170.188~18.04.1 linux-tools-5.4.0-170-lowlatency - 5.4.0-170.188~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1064.74 linux-headers-ibm-edge - 5.4.0.1064.74 linux-ibm - 5.4.0.1064.74 linux-ibm-edge - 5.4.0.1064.74 linux-image-ibm - 5.4.0.1064.74 linux-image-ibm-edge - 5.4.0.1064.74 linux-modules-extra-ibm - 5.4.0.1064.74 linux-modules-extra-ibm-edge - 5.4.0.1064.74 linux-tools-ibm - 5.4.0.1064.74 linux-tools-ibm-edge - 5.4.0.1064.74 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1101.98 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1101.98 linux-image-raspi-hwe-18.04 - 5.4.0.1101.98 linux-image-raspi-hwe-18.04-edge - 5.4.0.1101.98 linux-raspi-hwe-18.04 - 5.4.0.1101.98 linux-raspi-hwe-18.04-edge - 5.4.0.1101.98 linux-tools-raspi-hwe-18.04 - 5.4.0.1101.98 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1101.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1116.125~18.04.88 linux-headers-oracle-edge - 5.4.0.1116.125~18.04.88 linux-image-oracle - 5.4.0.1116.125~18.04.88 linux-image-oracle-edge - 5.4.0.1116.125~18.04.88 linux-modules-extra-oracle - 5.4.0.1116.125~18.04.88 linux-modules-extra-oracle-edge - 5.4.0.1116.125~18.04.88 linux-oracle - 5.4.0.1116.125~18.04.88 linux-oracle-edge - 5.4.0.1116.125~18.04.88 linux-signed-image-oracle - 5.4.0.1116.125~18.04.88 linux-signed-image-oracle-edge - 5.4.0.1116.125~18.04.88 linux-signed-oracle - 5.4.0.1116.125~18.04.88 linux-signed-oracle-edge - 5.4.0.1116.125~18.04.88 linux-tools-oracle - 5.4.0.1116.125~18.04.88 linux-tools-oracle-edge - 5.4.0.1116.125~18.04.88 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1117.95 linux-aws-edge - 5.4.0.1117.95 linux-headers-aws - 5.4.0.1117.95 linux-headers-aws-edge - 5.4.0.1117.95 linux-image-aws - 5.4.0.1117.95 linux-image-aws-edge - 5.4.0.1117.95 linux-modules-extra-aws - 5.4.0.1117.95 linux-modules-extra-aws-edge - 5.4.0.1117.95 linux-tools-aws - 5.4.0.1117.95 linux-tools-aws-edge - 5.4.0.1117.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1121.97 linux-gcp-edge - 5.4.0.1121.97 linux-headers-gcp - 5.4.0.1121.97 linux-headers-gcp-edge - 5.4.0.1121.97 linux-image-gcp - 5.4.0.1121.97 linux-image-gcp-edge - 5.4.0.1121.97 linux-modules-extra-gcp - 5.4.0.1121.97 linux-modules-extra-gcp-edge - 5.4.0.1121.97 linux-tools-gcp - 5.4.0.1121.97 linux-tools-gcp-edge - 5.4.0.1121.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1122.95 linux-azure-edge - 5.4.0.1122.95 linux-cloud-tools-azure - 5.4.0.1122.95 linux-cloud-tools-azure-edge - 5.4.0.1122.95 linux-headers-azure - 5.4.0.1122.95 linux-headers-azure-edge - 5.4.0.1122.95 linux-image-azure - 5.4.0.1122.95 linux-image-azure-edge - 5.4.0.1122.95 linux-modules-extra-azure - 5.4.0.1122.95 linux-modules-extra-azure-edge - 5.4.0.1122.95 linux-signed-azure - 5.4.0.1122.95 linux-signed-azure-edge - 5.4.0.1122.95 linux-signed-image-azure - 5.4.0.1122.95 linux-signed-image-azure-edge - 5.4.0.1122.95 linux-tools-azure - 5.4.0.1122.95 linux-tools-azure-edge - 5.4.0.1122.95 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-generic-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-generic-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-headers-generic-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-headers-generic-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-headers-lowlatency-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-headers-oem - 5.4.0.170.188~18.04.138 linux-headers-oem-osp1 - 5.4.0.170.188~18.04.138 linux-headers-snapdragon-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-headers-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-headers-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-image-extra-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-image-generic-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-image-generic-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-image-lowlatency-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-image-oem - 5.4.0.170.188~18.04.138 linux-image-oem-osp1 - 5.4.0.170.188~18.04.138 linux-image-snapdragon-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-image-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-image-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-lowlatency-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-lowlatency-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-oem - 5.4.0.170.188~18.04.138 linux-oem-osp1 - 5.4.0.170.188~18.04.138 linux-snapdragon-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-snapdragon-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-tools-generic-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-tools-generic-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-tools-lowlatency-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-tools-oem - 5.4.0.170.188~18.04.138 linux-tools-oem-osp1 - 5.4.0.170.188~18.04.138 linux-tools-snapdragon-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-tools-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-tools-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 linux-virtual-hwe-18.04 - 5.4.0.170.188~18.04.138 linux-virtual-hwe-18.04-edge - 5.4.0.170.188~18.04.138 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-6040 CVE-2023-6606 CVE-2023-6931 CVE-2023-6932 Ubuntu 18.04 LTS It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. Update Instructions: Run `sudo pro fix USN-6611-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.90.1-1ubuntu1.10+esm3 exim4-base - 4.90.1-1ubuntu1.10+esm3 exim4-config - 4.90.1-1ubuntu1.10+esm3 exim4-daemon-heavy - 4.90.1-1ubuntu1.10+esm3 exim4-daemon-light - 4.90.1-1ubuntu1.10+esm3 exim4-dev - 4.90.1-1ubuntu1.10+esm3 eximon4 - 4.90.1-1ubuntu1.10+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-51766 Ubuntu 18.04 LTS It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6612-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtinyxml-dev - 2.6.2-4ubuntu0.18.04.1~esm2 libtinyxml-doc - 2.6.2-4ubuntu0.18.04.1~esm2 libtinyxml2.6.2v5 - 2.6.2-4ubuntu0.18.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-34194 Ubuntu 18.04 LTS Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket. Update Instructions: Run `sudo pro fix USN-6613-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ceph - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-base - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-common - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-fuse - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-mds - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-mgr - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-mon - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-osd - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-resource-agents - 12.2.13-0ubuntu0.18.04.11+esm1 ceph-test - 12.2.13-0ubuntu0.18.04.11+esm1 libcephfs-dev - 12.2.13-0ubuntu0.18.04.11+esm1 libcephfs-java - 12.2.13-0ubuntu0.18.04.11+esm1 libcephfs-jni - 12.2.13-0ubuntu0.18.04.11+esm1 libcephfs2 - 12.2.13-0ubuntu0.18.04.11+esm1 librados-dev - 12.2.13-0ubuntu0.18.04.11+esm1 librados2 - 12.2.13-0ubuntu0.18.04.11+esm1 libradosstriper-dev - 12.2.13-0ubuntu0.18.04.11+esm1 libradosstriper1 - 12.2.13-0ubuntu0.18.04.11+esm1 librbd-dev - 12.2.13-0ubuntu0.18.04.11+esm1 librbd1 - 12.2.13-0ubuntu0.18.04.11+esm1 librgw-dev - 12.2.13-0ubuntu0.18.04.11+esm1 librgw2 - 12.2.13-0ubuntu0.18.04.11+esm1 python-ceph - 12.2.13-0ubuntu0.18.04.11+esm1 python-cephfs - 12.2.13-0ubuntu0.18.04.11+esm1 python-rados - 12.2.13-0ubuntu0.18.04.11+esm1 python-rbd - 12.2.13-0ubuntu0.18.04.11+esm1 python-rgw - 12.2.13-0ubuntu0.18.04.11+esm1 python3-ceph-argparse - 12.2.13-0ubuntu0.18.04.11+esm1 python3-cephfs - 12.2.13-0ubuntu0.18.04.11+esm1 python3-rados - 12.2.13-0ubuntu0.18.04.11+esm1 python3-rbd - 12.2.13-0ubuntu0.18.04.11+esm1 python3-rgw - 12.2.13-0ubuntu0.18.04.11+esm1 rados-objclass-dev - 12.2.13-0ubuntu0.18.04.11+esm1 radosgw - 12.2.13-0ubuntu0.18.04.11+esm1 rbd-fuse - 12.2.13-0ubuntu0.18.04.11+esm1 rbd-mirror - 12.2.13-0ubuntu0.18.04.11+esm1 rbd-nbd - 12.2.13-0ubuntu0.18.04.11+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-43040 Ubuntu 18.04 LTS It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack. Update Instructions: Run `sudo pro fix USN-6614-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: amanda-client - 1:3.5.1-1ubuntu0.3+esm1 amanda-common - 1:3.5.1-1ubuntu0.3+esm1 amanda-server - 1:3.5.1-1ubuntu0.3+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-30577 Ubuntu 18.04 LTS It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-21594) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21595, CVE-2020-21596, CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604, CVE-2020-21605) It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-21597, CVE-2020-21598, CVE-2020-21606, CVE-2021-36408) Update Instructions: Run `sudo pro fix USN-6617-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.18.04.1~esm1 libde265-dev - 1.0.2-2ubuntu0.18.04.1~esm1 libde265-examples - 1.0.2-2ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 CVE-2020-21606 CVE-2021-36408 Ubuntu 18.04 LTS Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions. Update Instructions: Run `sudo pro fix USN-6619-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: golang-github-opencontainers-runc-dev - 1.1.4-0ubuntu1~18.04.2+esm1 runc - 1.1.4-0ubuntu1~18.04.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2024-21626 Ubuntu 18.04 LTS It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6621-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-6-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-6-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-common - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 imagemagick-doc - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libimage-magick-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagick++-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6-arch-config - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-6-headers - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-6.q16-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-6.q16hdri-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickwand-dev - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 perlmagick - 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-5341 Ubuntu 18.04 LTS It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6623-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django - 1:1.11.11-1ubuntu1.21+esm3 python-django-common - 1:1.11.11-1ubuntu1.21+esm3 python-django-doc - 1:1.11.11-1ubuntu1.21+esm3 python3-django - 1:1.11.11-1ubuntu1.21+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-24680 Ubuntu 18.04 LTS Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-35827) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) 黄思聪 discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-46343) Update Instructions: Run `sudo pro fix USN-6625-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-headers-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1065.70~18.04.1 linux-ibm-5.4-headers-5.4.0-1065 - 5.4.0-1065.70~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1065.70~18.04.1 linux-ibm-5.4-tools-5.4.0-1065 - 5.4.0-1065.70~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1065.70~18.04.1 linux-image-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-image-unsigned-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-modules-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-modules-extra-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 linux-tools-5.4.0-1065-ibm - 5.4.0-1065.70~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-headers-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-image-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-image-unsigned-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-modules-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-modules-extra-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 linux-oracle-5.4-headers-5.4.0-1117 - 5.4.0-1117.126~18.04.1 linux-oracle-5.4-tools-5.4.0-1117 - 5.4.0-1117.126~18.04.1 linux-tools-5.4.0-1117-oracle - 5.4.0-1117.126~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1118 - 5.4.0-1118.128~18.04.1 linux-aws-5.4-headers-5.4.0-1118 - 5.4.0-1118.128~18.04.1 linux-aws-5.4-tools-5.4.0-1118 - 5.4.0-1118.128~18.04.1 linux-buildinfo-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-cloud-tools-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-headers-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-image-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-image-unsigned-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-modules-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-modules-extra-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 linux-tools-5.4.0-1118-aws - 5.4.0-1118.128~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1123 - 5.4.0-1123.130~18.04.1 linux-azure-5.4-headers-5.4.0-1123 - 5.4.0-1123.130~18.04.1 linux-azure-5.4-tools-5.4.0-1123 - 5.4.0-1123.130~18.04.1 linux-buildinfo-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-cloud-tools-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-headers-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-image-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-image-unsigned-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-modules-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-modules-extra-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 linux-tools-5.4.0-1123-azure - 5.4.0-1123.130~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-buildinfo-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-cloud-tools-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-cloud-tools-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-headers-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-headers-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-171 - 5.4.0-171.189~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-171.189~18.04.1 linux-hwe-5.4-headers-5.4.0-171 - 5.4.0-171.189~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-171.189~18.04.1 linux-hwe-5.4-tools-5.4.0-171 - 5.4.0-171.189~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-171.189~18.04.1 linux-image-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-image-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-image-unsigned-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-image-unsigned-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-modules-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-modules-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 linux-modules-extra-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-tools-5.4.0-171-generic - 5.4.0-171.189~18.04.1 linux-tools-5.4.0-171-lowlatency - 5.4.0-171.189~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1065.75 linux-headers-ibm-edge - 5.4.0.1065.75 linux-ibm - 5.4.0.1065.75 linux-ibm-edge - 5.4.0.1065.75 linux-image-ibm - 5.4.0.1065.75 linux-image-ibm-edge - 5.4.0.1065.75 linux-modules-extra-ibm - 5.4.0.1065.75 linux-modules-extra-ibm-edge - 5.4.0.1065.75 linux-tools-ibm - 5.4.0.1065.75 linux-tools-ibm-edge - 5.4.0.1065.75 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1117.126~18.04.89 linux-headers-oracle-edge - 5.4.0.1117.126~18.04.89 linux-image-oracle - 5.4.0.1117.126~18.04.89 linux-image-oracle-edge - 5.4.0.1117.126~18.04.89 linux-modules-extra-oracle - 5.4.0.1117.126~18.04.89 linux-modules-extra-oracle-edge - 5.4.0.1117.126~18.04.89 linux-oracle - 5.4.0.1117.126~18.04.89 linux-oracle-edge - 5.4.0.1117.126~18.04.89 linux-signed-image-oracle - 5.4.0.1117.126~18.04.89 linux-signed-image-oracle-edge - 5.4.0.1117.126~18.04.89 linux-signed-oracle - 5.4.0.1117.126~18.04.89 linux-signed-oracle-edge - 5.4.0.1117.126~18.04.89 linux-tools-oracle - 5.4.0.1117.126~18.04.89 linux-tools-oracle-edge - 5.4.0.1117.126~18.04.89 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1118.96 linux-aws-edge - 5.4.0.1118.96 linux-headers-aws - 5.4.0.1118.96 linux-headers-aws-edge - 5.4.0.1118.96 linux-image-aws - 5.4.0.1118.96 linux-image-aws-edge - 5.4.0.1118.96 linux-modules-extra-aws - 5.4.0.1118.96 linux-modules-extra-aws-edge - 5.4.0.1118.96 linux-tools-aws - 5.4.0.1118.96 linux-tools-aws-edge - 5.4.0.1118.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1123.96 linux-azure-edge - 5.4.0.1123.96 linux-cloud-tools-azure - 5.4.0.1123.96 linux-cloud-tools-azure-edge - 5.4.0.1123.96 linux-headers-azure - 5.4.0.1123.96 linux-headers-azure-edge - 5.4.0.1123.96 linux-image-azure - 5.4.0.1123.96 linux-image-azure-edge - 5.4.0.1123.96 linux-modules-extra-azure - 5.4.0.1123.96 linux-modules-extra-azure-edge - 5.4.0.1123.96 linux-signed-azure - 5.4.0.1123.96 linux-signed-azure-edge - 5.4.0.1123.96 linux-signed-image-azure - 5.4.0.1123.96 linux-signed-image-azure-edge - 5.4.0.1123.96 linux-tools-azure - 5.4.0.1123.96 linux-tools-azure-edge - 5.4.0.1123.96 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-generic-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-generic-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-headers-generic-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-headers-generic-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-headers-lowlatency-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-headers-oem - 5.4.0.171.189~18.04.139 linux-headers-oem-osp1 - 5.4.0.171.189~18.04.139 linux-headers-snapdragon-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-headers-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-headers-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-image-extra-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-image-generic-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-image-generic-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-image-lowlatency-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-image-oem - 5.4.0.171.189~18.04.139 linux-image-oem-osp1 - 5.4.0.171.189~18.04.139 linux-image-snapdragon-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-image-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-image-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-lowlatency-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-lowlatency-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-oem - 5.4.0.171.189~18.04.139 linux-oem-osp1 - 5.4.0.171.189~18.04.139 linux-snapdragon-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-snapdragon-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-tools-generic-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-tools-generic-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-tools-lowlatency-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-tools-oem - 5.4.0.171.189~18.04.139 linux-tools-oem-osp1 - 5.4.0.171.189~18.04.139 linux-tools-snapdragon-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-tools-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-tools-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 linux-virtual-hwe-18.04 - 5.4.0.171.189~18.04.139 linux-virtual-hwe-18.04-edge - 5.4.0.171.189~18.04.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46343 Ubuntu 18.04 LTS Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-35827) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) 黄思聪 discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-46343) Update Instructions: Run `sudo pro fix USN-6625-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-gcp-5.4-headers-5.4.0-1122 - 5.4.0-1122.131~18.04.1 linux-gcp-5.4-tools-5.4.0-1122 - 5.4.0-1122.131~18.04.1 linux-headers-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-image-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-image-unsigned-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-modules-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-modules-extra-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 linux-tools-5.4.0-1122-gcp - 5.4.0-1122.131~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1122.98 linux-gcp-edge - 5.4.0.1122.98 linux-headers-gcp - 5.4.0.1122.98 linux-headers-gcp-edge - 5.4.0.1122.98 linux-image-gcp - 5.4.0.1122.98 linux-image-gcp-edge - 5.4.0.1122.98 linux-modules-extra-gcp - 5.4.0.1122.98 linux-modules-extra-gcp-edge - 5.4.0.1122.98 linux-tools-gcp - 5.4.0.1122.98 linux-tools-gcp-edge - 5.4.0.1122.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46343 Ubuntu 18.04 LTS Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-35827) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) 黄思聪 discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-46343) Update Instructions: Run `sudo pro fix USN-6625-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1102-raspi - 5.4.0-1102.114~18.04.1 linux-headers-5.4.0-1102-raspi - 5.4.0-1102.114~18.04.1 linux-image-5.4.0-1102-raspi - 5.4.0-1102.114~18.04.1 linux-modules-5.4.0-1102-raspi - 5.4.0-1102.114~18.04.1 linux-raspi-5.4-headers-5.4.0-1102 - 5.4.0-1102.114~18.04.1 linux-raspi-5.4-tools-5.4.0-1102 - 5.4.0-1102.114~18.04.1 linux-tools-5.4.0-1102-raspi - 5.4.0-1102.114~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1102.99 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1102.99 linux-image-raspi-hwe-18.04 - 5.4.0.1102.99 linux-image-raspi-hwe-18.04-edge - 5.4.0.1102.99 linux-raspi-hwe-18.04 - 5.4.0.1102.99 linux-raspi-hwe-18.04-edge - 5.4.0.1102.99 linux-tools-raspi-hwe-18.04 - 5.4.0.1102.99 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1102.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46343 Ubuntu 18.04 LTS It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241, CVE-2022-43242) It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-36408) It was discovered that libde265 contained a logical error. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-36409) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-36410, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43239, CVE-2022-43240, CVE-2022-43243, CVE-2022-43248, CVE-2022-43252, CVE-2022-43253) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1253) Update Instructions: Run `sudo pro fix USN-6627-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.18.04.1~esm2 libde265-dev - 1.0.2-2ubuntu0.18.04.1~esm2 libde265-examples - 1.0.2-2ubuntu0.18.04.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 CVE-2022-43248 CVE-2022-43252 CVE-2022-43253 Ubuntu 18.04 LTS It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2021-45958) Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. (CVE-2022-31116) It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory. (CVE-2022-31117) Update Instructions: Run `sudo pro fix USN-6629-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-ujson - 1.35-2ubuntu0.1~esm1 python3-ujson - 1.35-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2021-45958 CVE-2022-31116 CVE-2022-31117 Ubuntu 18.04 LTS David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. (CVE-2023-5678) Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727) Update Instructions: Run `sudo pro fix USN-6632-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.1.1-1ubuntu2.1~18.04.23+esm4 libssl-doc - 1.1.1-1ubuntu2.1~18.04.23+esm4 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23+esm4 openssl - 1.1.1-1ubuntu2.1~18.04.23+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-5678 CVE-2024-0727 Ubuntu 18.04 LTS It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information. Update Instructions: Run `sudo pro fix USN-6640-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: login - 1:4.5-1ubuntu2.5+esm1 passwd - 1:4.5-1ubuntu2.5+esm1 uidmap - 1:4.5-1ubuntu2.5+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-4641 Ubuntu 18.04 LTS Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Update Instructions: Run `sudo pro fix USN-6641-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.58.0-2ubuntu3.24+esm3 libcurl3-gnutls - 7.58.0-2ubuntu3.24+esm3 libcurl3-nss - 7.58.0-2ubuntu3.24+esm3 libcurl4 - 7.58.0-2ubuntu3.24+esm3 libcurl4-doc - 7.58.0-2ubuntu3.24+esm3 libcurl4-gnutls-dev - 7.58.0-2ubuntu3.24+esm3 libcurl4-nss-dev - 7.58.0-2ubuntu3.24+esm3 libcurl4-openssl-dev - 7.58.0-2ubuntu3.24+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-46218 Ubuntu 18.04 LTS Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery (SSRF) attacks. Update Instructions: Run `sudo pro fix USN-6643-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-ip - 1.1.5-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-42282 Ubuntu 18.04 LTS It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. (CVE-2023-52356) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-6228) It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service. (CVE-2023-6277) Update Instructions: Run `sudo pro fix USN-6644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-dev - 4.0.9-5ubuntu0.10+esm5 libtiff-doc - 4.0.9-5ubuntu0.10+esm5 libtiff-opengl - 4.0.9-5ubuntu0.10+esm5 libtiff-tools - 4.0.9-5ubuntu0.10+esm5 libtiff5 - 4.0.9-5ubuntu0.10+esm5 libtiff5-dev - 4.0.9-5ubuntu0.10+esm5 libtiffxx5 - 4.0.9-5ubuntu0.10+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-52356 CVE-2023-6228 CVE-2023-6277 Ubuntu 18.04 LTS It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-7192) Update Instructions: Run `sudo pro fix USN-6647-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1128-oracle - 4.15.0-1128.139 linux-headers-4.15.0-1128-oracle - 4.15.0-1128.139 linux-image-4.15.0-1128-oracle - 4.15.0-1128.139 linux-image-unsigned-4.15.0-1128-oracle - 4.15.0-1128.139 linux-modules-4.15.0-1128-oracle - 4.15.0-1128.139 linux-modules-extra-4.15.0-1128-oracle - 4.15.0-1128.139 linux-oracle-headers-4.15.0-1128 - 4.15.0-1128.139 linux-oracle-tools-4.15.0-1128 - 4.15.0-1128.139 linux-tools-4.15.0-1128-oracle - 4.15.0-1128.139 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1149-kvm - 4.15.0-1149.154 linux-headers-4.15.0-1149-kvm - 4.15.0-1149.154 linux-image-4.15.0-1149-kvm - 4.15.0-1149.154 linux-kvm-headers-4.15.0-1149 - 4.15.0-1149.154 linux-kvm-tools-4.15.0-1149 - 4.15.0-1149.154 linux-modules-4.15.0-1149-kvm - 4.15.0-1149.154 linux-tools-4.15.0-1149-kvm - 4.15.0-1149.154 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1159-gcp - 4.15.0-1159.176 linux-gcp-4.15-headers-4.15.0-1159 - 4.15.0-1159.176 linux-gcp-4.15-tools-4.15.0-1159 - 4.15.0-1159.176 linux-headers-4.15.0-1159-gcp - 4.15.0-1159.176 linux-image-4.15.0-1159-gcp - 4.15.0-1159.176 linux-image-unsigned-4.15.0-1159-gcp - 4.15.0-1159.176 linux-modules-4.15.0-1159-gcp - 4.15.0-1159.176 linux-modules-extra-4.15.0-1159-gcp - 4.15.0-1159.176 linux-tools-4.15.0-1159-gcp - 4.15.0-1159.176 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1165 - 4.15.0-1165.178 linux-aws-headers-4.15.0-1165 - 4.15.0-1165.178 linux-aws-tools-4.15.0-1165 - 4.15.0-1165.178 linux-buildinfo-4.15.0-1165-aws - 4.15.0-1165.178 linux-cloud-tools-4.15.0-1165-aws - 4.15.0-1165.178 linux-headers-4.15.0-1165-aws - 4.15.0-1165.178 linux-image-4.15.0-1165-aws - 4.15.0-1165.178 linux-image-unsigned-4.15.0-1165-aws - 4.15.0-1165.178 linux-modules-4.15.0-1165-aws - 4.15.0-1165.178 linux-modules-extra-4.15.0-1165-aws - 4.15.0-1165.178 linux-tools-4.15.0-1165-aws - 4.15.0-1165.178 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1174 - 4.15.0-1174.189 linux-azure-4.15-headers-4.15.0-1174 - 4.15.0-1174.189 linux-azure-4.15-tools-4.15.0-1174 - 4.15.0-1174.189 linux-buildinfo-4.15.0-1174-azure - 4.15.0-1174.189 linux-cloud-tools-4.15.0-1174-azure - 4.15.0-1174.189 linux-headers-4.15.0-1174-azure - 4.15.0-1174.189 linux-image-4.15.0-1174-azure - 4.15.0-1174.189 linux-image-unsigned-4.15.0-1174-azure - 4.15.0-1174.189 linux-modules-4.15.0-1174-azure - 4.15.0-1174.189 linux-modules-extra-4.15.0-1174-azure - 4.15.0-1174.189 linux-tools-4.15.0-1174-azure - 4.15.0-1174.189 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-222-generic - 4.15.0-222.233 linux-buildinfo-4.15.0-222-lowlatency - 4.15.0-222.233 linux-cloud-tools-4.15.0-222 - 4.15.0-222.233 linux-cloud-tools-4.15.0-222-generic - 4.15.0-222.233 linux-cloud-tools-4.15.0-222-lowlatency - 4.15.0-222.233 linux-cloud-tools-common - 4.15.0-222.233 linux-doc - 4.15.0-222.233 linux-headers-4.15.0-222 - 4.15.0-222.233 linux-headers-4.15.0-222-generic - 4.15.0-222.233 linux-headers-4.15.0-222-lowlatency - 4.15.0-222.233 linux-image-4.15.0-222-generic - 4.15.0-222.233 linux-image-4.15.0-222-lowlatency - 4.15.0-222.233 linux-image-unsigned-4.15.0-222-generic - 4.15.0-222.233 linux-image-unsigned-4.15.0-222-lowlatency - 4.15.0-222.233 linux-libc-dev - 4.15.0-222.233 linux-modules-4.15.0-222-generic - 4.15.0-222.233 linux-modules-4.15.0-222-lowlatency - 4.15.0-222.233 linux-modules-extra-4.15.0-222-generic - 4.15.0-222.233 linux-source-4.15.0 - 4.15.0-222.233 linux-tools-4.15.0-222 - 4.15.0-222.233 linux-tools-4.15.0-222-generic - 4.15.0-222.233 linux-tools-4.15.0-222-lowlatency - 4.15.0-222.233 linux-tools-common - 4.15.0-222.233 linux-tools-host - 4.15.0-222.233 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1128.133 linux-image-oracle-lts-18.04 - 4.15.0.1128.133 linux-oracle-lts-18.04 - 4.15.0.1128.133 linux-signed-image-oracle-lts-18.04 - 4.15.0.1128.133 linux-signed-oracle-lts-18.04 - 4.15.0.1128.133 linux-tools-oracle-lts-18.04 - 4.15.0.1128.133 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1149.140 linux-image-kvm - 4.15.0.1149.140 linux-kvm - 4.15.0.1149.140 linux-tools-kvm - 4.15.0.1149.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1159.173 linux-headers-gcp-lts-18.04 - 4.15.0.1159.173 linux-image-gcp-lts-18.04 - 4.15.0.1159.173 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1159.173 linux-tools-gcp-lts-18.04 - 4.15.0.1159.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1165.163 linux-headers-aws-lts-18.04 - 4.15.0.1165.163 linux-image-aws-lts-18.04 - 4.15.0.1165.163 linux-modules-extra-aws-lts-18.04 - 4.15.0.1165.163 linux-tools-aws-lts-18.04 - 4.15.0.1165.163 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1174.142 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1174.142 linux-headers-azure-lts-18.04 - 4.15.0.1174.142 linux-image-azure-lts-18.04 - 4.15.0.1174.142 linux-modules-extra-azure-lts-18.04 - 4.15.0.1174.142 linux-signed-azure-lts-18.04 - 4.15.0.1174.142 linux-signed-image-azure-lts-18.04 - 4.15.0.1174.142 linux-tools-azure-lts-18.04 - 4.15.0.1174.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.222.206 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.222.206 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.222.206 linux-cloud-tools-lowlatency - 4.15.0.222.206 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-cloud-tools-virtual - 4.15.0.222.206 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.222.206 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.222.206 linux-crashdump - 4.15.0.222.206 linux-generic - 4.15.0.222.206 linux-generic-hwe-16.04 - 4.15.0.222.206 linux-generic-hwe-16.04-edge - 4.15.0.222.206 linux-headers-generic - 4.15.0.222.206 linux-headers-generic-hwe-16.04 - 4.15.0.222.206 linux-headers-generic-hwe-16.04-edge - 4.15.0.222.206 linux-headers-lowlatency - 4.15.0.222.206 linux-headers-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-headers-virtual - 4.15.0.222.206 linux-headers-virtual-hwe-16.04 - 4.15.0.222.206 linux-headers-virtual-hwe-16.04-edge - 4.15.0.222.206 linux-image-extra-virtual - 4.15.0.222.206 linux-image-extra-virtual-hwe-16.04 - 4.15.0.222.206 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.222.206 linux-image-generic - 4.15.0.222.206 linux-image-generic-hwe-16.04 - 4.15.0.222.206 linux-image-generic-hwe-16.04-edge - 4.15.0.222.206 linux-image-lowlatency - 4.15.0.222.206 linux-image-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-image-virtual - 4.15.0.222.206 linux-image-virtual-hwe-16.04 - 4.15.0.222.206 linux-image-virtual-hwe-16.04-edge - 4.15.0.222.206 linux-lowlatency - 4.15.0.222.206 linux-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-signed-generic - 4.15.0.222.206 linux-signed-generic-hwe-16.04 - 4.15.0.222.206 linux-signed-generic-hwe-16.04-edge - 4.15.0.222.206 linux-signed-image-generic - 4.15.0.222.206 linux-signed-image-generic-hwe-16.04 - 4.15.0.222.206 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.222.206 linux-signed-image-lowlatency - 4.15.0.222.206 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-signed-lowlatency - 4.15.0.222.206 linux-signed-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-source - 4.15.0.222.206 linux-tools-generic - 4.15.0.222.206 linux-tools-generic-hwe-16.04 - 4.15.0.222.206 linux-tools-generic-hwe-16.04-edge - 4.15.0.222.206 linux-tools-lowlatency - 4.15.0.222.206 linux-tools-lowlatency-hwe-16.04 - 4.15.0.222.206 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.222.206 linux-tools-virtual - 4.15.0.222.206 linux-tools-virtual-hwe-16.04 - 4.15.0.222.206 linux-tools-virtual-hwe-16.04-edge - 4.15.0.222.206 linux-virtual - 4.15.0.222.206 linux-virtual-hwe-16.04 - 4.15.0.222.206 linux-virtual-hwe-16.04-edge - 4.15.0.222.206 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51780 CVE-2023-51782 CVE-2023-7192 Ubuntu 18.04 LTS It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) Robert Morris discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain server commands fields, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0565) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0646) Update Instructions: Run `sudo pro fix USN-6648-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-headers-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1066.71~18.04.1 linux-ibm-5.4-headers-5.4.0-1066 - 5.4.0-1066.71~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1066.71~18.04.1 linux-ibm-5.4-tools-5.4.0-1066 - 5.4.0-1066.71~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1066.71~18.04.1 linux-image-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-image-unsigned-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-modules-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-modules-extra-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 linux-tools-5.4.0-1066-ibm - 5.4.0-1066.71~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1103-raspi - 5.4.0-1103.115~18.04.1 linux-headers-5.4.0-1103-raspi - 5.4.0-1103.115~18.04.1 linux-image-5.4.0-1103-raspi - 5.4.0-1103.115~18.04.1 linux-modules-5.4.0-1103-raspi - 5.4.0-1103.115~18.04.1 linux-raspi-5.4-headers-5.4.0-1103 - 5.4.0-1103.115~18.04.1 linux-raspi-5.4-tools-5.4.0-1103 - 5.4.0-1103.115~18.04.1 linux-tools-5.4.0-1103-raspi - 5.4.0-1103.115~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-headers-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-image-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-image-unsigned-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-modules-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-modules-extra-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 linux-oracle-5.4-headers-5.4.0-1118 - 5.4.0-1118.127~18.04.1 linux-oracle-5.4-tools-5.4.0-1118 - 5.4.0-1118.127~18.04.1 linux-tools-5.4.0-1118-oracle - 5.4.0-1118.127~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1119 - 5.4.0-1119.129~18.04.1 linux-aws-5.4-headers-5.4.0-1119 - 5.4.0-1119.129~18.04.1 linux-aws-5.4-tools-5.4.0-1119 - 5.4.0-1119.129~18.04.1 linux-buildinfo-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-cloud-tools-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-headers-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-image-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-image-unsigned-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-modules-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-modules-extra-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 linux-tools-5.4.0-1119-aws - 5.4.0-1119.129~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-gcp-5.4-headers-5.4.0-1123 - 5.4.0-1123.132~18.04.1 linux-gcp-5.4-tools-5.4.0-1123 - 5.4.0-1123.132~18.04.1 linux-headers-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-image-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-image-unsigned-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-modules-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-modules-extra-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 linux-tools-5.4.0-1123-gcp - 5.4.0-1123.132~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-buildinfo-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-cloud-tools-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-cloud-tools-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-headers-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-headers-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-172 - 5.4.0-172.190~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-172.190~18.04.1 linux-hwe-5.4-headers-5.4.0-172 - 5.4.0-172.190~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-172.190~18.04.1 linux-hwe-5.4-tools-5.4.0-172 - 5.4.0-172.190~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-172.190~18.04.1 linux-image-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-image-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-image-unsigned-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-image-unsigned-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-modules-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-modules-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 linux-modules-extra-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-tools-5.4.0-172-generic - 5.4.0-172.190~18.04.1 linux-tools-5.4.0-172-lowlatency - 5.4.0-172.190~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1066.76 linux-headers-ibm-edge - 5.4.0.1066.76 linux-ibm - 5.4.0.1066.76 linux-ibm-edge - 5.4.0.1066.76 linux-image-ibm - 5.4.0.1066.76 linux-image-ibm-edge - 5.4.0.1066.76 linux-modules-extra-ibm - 5.4.0.1066.76 linux-modules-extra-ibm-edge - 5.4.0.1066.76 linux-tools-ibm - 5.4.0.1066.76 linux-tools-ibm-edge - 5.4.0.1066.76 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1103.100 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1103.100 linux-image-raspi-hwe-18.04 - 5.4.0.1103.100 linux-image-raspi-hwe-18.04-edge - 5.4.0.1103.100 linux-raspi-hwe-18.04 - 5.4.0.1103.100 linux-raspi-hwe-18.04-edge - 5.4.0.1103.100 linux-tools-raspi-hwe-18.04 - 5.4.0.1103.100 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1103.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1118.127~18.04.90 linux-headers-oracle-edge - 5.4.0.1118.127~18.04.90 linux-image-oracle - 5.4.0.1118.127~18.04.90 linux-image-oracle-edge - 5.4.0.1118.127~18.04.90 linux-modules-extra-oracle - 5.4.0.1118.127~18.04.90 linux-modules-extra-oracle-edge - 5.4.0.1118.127~18.04.90 linux-oracle - 5.4.0.1118.127~18.04.90 linux-oracle-edge - 5.4.0.1118.127~18.04.90 linux-signed-image-oracle - 5.4.0.1118.127~18.04.90 linux-signed-image-oracle-edge - 5.4.0.1118.127~18.04.90 linux-signed-oracle - 5.4.0.1118.127~18.04.90 linux-signed-oracle-edge - 5.4.0.1118.127~18.04.90 linux-tools-oracle - 5.4.0.1118.127~18.04.90 linux-tools-oracle-edge - 5.4.0.1118.127~18.04.90 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1119.97 linux-aws-edge - 5.4.0.1119.97 linux-headers-aws - 5.4.0.1119.97 linux-headers-aws-edge - 5.4.0.1119.97 linux-image-aws - 5.4.0.1119.97 linux-image-aws-edge - 5.4.0.1119.97 linux-modules-extra-aws - 5.4.0.1119.97 linux-modules-extra-aws-edge - 5.4.0.1119.97 linux-tools-aws - 5.4.0.1119.97 linux-tools-aws-edge - 5.4.0.1119.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1123.99 linux-gcp-edge - 5.4.0.1123.99 linux-headers-gcp - 5.4.0.1123.99 linux-headers-gcp-edge - 5.4.0.1123.99 linux-image-gcp - 5.4.0.1123.99 linux-image-gcp-edge - 5.4.0.1123.99 linux-modules-extra-gcp - 5.4.0.1123.99 linux-modules-extra-gcp-edge - 5.4.0.1123.99 linux-tools-gcp - 5.4.0.1123.99 linux-tools-gcp-edge - 5.4.0.1123.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-generic-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-generic-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-headers-generic-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-headers-generic-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-headers-lowlatency-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-headers-oem - 5.4.0.172.190~18.04.140 linux-headers-oem-osp1 - 5.4.0.172.190~18.04.140 linux-headers-snapdragon-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-headers-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-headers-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-image-extra-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-image-generic-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-image-generic-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-image-lowlatency-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-image-oem - 5.4.0.172.190~18.04.140 linux-image-oem-osp1 - 5.4.0.172.190~18.04.140 linux-image-snapdragon-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-image-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-image-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-lowlatency-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-lowlatency-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-oem - 5.4.0.172.190~18.04.140 linux-oem-osp1 - 5.4.0.172.190~18.04.140 linux-snapdragon-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-snapdragon-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-tools-generic-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-tools-generic-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-tools-lowlatency-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-tools-oem - 5.4.0.172.190~18.04.140 linux-tools-oem-osp1 - 5.4.0.172.190~18.04.140 linux-tools-snapdragon-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-tools-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-tools-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 linux-virtual-hwe-18.04 - 5.4.0.172.190~18.04.140 linux-virtual-hwe-18.04-edge - 5.4.0.172.190~18.04.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51781 CVE-2023-6915 CVE-2024-0565 CVE-2024-0646 Ubuntu 18.04 LTS It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) Robert Morris discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain server commands fields, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0565) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0646) Update Instructions: Run `sudo pro fix USN-6648-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-5.4-cloud-tools-5.4.0-1124 - 5.4.0-1124.131~18.04.1 linux-azure-5.4-headers-5.4.0-1124 - 5.4.0-1124.131~18.04.1 linux-azure-5.4-tools-5.4.0-1124 - 5.4.0-1124.131~18.04.1 linux-buildinfo-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-cloud-tools-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-headers-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-image-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-image-unsigned-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-modules-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-modules-extra-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 linux-tools-5.4.0-1124-azure - 5.4.0-1124.131~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1124.97 linux-azure-edge - 5.4.0.1124.97 linux-cloud-tools-azure - 5.4.0.1124.97 linux-cloud-tools-azure-edge - 5.4.0.1124.97 linux-headers-azure - 5.4.0.1124.97 linux-headers-azure-edge - 5.4.0.1124.97 linux-image-azure - 5.4.0.1124.97 linux-image-azure-edge - 5.4.0.1124.97 linux-modules-extra-azure - 5.4.0.1124.97 linux-modules-extra-azure-edge - 5.4.0.1124.97 linux-signed-azure - 5.4.0.1124.97 linux-signed-azure-edge - 5.4.0.1124.97 linux-signed-image-azure - 5.4.0.1124.97 linux-signed-image-azure-edge - 5.4.0.1124.97 linux-tools-azure - 5.4.0.1124.97 linux-tools-azure-edge - 5.4.0.1124.97 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-51781 CVE-2023-6915 CVE-2024-0565 CVE-2024-0646 Ubuntu 18.04 LTS It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2023-43770) Update Instructions: Run `sudo pro fix USN-6654-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: roundcube - 1.3.6+dfsg.1-1ubuntu0.1~esm3 roundcube-core - 1.3.6+dfsg.1-1ubuntu0.1~esm3 roundcube-mysql - 1.3.6+dfsg.1-1ubuntu0.1~esm3 roundcube-pgsql - 1.3.6+dfsg.1-1ubuntu0.1~esm3 roundcube-plugins - 1.3.6+dfsg.1-1ubuntu0.1~esm3 roundcube-sqlite3 - 1.3.6+dfsg.1-1ubuntu0.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-43770 Ubuntu 18.04 LTS USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. (CVE-2023-50868) It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10. (CVE-2023-28450) Update Instructions: Run `sudo pro fix USN-6657-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.90-0ubuntu0.18.04.1+esm1 dnsmasq-base - 2.90-0ubuntu0.18.04.1+esm1 dnsmasq-base-lua - 2.90-0ubuntu0.18.04.1+esm1 dnsmasq-utils - 2.90-0ubuntu0.18.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-28450 CVE-2023-50387 CVE-2023-50868 Ubuntu 18.04 LTS USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6658-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 libxml2-dev - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 libxml2-doc - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 libxml2-utils - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 python-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 python3-libxml2 - 2.9.4+dfsg1-6.1ubuntu1.9+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-25062 Ubuntu 18.04 LTS It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249, CVE-2022-43250, CVE-2022-47665, CVE-2023-25221) It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-43245) It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754, CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758) Update Instructions: Run `sudo pro fix USN-6659-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.18.04.1~esm3 libde265-dev - 1.0.2-2ubuntu0.18.04.1~esm3 libde265-examples - 1.0.2-2ubuntu0.18.04.1~esm3 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-43244 CVE-2022-43245 CVE-2022-43249 CVE-2022-43250 CVE-2022-47665 CVE-2023-24751 CVE-2023-24752 CVE-2023-24754 CVE-2023-24755 CVE-2023-24756 CVE-2023-24757 CVE-2023-24758 CVE-2023-25221 Ubuntu 18.04 LTS Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918) It was discovered that the Hotspot component of OpenJDK 11 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20919) It was discovered that the Hotspot component of OpenJDK 11 had an optimization flaw when generating range check loop predicates. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921) Valentin Eudeline discovered that OpenJDK 11 incorrectly handled certain options in the Nashorn JavaScript subcomponent. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-20926) It was discovered that OpenJDK 11 could produce debug logs that contained private keys used for digital signatures. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-20945) Hubert Kario discovered that the TLS implementation in OpenJDK 11 had a timing side-channel and incorrectly handled RSA padding. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-20952) Update Instructions: Run `sudo pro fix USN-6660-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-doc - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-jdk - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-jdk-headless - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-jre - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-jre-headless - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-jre-zero - 11.0.22+7-0ubuntu2~18.04.1 openjdk-11-source - 11.0.22+7-0ubuntu2~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 Ubuntu 18.04 LTS Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918) It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20919) It was discovered that the Hotspot component of OpenJDK 17 had an optimization flaw when generating range check loop predicates. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921) Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP archives that have file and directory entries with the same name. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20932) It was discovered that OpenJDK 17 could produce debug logs that contained private keys used for digital signatures. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-20945) Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a timing side-channel and incorrectly handled RSA padding. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-20952) Update Instructions: Run `sudo pro fix USN-6661-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-demo - 17.0.10+7-1~18.04.1 openjdk-17-doc - 17.0.10+7-1~18.04.1 openjdk-17-jdk - 17.0.10+7-1~18.04.1 openjdk-17-jdk-headless - 17.0.10+7-1~18.04.1 openjdk-17-jre - 17.0.10+7-1~18.04.1 openjdk-17-jre-headless - 17.0.10+7-1~18.04.1 openjdk-17-jre-zero - 17.0.10+7-1~18.04.1 openjdk-17-source - 17.0.10+7-1~18.04.1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 Ubuntu 18.04 LTS As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks. Update Instructions: Run `sudo pro fix USN-6663-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 1.1.1-1ubuntu2.1~18.04.23+esm5 libssl-doc - 1.1.1-1ubuntu2.1~18.04.23+esm5 libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23+esm5 openssl - 1.1.1-1ubuntu2.1~18.04.23+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2054090 Ubuntu 18.04 LTS It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands. Update Instructions: Run `sudo pro fix USN-6664-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less - 487-0.1ubuntu0.1~esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-48624 Ubuntu 18.04 LTS Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. (CVE-2023-50782) It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-26130) Update Instructions: Run `sudo pro fix USN-6673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cryptography - 2.1.4-1ubuntu1.4+esm1 python-cryptography-doc - 2.1.4-1ubuntu1.4+esm1 python3-cryptography - 2.1.4-1ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-50782 CVE-2024-26130 Ubuntu 18.04 LTS USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-6674-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django - 1:1.11.11-1ubuntu1.21+esm4 python-django-common - 1:1.11.11-1ubuntu1.21+esm4 python-django-doc - 1:1.11.11-1ubuntu1.21+esm4 python3-django - 1:1.11.11-1ubuntu1.21+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-27351 Ubuntu 18.04 LTS Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-6676-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.14.0-1ubuntu0.2+esm2 libc-ares2 - 1.14.0-1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-25629 Ubuntu 18.04 LTS It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27102) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-27103) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-43887, CVE-2023-47471, CVE-2023-49465, CVE-2023-49467, CVE-2023-49468) Update Instructions: Run `sudo pro fix USN-6677-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 - 1.0.2-2ubuntu0.18.04.1~esm4 libde265-dev - 1.0.2-2ubuntu0.18.04.1~esm4 libde265-examples - 1.0.2-2ubuntu0.18.04.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471 CVE-2023-49465 CVE-2023-49467 CVE-2023-49468 Ubuntu 18.04 LTS It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279) It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742) It was discovered that libgit2 could be made to run into an infinite loop. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-24575) It was discovered that libgit2 did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-24577) Update Instructions: Run `sudo pro fix USN-6678-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgit2-26 - 0.26.0+dfsg.1-1.1ubuntu0.2+esm1 libgit2-dev - 0.26.0+dfsg.1-1.1ubuntu0.2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2020-12278 CVE-2020-12279 CVE-2023-22742 CVE-2024-24575 CVE-2024-24577 Ubuntu 18.04 LTS Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2024-0340) Update Instructions: Run `sudo pro fix USN-6681-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-gcp-5.4-headers-5.4.0-1124 - 5.4.0-1124.133~18.04.1 linux-gcp-5.4-tools-5.4.0-1124 - 5.4.0-1124.133~18.04.1 linux-headers-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-image-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-image-unsigned-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-modules-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-modules-extra-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 linux-tools-5.4.0-1124-gcp - 5.4.0-1124.133~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-buildinfo-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-cloud-tools-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-cloud-tools-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-headers-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-headers-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-173 - 5.4.0-173.191~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-173.191~18.04.1 linux-hwe-5.4-headers-5.4.0-173 - 5.4.0-173.191~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-173.191~18.04.1 linux-hwe-5.4-tools-5.4.0-173 - 5.4.0-173.191~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-173.191~18.04.1 linux-image-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-image-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-image-unsigned-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-image-unsigned-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-modules-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-modules-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 linux-modules-extra-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-tools-5.4.0-173-generic - 5.4.0-173.191~18.04.1 linux-tools-5.4.0-173-lowlatency - 5.4.0-173.191~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1124.100 linux-gcp-edge - 5.4.0.1124.100 linux-headers-gcp - 5.4.0.1124.100 linux-headers-gcp-edge - 5.4.0.1124.100 linux-image-gcp - 5.4.0.1124.100 linux-image-gcp-edge - 5.4.0.1124.100 linux-modules-extra-gcp - 5.4.0.1124.100 linux-modules-extra-gcp-edge - 5.4.0.1124.100 linux-tools-gcp - 5.4.0.1124.100 linux-tools-gcp-edge - 5.4.0.1124.100 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-generic-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-generic-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-headers-generic-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-headers-generic-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-headers-lowlatency-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-headers-oem - 5.4.0.173.191~18.04.141 linux-headers-oem-osp1 - 5.4.0.173.191~18.04.141 linux-headers-snapdragon-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-headers-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-headers-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-image-extra-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-image-generic-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-image-generic-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-image-lowlatency-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-image-oem - 5.4.0.173.191~18.04.141 linux-image-oem-osp1 - 5.4.0.173.191~18.04.141 linux-image-snapdragon-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-image-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-image-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-lowlatency-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-lowlatency-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-oem - 5.4.0.173.191~18.04.141 linux-oem-osp1 - 5.4.0.173.191~18.04.141 linux-snapdragon-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-snapdragon-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-tools-generic-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-tools-generic-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-tools-lowlatency-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-tools-oem - 5.4.0.173.191~18.04.141 linux-tools-oem-osp1 - 5.4.0.173.191~18.04.141 linux-tools-snapdragon-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-tools-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-tools-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 linux-virtual-hwe-18.04 - 5.4.0.173.191~18.04.141 linux-virtual-hwe-18.04-edge - 5.4.0.173.191~18.04.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44879 CVE-2023-22995 CVE-2023-4244 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2024-0340 Ubuntu 18.04 LTS Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2024-0340) Update Instructions: Run `sudo pro fix USN-6681-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1104-raspi - 5.4.0-1104.116~18.04.1 linux-headers-5.4.0-1104-raspi - 5.4.0-1104.116~18.04.1 linux-image-5.4.0-1104-raspi - 5.4.0-1104.116~18.04.1 linux-modules-5.4.0-1104-raspi - 5.4.0-1104.116~18.04.1 linux-raspi-5.4-headers-5.4.0-1104 - 5.4.0-1104.116~18.04.1 linux-raspi-5.4-tools-5.4.0-1104 - 5.4.0-1104.116~18.04.1 linux-tools-5.4.0-1104-raspi - 5.4.0-1104.116~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1104.101 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1104.101 linux-image-raspi-hwe-18.04 - 5.4.0.1104.101 linux-image-raspi-hwe-18.04-edge - 5.4.0.1104.101 linux-raspi-hwe-18.04 - 5.4.0.1104.101 linux-raspi-hwe-18.04-edge - 5.4.0.1104.101 linux-tools-raspi-hwe-18.04 - 5.4.0.1104.101 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1104.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44879 CVE-2023-22995 CVE-2023-4244 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2024-0340 Ubuntu 18.04 LTS Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2024-0340) Update Instructions: Run `sudo pro fix USN-6681-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-headers-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1067.72~18.04.1 linux-ibm-5.4-headers-5.4.0-1067 - 5.4.0-1067.72~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1067.72~18.04.1 linux-ibm-5.4-tools-5.4.0-1067 - 5.4.0-1067.72~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1067.72~18.04.1 linux-image-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-image-unsigned-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-modules-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-modules-extra-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 linux-tools-5.4.0-1067-ibm - 5.4.0-1067.72~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-headers-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-image-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-image-unsigned-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-modules-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-modules-extra-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 linux-oracle-5.4-headers-5.4.0-1119 - 5.4.0-1119.128~18.04.1 linux-oracle-5.4-tools-5.4.0-1119 - 5.4.0-1119.128~18.04.1 linux-tools-5.4.0-1119-oracle - 5.4.0-1119.128~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1067.77 linux-headers-ibm-edge - 5.4.0.1067.77 linux-ibm - 5.4.0.1067.77 linux-ibm-edge - 5.4.0.1067.77 linux-image-ibm - 5.4.0.1067.77 linux-image-ibm-edge - 5.4.0.1067.77 linux-modules-extra-ibm - 5.4.0.1067.77 linux-modules-extra-ibm-edge - 5.4.0.1067.77 linux-tools-ibm - 5.4.0.1067.77 linux-tools-ibm-edge - 5.4.0.1067.77 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1119.128~18.04.91 linux-headers-oracle-edge - 5.4.0.1119.128~18.04.91 linux-image-oracle - 5.4.0.1119.128~18.04.91 linux-image-oracle-edge - 5.4.0.1119.128~18.04.91 linux-modules-extra-oracle - 5.4.0.1119.128~18.04.91 linux-modules-extra-oracle-edge - 5.4.0.1119.128~18.04.91 linux-oracle - 5.4.0.1119.128~18.04.91 linux-oracle-edge - 5.4.0.1119.128~18.04.91 linux-signed-image-oracle - 5.4.0.1119.128~18.04.91 linux-signed-image-oracle-edge - 5.4.0.1119.128~18.04.91 linux-signed-oracle - 5.4.0.1119.128~18.04.91 linux-signed-oracle-edge - 5.4.0.1119.128~18.04.91 linux-tools-oracle - 5.4.0.1119.128~18.04.91 linux-tools-oracle-edge - 5.4.0.1119.128~18.04.91 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44879 CVE-2023-22995 CVE-2023-4244 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2024-0340 Ubuntu 18.04 LTS Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2024-0340) Update Instructions: Run `sudo pro fix USN-6681-4` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-aws-5.4-cloud-tools-5.4.0-1120 - 5.4.0-1120.130~18.04.1 linux-aws-5.4-headers-5.4.0-1120 - 5.4.0-1120.130~18.04.1 linux-aws-5.4-tools-5.4.0-1120 - 5.4.0-1120.130~18.04.1 linux-buildinfo-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-cloud-tools-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-headers-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-image-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-image-unsigned-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-modules-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-modules-extra-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 linux-tools-5.4.0-1120-aws - 5.4.0-1120.130~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1120.98 linux-aws-edge - 5.4.0.1120.98 linux-headers-aws - 5.4.0.1120.98 linux-headers-aws-edge - 5.4.0.1120.98 linux-image-aws - 5.4.0.1120.98 linux-image-aws-edge - 5.4.0.1120.98 linux-modules-extra-aws - 5.4.0.1120.98 linux-modules-extra-aws-edge - 5.4.0.1120.98 linux-tools-aws - 5.4.0.1120.98 linux-tools-aws-edge - 5.4.0.1120.98 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44879 CVE-2023-22995 CVE-2023-4244 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2024-0340 Ubuntu 18.04 LTS It was discovered that HtmlCleaner incorrectly handled certain html documents. An attacker could possibly use this issue to cause a denial of service via application crash. Update Instructions: Run `sudo pro fix USN-6683-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libhtmlcleaner-java - 2.21-2ubuntu0.1~esm1 libhtmlcleaner-java-doc - 2.21-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2023-34624 Ubuntu 18.04 LTS It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-6684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lib32ncurses5 - 6.1-1ubuntu1.18.04.1+esm2 lib32ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm2 lib32ncursesw5 - 6.1-1ubuntu1.18.04.1+esm2 lib32ncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm2 lib32tinfo-dev - 6.1-1ubuntu1.18.04.1+esm2 lib32tinfo5 - 6.1-1ubuntu1.18.04.1+esm2 lib64ncurses5 - 6.1-1ubuntu1.18.04.1+esm2 lib64ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm2 lib64tinfo5 - 6.1-1ubuntu1.18.04.1+esm2 libncurses5 - 6.1-1ubuntu1.18.04.1+esm2 libncurses5-dev - 6.1-1ubuntu1.18.04.1+esm2 libncursesw5 - 6.1-1ubuntu1.18.04.1+esm2 libncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm2 libtinfo-dev - 6.1-1ubuntu1.18.04.1+esm2 libtinfo5 - 6.1-1ubuntu1.18.04.1+esm2 libx32ncurses5 - 6.1-1ubuntu1.18.04.1+esm2 libx32ncurses5-dev - 6.1-1ubuntu1.18.04.1+esm2 libx32ncursesw5 - 6.1-1ubuntu1.18.04.1+esm2 libx32ncursesw5-dev - 6.1-1ubuntu1.18.04.1+esm2 libx32tinfo-dev - 6.1-1ubuntu1.18.04.1+esm2 libx32tinfo5 - 6.1-1ubuntu1.18.04.1+esm2 ncurses-base - 6.1-1ubuntu1.18.04.1+esm2 ncurses-bin - 6.1-1ubuntu1.18.04.1+esm2 ncurses-doc - 6.1-1ubuntu1.18.04.1+esm2 ncurses-examples - 6.1-1ubuntu1.18.04.1+esm2 ncurses-term - 6.1-1ubuntu1.18.04.1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-50495 Ubuntu 18.04 LTS It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6685-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmqtt-client-java - 1.14-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2019-0222 Ubuntu 18.04 LTS It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6692-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgoogle-gson-java - 2.8.5-3~18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-25647 Ubuntu 18.04 LTS Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918) It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions. (CVE-2024-20919) It was discovered that the Hotspot component of OpenJDK 8 had an optimization flaw when generating range check loop predicates. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921) Valentin Eudeline discovered that OpenJDK 8 incorrectly handled certain options in the Nashorn JavaScript subcomponent. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-20926) It was discovered that OpenJDK 8 could produce debug logs that contained private keys used for digital signatures. An attacker could possibly use this issue to obtain sensitive information. (CVE-2024-20945) Hubert Kario discovered that the TLS implementation in OpenJDK 8 had a timing side-channel and incorrectly handled RSA padding. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2024-20952) Update Instructions: Run `sudo pro fix USN-6696-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u402-ga-2ubuntu1~18.04 openjdk-8-doc - 8u402-ga-2ubuntu1~18.04 openjdk-8-jdk - 8u402-ga-2ubuntu1~18.04 openjdk-8-jdk-headless - 8u402-ga-2ubuntu1~18.04 openjdk-8-jre - 8u402-ga-2ubuntu1~18.04 openjdk-8-jre-headless - 8u402-ga-2ubuntu1~18.04 openjdk-8-jre-zero - 8u402-ga-2ubuntu1~18.04 openjdk-8-source - 8u402-ga-2ubuntu1~18.04 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 Ubuntu 18.04 LTS Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service Update Instructions: Run `sudo pro fix USN-6698-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.0.1453-1ubuntu1.13+esm8 vim-athena - 2:8.0.1453-1ubuntu1.13+esm8 vim-common - 2:8.0.1453-1ubuntu1.13+esm8 vim-doc - 2:8.0.1453-1ubuntu1.13+esm8 vim-gnome - 2:8.0.1453-1ubuntu1.13+esm8 vim-gtk - 2:8.0.1453-1ubuntu1.13+esm8 vim-gtk3 - 2:8.0.1453-1ubuntu1.13+esm8 vim-gui-common - 2:8.0.1453-1ubuntu1.13+esm8 vim-nox - 2:8.0.1453-1ubuntu1.13+esm8 vim-runtime - 2:8.0.1453-1ubuntu1.13+esm8 vim-tiny - 2:8.0.1453-1ubuntu1.13+esm8 xxd - 2:8.0.1453-1ubuntu1.13+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2024-22667 Ubuntu 18.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1129-oracle - 4.15.0-1129.140 linux-headers-4.15.0-1129-oracle - 4.15.0-1129.140 linux-image-4.15.0-1129-oracle - 4.15.0-1129.140 linux-image-unsigned-4.15.0-1129-oracle - 4.15.0-1129.140 linux-modules-4.15.0-1129-oracle - 4.15.0-1129.140 linux-modules-extra-4.15.0-1129-oracle - 4.15.0-1129.140 linux-oracle-headers-4.15.0-1129 - 4.15.0-1129.140 linux-oracle-tools-4.15.0-1129 - 4.15.0-1129.140 linux-tools-4.15.0-1129-oracle - 4.15.0-1129.140 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1150-kvm - 4.15.0-1150.155 linux-headers-4.15.0-1150-kvm - 4.15.0-1150.155 linux-image-4.15.0-1150-kvm - 4.15.0-1150.155 linux-kvm-headers-4.15.0-1150 - 4.15.0-1150.155 linux-kvm-tools-4.15.0-1150 - 4.15.0-1150.155 linux-modules-4.15.0-1150-kvm - 4.15.0-1150.155 linux-tools-4.15.0-1150-kvm - 4.15.0-1150.155 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1166 - 4.15.0-1166.179 linux-aws-headers-4.15.0-1166 - 4.15.0-1166.179 linux-aws-tools-4.15.0-1166 - 4.15.0-1166.179 linux-buildinfo-4.15.0-1166-aws - 4.15.0-1166.179 linux-cloud-tools-4.15.0-1166-aws - 4.15.0-1166.179 linux-headers-4.15.0-1166-aws - 4.15.0-1166.179 linux-image-4.15.0-1166-aws - 4.15.0-1166.179 linux-image-unsigned-4.15.0-1166-aws - 4.15.0-1166.179 linux-modules-4.15.0-1166-aws - 4.15.0-1166.179 linux-modules-extra-4.15.0-1166-aws - 4.15.0-1166.179 linux-tools-4.15.0-1166-aws - 4.15.0-1166.179 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-223-generic - 4.15.0-223.235 linux-buildinfo-4.15.0-223-lowlatency - 4.15.0-223.235 linux-cloud-tools-4.15.0-223 - 4.15.0-223.235 linux-cloud-tools-4.15.0-223-generic - 4.15.0-223.235 linux-cloud-tools-4.15.0-223-lowlatency - 4.15.0-223.235 linux-cloud-tools-common - 4.15.0-223.235 linux-doc - 4.15.0-223.235 linux-headers-4.15.0-223 - 4.15.0-223.235 linux-headers-4.15.0-223-generic - 4.15.0-223.235 linux-headers-4.15.0-223-lowlatency - 4.15.0-223.235 linux-image-4.15.0-223-generic - 4.15.0-223.235 linux-image-4.15.0-223-lowlatency - 4.15.0-223.235 linux-image-unsigned-4.15.0-223-generic - 4.15.0-223.235 linux-image-unsigned-4.15.0-223-lowlatency - 4.15.0-223.235 linux-libc-dev - 4.15.0-223.235 linux-modules-4.15.0-223-generic - 4.15.0-223.235 linux-modules-4.15.0-223-lowlatency - 4.15.0-223.235 linux-modules-extra-4.15.0-223-generic - 4.15.0-223.235 linux-source-4.15.0 - 4.15.0-223.235 linux-tools-4.15.0-223 - 4.15.0-223.235 linux-tools-4.15.0-223-generic - 4.15.0-223.235 linux-tools-4.15.0-223-lowlatency - 4.15.0-223.235 linux-tools-common - 4.15.0-223.235 linux-tools-host - 4.15.0-223.235 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1129.134 linux-image-oracle-lts-18.04 - 4.15.0.1129.134 linux-oracle-lts-18.04 - 4.15.0.1129.134 linux-signed-image-oracle-lts-18.04 - 4.15.0.1129.134 linux-signed-oracle-lts-18.04 - 4.15.0.1129.134 linux-tools-oracle-lts-18.04 - 4.15.0.1129.134 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1150.141 linux-image-kvm - 4.15.0.1150.141 linux-kvm - 4.15.0.1150.141 linux-tools-kvm - 4.15.0.1150.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1166.164 linux-headers-aws-lts-18.04 - 4.15.0.1166.164 linux-image-aws-lts-18.04 - 4.15.0.1166.164 linux-modules-extra-aws-lts-18.04 - 4.15.0.1166.164 linux-tools-aws-lts-18.04 - 4.15.0.1166.164 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.223.207 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.223.207 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.223.207 linux-cloud-tools-lowlatency - 4.15.0.223.207 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-cloud-tools-virtual - 4.15.0.223.207 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.223.207 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.223.207 linux-crashdump - 4.15.0.223.207 linux-generic - 4.15.0.223.207 linux-generic-hwe-16.04 - 4.15.0.223.207 linux-generic-hwe-16.04-edge - 4.15.0.223.207 linux-headers-generic - 4.15.0.223.207 linux-headers-generic-hwe-16.04 - 4.15.0.223.207 linux-headers-generic-hwe-16.04-edge - 4.15.0.223.207 linux-headers-lowlatency - 4.15.0.223.207 linux-headers-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-headers-virtual - 4.15.0.223.207 linux-headers-virtual-hwe-16.04 - 4.15.0.223.207 linux-headers-virtual-hwe-16.04-edge - 4.15.0.223.207 linux-image-extra-virtual - 4.15.0.223.207 linux-image-extra-virtual-hwe-16.04 - 4.15.0.223.207 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.223.207 linux-image-generic - 4.15.0.223.207 linux-image-generic-hwe-16.04 - 4.15.0.223.207 linux-image-generic-hwe-16.04-edge - 4.15.0.223.207 linux-image-lowlatency - 4.15.0.223.207 linux-image-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-image-virtual - 4.15.0.223.207 linux-image-virtual-hwe-16.04 - 4.15.0.223.207 linux-image-virtual-hwe-16.04-edge - 4.15.0.223.207 linux-lowlatency - 4.15.0.223.207 linux-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-signed-generic - 4.15.0.223.207 linux-signed-generic-hwe-16.04 - 4.15.0.223.207 linux-signed-generic-hwe-16.04-edge - 4.15.0.223.207 linux-signed-image-generic - 4.15.0.223.207 linux-signed-image-generic-hwe-16.04 - 4.15.0.223.207 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.223.207 linux-signed-image-lowlatency - 4.15.0.223.207 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-signed-lowlatency - 4.15.0.223.207 linux-signed-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-source - 4.15.0.223.207 linux-tools-generic - 4.15.0.223.207 linux-tools-generic-hwe-16.04 - 4.15.0.223.207 linux-tools-generic-hwe-16.04-edge - 4.15.0.223.207 linux-tools-lowlatency - 4.15.0.223.207 linux-tools-lowlatency-hwe-16.04 - 4.15.0.223.207 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.223.207 linux-tools-virtual - 4.15.0.223.207 linux-tools-virtual-hwe-16.04 - 4.15.0.223.207 linux-tools-virtual-hwe-16.04-edge - 4.15.0.223.207 linux-virtual - 4.15.0.223.207 linux-virtual-hwe-16.04 - 4.15.0.223.207 linux-virtual-hwe-16.04-edge - 4.15.0.223.207 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1160-gcp - 4.15.0-1160.177 linux-gcp-4.15-headers-4.15.0-1160 - 4.15.0-1160.177 linux-gcp-4.15-tools-4.15.0-1160 - 4.15.0-1160.177 linux-headers-4.15.0-1160-gcp - 4.15.0-1160.177 linux-image-4.15.0-1160-gcp - 4.15.0-1160.177 linux-image-unsigned-4.15.0-1160-gcp - 4.15.0-1160.177 linux-modules-4.15.0-1160-gcp - 4.15.0-1160.177 linux-modules-extra-4.15.0-1160-gcp - 4.15.0-1160.177 linux-tools-4.15.0-1160-gcp - 4.15.0-1160.177 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1160.173 linux-headers-gcp-lts-18.04 - 4.15.0.1160.173 linux-image-gcp-lts-18.04 - 4.15.0.1160.173 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1160.173 linux-tools-gcp-lts-18.04 - 4.15.0.1160.173 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6701-3` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-4.15-cloud-tools-4.15.0-1175 - 4.15.0-1175.190 linux-azure-4.15-headers-4.15.0-1175 - 4.15.0-1175.190 linux-azure-4.15-tools-4.15.0-1175 - 4.15.0-1175.190 linux-buildinfo-4.15.0-1175-azure - 4.15.0-1175.190 linux-cloud-tools-4.15.0-1175-azure - 4.15.0-1175.190 linux-headers-4.15.0-1175-azure - 4.15.0-1175.190 linux-image-4.15.0-1175-azure - 4.15.0-1175.190 linux-image-unsigned-4.15.0-1175-azure - 4.15.0-1175.190 linux-modules-4.15.0-1175-azure - 4.15.0-1175.190 linux-modules-extra-4.15.0-1175-azure - 4.15.0-1175.190 linux-tools-4.15.0-1175-azure - 4.15.0-1175.190 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1175.143 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1175.143 linux-headers-azure-lts-18.04 - 4.15.0.1175.143 linux-image-azure-lts-18.04 - 4.15.0.1175.143 linux-modules-extra-azure-lts-18.04 - 4.15.0.1175.143 linux-signed-azure-lts-18.04 - 4.15.0.1175.143 linux-signed-image-azure-lts-18.04 - 4.15.0.1175.143 linux-tools-azure-lts-18.04 - 4.15.0.1175.143 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-2002 CVE-2023-23000 CVE-2023-3006 CVE-2023-34256 CVE-2023-39197 CVE-2023-4132 CVE-2023-46838 CVE-2023-51781 CVE-2023-6121 CVE-2024-0775 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6702-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-headers-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1068.73~18.04.1 linux-ibm-5.4-headers-5.4.0-1068 - 5.4.0-1068.73~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1068.73~18.04.1 linux-ibm-5.4-tools-5.4.0-1068 - 5.4.0-1068.73~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1068.73~18.04.1 linux-image-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-image-unsigned-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-modules-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-modules-extra-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 linux-tools-5.4.0-1068-ibm - 5.4.0-1068.73~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-headers-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-image-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-image-unsigned-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-modules-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-modules-extra-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 linux-oracle-5.4-headers-5.4.0-1120 - 5.4.0-1120.129~18.04.1 linux-oracle-5.4-tools-5.4.0-1120 - 5.4.0-1120.129~18.04.1 linux-tools-5.4.0-1120-oracle - 5.4.0-1120.129~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-buildinfo-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-cloud-tools-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-cloud-tools-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-headers-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-headers-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-174 - 5.4.0-174.193~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-174.193~18.04.1 linux-hwe-5.4-headers-5.4.0-174 - 5.4.0-174.193~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-174.193~18.04.1 linux-hwe-5.4-tools-5.4.0-174 - 5.4.0-174.193~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-174.193~18.04.1 linux-image-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-image-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-image-unsigned-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-image-unsigned-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-modules-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-modules-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 linux-modules-extra-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-tools-5.4.0-174-generic - 5.4.0-174.193~18.04.1 linux-tools-5.4.0-174-lowlatency - 5.4.0-174.193~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1068.78 linux-headers-ibm-edge - 5.4.0.1068.78 linux-ibm - 5.4.0.1068.78 linux-ibm-edge - 5.4.0.1068.78 linux-image-ibm - 5.4.0.1068.78 linux-image-ibm-edge - 5.4.0.1068.78 linux-modules-extra-ibm - 5.4.0.1068.78 linux-modules-extra-ibm-edge - 5.4.0.1068.78 linux-tools-ibm - 5.4.0.1068.78 linux-tools-ibm-edge - 5.4.0.1068.78 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1120.129~18.04.92 linux-headers-oracle-edge - 5.4.0.1120.129~18.04.92 linux-image-oracle - 5.4.0.1120.129~18.04.92 linux-image-oracle-edge - 5.4.0.1120.129~18.04.92 linux-modules-extra-oracle - 5.4.0.1120.129~18.04.92 linux-modules-extra-oracle-edge - 5.4.0.1120.129~18.04.92 linux-oracle - 5.4.0.1120.129~18.04.92 linux-oracle-edge - 5.4.0.1120.129~18.04.92 linux-signed-image-oracle - 5.4.0.1120.129~18.04.92 linux-signed-image-oracle-edge - 5.4.0.1120.129~18.04.92 linux-signed-oracle - 5.4.0.1120.129~18.04.92 linux-signed-oracle-edge - 5.4.0.1120.129~18.04.92 linux-tools-oracle - 5.4.0.1120.129~18.04.92 linux-tools-oracle-edge - 5.4.0.1120.129~18.04.92 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-generic-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-generic-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-headers-generic-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-headers-generic-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-headers-lowlatency-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-headers-oem - 5.4.0.174.193~18.04.142 linux-headers-oem-osp1 - 5.4.0.174.193~18.04.142 linux-headers-snapdragon-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-headers-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-headers-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-image-extra-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-image-generic-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-image-generic-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-image-lowlatency-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-image-oem - 5.4.0.174.193~18.04.142 linux-image-oem-osp1 - 5.4.0.174.193~18.04.142 linux-image-snapdragon-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-image-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-image-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-lowlatency-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-lowlatency-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-oem - 5.4.0.174.193~18.04.142 linux-oem-osp1 - 5.4.0.174.193~18.04.142 linux-snapdragon-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-snapdragon-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-tools-generic-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-tools-generic-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-tools-lowlatency-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-tools-oem - 5.4.0.174.193~18.04.142 linux-tools-oem-osp1 - 5.4.0.174.193~18.04.142 linux-tools-snapdragon-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-tools-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-tools-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 linux-virtual-hwe-18.04 - 5.4.0.174.193~18.04.142 linux-virtual-hwe-18.04-edge - 5.4.0.174.193~18.04.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-23000 CVE-2023-23004 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6702-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1105-raspi - 5.4.0-1105.117~18.04.1 linux-headers-5.4.0-1105-raspi - 5.4.0-1105.117~18.04.1 linux-image-5.4.0-1105-raspi - 5.4.0-1105.117~18.04.1 linux-modules-5.4.0-1105-raspi - 5.4.0-1105.117~18.04.1 linux-raspi-5.4-headers-5.4.0-1105 - 5.4.0-1105.117~18.04.1 linux-raspi-5.4-tools-5.4.0-1105 - 5.4.0-1105.117~18.04.1 linux-tools-5.4.0-1105-raspi - 5.4.0-1105.117~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1121 - 5.4.0-1121.131~18.04.1 linux-aws-5.4-headers-5.4.0-1121 - 5.4.0-1121.131~18.04.1 linux-aws-5.4-tools-5.4.0-1121 - 5.4.0-1121.131~18.04.1 linux-buildinfo-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-cloud-tools-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-headers-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-image-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-image-unsigned-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-modules-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-modules-extra-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 linux-tools-5.4.0-1121-aws - 5.4.0-1121.131~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-gcp-5.4-headers-5.4.0-1125 - 5.4.0-1125.134~18.04.1 linux-gcp-5.4-tools-5.4.0-1125 - 5.4.0-1125.134~18.04.1 linux-headers-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-image-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-image-unsigned-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-modules-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-modules-extra-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 linux-tools-5.4.0-1125-gcp - 5.4.0-1125.134~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1105.102 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1105.102 linux-image-raspi-hwe-18.04 - 5.4.0.1105.102 linux-image-raspi-hwe-18.04-edge - 5.4.0.1105.102 linux-raspi-hwe-18.04 - 5.4.0.1105.102 linux-raspi-hwe-18.04-edge - 5.4.0.1105.102 linux-tools-raspi-hwe-18.04 - 5.4.0.1105.102 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1105.102 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1121.99 linux-aws-edge - 5.4.0.1121.99 linux-headers-aws - 5.4.0.1121.99 linux-headers-aws-edge - 5.4.0.1121.99 linux-image-aws - 5.4.0.1121.99 linux-image-aws-edge - 5.4.0.1121.99 linux-modules-extra-aws - 5.4.0.1121.99 linux-modules-extra-aws-edge - 5.4.0.1121.99 linux-tools-aws - 5.4.0.1121.99 linux-tools-aws-edge - 5.4.0.1121.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1125.101 linux-gcp-edge - 5.4.0.1125.101 linux-headers-gcp - 5.4.0.1125.101 linux-headers-gcp-edge - 5.4.0.1125.101 linux-image-gcp - 5.4.0.1125.101 linux-image-gcp-edge - 5.4.0.1125.101 linux-modules-extra-gcp - 5.4.0.1125.101 linux-modules-extra-gcp-edge - 5.4.0.1125.101 linux-tools-gcp - 5.4.0.1125.101 linux-tools-gcp-edge - 5.4.0.1125.101 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-23000 CVE-2023-23004 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6708-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: graphviz - 2.40.1-2ubuntu0.1~esm2 graphviz-doc - 2.40.1-2ubuntu0.1~esm2 libcdt5 - 2.40.1-2ubuntu0.1~esm2 libcgraph6 - 2.40.1-2ubuntu0.1~esm2 libgraphviz-dev - 2.40.1-2ubuntu0.1~esm2 libgv-guile - 2.40.1-2ubuntu0.1~esm2 libgv-lua - 2.40.1-2ubuntu0.1~esm2 libgv-perl - 2.40.1-2ubuntu0.1~esm2 libgv-php7 - 2.40.1-2ubuntu0.1~esm2 libgv-ruby - 2.40.1-2ubuntu0.1~esm2 libgv-tcl - 2.40.1-2ubuntu0.1~esm2 libgvc6 - 2.40.1-2ubuntu0.1~esm2 libgvc6-plugins-gtk - 2.40.1-2ubuntu0.1~esm2 libgvpr2 - 2.40.1-2ubuntu0.1~esm2 liblab-gamut1 - 2.40.1-2ubuntu0.1~esm2 libpathplan4 - 2.40.1-2ubuntu0.1~esm2 libxdot4 - 2.40.1-2ubuntu0.1~esm2 python-gv - 2.40.1-2ubuntu0.1~esm2 python3-gv - 2.40.1-2ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-46045 Ubuntu 18.04 LTS It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2023-3446) After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2023-3817) David Benjamin discovered that generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2023-5678) Bahaa Naamneh discovered that processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack. (CVE-2024-0727) Update Instructions: Run `sudo pro fix USN-6709-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.0-dev - 1.0.2n-1ubuntu5.13+esm1 libssl1.0.0 - 1.0.2n-1ubuntu5.13+esm1 openssl1.0 - 1.0.2n-1ubuntu5.13+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Low CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 CVE-2024-0727 Ubuntu 18.04 LTS It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash. Update Instructions: Run `sudo pro fix USN-6715-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libodbc1 - 2.3.4-1.1ubuntu3+esm1 odbcinst - 2.3.4-1.1ubuntu3+esm1 odbcinst1debian2 - 2.3.4-1.1ubuntu3+esm1 unixodbc - 2.3.4-1.1ubuntu3+esm1 unixodbc-dev - 2.3.4-1.1ubuntu3+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-1013 Ubuntu 18.04 LTS Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2021-44879) It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2024-0340) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update Instructions: Run `sudo pro fix USN-6716-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-azure-5.4-cloud-tools-5.4.0-1126 - 5.4.0-1126.133~18.04.1 linux-azure-5.4-headers-5.4.0-1126 - 5.4.0-1126.133~18.04.1 linux-azure-5.4-tools-5.4.0-1126 - 5.4.0-1126.133~18.04.1 linux-buildinfo-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-cloud-tools-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-headers-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-image-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-image-unsigned-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-modules-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-modules-extra-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 linux-tools-5.4.0-1126-azure - 5.4.0-1126.133~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1126.99 linux-azure-edge - 5.4.0.1126.99 linux-cloud-tools-azure - 5.4.0.1126.99 linux-cloud-tools-azure-edge - 5.4.0.1126.99 linux-headers-azure - 5.4.0.1126.99 linux-headers-azure-edge - 5.4.0.1126.99 linux-image-azure - 5.4.0.1126.99 linux-image-azure-edge - 5.4.0.1126.99 linux-modules-extra-azure - 5.4.0.1126.99 linux-modules-extra-azure-edge - 5.4.0.1126.99 linux-signed-azure - 5.4.0.1126.99 linux-signed-azure-edge - 5.4.0.1126.99 linux-signed-image-azure - 5.4.0.1126.99 linux-signed-image-azure-edge - 5.4.0.1126.99 linux-tools-azure - 5.4.0.1126.99 linux-tools-azure-edge - 5.4.0.1126.99 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2021-44879 CVE-2023-22995 CVE-2023-23000 CVE-2023-23004 CVE-2023-4244 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-6121 CVE-2024-0340 CVE-2024-1086 CVE-2024-24855 Ubuntu 18.04 LTS USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service. (CVE-2024-2398) Update Instructions: Run `sudo pro fix USN-6718-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.58.0-2ubuntu3.24+esm4 libcurl3-gnutls - 7.58.0-2ubuntu3.24+esm4 libcurl3-nss - 7.58.0-2ubuntu3.24+esm4 libcurl4 - 7.58.0-2ubuntu3.24+esm4 libcurl4-doc - 7.58.0-2ubuntu3.24+esm4 libcurl4-gnutls-dev - 7.58.0-2ubuntu3.24+esm4 libcurl4-nss-dev - 7.58.0-2ubuntu3.24+esm4 libcurl4-openssl-dev - 7.58.0-2ubuntu3.24+esm4 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-2398 Ubuntu 18.04 LTS It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm7 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm7 xmir - 2:1.19.6-1ubuntu4.15+esm7 xnest - 2:1.19.6-1ubuntu4.15+esm7 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm7 xserver-common - 2:1.19.6-1ubuntu4.15+esm7 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm7 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm7 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm7 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm7 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm7 xvfb - 2:1.19.6-1ubuntu4.15+esm7 xwayland - 2:1.19.6-1ubuntu4.15+esm7 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-31080 CVE-2024-31081 CVE-2024-31082 CVE-2024-31083 Ubuntu 18.04 LTS USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083) Update Instructions: Run `sudo pro fix USN-6721-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: xdmx - 2:1.19.6-1ubuntu4.15+esm8 xdmx-tools - 2:1.19.6-1ubuntu4.15+esm8 xmir - 2:1.19.6-1ubuntu4.15+esm8 xnest - 2:1.19.6-1ubuntu4.15+esm8 xorg-server-source - 2:1.19.6-1ubuntu4.15+esm8 xserver-common - 2:1.19.6-1ubuntu4.15+esm8 xserver-xephyr - 2:1.19.6-1ubuntu4.15+esm8 xserver-xorg-core - 2:1.19.6-1ubuntu4.15+esm8 xserver-xorg-dev - 2:1.19.6-1ubuntu4.15+esm8 xserver-xorg-legacy - 2:1.19.6-1ubuntu4.15+esm8 xserver-xorg-xmir - 2:1.19.6-1ubuntu4.15+esm8 xvfb - 2:1.19.6-1ubuntu4.15+esm8 xwayland - 2:1.19.6-1ubuntu4.15+esm8 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro None https://launchpad.net/bugs/2060354 Ubuntu 18.04 LTS Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) Update Instructions: Run `sudo pro fix USN-6723-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 bind9-doc - 1:9.11.3+dfsg-1ubuntu1.19+esm3 bind9-host - 1:9.11.3+dfsg-1ubuntu1.19+esm3 bind9utils - 1:9.11.3+dfsg-1ubuntu1.19+esm3 dnsutils - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libbind-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libbind-export-dev - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libbind9-160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libdns-export1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libdns1100 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libirs-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libirs160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisc-export169 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisc169 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisccc-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisccc160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisccfg-export160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 libisccfg160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 liblwres160 - 1:9.11.3+dfsg-1ubuntu1.19+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-50387 CVE-2023-50868 Ubuntu 18.04 LTS Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - F2FS file system; - GFS2 file system; - IPv6 Networking; - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443, CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454, CVE-2023-52436, CVE-2023-52438) Update Instructions: Run `sudo pro fix USN-6726-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-headers-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1069.74~18.04.1 linux-ibm-5.4-headers-5.4.0-1069 - 5.4.0-1069.74~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1069.74~18.04.1 linux-ibm-5.4-tools-5.4.0-1069 - 5.4.0-1069.74~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1069.74~18.04.1 linux-image-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-image-unsigned-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-modules-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-modules-extra-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 linux-tools-5.4.0-1069-ibm - 5.4.0-1069.74~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1106-raspi - 5.4.0-1106.118~18.04.1 linux-headers-5.4.0-1106-raspi - 5.4.0-1106.118~18.04.1 linux-image-5.4.0-1106-raspi - 5.4.0-1106.118~18.04.1 linux-modules-5.4.0-1106-raspi - 5.4.0-1106.118~18.04.1 linux-raspi-5.4-headers-5.4.0-1106 - 5.4.0-1106.118~18.04.1 linux-raspi-5.4-tools-5.4.0-1106 - 5.4.0-1106.118~18.04.1 linux-tools-5.4.0-1106-raspi - 5.4.0-1106.118~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-headers-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-image-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-image-unsigned-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-modules-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-modules-extra-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 linux-oracle-5.4-headers-5.4.0-1121 - 5.4.0-1121.130~18.04.1 linux-oracle-5.4-tools-5.4.0-1121 - 5.4.0-1121.130~18.04.1 linux-tools-5.4.0-1121-oracle - 5.4.0-1121.130~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1122 - 5.4.0-1122.132~18.04.1 linux-aws-5.4-headers-5.4.0-1122 - 5.4.0-1122.132~18.04.1 linux-aws-5.4-tools-5.4.0-1122 - 5.4.0-1122.132~18.04.1 linux-buildinfo-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-cloud-tools-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-headers-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-image-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-image-unsigned-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-modules-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-modules-extra-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 linux-tools-5.4.0-1122-aws - 5.4.0-1122.132~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-gcp-5.4-headers-5.4.0-1126 - 5.4.0-1126.135~18.04.1 linux-gcp-5.4-tools-5.4.0-1126 - 5.4.0-1126.135~18.04.1 linux-headers-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-image-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-image-unsigned-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-modules-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-modules-extra-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 linux-tools-5.4.0-1126-gcp - 5.4.0-1126.135~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1127 - 5.4.0-1127.134~18.04.1 linux-azure-5.4-headers-5.4.0-1127 - 5.4.0-1127.134~18.04.1 linux-azure-5.4-tools-5.4.0-1127 - 5.4.0-1127.134~18.04.1 linux-buildinfo-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-cloud-tools-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-headers-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-image-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-image-unsigned-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-modules-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-modules-extra-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 linux-tools-5.4.0-1127-azure - 5.4.0-1127.134~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-buildinfo-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-cloud-tools-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-cloud-tools-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-headers-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-headers-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-175 - 5.4.0-175.195~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-175.195~18.04.1 linux-hwe-5.4-headers-5.4.0-175 - 5.4.0-175.195~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-175.195~18.04.1 linux-hwe-5.4-tools-5.4.0-175 - 5.4.0-175.195~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-175.195~18.04.1 linux-image-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-image-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-image-unsigned-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-image-unsigned-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-modules-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-modules-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 linux-modules-extra-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-tools-5.4.0-175-generic - 5.4.0-175.195~18.04.1 linux-tools-5.4.0-175-lowlatency - 5.4.0-175.195~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1069.79 linux-headers-ibm-edge - 5.4.0.1069.79 linux-ibm - 5.4.0.1069.79 linux-ibm-edge - 5.4.0.1069.79 linux-image-ibm - 5.4.0.1069.79 linux-image-ibm-edge - 5.4.0.1069.79 linux-modules-extra-ibm - 5.4.0.1069.79 linux-modules-extra-ibm-edge - 5.4.0.1069.79 linux-tools-ibm - 5.4.0.1069.79 linux-tools-ibm-edge - 5.4.0.1069.79 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1106.103 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1106.103 linux-image-raspi-hwe-18.04 - 5.4.0.1106.103 linux-image-raspi-hwe-18.04-edge - 5.4.0.1106.103 linux-raspi-hwe-18.04 - 5.4.0.1106.103 linux-raspi-hwe-18.04-edge - 5.4.0.1106.103 linux-tools-raspi-hwe-18.04 - 5.4.0.1106.103 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1106.103 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1121.130~18.04.1 linux-headers-oracle-edge - 5.4.0.1121.130~18.04.1 linux-image-oracle - 5.4.0.1121.130~18.04.1 linux-image-oracle-edge - 5.4.0.1121.130~18.04.1 linux-modules-extra-oracle - 5.4.0.1121.130~18.04.1 linux-modules-extra-oracle-edge - 5.4.0.1121.130~18.04.1 linux-oracle - 5.4.0.1121.130~18.04.1 linux-oracle-edge - 5.4.0.1121.130~18.04.1 linux-signed-image-oracle - 5.4.0.1121.130~18.04.1 linux-signed-image-oracle-edge - 5.4.0.1121.130~18.04.1 linux-signed-oracle - 5.4.0.1121.130~18.04.1 linux-signed-oracle-edge - 5.4.0.1121.130~18.04.1 linux-tools-oracle - 5.4.0.1121.130~18.04.1 linux-tools-oracle-edge - 5.4.0.1121.130~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1122.132~18.04.1 linux-aws-edge - 5.4.0.1122.132~18.04.1 linux-headers-aws - 5.4.0.1122.132~18.04.1 linux-headers-aws-edge - 5.4.0.1122.132~18.04.1 linux-image-aws - 5.4.0.1122.132~18.04.1 linux-image-aws-edge - 5.4.0.1122.132~18.04.1 linux-modules-extra-aws - 5.4.0.1122.132~18.04.1 linux-modules-extra-aws-edge - 5.4.0.1122.132~18.04.1 linux-tools-aws - 5.4.0.1122.132~18.04.1 linux-tools-aws-edge - 5.4.0.1122.132~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1126.135~18.04.1 linux-gcp-edge - 5.4.0.1126.135~18.04.1 linux-headers-gcp - 5.4.0.1126.135~18.04.1 linux-headers-gcp-edge - 5.4.0.1126.135~18.04.1 linux-image-gcp - 5.4.0.1126.135~18.04.1 linux-image-gcp-edge - 5.4.0.1126.135~18.04.1 linux-modules-extra-gcp - 5.4.0.1126.135~18.04.1 linux-modules-extra-gcp-edge - 5.4.0.1126.135~18.04.1 linux-tools-gcp - 5.4.0.1126.135~18.04.1 linux-tools-gcp-edge - 5.4.0.1126.135~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1127.134~18.04.1 linux-azure-edge - 5.4.0.1127.134~18.04.1 linux-cloud-tools-azure - 5.4.0.1127.134~18.04.1 linux-cloud-tools-azure-edge - 5.4.0.1127.134~18.04.1 linux-headers-azure - 5.4.0.1127.134~18.04.1 linux-headers-azure-edge - 5.4.0.1127.134~18.04.1 linux-image-azure - 5.4.0.1127.134~18.04.1 linux-image-azure-edge - 5.4.0.1127.134~18.04.1 linux-modules-extra-azure - 5.4.0.1127.134~18.04.1 linux-modules-extra-azure-edge - 5.4.0.1127.134~18.04.1 linux-signed-azure - 5.4.0.1127.134~18.04.1 linux-signed-azure-edge - 5.4.0.1127.134~18.04.1 linux-signed-image-azure - 5.4.0.1127.134~18.04.1 linux-signed-image-azure-edge - 5.4.0.1127.134~18.04.1 linux-tools-azure - 5.4.0.1127.134~18.04.1 linux-tools-azure-edge - 5.4.0.1127.134~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-generic-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-generic-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-headers-generic-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-headers-generic-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-headers-lowlatency-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-headers-oem - 5.4.0.175.195~18.04.1 linux-headers-oem-osp1 - 5.4.0.175.195~18.04.1 linux-headers-snapdragon-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-headers-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-headers-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-image-extra-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-image-generic-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-image-generic-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-image-lowlatency-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-image-oem - 5.4.0.175.195~18.04.1 linux-image-oem-osp1 - 5.4.0.175.195~18.04.1 linux-image-snapdragon-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-image-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-image-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-lowlatency-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-lowlatency-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-oem - 5.4.0.175.195~18.04.1 linux-oem-osp1 - 5.4.0.175.195~18.04.1 linux-snapdragon-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-snapdragon-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-tools-generic-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-tools-generic-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-tools-lowlatency-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-tools-oem - 5.4.0.175.195~18.04.1 linux-tools-oem-osp1 - 5.4.0.175.195~18.04.1 linux-tools-snapdragon-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-tools-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-tools-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 linux-virtual-hwe-18.04 - 5.4.0.175.195~18.04.1 linux-virtual-hwe-18.04-edge - 5.4.0.175.195~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro High CVE-2023-46838 CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52438 CVE-2023-52439 CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52457 CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52609 CVE-2023-52612 CVE-2024-0607 CVE-2024-23851 CVE-2024-26597 CVE-2024-26633 Ubuntu 18.04 LTS USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709) Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795) Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316) Update Instructions: Run `sudo pro fix USN-6729-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2 - 2.4.29-1ubuntu4.27+esm2 apache2-bin - 2.4.29-1ubuntu4.27+esm2 apache2-data - 2.4.29-1ubuntu4.27+esm2 apache2-dev - 2.4.29-1ubuntu4.27+esm2 apache2-doc - 2.4.29-1ubuntu4.27+esm2 apache2-ssl-dev - 2.4.29-1ubuntu4.27+esm2 apache2-suexec-custom - 2.4.29-1ubuntu4.27+esm2 apache2-suexec-pristine - 2.4.29-1ubuntu4.27+esm2 apache2-utils - 2.4.29-1ubuntu4.27+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 Ubuntu 18.04 LTS It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code. Update Instructions: Run `sudo pro fix USN-6730-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmaven-shared-utils-java - 3.3.0-1ubuntu0.18.04.1~esm1 libmaven-shared-utils-java-doc - 3.3.0-1ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-29599 Ubuntu 18.04 LTS It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17042) It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-1020001) Aviv Keller discovered that the "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. (CVE-2024-27285) Update Instructions: Run `sudo pro fix USN-6731-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: yard - 0.9.12-2ubuntu0.1~esm1 yard-doc - 0.9.12-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2017-17042 CVE-2019-1020001 CVE-2024-27285 Ubuntu 18.04 LTS It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-30588) It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10. (CVE-2023-30589) It was discovered that Node.js incorrectly described the generateKeys() function in the documentation. This inconsistency could possibly lead to security issues in applications that use these APIs. (CVE-2023-30590) Update Instructions: Run `sudo pro fix USN-6735-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: nodejs - 8.10.0~dfsg-2ubuntu0.4+esm5 nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm5 nodejs-doc - 8.10.0~dfsg-2ubuntu0.4+esm5 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Ubuntu 18.04 LTS It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434) Update Instructions: Run `sudo pro fix USN-6736-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.4-9ubuntu2.2+esm1 libklibc - 2.0.4-9ubuntu2.2+esm1 libklibc-dev - 2.0.4-9ubuntu2.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2016-9840 CVE-2016-9841 CVE-2018-25032 CVE-2022-37434 Ubuntu 18.04 LTS Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks. Update Instructions: Run `sudo pro fix USN-6738-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lxd - 3.0.3-0ubuntu1~18.04.2+esm1 lxd-client - 3.0.3-0ubuntu1~18.04.2+esm1 lxd-tools - 3.0.3-0ubuntu1~18.04.2+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-48795 Ubuntu 18.04 LTS Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) It was discovered that the virtio network implementation in the Linux kernel did not properly handle file references in the host, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-1838) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) shanzhulig discovered that the DRM subsystem in the Linux kernel contained a race condition when performing certain operation while handling driver unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51043) It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51779) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) It was discovered that the SCTP protocol implementation in the Linux kernel contained a race condition when handling lock acquisition in certain situations. A local attacker could possibly use this to cause a denial of service (kernel deadlock). (CVE-2024-0639) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - EDAC drivers; - Media drivers; - JFS file system; (CVE-2023-52603, CVE-2023-52464, CVE-2023-52600, CVE-2023-52445, CVE-2023-52451) Update Instructions: Run `sudo pro fix USN-6740-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-4.15.0-1130-oracle - 4.15.0-1130.141 linux-headers-4.15.0-1130-oracle - 4.15.0-1130.141 linux-image-4.15.0-1130-oracle - 4.15.0-1130.141 linux-image-unsigned-4.15.0-1130-oracle - 4.15.0-1130.141 linux-modules-4.15.0-1130-oracle - 4.15.0-1130.141 linux-modules-extra-4.15.0-1130-oracle - 4.15.0-1130.141 linux-oracle-headers-4.15.0-1130 - 4.15.0-1130.141 linux-oracle-tools-4.15.0-1130 - 4.15.0-1130.141 linux-tools-4.15.0-1130-oracle - 4.15.0-1130.141 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1151-kvm - 4.15.0-1151.156 linux-headers-4.15.0-1151-kvm - 4.15.0-1151.156 linux-image-4.15.0-1151-kvm - 4.15.0-1151.156 linux-kvm-headers-4.15.0-1151 - 4.15.0-1151.156 linux-kvm-tools-4.15.0-1151 - 4.15.0-1151.156 linux-modules-4.15.0-1151-kvm - 4.15.0-1151.156 linux-tools-4.15.0-1151-kvm - 4.15.0-1151.156 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-1161-gcp - 4.15.0-1161.178 linux-gcp-4.15-headers-4.15.0-1161 - 4.15.0-1161.178 linux-gcp-4.15-tools-4.15.0-1161 - 4.15.0-1161.178 linux-headers-4.15.0-1161-gcp - 4.15.0-1161.178 linux-image-4.15.0-1161-gcp - 4.15.0-1161.178 linux-image-unsigned-4.15.0-1161-gcp - 4.15.0-1161.178 linux-modules-4.15.0-1161-gcp - 4.15.0-1161.178 linux-modules-extra-4.15.0-1161-gcp - 4.15.0-1161.178 linux-tools-4.15.0-1161-gcp - 4.15.0-1161.178 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-cloud-tools-4.15.0-1167 - 4.15.0-1167.180 linux-aws-headers-4.15.0-1167 - 4.15.0-1167.180 linux-aws-tools-4.15.0-1167 - 4.15.0-1167.180 linux-buildinfo-4.15.0-1167-aws - 4.15.0-1167.180 linux-cloud-tools-4.15.0-1167-aws - 4.15.0-1167.180 linux-headers-4.15.0-1167-aws - 4.15.0-1167.180 linux-image-4.15.0-1167-aws - 4.15.0-1167.180 linux-image-unsigned-4.15.0-1167-aws - 4.15.0-1167.180 linux-modules-4.15.0-1167-aws - 4.15.0-1167.180 linux-modules-extra-4.15.0-1167-aws - 4.15.0-1167.180 linux-tools-4.15.0-1167-aws - 4.15.0-1167.180 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-4.15-cloud-tools-4.15.0-1176 - 4.15.0-1176.191 linux-azure-4.15-headers-4.15.0-1176 - 4.15.0-1176.191 linux-azure-4.15-tools-4.15.0-1176 - 4.15.0-1176.191 linux-buildinfo-4.15.0-1176-azure - 4.15.0-1176.191 linux-cloud-tools-4.15.0-1176-azure - 4.15.0-1176.191 linux-headers-4.15.0-1176-azure - 4.15.0-1176.191 linux-image-4.15.0-1176-azure - 4.15.0-1176.191 linux-image-unsigned-4.15.0-1176-azure - 4.15.0-1176.191 linux-modules-4.15.0-1176-azure - 4.15.0-1176.191 linux-modules-extra-4.15.0-1176-azure - 4.15.0-1176.191 linux-tools-4.15.0-1176-azure - 4.15.0-1176.191 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-4.15.0-224-generic - 4.15.0-224.236 linux-buildinfo-4.15.0-224-lowlatency - 4.15.0-224.236 linux-cloud-tools-4.15.0-224 - 4.15.0-224.236 linux-cloud-tools-4.15.0-224-generic - 4.15.0-224.236 linux-cloud-tools-4.15.0-224-lowlatency - 4.15.0-224.236 linux-cloud-tools-common - 4.15.0-224.236 linux-doc - 4.15.0-224.236 linux-headers-4.15.0-224 - 4.15.0-224.236 linux-headers-4.15.0-224-generic - 4.15.0-224.236 linux-headers-4.15.0-224-lowlatency - 4.15.0-224.236 linux-image-4.15.0-224-generic - 4.15.0-224.236 linux-image-4.15.0-224-lowlatency - 4.15.0-224.236 linux-image-unsigned-4.15.0-224-generic - 4.15.0-224.236 linux-image-unsigned-4.15.0-224-lowlatency - 4.15.0-224.236 linux-libc-dev - 4.15.0-224.236 linux-modules-4.15.0-224-generic - 4.15.0-224.236 linux-modules-4.15.0-224-lowlatency - 4.15.0-224.236 linux-modules-extra-4.15.0-224-generic - 4.15.0-224.236 linux-source-4.15.0 - 4.15.0-224.236 linux-tools-4.15.0-224 - 4.15.0-224.236 linux-tools-4.15.0-224-generic - 4.15.0-224.236 linux-tools-4.15.0-224-lowlatency - 4.15.0-224.236 linux-tools-common - 4.15.0-224.236 linux-tools-host - 4.15.0-224.236 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle-lts-18.04 - 4.15.0.1130.135 linux-image-oracle-lts-18.04 - 4.15.0.1130.135 linux-oracle-lts-18.04 - 4.15.0.1130.135 linux-signed-image-oracle-lts-18.04 - 4.15.0.1130.135 linux-signed-oracle-lts-18.04 - 4.15.0.1130.135 linux-tools-oracle-lts-18.04 - 4.15.0.1130.135 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-kvm - 4.15.0.1151.142 linux-image-kvm - 4.15.0.1151.142 linux-kvm - 4.15.0.1151.142 linux-tools-kvm - 4.15.0.1151.142 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp-lts-18.04 - 4.15.0.1161.174 linux-headers-gcp-lts-18.04 - 4.15.0.1161.174 linux-image-gcp-lts-18.04 - 4.15.0.1161.174 linux-modules-extra-gcp-lts-18.04 - 4.15.0.1161.174 linux-tools-gcp-lts-18.04 - 4.15.0.1161.174 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-lts-18.04 - 4.15.0.1167.165 linux-headers-aws-lts-18.04 - 4.15.0.1167.165 linux-image-aws-lts-18.04 - 4.15.0.1167.165 linux-modules-extra-aws-lts-18.04 - 4.15.0.1167.165 linux-tools-aws-lts-18.04 - 4.15.0.1167.165 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-lts-18.04 - 4.15.0.1176.144 linux-cloud-tools-azure-lts-18.04 - 4.15.0.1176.144 linux-headers-azure-lts-18.04 - 4.15.0.1176.144 linux-image-azure-lts-18.04 - 4.15.0.1176.144 linux-modules-extra-azure-lts-18.04 - 4.15.0.1176.144 linux-signed-azure-lts-18.04 - 4.15.0.1176.144 linux-signed-image-azure-lts-18.04 - 4.15.0.1176.144 linux-tools-azure-lts-18.04 - 4.15.0.1176.144 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic - 4.15.0.224.208 linux-cloud-tools-generic-hwe-16.04 - 4.15.0.224.208 linux-cloud-tools-generic-hwe-16.04-edge - 4.15.0.224.208 linux-cloud-tools-lowlatency - 4.15.0.224.208 linux-cloud-tools-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-cloud-tools-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-cloud-tools-virtual - 4.15.0.224.208 linux-cloud-tools-virtual-hwe-16.04 - 4.15.0.224.208 linux-cloud-tools-virtual-hwe-16.04-edge - 4.15.0.224.208 linux-crashdump - 4.15.0.224.208 linux-generic - 4.15.0.224.208 linux-generic-hwe-16.04 - 4.15.0.224.208 linux-generic-hwe-16.04-edge - 4.15.0.224.208 linux-headers-generic - 4.15.0.224.208 linux-headers-generic-hwe-16.04 - 4.15.0.224.208 linux-headers-generic-hwe-16.04-edge - 4.15.0.224.208 linux-headers-lowlatency - 4.15.0.224.208 linux-headers-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-headers-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-headers-virtual - 4.15.0.224.208 linux-headers-virtual-hwe-16.04 - 4.15.0.224.208 linux-headers-virtual-hwe-16.04-edge - 4.15.0.224.208 linux-image-extra-virtual - 4.15.0.224.208 linux-image-extra-virtual-hwe-16.04 - 4.15.0.224.208 linux-image-extra-virtual-hwe-16.04-edge - 4.15.0.224.208 linux-image-generic - 4.15.0.224.208 linux-image-generic-hwe-16.04 - 4.15.0.224.208 linux-image-generic-hwe-16.04-edge - 4.15.0.224.208 linux-image-lowlatency - 4.15.0.224.208 linux-image-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-image-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-image-virtual - 4.15.0.224.208 linux-image-virtual-hwe-16.04 - 4.15.0.224.208 linux-image-virtual-hwe-16.04-edge - 4.15.0.224.208 linux-lowlatency - 4.15.0.224.208 linux-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-signed-generic - 4.15.0.224.208 linux-signed-generic-hwe-16.04 - 4.15.0.224.208 linux-signed-generic-hwe-16.04-edge - 4.15.0.224.208 linux-signed-image-generic - 4.15.0.224.208 linux-signed-image-generic-hwe-16.04 - 4.15.0.224.208 linux-signed-image-generic-hwe-16.04-edge - 4.15.0.224.208 linux-signed-image-lowlatency - 4.15.0.224.208 linux-signed-image-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-signed-image-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-signed-lowlatency - 4.15.0.224.208 linux-signed-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-signed-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-source - 4.15.0.224.208 linux-tools-generic - 4.15.0.224.208 linux-tools-generic-hwe-16.04 - 4.15.0.224.208 linux-tools-generic-hwe-16.04-edge - 4.15.0.224.208 linux-tools-lowlatency - 4.15.0.224.208 linux-tools-lowlatency-hwe-16.04 - 4.15.0.224.208 linux-tools-lowlatency-hwe-16.04-edge - 4.15.0.224.208 linux-tools-virtual - 4.15.0.224.208 linux-tools-virtual-hwe-16.04 - 4.15.0.224.208 linux-tools-virtual-hwe-16.04-edge - 4.15.0.224.208 linux-virtual - 4.15.0.224.208 linux-virtual-hwe-16.04 - 4.15.0.224.208 linux-virtual-hwe-16.04-edge - 4.15.0.224.208 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-1382 CVE-2023-1838 CVE-2023-1998 CVE-2023-24023 CVE-2023-51043 CVE-2023-51779 CVE-2023-52429 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52600 CVE-2023-52603 CVE-2023-6915 CVE-2024-0639 CVE-2024-23851 Ubuntu 18.04 LTS Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. (CVE-2023-24023) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; (CVE-2023-52603, CVE-2023-52600, CVE-2024-26581, CVE-2024-26589) Update Instructions: Run `sudo pro fix USN-6741-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-headers-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-ibm-5.4-cloud-tools-common - 5.4.0-1070.75~18.04.1 linux-ibm-5.4-headers-5.4.0-1070 - 5.4.0-1070.75~18.04.1 linux-ibm-5.4-source-5.4.0 - 5.4.0-1070.75~18.04.1 linux-ibm-5.4-tools-5.4.0-1070 - 5.4.0-1070.75~18.04.1 linux-ibm-5.4-tools-common - 5.4.0-1070.75~18.04.1 linux-image-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-image-unsigned-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-modules-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-modules-extra-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 linux-tools-5.4.0-1070-ibm - 5.4.0-1070.75~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1107-raspi - 5.4.0-1107.119~18.04.1 linux-headers-5.4.0-1107-raspi - 5.4.0-1107.119~18.04.1 linux-image-5.4.0-1107-raspi - 5.4.0-1107.119~18.04.1 linux-modules-5.4.0-1107-raspi - 5.4.0-1107.119~18.04.1 linux-raspi-5.4-headers-5.4.0-1107 - 5.4.0-1107.119~18.04.1 linux-raspi-5.4-tools-5.4.0-1107 - 5.4.0-1107.119~18.04.1 linux-tools-5.4.0-1107-raspi - 5.4.0-1107.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-headers-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-image-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-image-unsigned-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-modules-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-modules-extra-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 linux-oracle-5.4-headers-5.4.0-1122 - 5.4.0-1122.131~18.04.1 linux-oracle-5.4-tools-5.4.0-1122 - 5.4.0-1122.131~18.04.1 linux-tools-5.4.0-1122-oracle - 5.4.0-1122.131~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws-5.4-cloud-tools-5.4.0-1123 - 5.4.0-1123.133~18.04.1 linux-aws-5.4-headers-5.4.0-1123 - 5.4.0-1123.133~18.04.1 linux-aws-5.4-tools-5.4.0-1123 - 5.4.0-1123.133~18.04.1 linux-buildinfo-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-cloud-tools-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-headers-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-image-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-image-unsigned-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-modules-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-modules-extra-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 linux-tools-5.4.0-1123-aws - 5.4.0-1123.133~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-gcp-5.4-headers-5.4.0-1127 - 5.4.0-1127.136~18.04.1 linux-gcp-5.4-tools-5.4.0-1127 - 5.4.0-1127.136~18.04.1 linux-headers-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-image-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-image-unsigned-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-modules-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-modules-extra-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 linux-tools-5.4.0-1127-gcp - 5.4.0-1127.136~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure-5.4-cloud-tools-5.4.0-1128 - 5.4.0-1128.135~18.04.1 linux-azure-5.4-headers-5.4.0-1128 - 5.4.0-1128.135~18.04.1 linux-azure-5.4-tools-5.4.0-1128 - 5.4.0-1128.135~18.04.1 linux-buildinfo-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-cloud-tools-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-headers-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-image-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-image-unsigned-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-modules-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-modules-extra-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 linux-tools-5.4.0-1128-azure - 5.4.0-1128.135~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-buildinfo-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-buildinfo-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-cloud-tools-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-cloud-tools-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-headers-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-headers-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-hwe-5.4-cloud-tools-5.4.0-177 - 5.4.0-177.197~18.04.1 linux-hwe-5.4-cloud-tools-common - 5.4.0-177.197~18.04.1 linux-hwe-5.4-headers-5.4.0-177 - 5.4.0-177.197~18.04.1 linux-hwe-5.4-source-5.4.0 - 5.4.0-177.197~18.04.1 linux-hwe-5.4-tools-5.4.0-177 - 5.4.0-177.197~18.04.1 linux-hwe-5.4-tools-common - 5.4.0-177.197~18.04.1 linux-image-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-image-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-image-unsigned-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-image-unsigned-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-modules-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-modules-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 linux-modules-extra-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-tools-5.4.0-177-generic - 5.4.0-177.197~18.04.1 linux-tools-5.4.0-177-lowlatency - 5.4.0-177.197~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-ibm - 5.4.0.1070.75~18.04.1 linux-headers-ibm-edge - 5.4.0.1070.75~18.04.1 linux-ibm - 5.4.0.1070.75~18.04.1 linux-ibm-edge - 5.4.0.1070.75~18.04.1 linux-image-ibm - 5.4.0.1070.75~18.04.1 linux-image-ibm-edge - 5.4.0.1070.75~18.04.1 linux-modules-extra-ibm - 5.4.0.1070.75~18.04.1 linux-modules-extra-ibm-edge - 5.4.0.1070.75~18.04.1 linux-tools-ibm - 5.4.0.1070.75~18.04.1 linux-tools-ibm-edge - 5.4.0.1070.75~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-raspi-hwe-18.04 - 5.4.0.1107.119~18.04.1 linux-headers-raspi-hwe-18.04-edge - 5.4.0.1107.119~18.04.1 linux-image-raspi-hwe-18.04 - 5.4.0.1107.119~18.04.1 linux-image-raspi-hwe-18.04-edge - 5.4.0.1107.119~18.04.1 linux-raspi-hwe-18.04 - 5.4.0.1107.119~18.04.1 linux-raspi-hwe-18.04-edge - 5.4.0.1107.119~18.04.1 linux-tools-raspi-hwe-18.04 - 5.4.0.1107.119~18.04.1 linux-tools-raspi-hwe-18.04-edge - 5.4.0.1107.119~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-headers-oracle - 5.4.0.1122.131~18.04.1 linux-headers-oracle-edge - 5.4.0.1122.131~18.04.1 linux-image-oracle - 5.4.0.1122.131~18.04.1 linux-image-oracle-edge - 5.4.0.1122.131~18.04.1 linux-modules-extra-oracle - 5.4.0.1122.131~18.04.1 linux-modules-extra-oracle-edge - 5.4.0.1122.131~18.04.1 linux-oracle - 5.4.0.1122.131~18.04.1 linux-oracle-edge - 5.4.0.1122.131~18.04.1 linux-signed-image-oracle - 5.4.0.1122.131~18.04.1 linux-signed-image-oracle-edge - 5.4.0.1122.131~18.04.1 linux-signed-oracle - 5.4.0.1122.131~18.04.1 linux-signed-oracle-edge - 5.4.0.1122.131~18.04.1 linux-tools-oracle - 5.4.0.1122.131~18.04.1 linux-tools-oracle-edge - 5.4.0.1122.131~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-aws - 5.4.0.1123.133~18.04.1 linux-aws-edge - 5.4.0.1123.133~18.04.1 linux-headers-aws - 5.4.0.1123.133~18.04.1 linux-headers-aws-edge - 5.4.0.1123.133~18.04.1 linux-image-aws - 5.4.0.1123.133~18.04.1 linux-image-aws-edge - 5.4.0.1123.133~18.04.1 linux-modules-extra-aws - 5.4.0.1123.133~18.04.1 linux-modules-extra-aws-edge - 5.4.0.1123.133~18.04.1 linux-tools-aws - 5.4.0.1123.133~18.04.1 linux-tools-aws-edge - 5.4.0.1123.133~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-gcp - 5.4.0.1127.136~18.04.1 linux-gcp-edge - 5.4.0.1127.136~18.04.1 linux-headers-gcp - 5.4.0.1127.136~18.04.1 linux-headers-gcp-edge - 5.4.0.1127.136~18.04.1 linux-image-gcp - 5.4.0.1127.136~18.04.1 linux-image-gcp-edge - 5.4.0.1127.136~18.04.1 linux-modules-extra-gcp - 5.4.0.1127.136~18.04.1 linux-modules-extra-gcp-edge - 5.4.0.1127.136~18.04.1 linux-tools-gcp - 5.4.0.1127.136~18.04.1 linux-tools-gcp-edge - 5.4.0.1127.136~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-azure - 5.4.0.1128.135~18.04.1 linux-azure-edge - 5.4.0.1128.135~18.04.1 linux-cloud-tools-azure - 5.4.0.1128.135~18.04.1 linux-cloud-tools-azure-edge - 5.4.0.1128.135~18.04.1 linux-headers-azure - 5.4.0.1128.135~18.04.1 linux-headers-azure-edge - 5.4.0.1128.135~18.04.1 linux-image-azure - 5.4.0.1128.135~18.04.1 linux-image-azure-edge - 5.4.0.1128.135~18.04.1 linux-modules-extra-azure - 5.4.0.1128.135~18.04.1 linux-modules-extra-azure-edge - 5.4.0.1128.135~18.04.1 linux-signed-azure - 5.4.0.1128.135~18.04.1 linux-signed-azure-edge - 5.4.0.1128.135~18.04.1 linux-signed-image-azure - 5.4.0.1128.135~18.04.1 linux-signed-image-azure-edge - 5.4.0.1128.135~18.04.1 linux-tools-azure - 5.4.0.1128.135~18.04.1 linux-tools-azure-edge - 5.4.0.1128.135~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro linux-cloud-tools-generic-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-cloud-tools-generic-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-cloud-tools-lowlatency-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-cloud-tools-lowlatency-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-cloud-tools-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-cloud-tools-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-generic-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-generic-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-headers-generic-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-headers-generic-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-headers-lowlatency-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-headers-lowlatency-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-headers-oem - 5.4.0.177.197~18.04.1 linux-headers-oem-osp1 - 5.4.0.177.197~18.04.1 linux-headers-snapdragon-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-headers-snapdragon-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-headers-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-headers-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-image-extra-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-image-extra-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-image-generic-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-image-generic-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-image-lowlatency-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-image-lowlatency-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-image-oem - 5.4.0.177.197~18.04.1 linux-image-oem-osp1 - 5.4.0.177.197~18.04.1 linux-image-snapdragon-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-image-snapdragon-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-image-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-image-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-lowlatency-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-lowlatency-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-modules-extra-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-modules-extra-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-oem - 5.4.0.177.197~18.04.1 linux-oem-osp1 - 5.4.0.177.197~18.04.1 linux-snapdragon-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-snapdragon-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-tools-generic-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-tools-generic-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-tools-lowlatency-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-tools-lowlatency-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-tools-oem - 5.4.0.177.197~18.04.1 linux-tools-oem-osp1 - 5.4.0.177.197~18.04.1 linux-tools-snapdragon-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-tools-snapdragon-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-tools-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-tools-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 linux-virtual-hwe-18.04 - 5.4.0.177.197~18.04.1 linux-virtual-hwe-18.04-edge - 5.4.0.177.197~18.04.1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2023-24023 CVE-2023-52600 CVE-2023-52603 CVE-2024-26581 CVE-2024-26589 Ubuntu 18.04 LTS Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6744-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pil - 5.1.0-1ubuntu0.8+esm1 python-pil-doc - 5.1.0-1ubuntu0.8+esm1 python-pil.imagetk - 5.1.0-1ubuntu0.8+esm1 python3-pil - 5.1.0-1ubuntu0.8+esm1 python3-pil.imagetk - 5.1.0-1ubuntu0.8+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-28219 Ubuntu 18.04 LTS It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution. Update Instructions: Run `sudo pro fix USN-6745-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: percona-xtrabackup - 2.4.9-0ubuntu2+esm1 percona-xtrabackup-test - 2.4.9-0ubuntu2+esm1 xtrabackup - 2.4.9-0ubuntu2+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-25834 Ubuntu 18.04 LTS It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230) Update Instructions: Run `sudo pro fix USN-6751-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: zabbix-agent - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-frontend-php - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-java-gateway - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-proxy-mysql - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-proxy-pgsql - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-proxy-sqlite3 - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-server-mysql - 1:3.0.12+dfsg-1ubuntu0.1~esm4 zabbix-server-pgsql - 1:3.0.12+dfsg-1ubuntu0.1~esm4 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-35229 CVE-2022-35230 Ubuntu 18.04 LTS Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information. Update Instructions: Run `sudo pro fix USN-6753-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libjs-cryptojs - 3.1.2+dfsg-2ubuntu0.18.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2023-46233 Ubuntu 18.04 LTS It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182) Update Instructions: Run `sudo pro fix USN-6754-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.30.0-1ubuntu1+esm2 libnghttp2-dev - 1.30.0-1ubuntu1+esm2 libnghttp2-doc - 1.30.0-1ubuntu1+esm2 nghttp2 - 1.30.0-1ubuntu1+esm2 nghttp2-client - 1.30.0-1ubuntu1+esm2 nghttp2-proxy - 1.30.0-1ubuntu1+esm2 nghttp2-server - 1.30.0-1ubuntu1+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2019-9511 CVE-2019-9513 CVE-2023-44487 CVE-2024-28182 Ubuntu 18.04 LTS It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run `sudo pro fix USN-6756-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less - 487-0.1ubuntu0.1~esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2024-32487 Ubuntu 18.04 LTS It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-4900) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass. (CVE-2024-2756) It was discovered that PHP incorrectly handled some passwords. An attacker could possibly use this issue to cause an account takeover attack. (CVE-2024-3096) Update Instructions: Run `sudo pro fix USN-6757-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.17+esm3 libphp7.2-embed - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2 - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-bcmath - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-bz2 - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-cgi - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-cli - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-common - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-curl - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-dba - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-dev - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-enchant - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-fpm - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-gd - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-gmp - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-imap - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-interbase - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-intl - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-json - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-ldap - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-mbstring - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-mysql - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-odbc - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-opcache - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-pgsql - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-phpdbg - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-pspell - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-readline - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-recode - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-snmp - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-soap - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-sqlite3 - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-sybase - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-tidy - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-xml - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-xsl - 7.2.24-0ubuntu0.18.04.17+esm3 php7.2-zip - 7.2.24-0ubuntu0.18.04.17+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2022-4900 CVE-2024-2756 CVE-2024-3096 Ubuntu 18.04 LTS It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \_\_proto\_\_. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network services or have other unspecified impact, depending on the application's use of the module. Update Instructions: Run `sudo pro fix USN-6758-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: node-json5 - 0.5.1-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2022-46175 Ubuntu 18.04 LTS George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service (application crash). Update Instructions: Run `sudo pro fix USN-6760-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gerbv - 2.6.1-3ubuntu0.1~esm2 Available with Ubuntu Pro: https://ubuntu.com/pro Low CVE-2023-4508 Ubuntu 18.04 LTS It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password. Update Instructions: Run `sudo pro fix USN-6761-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: anope - 2.0.4-2ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2024-30187 Ubuntu 18.04 LTS It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984) It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-20109) It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-11236) It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999) Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-2961) Update Instructions: Run `sudo pro fix USN-6762-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.27-3ubuntu1.6+esm2 glibc-source - 2.27-3ubuntu1.6+esm2 libc-bin - 2.27-3ubuntu1.6+esm2 libc-dev-bin - 2.27-3ubuntu1.6+esm2 libc6 - 2.27-3ubuntu1.6+esm2 libc6-amd64 - 2.27-3ubuntu1.6+esm2 libc6-armel - 2.27-3ubuntu1.6+esm2 libc6-dev - 2.27-3ubuntu1.6+esm2 libc6-dev-amd64 - 2.27-3ubuntu1.6+esm2 libc6-dev-armel - 2.27-3ubuntu1.6+esm2 libc6-dev-i386 - 2.27-3ubuntu1.6+esm2 libc6-dev-s390 - 2.27-3ubuntu1.6+esm2 libc6-dev-x32 - 2.27-3ubuntu1.6+esm2 libc6-i386 - 2.27-3ubuntu1.6+esm2 libc6-lse - 2.27-3ubuntu1.6+esm2 libc6-pic - 2.27-3ubuntu1.6+esm2 libc6-s390 - 2.27-3ubuntu1.6+esm2 libc6-x32 - 2.27-3ubuntu1.6+esm2 locales - 2.27-3ubuntu1.6+esm2 locales-all - 2.27-3ubuntu1.6+esm2 multiarch-support - 2.27-3ubuntu1.6+esm2 nscd - 2.27-3ubuntu1.6+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro Medium CVE-2014-9984 CVE-2015-20109 CVE-2018-11236 CVE-2021-3999 CVE-2024-2961 https://launchpad.net/bugs/2063328 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 . manifest 1 2.4.29-1ubuntu4.1 5.7.22-0ubuntu18.04.1 9.22~dfsg+1-0ubuntu1.1 5.1.0-2ubuntu1.1 0.18.8-1ubuntu0.1 2.20.2-0ubuntu0.18.04.1 17.11.2-1ubuntu0.1 1.19.4-1ubuntu2.1 60.0+build2-0ubuntu1 60.0.1+build2-0ubuntu0.18.04.1 7.2.5-0ubuntu0.18.04.1 0.62.0-2ubuntu2.1 7.58.0-2ubuntu3.1 1:2.11+dfsg-1ubuntu7.1 1.1.2-1ubuntu2.2 1:2.11+dfsg-1ubuntu7.2 4.15.0-1006.9 4.15.0-1008.8 4.15.0-1009.9 4.15.0-1010.10 4.15.0-1012.12 4.15.0-22.24 2:3.3.12-3ubuntu1.1 0.14.0-1ubuntu2.1 1:52.8.0+build1-0ubuntu0.18.04.1 1.8.8-1ubuntu0.1 2.20.9-0ubuntu7.1 8.5.30-1ubuntu1.2 3.5.0-1ubuntu0.1 1:2.17.1-1ubuntu0.1 3.5.0-1ubuntu0.2 1.6.7-1ubuntu2.1 2.2.4-1ubuntu1.1 4.15.0-1009.9 4.15.0-1010.10 4.15.0-1011.11 4.15.0-23.25 4.15.0-1013.13 4.15.0-1012.13 1:2.11+dfsg-1ubuntu7.3 4.0.0-1ubuntu8.2 8:6.9.7.4+dfsg-16ubuntu6.2 60.0.2+build1-0ubuntu0.18.04.1 1:9.11.3+dfsg-1ubuntu1.1 5.26.1-6ubuntu0.1 1:5.32-2ubuntu0.1 2.20.3-0ubuntu0.18.04.1 52.8.1-0ubuntu0.18.04.1 1.5.4-3+really1.8.1-4ubuntu1.1 1.8.1-4ubuntu1.1 3.20180524.1~ubuntu0.18.04.1 1.0.2n-1ubuntu5.1 1.1.0g-2ubuntu4.1 4.15.0-1009.12 4.15.0-1010.10 4.15.0-1011.11 4.15.0-1012.12 4.15.0-1013.14 4.15.0-1014.14 4.15.0-24.26 0.13.62-3.1ubuntu0.18.04.1 0.25-3.1ubuntu0.18.04.1 2.62.1-1ubuntu0.1 7.2.7-0ubuntu0.18.04.1 7.2.7-0ubuntu0.18.04.2 1.60-1ubuntu0.1 2.17.12ubuntu1.1 61.0+build3-0ubuntu0.18.04.1 61.0.1+build1-0ubuntu0.18.04.1 1.5.2-0ubuntu5.18.04.1 1:4.2.8p10+dfsg-5ubuntu7.1 1.4.5-1ubuntu0.1 7.58.0-2ubuntu3.2 8:6.9.7.4+dfsg-16ubuntu6.3 1.6.34-1ubuntu0.18.04.1 2.2.7-1ubuntu2.1 1:52.9.1+build3-0ubuntu0.18.04.1 0.105-20ubuntu0.18.04.1 4.15.0-1012.15 4.15.0-1014.14 4.15.0-1016.16 4.15.0-1018.18 4.15.0-29.31 1.9.4-3ubuntu0.1 2.1.4-1ubuntu1.2 0.100.1+dfsg-1ubuntu0.18.04.1 0.100.1+dfsg-1ubuntu0.18.04.2 0.100.1+dfsg-1ubuntu0.18.04.3 5.7.23-0ubuntu0.18.04.1 1:1.11.11-1ubuntu1.1 0.6-3ubuntu0.1 3.0.1-0ubuntu1~18.04.2 4.8.1-1ubuntu0.1 4.15.0-1013.16 4.15.0-1015.15 4.15.0-1017.17 4.15.0-1018.19 4.15.0-1019.19 4.15.0-30.32 3.2.2-3.1ubuntu0.1 3.28.2-0ubuntu1.4 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 2.9.4+dfsg1-6.1ubuntu1.2 4.15.0-1015.18 4.15.0-1017.18 4.15.0-1019.19 4.15.0-1020.22 4.15.0-1021.21 4.15.0-32.35 2.20.5-0ubuntu0.18.04.1 10.5-0ubuntu0.18.04 2:2.6-15ubuntu2.1 1.6.3ubuntu0.1 10.0.2+13-1ubuntu0.18.04.1 10.0.2+13-1ubuntu0.18.04.2 10.1ubuntu2.2 52.9.1-0ubuntu0.18.04.1 1.40.14-1ubuntu0.1 0.14.0-1ubuntu2.2 4.15.0-1018.19 4.15.0-1020.20 4.15.0-1021.23 4.15.0-33.36 4.15.0-1017.20 4.15.0-1022.23 2.2.5-4ubuntu0.2 3.20180807a.0ubuntu0.18.04.1 0.62.0-2ubuntu2.2 2:1.6.4-3ubuntu0.1 0.2.5-1.2ubuntu0.1 62.0+build2-0ubuntu0.18.04.3 62.0+build2-0ubuntu0.18.04.4 62.0+build2-0ubuntu0.18.04.5 4.15.0-1019.20 4.15.0-1021.21 4.15.0-1022.24 4.15.0-1023.24 4.15.0-34.37 5.4.2-3ubuntu3.1 7.58.0-2ubuntu3.3 7.2.10-0ubuntu0.18.04.1 2.56.2-0ubuntu0.18.04.2 9.22~dfsg+1-0ubuntu1.2 1:9.11.3+dfsg-1ubuntu1.2 2.9-1ubuntu0.1 5.6.2-1ubuntu2.2 2.7.6-3ubuntu0.2 9.25~dfsg+1-0ubuntu0.18.04.1 5.6.2-1ubuntu2.3 4.15.0-1021.22 4.15.0-1021.24 4.15.0-1023.23 4.15.0-1024.26 4.15.0-36.39 4.15.0-1025.26 62.0.3+build1-0ubuntu0.18.04.1 1.8.8-1ubuntu0.2 2.22.2-0ubuntu0.18.04.1 2.22.2-0ubuntu0.18.04.2 3.5.0-1ubuntu0.3 2.4.29-1ubuntu4.4 2.12-4ubuntu5.1 8:6.9.7.4+dfsg-16ubuntu6.4 0.8.0-1ubuntu0.1 2017.20170613.44572-8ubuntu0.1 0.100.2+dfsg-1ubuntu0.18.04.1 2.18.4-2ubuntu0.1 1:2.17.1-1ubuntu0.3 5.7.3+dfsg-1.8ubuntu3.1 1:60.2.1+build1-0ubuntu0.18.04.2 1.9.9-1ubuntu1.1 0.8.0~20170825.94fa1e38-1ubuntu0.1 0.8.0~20170825.94fa1e38-1ubuntu0.2 2.0.0-1ubuntu1.1 5.7.24-0ubuntu0.18.04.1 63.0+build2-0ubuntu0.18.04.2 63.0.3+build1-0ubuntu0.18.04.1 2:1.19.6-1ubuntu4.2 9.25~dfsg+1-0ubuntu0.18.04.2 10.0.2+13-1ubuntu0.18.04.3 7.58.0-2ubuntu3.5 237-3ubuntu10.4 1.10.6-2ubuntu1.1 2.5.1-1ubuntu1.1 1:7.6p1-4ubuntu0.1 1:7.6p1-4ubuntu0.5 2.4.7-2+2ubuntu1.1 3.4.2-0ubuntu0.18.04.1 1.14.0-0ubuntu1.2 0.6-3ubuntu0.2 0.19.8.1-6ubuntu0.1 237-3ubuntu10.6 237-3ubuntu10.9 2.7.15~rc1-1ubuntu0.1 10.6-0ubuntu0.18.04.1 4.15.0-1024.25 4.15.0-1026.26 4.15.0-1026.31 4.15.0-1027.27 4.15.0-1028.30 4.15.0-1031.32 4.15.0-39.42 2.0.10-2ubuntu3.18.04.1 1:2.11+dfsg-1ubuntu7.8 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 2.22.4-0ubuntu0.18.04.1 1:2.17.1-1ubuntu0.4 10.0.2+13-1ubuntu0.18.04.4 9.26~dfsg+0-0ubuntu0.18.04.1 9.26~dfsg+0-0ubuntu0.18.04.3 4.15.0-1029.30 5.26.1-6ubuntu0.3 4.15.0-1025.26 4.15.0-1027.27 4.15.0-1029.31 4.15.0-42.45 0.62.0-2ubuntu2.4 0.62.0-2ubuntu2.5 0.18.8-1ubuntu0.2 5.1.0-2ubuntu1.2 1.0.2n-1ubuntu5.2 1.1.0g-2ubuntu4.3 4.2.1-1ubuntu0.1 2.2.7-1ubuntu2.2 64.0+build3-0ubuntu0.18.04.1 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 4.15.0-1026.27 4.15.0-1028.28 4.15.0-1030.32 4.15.0-1030.35 4.15.0-1031.33 4.15.0-1036.38 4.15.0-43.46 2:3.35-2ubuntu2.1 1:1.11.11-1ubuntu1.2 0.25-3.1ubuntu0.18.04.2 2.2.4-1ubuntu1.2 2.22.5-0ubuntu0.18.04.1 237-3ubuntu10.11 3.28.0-2ubuntu0.1 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 1.8.8-1ubuntu0.3 3.2.2-3.1ubuntu0.2 0.99.beta19-2ubuntu0.18.04.1 0.105-20ubuntu0.18.04.4 1.0.5-1ubuntu4.1 1.6.6ubuntu0.1 4.0.9-5ubuntu0.1 0.62.0-2ubuntu2.6 9.26~dfsg+0-0ubuntu0.18.04.4 9.26~dfsg+0-0ubuntu0.18.04.5 9.26~dfsg+0-0ubuntu0.18.04.7 5.7.25-0ubuntu0.18.04.2 1:60.4.0+build2-0ubuntu0.18.04.1 0.14.0-1ubuntu2.4 4.15.0-44.47 4.15.0-45.48 4.15.0-1027.28 4.15.0-1029.29 4.15.0-1031.33 4.15.0-1032.34 4.15.0-1033.38 4.15.0-1037.39 4.18.0-14.15~18.04.1 2.9.2-0ubuntu0.18.04.3 65.0+build2-0ubuntu0.18.04.1 0.7-3.1ubuntu1.2 0.9.11+dfsg-1ubuntu1.1 4.18.0-15.16~18.04.1 1:2.2.33.2-1ubuntu4.2 7.58.0-2ubuntu3.6 3.2.2-3.1ubuntu0.3 1:7.6p1-4ubuntu0.2 1:7.6p1-4ubuntu0.3 0.62.0-2ubuntu2.7 2.34.2+18.04.1 1.36.1-0ubuntu1.3 2.22.6-0ubuntu0.18.04.1 1:1.11.11-1ubuntu1.3 237-3ubuntu10.13 3.28.3-0ubuntu18.04.4 1:9.11.3+dfsg-1ubuntu1.5 2:1.2.3-1ubuntu0.1 65.0.1+build2-0ubuntu0.18.04.1 1:60.5.1+build2-0ubuntu0.18.04.1 2:3.35-2ubuntu2.2 1.0.2n-1ubuntu5.3 2.2.5-4ubuntu0.3 4.15.0-1009.11 4.15.0-1028.29 4.15.0-1030.30 4.15.0-1032.34 4.15.0-1033.35 4.15.0-1034.39 4.15.0-46.49 4.18.0-1013.13~18.04.1 4.18.0-16.17~18.04.1 390.116-0ubuntu0.18.04.1 0.62.0-2ubuntu2.8 4.0.9-5ubuntu0.2 2.2.32-0ubuntu1~18.04.2 4.0.0-1ubuntu8.8 1:5.32-2ubuntu0.2 1:5.32-2ubuntu0.4 1:2017.3.23-2ubuntu0.18.04.1 1:2017.3.23-2ubuntu0.18.04.2 9.26~dfsg+0-0ubuntu0.18.04.8 2.37.4+18.04.1 66.0+build3-0ubuntu0.18.04.1 66.0.2+build1-0ubuntu0.18.04.1 66.0.3+build1-0ubuntu0.18.04.1 66.0.1+build1-0ubuntu0.18.04.1 1.6.4-1ubuntu2.1 7.2.15-0ubuntu0.18.04.2 1:2.11+dfsg-1ubuntu7.12 0.13.1-1ubuntu0.1 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1 1:60.6.1+build2-0ubuntu0.18.04.1 1:2.2.33.2-1ubuntu4.3 4.18.0-1014.14~18.04.1 4.18.0-17.18~18.04.1 4.15.0-1010.12 4.15.0-1029.31 4.15.0-1031.31 4.15.0-1033.35 4.15.0-1035.37 4.15.0-1035.40 4.15.0-47.50 0.105-20ubuntu0.18.04.5 1:1.27.2-2ubuntu3.2 2.1-1ubuntu0.18.04.1 2.4.29-1ubuntu4.6 237-3ubuntu10.19 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 0.100.3+dfsg-0ubuntu0.18.04.1 5.3.3-1ubuntu0.18.04.1 1.19.4-1ubuntu2.2 2:2.6-15ubuntu2.2 2.5.1-1ubuntu1.2 2.3.4-7ubuntu0.1 1.1.29-5ubuntu0.1 2.24.1-0ubuntu0.18.04.1 11.0.2+9-3ubuntu1~18.04.3 1.1.18-0ubuntu1.1 7.2.17-0ubuntu0.18.04.1 3.0.16+dfsg-1ubuntu3.1 1.4.5+repack1-4ubuntu0.18.04.1 1:9.11.3+dfsg-1ubuntu1.7 5.7.26-0ubuntu0.18.04.1 1:10.1.40-0ubuntu0.18.04.1 1.14.1-1ubuntu1~ubuntu18.04.2 3.28.4-0ubuntu1.1 5.1.0-2ubuntu1.3 1.6.34-1ubuntu0.18.04.2 1.5.6-0ubuntu1.1 0.4.1-1ubuntu1.18.04.1 3.28.3+git20190124-0ubuntu18.04.2 7:3.4.6-0ubuntu0.18.04.1 2:2.6-15ubuntu2.3 9.26~dfsg+0-0ubuntu0.18.04.9 10.8-0ubuntu0.18.04.1 4.3.5-3ubuntu7.1 11.0.3+7-1ubuntu2~18.04.1 8u212-b03-0ubuntu1.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 3.20190514.0ubuntu0.18.04.2 3.20190514.0ubuntu0.18.04.3 3.20190618.0ubuntu0.18.04.1 1:2.11+dfsg-1ubuntu7.13 4.18.0-1018.18~18.04.1 4.18.0-20.21~18.04.1 4.15.0-1013.15 4.15.0-1032.34 4.15.0-1034.34 4.15.0-1036.38 4.15.0-1038.43 4.15.0-1039.41 4.15.0-1053.57 4.15.0-50.54 4.0.0-1ubuntu8.10 2.6.8-1~ubuntu18.04.0 17.12-1ubuntu0.1 0.18.8-1ubuntu0.3 1.22-1ubuntu0.18.04.1 67.0+build2-0ubuntu0.18.04.1 67.0.1+build1-0ubuntu0.18.04.1 67.0.2+build2-0ubuntu0.18.04.1 2.24.2-0ubuntu0.18.04.1 7.58.0-2ubuntu3.7 3.28.2-0ubuntu1.3 1:1.3.9-1ubuntu0.18.04.2 1:60.7.0+build1-0ubuntu0.18.04.1 3.28.5-0ubuntu0.18.04.2 3.5.18-1ubuntu1.1 2.4.3-0ubuntu1.1 2.4.1-0ubuntu0.18.04.2 5.9.5+dfsg-0ubuntu2.1 5.3.28-13.1ubuntu1.1 4.18.0-21.22~18.04.1 4.15.0-1014.16 4.15.0-1033.35 4.15.0-1035.35 4.15.0-1037.39 4.15.0-1039.44 4.15.0-1040.42 4.15.0-1054.58 4.15.0-51.55 7.2.19-0ubuntu0.18.04.1 4.90.1-1ubuntu1.2 2.10-1ubuntu0.18.04.1 0.170-0.4ubuntu0.1 1.0.28-4ubuntu0.18.04.1 2.56.4-0ubuntu0.18.04.3 1.12.2-1ubuntu1.1 2:8.0.1453-1ubuntu1.1 4.15.0-1015.17 4.15.0-1034.36 4.15.0-1036.36 4.15.0-1038.40 4.15.0-1041.43 4.15.0-1043.48 4.15.0-1055.59 4.15.0-52.56 4.18.0-1020.20~18.04.1 4.18.0-22.23~18.04.1 3.22.0-1ubuntu0.1 67.0.3+build1-0ubuntu0.18.04.1 1.4.15-2ubuntu0.18.04.3 3.28.4-0ubuntu1.2 1:9.11.3+dfsg-1ubuntu1.8 10.9-0ubuntu0.18.04.1 1:60.7.1+build1-0ubuntu0.18.04.1 4.18.0-24.25~18.04.1 67.0.4+build1-0ubuntu0.18.04.1 0.6~dfsg0-2ubuntu0.18.04.1 8:6.9.7.4+dfsg-16ubuntu6.7 0.20ubuntu18.04.1 1.0.6-8.1ubuntu0.1 1.0.6-8.1ubuntu0.2 1.7.9+dfsg-2ubuntu0.18.04.1 2.2.5-3ubuntu0.1 4.15.0-1017.19 4.15.0-1036.38 4.15.0-1038.38 4.15.0-1040.43 4.15.0-1043.45 4.15.0-1045.50 4.15.0-1057.62 4.15.0-54.58 4.18.0-1023.24~18.04.1 4.18.0-25.26~18.04.1 0.62.0-2ubuntu2.9 1:1.11.11-1ubuntu1.4 1.6.6-1ubuntu0.2 1:60.7.2+build2-0ubuntu0.18.04.1 1.0.5-1ubuntu4.2 4.0.0-1ubuntu8.12 18.09.7-0ubuntu1~18.04.3 2.56.4-0ubuntu0.18.04.4 4.2.5-1ubuntu0.2 2.20.9-0ubuntu7.7 0.2.62ubuntu0.1 1.36.1-0ubuntu1.3.3 68.0+build3-0ubuntu0.18.04.1 68.0.1+build1-0ubuntu0.18.04.1 0.7.2+dfsg-10ubuntu0.1 0.25-3.1ubuntu0.18.04.3 0.1.5.9+cvs.2007.04.28-10ubuntu0.18.04.1 3.5.27-1ubuntu1.2 2:3.35-2ubuntu2.3 5:4.0.9-1ubuntu0.2 5.1.0-2ubuntu1.4 0.9+LibO6.0.7-0ubuntu0.18.04.8 1.0.2+LibO6.0.7-0ubuntu0.18.04.8 1.2.0+LibO6.0.7-0ubuntu0.18.04.8 1:6.0.7-0ubuntu0.18.04.8 2:102.10+LibO6.0.7-0ubuntu0.18.04.8 6.0.7-0ubuntu0.18.04.8 1:60.8.0+build1-0ubuntu0.18.04.1 3.5.27-1ubuntu1.3 0.6-3ubuntu0.3 4.15.0-1018.20 4.15.0-1037.39 4.15.0-1039.39 4.15.0-1041.44 4.15.0-1044.46 4.15.0-1058.64 4.15.0-55.60 5.0.0-23.24~18.04.1 5.7.27-0ubuntu0.18.04.1 1:10.1.41-0ubuntu0.18.04.1 2.7.6-2ubuntu1.1 2.5.1+dfsg-1ubuntu0.1 1.3.5-2ubuntu0.1 3.0.7.1-0ubuntu18.04.1 4.90.1-1ubuntu1.3 1.6.13+nmu1+deb9u1build0.18.04.1 2.4.45+dfsg-1ubuntu1.3 14.4.2-3ubuntu0.18.04.1 11.0.4+11-1ubuntu2~18.04.3 1:1.11.11-1ubuntu1.5 0.9.9+dfsg-1ubuntu0.1~esm1 0.7.17-1ubuntu0.1 1.6.4-4ubuntu0.1 10.10-0ubuntu0.18.04.1 0.62.0-2ubuntu2.10 9.26~dfsg+0-0ubuntu0.18.04.10 5.0.0-1014.14~18.04.1 5.0.0-25.26~18.04.1 4.15.0-1021.23 4.15.0-1040.42 4.15.0-1042.42 4.15.0-1043.46 4.15.0-1050.57 4.15.0-1060.66 4.15.0-58.64 4.15.0-1045.47 7.2.19-0ubuntu0.18.04.2 2:2.6-15ubuntu2.4 1.14.0-0ubuntu1.4 4:4.14.38-0ubuntu3.1 5.44.0-0ubuntu1.1 68.0.2+build1-0ubuntu0.18.04.1 0.9+LibO6.0.7-0ubuntu0.18.04.9 1.0.2+LibO6.0.7-0ubuntu0.18.04.9 1.2.0+LibO6.0.7-0ubuntu0.18.04.9 1:6.0.7-0ubuntu0.18.04.9 2:102.10+LibO6.0.7-0ubuntu0.18.04.9 6.0.7-0ubuntu0.18.04.9 18.09.7-0ubuntu1~18.04.4 2:17.0.10-0ubuntu2.1 2.2.7-1ubuntu2.7 3.2.5-1ubuntu0.1 5.1.4-2ubuntu0.1 1.3.3+dfsg-2ubuntu1.1 2.3.0-2build0.18.04.1 1:2.2.33.2-1ubuntu4.4 1:2.2.33.2-1ubuntu4.5 9.26~dfsg+0-0ubuntu0.18.04.11 12.2.12-0ubuntu0.18.04.2 2.4.29-1ubuntu4.10 2.4.29-1ubuntu4.11 5.0.0-1015.15~18.04.1 5.0.0-1018.19~18.04.1 5.0.0-27.28~18.04.1 4.15.0-1022.25 4.15.0-1041.43 4.15.0-1043.43 4.15.0-1044.47 4.15.0-60.67 4.15.0-1023.26 4.15.0-1042.44 4.15.0-1044.44 4.15.0-1045.49 4.15.0-1048.50 4.15.0-62.69 4.15.0-1047.49 237-3ubuntu10.28 237-3ubuntu10.29 69.0+build2-0ubuntu0.18.04.1 69.0.2+build1-0ubuntu0.18.04.1 1.0.10-1ubuntu0.18.04.1 4.90.1-1ubuntu1.4 1.5.6-0ubuntu1.2 2.7.15-4ubuntu4~18.04.1 3.6.8-1~18.04.2 8.5.39-1ubuntu1~18.04.3 9.0.16-3ubuntu0.18.04.1 7.58.0-2ubuntu3.8 2.24.4-0ubuntu0.18.04.1 3.0.8-0ubuntu18.04.1 2.2.5-3ubuntu0.2 2.6.10-1~ubuntu18.04.0 1.5.17-3ubuntu5.1 1.5.17-3ubuntu5.2 1.5.17-3ubuntu5.3 4.15.0-1025.28 4.15.0-1044.46 4.15.0-1044.70 4.15.0-1046.46 4.15.0-1047.51 4.15.0-1050.52 4.15.0-1056.65 4.15.0-1064.71 4.15.0-64.73 5.0.0-1017.17~18.04.1 5.0.0-1020.21~18.04.1 5.0.0-29.31~18.04.1 2:2.6-15ubuntu2.5 0.9+LibO6.0.7-0ubuntu0.18.04.10 1.0.2+LibO6.0.7-0ubuntu0.18.04.10 1.2.0+LibO6.0.7-0ubuntu0.18.04.10 1:6.0.7-0ubuntu0.18.04.10 2:102.10+LibO6.0.7-0ubuntu0.18.04.10 6.0.7-0ubuntu0.18.04.10 3.28.0-1ubuntu1.1 69.0.1+build1-0ubuntu0.18.04.1 1.44.1-1ubuntu1.2 2.0-1.44.1-1ubuntu1.2 2.1-1.44.1-1ubuntu1.2 2.0.8+dfsg1-1ubuntu1.18.04.4 4.15.0-1026.29 4.15.0-1047.47 4.15.0-1048.52 4.15.0-1051.53 4.15.0-1057.66 4.15.0-1065.72 4.15.0-65.74 0.101.4+dfsg-0ubuntu0.18.04.1 5.0.0-1020.20~18.04.1 5.0.0-31.33~18.04.1 2.2.0-11.1ubuntu1.1 1:60.9.0+build1-0ubuntu0.18.04.1 2.7.15-4ubuntu4~18.04.2 3.6.8-1~18.04.3 2.62.1-1ubuntu0.4 1.8.21p2-3ubuntu1.1 0.60.7~20110707-4ubuntu0.1 1.2.15+dfsg2-0.1ubuntu0.1 5.0.0-1021.21~18.04.1 5.0.0-1023.23~18.04.2 5.0.0-1023.24~18.04.1 5.0.0-32.34~18.04.2 4.0.9-5ubuntu0.3 0.25-3.1ubuntu0.18.04.4 8:2007f~dfsg-5ubuntu0.18.04.2 4.15.0-1027.30 4.15.0-1046.49 4.15.0-1048.48 4.15.0-1049.53 4.15.0-1052.54 4.15.0-1059.68 4.15.0-1066.73 4.15.0-66.75 1.1.29-5ubuntu0.2 70.0+build2-0ubuntu0.18.04.1 70.0.1+build1-0ubuntu0.18.04.1 7.2.24-0ubuntu0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.13 2.0.4-1.1ubuntu0.2 3.2.2-3.1ubuntu0.5 0.2.62ubuntu0.2 0.2.62ubuntu0.3 0.2.62ubuntu0.4 2.20.9-0ubuntu7.8 2.20.9-0ubuntu7.9 2.20.9-0ubuntu7.12 2.20.9-0ubuntu7.20 1:5.32-2ubuntu0.3 1.00.82-2ubuntu0.1 1.8.8-1ubuntu0.7 1.8.2-1ubuntu0.1 2.12+dfsg-6ubuntu0.18.04.1 2.26.1-0ubuntu0.18.04.1 2.26.2-0ubuntu0.18.04.1 3.20191112-0ubuntu0.18.04.2 3.20191115.1ubuntu0.18.04.2 5.0.0-1025.26~18.04.1 5.0.0-1025.27~18.04.1 5.0.0-1027.31 5.0.0-35.38~18.04.1 5.0.0-1028.32 5.0.0-36.39~18.04.1 4.15.0-1029.32 4.15.0-1048.51 4.15.0-1050.50 4.15.0-1054.56 4.15.0-1063.72 4.15.0-69.78 4.15.0-1064.73 4.15.0-70.79 17.11.8-0~ubuntu18.04.2 17.11.9-0ubuntu18.04.1 1.5.2-0ubuntu5.18.04.3 1:2.11+dfsg-1ubuntu7.20 8:6.9.7.4+dfsg-16ubuntu6.8 9.26~dfsg+0-0ubuntu0.18.04.12 10+190ubuntu0.1 190ubuntu0.1 5.7.28-0ubuntu0.18.04.4 1:10.1.43-0ubuntu0.18.04.1 0.13-2ubuntu0.18.04.1 1:9.11.3+dfsg-1ubuntu1.11 3.5.27.1-8ubuntu0.1 1.7.0-3ubuntu0.18.04.1 3.4.4-1ubuntu0.1 2.5.1-1ubuntu1.6 1:68.2.1+build1-0ubuntu0.18.04.1 1:68.2.2+build1-0ubuntu0.18.04.1 2:3.35-2ubuntu2.5 5.4.2-1ubuntu0.1 3.22.0-1ubuntu0.2 1.3.28-2ubuntu0.1 5.3.0-1009.10~18.04.1 5.0.0-1008.13~18.04.1 5.0.0-1022.25~18.04.1 5.0.0-1026.27~18.04.1 5.0.0-1026.27~18.04.2 5.0.0-1030.34 5.0.0-37.40~18.04.1 4.15.0-1030.33 4.15.0-1049.52 4.15.0-1051.51 4.15.0-1052.56 4.15.0-1056.58 4.15.0-1065.75 4.15.0-1069.76 4.15.0-72.81 1.8.8-1ubuntu0.9 3.5.27-1ubuntu1.4 0.8.0-1ubuntu0.18.04.2 2:3.35-2ubuntu2.6 71.0+build5-0ubuntu0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.14 0.8.0~20170825.94fa1e38-1ubuntu0.5 1:2.17.1-1ubuntu0.5 1.8.1-6ubuntu1.18.04.1 11.0.5+10-0ubuntu1.1~18.04 1:1.11.11-1ubuntu1.6 5.3.0-1009.10~18.04.1 5.3.0-1010.11~18.04.1 5.3.0-26.28~18.04.1 5.0.0-1009.14~18.04.1 5.0.0-1023.26~18.04.1 5.0.0-1027.28~18.04.1 5.0.0-1028.30~18.04.1 5.0.0-1033.38 4.15.0-1031.34 4.15.0-1050.53 4.15.0-1052.52 4.15.0-1053.57 4.15.0-1057.59 4.15.0-1066.76 4.15.0-1070.77 4.15.0-74.84 1:4.2.8p10+dfsg-5ubuntu7.3+esm1 0.102.1+dfsg-0ubuntu0.18.04.2 2:3.35-2ubuntu2.7 3.5.18-1ubuntu1.2 3.5.18-1ubuntu1.3 72.0.1+build1-0ubuntu0.18.04.1 72.0.2+build1-0ubuntu0.18.04.1 1.14.0-0ubuntu1.7 1.5.4-3+really1.8.1-4ubuntu1.2 1.8.1-4ubuntu1.2 3.4.2-0ubuntu0.18.04.2 1.2.12-8ubuntu0.1 7.2.24-0ubuntu0.18.04.2 1:68.4.1+build1-0ubuntu0.18.04.1 11.6.1-1ubuntu0.1 0.8.7-1ubuntu0.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 4.0.2-0ubuntu3.1 1.6.5ubuntu0.1 1.6.5ubuntu0.2 1.44.1-1ubuntu1.3 2.0-1.44.1-1ubuntu1.3 2.1-1.44.1-1ubuntu1.3 5.7.29-0ubuntu0.18.04.1 1:10.1.44-0ubuntu0.18.04.1 4.9.3-0ubuntu0.18.04.1 5.3.0-28.30~18.04.1 4.15.0-1058.60 4.15.0-1067.77 4.15.0-76.86 2.1.27~101-g0780600+dfsg-3ubuntu2.1 11.0.6+10-1ubuntu1~18.04.1 8u242-b08-0ubuntu3~18.04 5.0.0-1010.15~18.04.1 5.0.0-1024.27~18.04.1 5.0.0-1029.30~18.04.1 2.26.3-0ubuntu0.18.04.1 1.8.21p2-3ubuntu1.2 1:1.11.11-1ubuntu1.7 3.4.2-0ubuntu0.18.04.3 6.0.3p1-1ubuntu0.1 237-3ubuntu10.38 0.25-3.1ubuntu0.18.04.5 19.2.8-0ubuntu0~18.04.2 5.1.0-1ubuntu0.2 3.4.0-3ubuntu0.1 2.9.4+dfsg1-6.1ubuntu1.3 5.9.5+dfsg-0ubuntu2.5 1.4.2-2ubuntu0.1 0.6.21-4ubuntu0.1 73.0+build3-0ubuntu0.18.04.1 73.0.1+build1-0ubuntu0.18.04.1 7.2.24-0ubuntu0.18.04.3 0.102.2+dfsg-0ubuntu0.18.04.1 2.26.4-0ubuntu0.18.04.1 10.12-0ubuntu0.18.04.1 1:2.11+dfsg-1ubuntu7.23 5.3.0-1012.13~18.04.1 5.3.0-1013.14~18.04.1 5.3.0-1018.20~18.04.1 5.3.0-40.32~18.04.1 5.0.0-1011.16 5.0.0-1025.28 5.0.0-1030.31 5.0.0-1031.32 5.0.0-1032.34 4.15.0-1033.36 4.15.0-1052.55 4.15.0-1053.53 4.15.0-1055.59 4.15.0-1060.62 4.15.0-1072.79 4.15.0-88.88 2.4.7-2+2ubuntu1.2 3.5.27-1ubuntu1.5 1.3.17-0ubuntu5.18.04.1 0.13.1-1ubuntu0.2 3.1.2-2.1ubuntu1.1 3.2.2-3.1ubuntu0.6 6.0.3p1-1ubuntu0.2 12.3.1-1ubuntu0.1 1:1.11.11-1ubuntu1.8 1.0.0~rc10-0ubuntu1~18.04.2 3.22.0-1ubuntu0.3 74.0+build3-0ubuntu0.18.04.1 5.3.0-1014.15~18.04.1 5.3.0-1016.17~18.04.1 5.3.0-1019.21~18.04.1 5.3.0-42.34~18.04.1 5.0.0-1013.18 5.0.0-1027.30 5.0.0-1032.33 5.0.0-1033.34 5.0.0-1035.37 5.0.0-1043.48 4.15.0-1035.39 4.15.0-1055.58 4.15.0-1056.57 4.15.0-1057.61 4.15.0-1063.67 4.15.0-1074.81 4.15.0-1076.86 4.15.0-91.92 12.2.12-0ubuntu0.18.04.5 60.2-3ubuntu3.1 0.0.git20180130-1ubuntu0.1 2.4.29-1ubuntu4.13 17.9.0-2ubuntu0.1 1:17.9.0-2ubuntu0.1 2:8.0.1453-1ubuntu1.3 2.28.0-0ubuntu0.18.04.3 5.48-0ubuntu3.4 5.3.0-1013.14~18.04.1 5.3.0-1016.17~18.04.1 5.3.0-1018.19~18.04.1 5.3.0-1021.23~18.04.1 5.3.0-45.37~18.04.1 4.8-1ubuntu0.1 2.20.9-0ubuntu7.14 2.2.5-4ubuntu0.4 74.0.1+build1-0ubuntu0.18.04.1 4.15.0-96.97 5.3.0-1014.15~18.04.1 5.3.0-1017.18~18.04.1 5.3.0-1019.20~18.04.1 5.3.0-1022.24~18.04.1 5.3.0-46.38~18.04.1 1.8.8-1ubuntu0.10 75.0+build3-0ubuntu0.18.04.1 4.15.0-1037.41 4.15.0-1057.60 4.15.0-1058.59 4.15.0-1060.64 4.15.0-1065.69 4.15.0-1076.83 4.15.0-1079.89 5.0.0-1014.19 5.0.0-1033.34 5.0.0-1034.35 5.0.0-1036.38 5.0.0-1047.52 20170913-1ubuntu0.1 0.8.0~20170825.94fa1e38-1ubuntu0.6 1:68.7.0+build1-0ubuntu0.18.04.1 1:2.17.1-1ubuntu0.6 7.2.24-0ubuntu0.18.04.4 2.28.1-0ubuntu0.18.04.1 3.28.0-1ubuntu1.2 2.7.17-1~18.04ubuntu1 3.6.9-1~18.04ubuntu1 1:2.17.1-1ubuntu0.7 2.30-21ubuntu1~18.04.3 11.0.7+10-2ubuntu2~18.04 8u252-b09-1~18.04 2.2.0-11.1ubuntu1.2 2.2.7-1ubuntu2.8 2:4.7.6+dfsg~ubuntu-0ubuntu2.16 5.3.0-1016.18~18.04.1 5.3.0-1018.19~18.04.1 5.3.0-1020.21~18.04.1 5.3.0-1023.25~18.04.1 5.3.0-51.44~18.04.2 5.0.0-1035.36 5.0.0-1050.55 4.15.0-1038.42 4.15.0-1058.61 4.15.0-1059.60 4.15.0-1061.65 4.15.0-1066.70 4.15.0-1077.84 4.15.0-1080.90 4.15.0-99.100 2.28.2-0ubuntu0.18.04.1 1:2.1.26-1ubuntu0.1 0~20180205.c0d9813c-2ubuntu0.2 5.7.30-0ubuntu0.18.04.1 1.173.18 2.4.45+dfsg-1ubuntu1.5 76.0+build2-0ubuntu0.18.04.1 76.0.1+build1-0ubuntu0.18.04.1 1:2.1.26-1ubuntu0.2 1:11.1-1ubuntu7.7 3.5.27-1ubuntu1.6 4.15.0-2ubuntu1.1 0.6.21-4ubuntu0.2 1.6.12ubuntu0.1 0.12.1-1.3ubuntu0.1 0.12.1-1.3ubuntu0.2 0.12.1-1.3ubuntu0.3 17.11.9-0ubuntu18.04.2 4.15.0-101.102 4.15.0-1039.43 4.15.0-1059.62 4.15.0-1060.61 4.15.0-1062.66 4.15.0-1067.71 4.15.0-1079.86 4.15.0-1081.91 4.15.0-1083.93 1:9.11.3+dfsg-1ubuntu1.12 4.90.1-1ubuntu1.5 5.0.0-1037.38 5.0.0-1052.57 5.3.0-1018.20~18.04.1 5.3.0-1019.21~18.04.1 5.3.0-1020.22~18.04.1 5.3.0-1022.23~18.04.1 5.3.0-53.47~18.04.1 5.3.0-1026.28~18.04.1 0.102.3+dfsg-0ubuntu0.18.04.1 4.0.0-1ubuntu8.17 1:2.11+dfsg-1ubuntu7.26 1:68.8.0+build2-0ubuntu0.18.04.2 1.6.7-1ubuntu2.3 7.2.24-0ubuntu0.18.04.6 1.1.1-1ubuntu2.1~18.04.6 20190110~18.04.1 0.12.2-3ubuntu0.1 2.1.1+dfsg1-0ubuntu0.18.04.1 1:1.11.11-1ubuntu1.9 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 77.0.1+build1-0ubuntu0.18.04.1 3.20200609.0ubuntu0.18.04.0 3.20200609.0ubuntu0.18.04.1 1.5.2-0ubuntu5.18.04.4 5.3.0-1023.25~18.04.1 5.3.0-1024.26~18.04.1 5.3.0-1026.28~18.04.1 5.3.0-1028.29~18.04.1 5.3.0-59.53~18.04.1 5.0.0-1042.43 5.0.0-1059.64 4.15.0-1045.49 4.15.0-106.107 4.15.0-1063.66 4.15.0-1063.67 4.15.0-1067.68 4.15.0-1073.77 4.15.0-1080.87 4.15.0-1087.97 4.15.0-1089.99 3.22.0-1ubuntu0.4 1.2.10-1ubuntu2~ubuntu18.04.5 0.6.21-4ubuntu0.5 2:3.35-2ubuntu2.8 1.12.2-1ubuntu1.2 1:1.3.4-2.1ubuntu5.3 1.9.4-3ubuntu0.2 7.58.0-2ubuntu3.9 1.9.4-3ubuntu0.3 390.138-0ubuntu0.18.04.1 440.100-0ubuntu0.18.04.1 4.15.0-1047.51 4.15.0-1076.80 4.15.0-108.109 4.15.0-1090.100 5.0.0-1062.67 5.3.0-1027.29~18.04.1 5.3.0-1028.30~18.04.1 5.3.0-1029.31~18.04.1 5.3.0-1031.32~18.04.1 5.3.0-61.55~18.04.1 2.56.0-1ubuntu0.1 1:2.1.26-1ubuntu0.3 0.9.11+dfsg-1ubuntu1.2 78.0.1+build1-0ubuntu0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.17 5.3.0-1028.30~18.04.1 5.3.0-1028.30~18.04.2 5.3.0-1030.32~18.04.1 5.3.0-1032.33~18.04.1 5.3.0-62.56~18.04.1 5.0.0-1043.44 5.0.0-1063.68 4.15.0-1048.52 4.15.0-1064.67 4.15.0-1065.69 4.15.0-1069.70 4.15.0-1077.81 4.15.0-1078.88 4.15.0-1081.88 4.15.0-109.110 4.15.0-1091.101 4.5.0.7-1ubuntu2.18.04.2 2.27-3ubuntu1.2 2:3.35-2ubuntu2.9 2.2.0-11.1ubuntu1.3 2.3.0-0ubuntu1.2 2:12.0.9-0ubuntu1.2 1:68.10.0+build1-0ubuntu0.18.04.1 2.28.3-0ubuntu0.18.04.1 78.0.2+build2-0ubuntu0.18.04.1 2.45.1+18.04.2 5.4.0-1015.15~18.04.1 5.4.0-1022.22~18.04.1 5.4.0-42.46~18.04.1 4.15.0-1050.54 4.15.0-1066.69 4.15.0-1067.71 4.15.0-1071.72 4.15.0-1079.83 4.15.0-1080.90 4.15.0-1092.102 4.15.0-1093.103 4.15.0-112.113 2.7.17-1~18.04ubuntu1.1 3.6.9-1~18.04ubuntu1.1 3.28.5-0ubuntu0.18.04.3 5.1.0-1ubuntu0.3 7:3.4.8-0ubuntu0.2 1.93.18+2.02-2ubuntu8.16 2.02-2ubuntu8.16 1.93.19+2.02-2ubuntu8.17 2.02-2ubuntu8.17 11.0.8+10-0ubuntu1~18.04.1 0.9.11+dfsg-1ubuntu1.3 0.102.4+dfsg-0ubuntu0.18.04.1 2.40.20-2ubuntu0.1 2.40.20-2ubuntu0.2 5.0.0-1045.46 5.0.0-1065.70 5.3.0-1030.32~18.04.1 5.3.0-1030.32~18.04.2 5.3.0-1032.34~18.04.1 5.3.0-1032.34~18.04.2 5.3.0-1034.35~18.04.1 5.3.0-64.58~18.04.1 5.7.31-0ubuntu0.18.04.1 6.2.24~dfsg-1ubuntu0.1~esm1 79.0+build1-0ubuntu0.18.04.1 2.28.4-0ubuntu0.18.04.1 3.5.27-1ubuntu1.7 3.5.27-1ubuntu1.8 0.8.0~20170825.94fa1e38-1ubuntu0.7 2.20.9-0ubuntu7.16 0.2.62ubuntu0.5 2.4.7-2+2ubuntu1.3 8u265-b01-0ubuntu2~18.04 2:4.7.6+dfsg~ubuntu-0ubuntu2.18 2:3.35-2ubuntu2.11 1:2.2.33.2-1ubuntu4.6 0.96.24.32.14 2.4.29-1ubuntu4.14 2017.7.4+dfsg1-1ubuntu18.04.2 4:17.12.3-0ubuntu1.1 5.0.0-1046.47 5.0.0-1067.72 5.3.0-1033.35 5.3.0-1035.36 5.3.0-65.59 7.58.0-2ubuntu3.10 1:2.11+dfsg-1ubuntu7.31 1:2.11+dfsg-1ubuntu7.36 1:9.11.3+dfsg-1ubuntu1.13 9.26~dfsg+0-0ubuntu0.18.04.13 1.0.27-1~experimental3ubuntu2.3 5.7.3+dfsg-1.8ubuntu3.5 5.7.3+dfsg-1.8ubuntu3.6 10.14-0ubuntu0.18.04.1 0.6~dfsg0-3+deb10u1build1 80.0+build2-0ubuntu0.18.04.1 80.0.1+build1-0ubuntu0.18.04.1 3.2-4ubuntu4.5 2:3.35-2ubuntu2.12 3.4.2-1ubuntu0.1~esm1 2:13.0.4-0ubuntu1 2.2.0+dfsg1-0ubuntu0.18.04.1 4:17.12.3-0ubuntu1.2 5.4.0-1016.17~18.04.1 5.4.0-1022.22~18.04.1 5.4.0-1023.23~18.04.1 5.4.0-45.49~18.04.2 5.3.0-1032.34 5.3.0-1034.36 5.3.0-66.60 4.15.0-1051.55 4.15.0-1067.70 4.15.0-1068.72 4.15.0-1072.73 4.15.0-1080.84 4.15.0-1081.92 4.15.0-1084.92 4.15.0-1093.103 4.15.0-1094.104 4.15.0-115.116 2:1.6.4-3ubuntu0.3 2:1.19.6-1ubuntu4.5 2:1.20.8-2ubuntu2.2~18.04.2 4.15.0-1053.57 4.15.0-1069.72 4.15.0-1070.74 4.15.0-1074.75 4.15.0-1082.86 4.15.0-1083.94 4.15.0-1086.94 4.15.0-1095.105 4.15.0-1096.106 4.15.0-117.118 5.0.0-1047.48 5.0.0-1068.73 5.3.0-1033.35 5.3.0-1035.37 5.3.0-1036.38 5.3.0-67.61 5.4.0-1018.20~18.04.1 5.4.0-1024.24~18.04.1 5.4.0-1025.25~18.04.1 5.4.0-47.51~18.04.1 2:1.19.6-1ubuntu4.6 2:1.20.8-2ubuntu2.2~18.04.3 1.2.17-8+deb10u1build0.18.04.1 3.1.3-9+deb10u1build0.18.04.1 0.1.2-1+deb9u1build0.18.04.1 1.640-1ubuntu0.1 1.0.2n-1ubuntu5.4 5.2.14+dfsg-2.3+deb9u2build0.18.04.1 3.2.1-1+deb8u1build0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 1:2.11+dfsg-1ubuntu7.32 1:2.31.1-0.4ubuntu3.7 2.31.1-0.4ubuntu3.7 0.4.15-1ubuntu0.1 2.2.4-1ubuntu1.3 0.05-1+deb9u1build0.18.04.1 1.3.8-2+deb8u1build0.18.04.1 5.4.0-1019.21~18.04.1 5.4.0-1025.25~18.04.1 5.4.0-1026.26~18.04.1 5.4.0-48.52~18.04.1 4.15.0-1054.58 4.15.0-1070.73 4.15.0-1071.75 4.15.0-1075.76 4.15.0-1083.87 4.15.0-1084.95 4.15.0-1087.95 4.15.0-1096.106 4.15.0-1097.107 4.15.0-118.119 12.2.13-0ubuntu0.18.04.4 3.17.0+ds1-5+deb9u1build0.18.04.1 0.23+deb9u1build0.18.04.1 1:1.27.2-2ubuntu3.3 3.9.9.Final-1+deb9u1build0.18.04.1 1.640-1ubuntu0.2 3.1.4-4~deb9u3build0.18.04.1 1.1.1+bzr982-0ubuntu19.4 1.1.9-1ubuntu2.18.04.6 0.7.git20120829-3.1~0.18.04.1 81.0+build2-0ubuntu0.18.04.1 81.0.2+build1-0ubuntu0.18.04.1 1:3.0.3+dfsg1-3ubuntu0.1 3.5.27-1ubuntu1.9 1.0.6-1.1+deb10u1build0.18.04.1 1.0.6-1.1+deb10u1ubuntu0.1 2.13-7~deb10u1build0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 6.1.0-1+deb9u1build0.18.04.1 1.6.4-4ubuntu0.2 1:4.2.8p10+dfsg-5ubuntu7.3 7.08-3ubuntu0.18.04.2 2.5.10-3ubuntu1.1 1.3.2-3ubuntu0.1 1.0.3-1ubuntu1.3 2.0.4+dfsg-2ubuntu0.1 1.22-1ubuntu0.18.04.2 0.14.0-1ubuntu2.5 3.22.0-3ubuntu1.1 5.4.0-1021.24~18.04.1 5.4.0-1028.29~18.04.1 5.4.0-1031.32~18.04.1 5.4.0-51.56~18.04.1 5.0.0-1049.50 5.0.0-1069.75 5.3.0-1035.37 5.3.0-1038.40 5.3.0-68.63 4.15.0-1057.62 4.15.0-1072.76 4.15.0-1073.78 4.15.0-1077.79 4.15.0-1086.91 4.15.0-1086.98 4.15.0-1089.98 4.15.0-1099.109 4.15.0-1099.110 4.15.0-121.123 2.7.17-1~18.04ubuntu1.2 3.6.9-1~18.04ubuntu1.3 2:8.0.1453-1ubuntu1.4 7.2.24-0ubuntu0.18.04.7 3.4.3~rc2-2ubuntu4.1 19.03.6-0ubuntu1~18.04.2 4.15.0-1090.99 4.15.0-1100.110 4.15.0-122.124 5.4.0-1022.25~18.04.1 5.4.0-52.57~18.04.1 5.0.0-1070.76 5.3.0-1036.38 2.8.1-2ubuntu2.1 1:0.12.4-3ubuntu1.18.04.3 1.0.1-8ubuntu0.1 82.0+build2-0ubuntu0.18.04.1 82.0.2+build1-0ubuntu0.18.04.1 1:4.1.7-4ubuntu0.1 9.0.1-2.3~ubuntu1.18.04.4 5.26.1-6ubuntu0.5 1:10.1.47-0ubuntu0.18.04.1 5.7.32-0ubuntu0.18.04.1 2.0.5-1ubuntu1.1 11.0.9+11-0ubuntu1~18.04.1 8u272-b10-0ubuntu1~18.04 11.0.9.1+1-0ubuntu1~18.04 8u275-b01-0ubuntu1~18.04 20201027ubuntu0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.21 2.1.4-1ubuntu1.4 3.28.3-0ubuntu18.04.6 0.6.45-1ubuntu1.3 0.17.0-1ubuntu2.2 1.2.2-6ubuntu1.1 1.06-6.2~deb10u1build0.18.04.1 2.4.45+dfsg-1ubuntu1.7 1.1.18-0ubuntu1.3 0.6.21-4ubuntu0.6 82.0.3+build1-0ubuntu0.18.04.1 4.15.0-1058.64 4.15.0-1073.78 4.15.0-1087.100 4.15.0-1101.112 4.15.0-123.126 5.0.0-1071.77 5.3.0-1039.42 5.3.0-69.65 5.4.0-1029.31~18.04.1 5.4.0-53.59~18.04.1 3.20201110.0ubuntu0.18.04.1 3.20201110.0ubuntu0.18.04.2 3.20210216.0ubuntu0.18.04.1 1.9.9-1ubuntu1.2 2.0.14-1ubuntu0.18.04.1 1:1.0.17-8ubuntu18.04.1 10.15-0ubuntu0.18.04.1 2.4.45+dfsg-1ubuntu1.8 1.16-2ubuntu0.2 0.9.11+dfsg-1ubuntu1.4 3.22.0-3ubuntu1.2 83.0+build2-0ubuntu0.18.04.2 4:4.6.6-5ubuntu0.5 1:11.1-1ubuntu7.11 0.7.1-2.1+deb9u1build0.18.04.1 1.9.4-3ubuntu0.4 0.62.0-2ubuntu2.11 0.62.0-2ubuntu2.12 2.30.3-0ubuntu0.18.04.1 1.1.2-1ubuntu2.4 1.1.2-1ubuntu2.5 1:2.11+dfsg-1ubuntu7.34 1.3.3-0ubuntu1~18.04.3 1.3.3-0ubuntu1~18.04.4 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2 0.14.1+dfsg1-1ubuntu0.1 2:1.19.6-1ubuntu4.8 2:1.20.8-2ubuntu2.2~18.04.4 5.4.0-1023.26~18.04.1 5.4.0-1030.31~18.04.1 5.4.0-1030.32~18.04.1 5.4.0-1032.33~18.04.1 5.4.0-56.62~18.04.1 5.4.0-1025.28~18.04.1 5.4.0-1032.33~18.04.1 5.4.0-1032.34~18.04.1 5.4.0-1033.35 5.4.0-1034.35~18.04.1 5.4.0-58.64~18.04.1 4.15.0-1059.65 4.15.0-1074.79 4.15.0-1079.81 4.15.0-1088.101 4.15.0-1088.93 4.15.0-1091.100 4.15.0-1100.111 4.15.0-1103.114 4.15.0-126.129 4.15.0-1061.67 4.15.0-1076.81 4.15.0-1081.83 4.15.0-1090.103 4.15.0-1090.95 4.15.0-1093.102 4.15.0-1102.113 4.15.0-128.131 2.43.1+18.04.1 1.0.2n-1ubuntu5.5 1.1.1-1ubuntu2.1~18.04.7 1.1.1+bzr982-0ubuntu19.5 7.58.0-2ubuntu3.12 4.2.1-1ubuntu0.2 4.2.1-1ubuntu0.3 1.6.12ubuntu0.2 1.6.5ubuntu0.4 1.6.5ubuntu0.5 8:6.9.7.4+dfsg-16ubuntu6.9 84.0+build3-0ubuntu0.18.04.1 6.0-21ubuntu1.1 0.4.15-1ubuntu0.2 1:2.2.33.2-1ubuntu4.7 3:13.0.3-0ubuntu2 2.2.0-11.1ubuntu1.4 0.23.9-2ubuntu0.1 5.4.0-1026.29~18.04.1 5.4.0-1033.35~18.04.1 5.4.0-1034.35~18.04.1 5.4.0-1034.36~18.04.1 5.4.0-1035.36~18.04.1 5.4.0-59.65~18.04.1 4.15.0-1062.68 4.15.0-1077.82 4.15.0-1082.84 4.15.0-1091.104 4.15.0-1091.96 4.15.0-1094.103 4.15.0-1103.114 4.15.0-129.132 5.1.0-2ubuntu1.5 0~20180205.c0d9813c-2ubuntu0.3 9.26~dfsg+0-0ubuntu0.18.04.14 84.0.2+build1-0ubuntu0.18.04.1 390.141-0ubuntu0.18.04.1 450.102.04-0ubuntu0.18.04.1 460.32.03-0ubuntu0.18.04.1 4.15.0-1063.70 4.15.0-1092.98 4.15.0-1104.116 4.15.0-130.134 5.4.0-1034.37~18.04.1 5.4.0-1035.37~18.04.1 5.4.0-1035.38~18.04.1 5.4.0-1036.38~18.04.1 5.4.0-60.67~18.04.1 418.181.07-0ubuntu0.18.04.1 450.102.04-0ubuntu0.18.04.1 4.15.0-134.138 5.4.0-64.72~18.04.1 4.5.0.7-1ubuntu2.18.04.3 2.9.7-0ubuntu0.18.04.2 1.29b-2ubuntu0.2 4.15.0-132.136 5.4.0-62.70~18.04.1 1.9.2-1ubuntu0.1 5.1.0-1ubuntu0.4 2.79-1ubuntu0.2 2.79-1ubuntu0.3 1.2.10+dfsg-7ubuntu0.18.04.1 0.25-4ubuntu1.1 1.9.4-3ubuntu0.5 1.8.21p2-3ubuntu1.4 4.15.0-135.139 4.15.0-1064.71 4.15.0-1078.83 4.15.0-1084.86 4.15.0-1092.105 4.15.0-1093.99 4.15.0-1095.104 4.15.0-1106.118 5.4.0-65.73~18.04.1 5.4.0-1009.10~18.04.1 5.4.0-1028.31~18.04.1 5.4.0-1035.37~18.04.1 5.4.0-1036.39~18.04.1 5.4.0-1037.39~18.04.1 5.4.0-1037.40~18.04.1 5.4.0-1039.41~18.04.1 5.0.0-1051.53 5.3.0-1037.39 5.3.0-1040.43 5.3.0-70.66 1.4.11.1-1~18.04.1 1:1.11.11-1ubuntu1.10 5.7.33-0ubuntu0.18.04.1 85.0+build1-0ubuntu0.18.04.1 85.0.1+build1-0ubuntu0.18.04.1 18-3ubuntu0.18.04.1 20210119~18.04.1 2.20.9-0ubuntu7.23 1.0.9-0ubuntu0.2 1.2.1+dfsg-1ubuntu0.18.04.1 1:1.10.5+submodules+notgz-1ubuntu1.18.04.3 2.4.45+dfsg-1ubuntu1.9 1:2.11+dfsg-1ubuntu7.35 11.0.10+9-0ubuntu1~18.04 8u282-b08-0ubuntu1~18.04 2.48.3+18.04 2.9.8-0ubuntu0.18.04.2 1.4-1ubuntu0.1 4.12-8~18.04.1 0.2.3-1ubuntu0.1 0.2.3-1ubuntu0.2 2:2.6-15ubuntu2.7 1:9.11.3+dfsg-1ubuntu1.14 1.0.2n-1ubuntu5.6 1.1.1-1ubuntu2.1~18.04.8 2.30.5-0ubuntu0.18.04.1 1.3.2-3~18.04.1 1:1.11.11-1ubuntu1.11 2.4.45+dfsg-1ubuntu1.10 330-1ubuntu2.2 4.6.2-1ubuntu1.1 4.15.0-1012.16 4.15.0-1065.73 4.15.0-1079.84 4.15.0-1085.87 4.15.0-1093.106 4.15.0-1094.101 4.15.0-1096.105 4.15.0-1108.120 4.15.0-136.140 5.4.0-1010.11~18.04.1 5.4.0-1029.32~18.04.1 5.4.0-1036.38~18.04.1 5.4.0-1037.40~18.04.1 5.4.0-1038.40~18.04.1 5.4.0-1038.41~18.04.1 5.4.0-1040.42~18.04.1 5.4.0-66.74~18.04.2 2.7.17-1~18.04ubuntu1.3 3.6.9-1~18.04ubuntu1.4 2.7.17-1~18.04ubuntu1.5 3.7.5-2~18.04.4 3.8.0-3~18.04.1 2.7.17-1~18.04ubuntu1.6 4.0.9-5ubuntu0.4 86.0+build3-0ubuntu0.18.04.1 2:2.6-15ubuntu2.8 1.10.4-2ubuntu1~18.04.2 2.56.4-0ubuntu0.18.04.7 1.3.3+dfsg-2ubuntu1.2 1:2.17.1-1ubuntu0.8 5.1.0-1ubuntu0.5 2.56.4-0ubuntu0.18.04.8 1.9.3-1ubuntu0.1~esm1 1:3.0.12+dfsg-1ubuntu0.1~esm3 3.13.2-1ubuntu1+esm1 1.4.45-1ubuntu3.18.04.1+esm1 4.05.0-10ubuntu1+esm1 17.11.2-1ubuntu0.1~esm4 2.3.0-2ubuntu0.1~esm1 3.2.0+debian-2ubuntu0.1~esm1 3.5.2-0ubuntu4.1.18.04.1~esm1 8.10.0~dfsg-2ubuntu0.4+esm1 2.8.9dev16-3ubuntu0.1~esm1 1.7-2ubuntu0.1~esm1 1.8.4-5ubuntu0.1~esm1 1.1.2-1.1ubuntu0.1~esm1 1.9.2-1ubuntu0.1~esm2 1.10.0-patch1+docs-4ubuntu0.1~esm1 3.2.0+dfsg-4ubuntu0.1+esm3 1.4.15-2ubuntu0.18.04.3+esm1 1.9.2-3ubuntu0.1~esm1 1.2.14-3ubuntu0.1~esm1 4:17.12.3-0ubuntu1+esm1 0.3.6-1ubuntu0.1~esm1 3.5-2ubuntu0.1~esm1 0.10.0-1ubuntu0.1~esm1 0.1.15-1ubuntu0.1~esm1 3.4.6+dfsg-1ubuntu0.1+esm1 3.4.8-1ubuntu0.1~esm1 2.4.2-4ubuntu0.1~esm1 3.2+dfsg1-1ubuntu0.1~esm2 4:4.6.6-5ubuntu0.5+esm1 3.6.7-8ubuntu1+esm1 0.41-8ubuntu2+esm1 1.23-1.2ubuntu0.1~esm1 0.6.30-1ubuntu0.1~esm1 2018.02.18-1ubuntu0.1~esm1 1.11.1-1ubuntu0.1~esm1 0.5.0-2ubuntu0.1+esm1 4.4.1-5ubuntu2~18.04+esm1 1:5.25.1-1ubuntu0.1~esm1 0.2.2-3ubuntu0.1~esm1 1:4.1.7-4ubuntu0.1+esm1 1.18.1-1ubuntu0.1+esm1 1.33.1-1ubuntu0.1~esm1 1.16.1-1ubuntu0.1~esm1 2.16.1-1ubuntu0.1~esm1 1.10.5-3~18.04.1~esm1 4.15.0-1013.17 4.15.0-1066.74 4.15.0-1080.85 4.15.0-1086.88 4.15.0-1094.107 4.15.0-1095.102 4.15.0-1097.106 4.15.0-1109.121 4.15.0-137.141 5.4.0-1011.12~18.04.2 5.4.0-1030.33~18.04.1 5.4.0-1037.39~18.04.1 5.4.0-1038.41~18.04.1 5.4.0-1039.41~18.04.1 5.4.0-1039.42~18.04.1 5.4.0-1041.43~18.04.1 5.4.0-67.75~18.04.1 2.5.1-1ubuntu1.8 4.15.0-1067.75 4.15.0-1081.86 4.15.0-1087.89 4.15.0-1095.108 4.15.0-1096.103 4.15.0-1098.107 4.15.0-1110.122 4.15.0-139.143 2.2.0+dfsg-1ubuntu0.1 3.0.26-5ubuntu0.1 5.3.0-1038.40 5.3.0-1041.44 5.3.0-72.68 5.4.0-1012.13~18.04.1 5.4.0-1032.35~18.04.1 5.4.0-1039.41~18.04.1 5.4.0-1040.43~18.04.1 5.4.0-1041.43~18.04.1 5.4.0-1041.44~18.04.1 5.4.0-1043.45~18.04.1 5.4.0-70.78~18.04.1 2:1.2.3-1ubuntu0.2 4.15.0-1015.19 4.15.0-1068.76 4.15.0-1082.87 4.15.0-1088.90 4.15.0-1096.109 4.15.0-1097.104 4.15.0-1099.108 4.15.0-1111.123 4.15.0-140.144 1.1.1-1ubuntu2.1~18.04.9 11.0.11+9-0ubuntu2~18.04 8u292-b10-0ubuntu1~18.04 87.0+build3-0ubuntu0.18.04.2 2.30.6-0ubuntu0.18.04.1 3.5.27-1ubuntu1.10 4.2.1-1ubuntu0.4 2.2.0+dfsg-1ubuntu0.2 7.58.0-2ubuntu3.13 3.4.2-0ubuntu0.18.04.5 2.2.0-11.1ubuntu1.6 1:1.11.11-1ubuntu1.12 2:1.19.6-1ubuntu4.9 2:1.20.8-2ubuntu2.2~18.04.5 3.4-1ubuntu0.1 4.15.0-1016.20 4.15.0-1069.77 4.15.0-1083.88 4.15.0-1089.91 4.15.0-1097.110 4.15.0-1098.105 4.15.0-1100.109 4.15.0-1112.125 4.15.0-141.145 5.4.0-1013.14~18.04.1 5.4.0-1033.36~18.04.1 5.4.0-1040.42~18.04.1 5.4.0-1041.44~18.04.1 5.4.0-1042.45~18.04.1 5.4.0-1043.45~18.04.1 5.4.0-1044.46~18.04.1 5.4.0-71.79~18.04.1 1.8.3~dfsg-1ubuntu0.1 4.15.0-1017.21 4.15.0-1070.78 4.15.0-1084.89 4.15.0-1090.92 4.15.0-1098.111 4.15.0-1099.106 4.15.0-1101.110 4.15.0-1113.126 4.15.0-142.146 5.3.0-1040.42 5.3.0-1043.46 5.3.0-74.70 5.3.0-1039.41 5.3.0-1042.45 5.3.0-73.69 5.4.0-1014.15~18.04.1 5.4.0-1034.37~18.04.1 5.4.0-1042.44~18.04.1 5.4.0-1042.45~18.04.1 5.4.0-1043.46~18.04.1 5.4.0-1045.47~18.04.1 5.4.0-1046.48~18.04.1 5.4.0-72.80~18.04.1 0.103.2+dfsg-0ubuntu0.18.04.1 0.103.2+dfsg-0ubuntu0.18.04.2 4.2.5-1ubuntu0.2+esm2 0.99.beta19-2ubuntu0.18.04.2 2.5.1-1ubuntu1.9 88.0+build2-0ubuntu0.18.04.2 3.28.0-1ubuntu1.3 1.14.5-0ubuntu1~18.04.2 1:9.11.3+dfsg-1ubuntu1.15 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 1:1.11.11-1ubuntu1.13 2.4.4-2ubuntu1.5 4.90.1-1ubuntu1.8 390.143-0ubuntu0.18.04.1 418.197.02-0ubuntu0.18.04.1 450.119.03-0ubuntu0.18.04.1 460.73.01-0ubuntu0.18.04.1 0.2.3-1ubuntu0.3 0.2.3-1ubuntu0.4 1.6.7-1ubuntu2.4 2.32.0-0ubuntu0.18.04.1 0.25-3.1ubuntu0.18.04.7 88.0.1+build1-0ubuntu0.18.04.2 1.4.11.1-1~18.04.2 1:10.1.48-0ubuntu0.18.04.1 5.4.0-1015.16~18.04.1 5.4.0-1043.45~18.04.1 5.4.0-1043.46~18.04.1 5.4.0-1044.47~18.04.1 5.4.0-1047.49~18.04.1 5.4.0-1048.50~18.04.1 5.4.0-73.82~18.04.1 5.4.0-1035.38~18.04.1 4.15.0-1018.22 4.15.0-1071.79 4.15.0-1085.90 4.15.0-1091.93 4.15.0-1099.112 4.15.0-1102.109 4.15.0-1102.111 4.15.0-1114.127 4.15.0-143.147 1.0.9-0ubuntu0.3 5.7.34-0ubuntu0.18.04.1 7.6+dfsg-2ubuntu0.18.04.1 3.5.27.1-8ubuntu0.3 1.14.5-0ubuntu1~18.04.3 1.0.0~rc93-0ubuntu1~18.04.2 9.0.1-2.3~ubuntu1.18.04.5+esm2 2.4.0+dfsg.1-2ubuntu1.1 5.1.0-1ubuntu0.6 0.25-3.1ubuntu0.18.04.9 2.20.9-0ubuntu7.24 2:1.6.4-3ubuntu0.4 1.14.0-0ubuntu1.9 0.0~r131-2ubuntu3.1 4.3.5-3ubuntu7.3 0.6.1-2ubuntu0.18.04.1 10.17-0ubuntu0.18.04.1 2.5.1-0ubuntu1.2 1:1.11.11-1ubuntu1.14 2.79-1ubuntu0.4 89.0+build2-0ubuntu0.18.04.2 4.15.0-1072.80 4.15.0-1086.91 4.15.0-1092.94 4.15.0-1100.113 4.15.0-1103.110 4.15.0-1103.112 4.15.0-1115.128 4.15.0-144.148 3.5.27-1ubuntu1.11 5.4.0-1016.17~18.04.1 5.4.0-1036.39~18.04.1 5.4.0-1044.46~18.04.1 5.4.0-1044.47~18.04.2 5.4.0-1046.50~18.04.2 5.4.0-1048.50~18.04.1 5.4.0-1049.51~18.04.1 5.4.0-74.83~18.04.1 3.20210608.0ubuntu0.18.04.1 0.2.3-0.6ubuntu0.18.04.2 0.2.3-0.6ubuntu0.18.04.3 10.80-1ubuntu0.1 8:6.9.7.4+dfsg-16ubuntu6.11 5.48-0ubuntu3.5 3.4.1-0ubuntu0.18.04.1 2.9.4+dfsg1-6.1ubuntu1.4 1.167~18.04.5+2.04-1ubuntu44.1.2 2.04-1ubuntu44.1.2 2.4.29-1ubuntu4.16 1:78.11.0+build1-0ubuntu0.18.04.2 2.2.0-11.1ubuntu1.7 5.4.0-1018.19~18.04.1 5.4.0-1038.41~18.04.1 5.4.0-1046.48~18.04.1 5.4.0-1046.49~18.04.1 5.4.0-1048.52~18.04.1 5.4.0-1051.53~18.04.1 5.4.0-77.86~18.04.1 5.3.0-1041.43 5.3.0-1044.47 5.3.0-75.71 4.15.0-1022.26 4.15.0-1075.83 4.15.0-1089.94 4.15.0-1103.116 4.15.0-1106.113 4.15.0-1106.115 4.15.0-1118.131 4.15.0-147.151 3.6.10-1ubuntu0.5 3.5.27.1-8ubuntu0.4 7.2.24-0ubuntu0.18.04.8 0.7-3.1ubuntu1.3 1:2.11+dfsg-1ubuntu7.37 90.0+build1-0ubuntu0.18.04.1 1.5.2-0ubuntu1~18.04.2 237-3ubuntu10.49 5.3.0-1042.44 5.3.0-1045.48 5.3.0-76.72 5.4.0-1021.22~18.04.1 5.4.0-1041.45~18.04.1 5.4.0-1049.52~18.04.1 5.4.0-1049.53~18.04.1 5.4.0-1052.56~18.04.1 5.4.0-1054.57~18.04.1 5.4.0-1055.57~18.04.1 5.4.0-80.90~18.04.1 4.15.0-1078.86 4.15.0-1092.98 4.15.0-1097.99 4.15.0-1106.120 4.15.0-1109.116 4.15.0-1109.118 4.15.0-1121.134 4.15.0-151.157 390.144-0ubuntu0.18.04.1 418.211.00-0ubuntu0.18.04.1 450.142.00-0ubuntu0.18.04.1 460.91.03-0ubuntu0.18.04.1 470.57.02-0ubuntu0.18.04.1 2.5.1-1ubuntu1.10 7.58.0-2ubuntu3.14 5.7.35-0ubuntu0.18.04.1 0.60.7~20110707-4ubuntu0.2 2.32.3-0ubuntu0.18.04.1 1.0.28-4ubuntu0.18.04.2 8.0.2-3ubuntu0.1 1:1.10.5+submodules+notgz-1ubuntu1.18.04.4 0.25-3.1ubuntu0.18.04.10 1.640-1ubuntu0.3 20.10.7-0ubuntu1~18.04.1 1.14.0-1ubuntu0.1 0.3.2.10-1ubuntu0.2~esm2 91.0+build2-0ubuntu0.18.04.1 91.0.2+build1-0ubuntu0.18.04.1 10.18-0ubuntu0.18.04.1 0.25-3.1ubuntu0.18.04.11 4.15.0-1079.87 4.15.0-1094.100 4.15.0-1098.100 4.15.0-1107.121 4.15.0-1110.117 4.15.0-1111.120 4.15.0-1122.135 4.15.0-154.161 5.4.0-1022.23~18.04.1 5.4.0-1042.46~18.04.3 5.4.0-1051.54~18.04.1 5.4.0-1051.55~18.04.1 5.4.0-1053.57~18.04.1 5.4.0-1055.58~18.04.1 5.4.0-1056.58~18.04.1 5.4.0-81.91~18.04.1 91.0.1+build1-0ubuntu0.18.04.1 2:1.9.4-3ubuntu0.1 1.1.1-1ubuntu2.1~18.04.13 1.0.2n-1ubuntu5.7 1:3.6.3-0ubuntu1.3 2.0.15-10.2ubuntu2.2 0.3.4-1ubuntu0.1 1:4.3-6ubuntu0.18.04.3 1:78.13.0+build1-0ubuntu0.18.04.1 1:2017.3.23-2ubuntu0.18.04.3 2.12+dfsg-6ubuntu0.18.04.4 4.0.2-0ubuntu3.2 1.16.1-1ubuntu1.8 2.2.5-4ubuntu0.5 0.13.1-1ubuntu0.3 5.4.0-1023.24~18.04.1 5.4.0-1052.55~18.04.1 5.4.0-1052.56~18.04.1 5.4.0-1054.58~18.04.1 5.4.0-1056.59~18.04.1 5.4.0-1058.60~18.04.1 5.4.0-84.94~18.04.1 5.4.0-1043.47~18.04.1 4.15.0-1027.32 4.15.0-1080.88 4.15.0-1099.101 4.15.0-1111.118 4.15.0-1112.121 4.15.0-1123.136 4.15.0-156.163 4.15.0-1108.122 4.15.0-1095.101 92.0+build3-0ubuntu0.18.04.1 1:2.17.1-1ubuntu0.9 2.20.9-0ubuntu7.26 1:4.3-6ubuntu0.18.04.4 7.58.0-2ubuntu3.15 7.58.0-2ubuntu3.16 1.5.4-3+really1.8.1-4ubuntu1.3 1.8.1-4ubuntu1.3 5.9.5+dfsg-0ubuntu2.6 4.15.0-158.166 5.4.0-86.97~18.04.1 2.32.4-0ubuntu0.18.04.1 20210119~18.04.2 2.4.29-1ubuntu4.17 2.4.29-1ubuntu4.18 5.4.0-1024.25~18.04.1 5.4.0-1053.56~18.04.1 5.4.0-1053.57~18.04.1 5.4.0-1055.59~18.04.1 5.4.0-1057.60~18.04.1 5.4.0-1059.62~18.04.1 5.4.0-87.98~18.04.1 5.4.0-1044.48~18.04.1 5.4.0-1061.64~18.04.1 2:8.0.1453-1ubuntu1.6 4.15.0-1028.33 4.15.0-1081.89 4.15.0-1100.102 4.15.0-1109.123 4.15.0-1112.119 4.15.0-1113.122 4.15.0-1124.137 4.15.0-159.167 4.15.0-1096.102 2.6-2ubuntu0.18.04.1 1.1.2-1ubuntu1.1 1.5.2-0ubuntu1~18.04.3 1:3.6.3-0ubuntu1.4 4.5.3-1ubuntu2.2 20.10.7-0ubuntu1~18.04.2 3.5.27-1ubuntu1.12 0.12.13-1ubuntu0.1 93.0+build1-0ubuntu0.18.04.1 1.4-8ubuntu0.1 1:5.12.0-3ubuntu0.1 5.6.2-1ubuntu2.7 4.15.0-1029.34 4.15.0-1082.90 4.15.0-1097.103 4.15.0-1101.103 4.15.0-1110.124 4.15.0-1114.121 4.15.0-1114.123 4.15.0-1125.138 4.15.0-161.169 5.4.0-1055.59~18.04.1 5.4.0-89.100~18.04.1 5.4.0-1025.26~18.04.1 5.4.0-1045.49~18.04.1 5.4.0-1054.57~18.04.1 5.4.0-1056.60~18.04.1 5.4.0-1058.61~18.04.3 5.4.0-1062.65~18.04.1 0.99.beta19-2ubuntu0.18.04.3 1:2.1.26-1ubuntu0.4 2.20.9-0ubuntu7.27 5.7.36-0ubuntu0.18.04.1 2.30-21ubuntu1~18.04.7 7.2.24-0ubuntu0.18.04.10 1:9.11.3+dfsg-1ubuntu1.16 12.2.13-0ubuntu0.18.04.10 94.0+build3-0ubuntu0.18.04.1 60.2-3ubuntu3.2 20.10.7-0ubuntu5~18.04.3 4.15.0-1030.35 4.15.0-1083.91 4.15.0-1098.104 4.15.0-1102.104 4.15.0-1111.125 4.15.0-1115.122 4.15.0-1115.124 4.15.0-1126.139 4.15.0-162.170 5.4.0-1026.27~18.04.1 5.4.0-1057.61~18.04.1 5.4.0-1059.62~18.04.1 5.4.0-1063.66~18.04.1 5.4.0-90.101~18.04.1 5.4.0-1046.50~18.04.1 5.4.0-1055.58~18.04.1 5.4.0-1057.61~18.04.1 1.5.2-1ubuntu0.1 1.75.3-3ubuntu0.1~esm1 2.2.0-11.1ubuntu1.8 10.19-0ubuntu0.18.04.1 1:78.14.0+build1-0ubuntu0.18.04.1 2:8.0.1453-1ubuntu1.7 1.3.15-1ubuntu0.1 2.2.0-11.1ubuntu1.9 1:2.1.26-1ubuntu0.5 2.2.0+dfsg1-0ubuntu0.18.04.2 5.48-0ubuntu3.6 1.1.2-3ubuntu0.1 8:6.9.7.4+dfsg-16ubuntu6.12 3:4.8.19-1ubuntu0.1~esm1 5.4.0-1027.28~18.04.1 5.4.0-1047.52~18.04.1 5.4.0-1056.59~18.04.1 5.4.0-1058.62~18.04.1 5.4.0-1060.63~18.04.1 5.4.0-1064.67~18.04.1 5.4.0-91.102~18.04.1 4.15.0-1031.36 4.15.0-1084.92 4.15.0-1099.106 4.15.0-1103.105 4.15.0-1112.126 4.15.0-1116.123 4.15.0-1116.125 4.15.0-1127.140 4.15.0-163.171 2:3.35-2ubuntu2.13 1:78.14.0+build1-0ubuntu0.18.04.2 0.34.3-4ubuntu0.1~esm1 0.631-1+deb9u1build0.18.04.1 0.8.4-1+deb9u2build0.18.04.1 3.0.6-2+deb9u1build0.18.04.1 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 2:1.9.4-3ubuntu0.1+esm1 1:1.27.2-2ubuntu3.4 1:2.1.26-1ubuntu0.6 1.12.1+dfsg-5ubuntu0.18.04.1~esm2 1.3.6+dfsg.1-1ubuntu0.1~esm2 5.48-0ubuntu3.7 0.6~dfsg0-3+deb10u1ubuntu0.1~esm1 1.5.11-1ubuntu0.1~esm1 95.0+build1-0ubuntu0.18.04.1 95.0.1+build2-0ubuntu0.18.04.1 2.11.1-3ubuntu0.1~esm1 1:1.3.9-1ubuntu0.18.04.3 2.56.4-0ubuntu0.18.04.9 1.3.28-2ubuntu0.1+esm1 1.0.9-0ubuntu0.4 2.10.0-2ubuntu0.1 2:1.19.6-1ubuntu4.10 2:1.20.8-2ubuntu2.2~18.04.6 1.2.19-1ubuntu1.1 3.6.9-1~18.04ubuntu1.6 3.7.5-2ubuntu1~18.04.2 3.8.0-3ubuntu1~18.04.2 11.0.13+8-0ubuntu1~18.04 8u312-b07-0ubuntu1~18.04 1:1.11.11-1ubuntu1.15 4.2.6-1ubuntu0.1~esm4 4.15.0-1033.38 4.15.0-1085.93 4.15.0-1101.108 4.15.0-1105.107 4.15.0-1114.128 4.15.0-1118.125 4.15.0-1118.127 4.15.0-1129.142 4.15.0-166.174 5.4.0-1029.30~18.04.2 5.4.0-1048.53~18.04.1 5.4.0-1057.60~18.04.1 5.4.0-1059.63~18.04.1 5.4.0-1061.64~18.04.1 5.4.0-1065.68~18.04.1 5.4.0-92.103~18.04.2 5.4.0-1060.64~18.04.1 5.4.0-94.106~18.04.1 2.4.29-1ubuntu4.21 1.1.38+ds1-1ubuntu0.1~esm1 3.2.5-1ubuntu0.1+esm1 2.5.0-1ubuntu0.1~esm1 1.6.3-1ubuntu0.1~esm1 5:4.0.9-1ubuntu0.2+esm3 2.12.4-0ubuntu0.1 1.2.17-8+deb10u1ubuntu0.1 9.26~dfsg+0-0ubuntu0.18.04.15 4.2.1-1ubuntu0.6 5.1.0-1ubuntu0.7 5.1.0-1ubuntu0.8 96.0+build2-0ubuntu0.18.04.1 1.7043-1ubuntu0.1~esm1 1.3.7.10-1ubuntu1+esm1 0.10.2-2ubuntu0.1~esm1 0.103.5+dfsg-0ubuntu0.18.04.1 2.5.1-1ubuntu1.11 17.12-1ubuntu0.1+esm1 9.4.1212-1ubuntu0.1~esm1 4.5.5-1ubuntu0.1~esm1 5.4.0-1031.32~18.04.1 5.4.0-1050.56~18.04.1 5.4.0-1059.62~18.04.1 5.4.0-1061.65~18.04.1 5.4.0-1062.66~18.04.1 5.4.0-1063.66~18.04.1 5.4.0-1067.70~18.04.1 5.4.0-96.109~18.04.1 5.9.5-0ubuntu1.1 0.16-3ubuntu0.1 1.12.2-1ubuntu1.3 3.6.0-1~18.04.1ubuntu0.1~esm1 2:8.0.1453-1ubuntu1.8 1:91.5.0+build1-0ubuntu0.18.04.1 2.0-21-g6fe2f4f-1ubuntu1.1 5.6.2-1ubuntu2.8 0.3.30-1ubuntu1+esm1 0.105-20ubuntu0.18.04.6 1.6.4-4ubuntu0.2+esm1 1:4.5-1ubuntu2.2 0.8.4-1+deb9u2ubuntu0.1 1.7.0-3ubuntu4.1 1.9.1-1ubuntu1+esm1 3.0pl1-128.1ubuntu1.1 3.0pl1-128.1ubuntu1.2 2:4.7.6+dfsg~ubuntu-0ubuntu2.28 5.4.0-1061.64~18.04.1 5.4.0-1032.33~18.04.1 5.4.0-1062.66~18.04.1 5.4.0-1063.67~18.04.1 5.4.0-1064.67~18.04.1 5.4.0-1068.71~18.04.1 5.4.0-97.110~18.04.1 5.4.0-1033.34~18.04.1 5.4.0-1062.65~18.04.1 5.4.0-1063.67~18.04.1 5.4.0-1064.68~18.04.1 5.4.0-1065.68~18.04.1 5.4.0-1069.72~18.04.1 5.4.0-99.112~18.04.1 5.4.0-1052.58~18.04.1 4.15.0-1034.39 4.15.0-1086.94 4.15.0-1102.109 4.15.0-1106.108 4.15.0-1115.129 4.15.0-1119.127 4.15.0-1119.128 4.15.0-167.175 1:1.11.11-1ubuntu1.16 5.7.37-0ubuntu0.18.04.1 4.6.2-1ubuntu0.1~esm1 1.10.0-patch1+docs-4ubuntu0.1~esm2 4.14.1+dfsg1-2ubuntu0.1~esm1 2.0.8+dfsg1-1ubuntu1.18.04.4+esm1 5.48-0ubuntu3.8 450.172.01-0ubuntu0.18.04.1 470.103.01-0ubuntu0.18.04.1 510.47.03-0ubuntu0.18.04.1 1.2~rc1.2-1ubuntu2.1 0.17.0-3ubuntu0.1~esm1 0.14-1ubuntu0.1~esm1 97.0+build2-0ubuntu0.18.04.1 2.2.5-3ubuntu0.4 3.4.6+dfsg-1ubuntu0.1+esm2 2.54.3+18.04 2.54.3+18.04.2ubuntu0.2 0.9.1.2-9+deb8u1ubuntu0.18.04.1 5.4.0-100.113~18.04.1 5.4.0-1015.16~18.04.1 5.4.0-1034.35~18.04.1 5.4.0-1053.60~18.04.1 5.4.0-1064.68~18.04.1 5.4.0-1065.69~18.04.1 5.4.0-1066.69~18.04.1 5.4.0-1070.73~18.04.1 5.4.0-1063.66~18.04.1 4.15.0-1035.40 4.15.0-1087.95 4.15.0-1103.110 4.15.0-1107.109 4.15.0-1116.130 4.15.0-1120.129 4.15.0-1121.129 4.15.0-1131.144 4.15.0-169.177 7.2.24-0ubuntu0.18.04.11 2.1.27~101-g0780600+dfsg-3ubuntu2.4 1:2.11+dfsg-1ubuntu7.39 2.27-3ubuntu1.5 1.5.5-0ubuntu3~18.04.2 11.0.14+9-0ubuntu2~18.04 17.0.2+8-1~18.04 11.0.14.1+1-0ubuntu1~18.04 97.0.2+build1-0ubuntu0.18.04.1 2.5.1+dfsg-1ubuntu0.1+esm1 5.4.0-1017.19~18.04.1 5.4.0-1036.37~18.04.1 5.4.0-104.118~18.04.1 5.4.0-1055.62~18.04.1 5.4.0-1065.68~18.04.1 5.4.0-1066.71~18.04.1 5.4.0-1067.71~18.04.1 5.4.0-1068.72~18.04.1 5.4.0-1072.75~18.04.1 4.15.0-1037.42 4.15.0-1089.98 4.15.0-1105.112 4.15.0-1109.112 4.15.0-1118.132 4.15.0-1122.131 4.15.0-1123.132 4.15.0-1133.146 4.15.0-171.180 2.2.5-3ubuntu0.7 98.0+build3-0ubuntu0.18.04.2 98.0.1+build2-0ubuntu0.18.04.1 98.0.2+build1-0ubuntu0.18.04.1 1:3.16.2-1ubuntu0.2 2.9.4+dfsg1-6.1ubuntu1.5 5.4.2-3ubuntu3.2 0.17-17ubuntu0.1 1.0.2n-1ubuntu5.8 1.1.1-1ubuntu2.1~18.04.15 1.29b-2ubuntu0.3 0.9+LibO6.0.7-0ubuntu0.18.04.11 1.0.2+LibO6.0.7-0ubuntu0.18.04.11 1.2.0+LibO6.0.7-0ubuntu0.18.04.11 1:6.0.7-0ubuntu0.18.04.11 2:102.10+LibO6.0.7-0ubuntu0.18.04.11 6.0.7-0ubuntu0.18.04.11 4.9.3-0ubuntu0.18.04.2 1:9.11.3+dfsg-1ubuntu1.17 2.4.29-1ubuntu4.22 5.4.0-1018.20~18.04.1 5.4.0-1037.38~18.04.1 5.4.0-105.119~18.04.1 5.4.0-1056.63~18.04.1 5.4.0-1066.69~18.04.1 5.4.0-1067.72~18.04.1 5.4.0-1068.72~18.04.1 5.4.0-1069.73~18.04.1 5.4.0-1073.76~18.04.1 4.15.0-1038.43 4.15.0-1090.99 4.15.0-1106.113 4.15.0-1110.113 4.15.0-1119.133 4.15.0-1123.132 4.15.0-1124.133 4.15.0-1134.147 4.15.0-173.182 4.5.7+dfsg-2ubuntu0.18.04.1 2.7.17-1~18.04ubuntu1.7 3.6.9-1~18.04ubuntu1.7 3.7.5-2ubuntu1~18.04.2+esm1 1:91.7.0+build2-0ubuntu0.18.04.1 2.4.4-2ubuntu1.7 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 99.0.4844.84-0ubuntu0.18.04.1 2.0.0-1ubuntu1.3 17.9.0-2ubuntu0.3 1:17.9.0-2ubuntu0.3 1:1.2.11.dfsg-0ubuntu2.1 0.74-4.3ubuntu0.1 4.15.0-1040.45 4.15.0-1112.115 4.15.0-1125.134 4.15.0-1126.135 4.15.0-1136.149 4.15.0-175.184 4.15.0-1091.100 4.15.0-1107.114 4.15.0-1120.134 5.4.0-1069.75~18.04.1 5.4.0-107.121~18.04.1 5.4.0-1019.21~18.04.1 5.4.0-1038.39~18.04.1 5.4.0-1058.65~18.04.1 5.4.0-1067.70~18.04.1 5.4.0-1069.73~18.04.1 5.4.0-1071.76~18.04.1 5.4.0-1074.77~18.04.1 3.1.2-2.1ubuntu1.4 9.0.16-3ubuntu0.18.04.2 0.19.7-2ubuntu0.1 3.35.0-0ubuntu1.1 99.0+build2-0ubuntu0.18.04.2 1.14.0-0ubuntu1.10 1:1.11.11-1ubuntu1.17 1:1.4+dfsg1-3ubuntu1.18.04.1~esm1 1:2.17.1-1ubuntu0.10 1:2.17.1-1ubuntu0.11 1.6-5ubuntu1.2 5.2.2-1.3ubuntu0.1 2.0.4-9ubuntu2.1 4.4.18-2ubuntu1.3 1.10.4-1ubuntu0.18.04.3 5.4.0-1020.22~18.04.1 5.4.0-1039.40~18.04.1 5.4.0-1059.66~18.04.1 5.4.0-1068.71~18.04.1 5.4.0-1070.76~18.04.1 5.4.0-1072.77~18.04.1 5.4.0-1077.80~18.04.1 5.4.0-109.123~18.04.1 4.15.0-1041.46 4.15.0-1092.101 4.15.0-1113.116 4.15.0-1121.135 4.15.0-1126.135 4.15.0-1127.136 4.15.0-1137.150 4.15.0-176.185 3.0.1-1ubuntu0.1~esm1 1:6.0.1-0ubuntu1.1 11.0.15+10-0ubuntu0.18.04.1 17.0.3+7-0ubuntu0.18.04.1 2.7-1ubuntu0.1 1.9.4-3ubuntu0.6 1:91.8.1+build1-0ubuntu0.18.04.1 1.7-0ubuntu3.4 1.7-0ubuntu3.5 9.26~dfsg+0-0ubuntu0.18.04.16 7.58.0-2ubuntu3.17 1.2.15+dfsg2-0.1ubuntu0.2 4.0.0-1ubuntu8.21 5.7.38-0ubuntu0.18.04.1 1.0.2n-1ubuntu5.9 1.1.1-1ubuntu2.1~18.04.17 3.22.0-1ubuntu0.5 8.32.0-1ubuntu4.2 2.79-1ubuntu0.6 2:3.35-2ubuntu2.14 100.0+build2-0ubuntu0.18.04.1 7.58.0-2ubuntu3.18 5.4.0-1021.23~18.04.1 5.4.0-1040.41~18.04.1 5.4.0-1060.68~18.04.1 5.4.0-1071.77~18.04.1 5.4.0-1073.78~18.04.1 5.4.0-1078.81~18.04.1 5.4.0-110.124~18.04.1 4.15.0-1042.47 4.15.0-1093.102 4.15.0-1114.117 4.15.0-1122.136 4.15.0-1127.136 4.15.0-1128.137 4.15.0-1138.151 4.15.0-177.186 4.0.9-5ubuntu0.5 2.9.4+dfsg1-6.1ubuntu1.6 0.103.6+dfsg-0ubuntu0.18.04.1 2.4.45+dfsg-1ubuntu1.11 2:8.39-9ubuntu0.1 3.1-1ubuntu0.1 2.20.9-0ubuntu7.28 2.2.4-1ubuntu1.5 100.0.2+build1-0ubuntu0.18.04.1 1:91.9.1+build1-0ubuntu0.18.04.1 1.9.2-1ubuntu0.2 10.21-0ubuntu0.18.04.1 5.4.0-1072.77~18.04.1 5.4.0-1075.80~18.04.1 5.4.0-1080.83~18.04.2 5.4.0-113.127~18.04.1 5.4.0-1023.25~18.04.1 5.4.0-1043.44~18.04.1 5.4.0-1062.70~18.04.1 5.4.0-1073.79~18.04.1 5.4.0-1075.80~18.04.1 4.15.0-1095.104 4.15.0-1111.118 4.15.0-1116.119 4.15.0-1124.138 4.15.0-1129.138 4.15.0-1130.139 4.15.0-1139.152 4.15.0-180.189 1.9.7-4ubuntu1.1 1.19.0.5ubuntu2.4 1.1.1+dfsg1-4+deb9u1ubuntu1 2.2.7-1ubuntu2.9 1.2-4ubuntu0.18.04.1~esm1 8:6.9.7.4+dfsg-16ubuntu6.13 2:6.8-1ubuntu1.2 2.2.0+dfsg1-0ubuntu0.18.04.3 2.5.1-1ubuntu1.12 1:2017.3.23-2ubuntu0.18.04.4 1.44.1-1ubuntu1.4 2.0-1.44.1-1ubuntu1.4 2.1-1.44.1-1ubuntu1.4 4.15.0-1098.108 4.15.0-1114.122 4.15.0-1119.123 4.15.0-1127.142 4.15.0-1132.142 4.15.0-1133.143 4.15.0-1142.156 4.15.0-184.194 5.4.0-1026.29~18.04.1 5.4.0-1046.48~18.04.1 5.4.0-1065.75~18.04.1 5.4.0-1074.79~18.04.1 5.4.0-1076.83~18.04.1 5.4.0-1078.84~18.04.1 5.4.0-1083.87~18.04.1 5.4.0-117.132~18.04.1 7:3.4.11-0ubuntu0.1 20211016~18.04.1 5.2.1-1ubuntu0.1 101.0.1+build1-0ubuntu0.18.04.1 3.5.0-1ubuntu0.4 7.2.24-0ubuntu0.18.04.12 7.2.24-0ubuntu0.18.04.13 5.48-0ubuntu3.9 3.1.4-4~deb9u5build0.18.04.1 2.4.5-2ubuntu0.1 4.15.0-1048.53 4.15.0-1101.112 4.15.0-1122.127 4.15.0-1130.146 4.15.0-1136.147 4.15.0-1145.160 4.15.0-187.198 5.4.0-1028.32~18.04.1 5.4.0-1048.51~18.04.1 5.4.0-1076.82~18.04.1 5.4.0-1078.86~18.04.1 5.4.0-1080.87~18.04.1 5.4.0-1085.90~18.04.1 5.4.0-120.136~18.04.1 3.20220510.0ubuntu0.18.04.1 2.4.29-1ubuntu4.24 2.4.29-1ubuntu4.25 1.0.2n-1ubuntu5.10 1.1.1-1ubuntu2.1~18.04.19 1:2.11+dfsg-1ubuntu7.40 3.5.27-1ubuntu1.13 4.15.0-188.199 5.4.0-121.137~18.04.1 7.58.0-2ubuntu3.19 22.2-0ubuntu1~18.04.3 1:1.11.11-1ubuntu1.18 1.1.1-1ubuntu2.1~18.04.20 2.2.4-1ubuntu1.6 102.0+build2-0ubuntu0.18.04.1 2:3.35-2ubuntu2.15 3.0.0-1ubuntu0.2 1:2.2.33.2-1ubuntu4.8 2:1.19.6-1ubuntu4.11 2:1.20.8-2ubuntu2.2~18.04.7 1:2.17.1-1ubuntu0.12 1:91.11.0+build2-0ubuntu0.18.04.1 5.4.0-1029.33~18.04.1 5.4.0-1049.52~18.04.1 5.4.0-1066.76~18.04.1 5.4.0-1079.87~18.04.1 5.4.0-1081.88~18.04.1 5.4.0-1086.91~18.04.1 5.4.0-122.138~18.04.1 4.15.0-1049.54 4.15.0-1102.113 4.15.0-1115.123 4.15.0-1123.128 4.15.0-1131.147 4.15.0-1133.143 4.15.0-1137.148 4.15.0-1146.161 4.15.0-189.200 2.7.17-1~18.04ubuntu1.8 3.6.9-1~18.04ubuntu1.8 6.01-1ubuntu0.1 4.0.9-5ubuntu0.6 2.0.10-2~18.04.1 1.5.3+ds1-1ubuntu0.1 1.2.8p16-1ubuntu0.2 2.8.1-2ubuntu2.2 0.12.13-1ubuntu0.2 103.0+build1-0ubuntu0.18.04.1 5.7.39-0ubuntu0.18.04.2 5.4.0-1078.84~18.04.1 5.4.0-1084.92~18.04.1 5.7.3+dfsg-1.8ubuntu3.7 11.0.16+8-0ubuntu1~18.04 17.0.4+8-1~18.04 8u342-b07-0ubuntu1~18.04 390.154-0ubuntu0.18.04.1 450.203.03-0ubuntu0.18.04.1 470.141.03-0ubuntu0.18.04.1 510.85.02-0ubuntu0.18.04.1 515.65.01-0ubuntu0.18.04.1 2.9.4+dfsg1-6.1ubuntu1.7 3.5.18-1ubuntu1.6 4.5.17-1ubuntu1.1 1.9.7.1-1ubuntu0.3 1.14.5-0ubuntu1~18.04.3 2.20.1+ds-1ubuntu0.1 4.15.0-1051.56 4.15.0-1104.115 4.15.0-1117.125 4.15.0-1125.130 4.15.0-1134.150 4.15.0-1135.145 4.15.0-1139.150 4.15.0-1149.164 4.15.0-191.202 5.4.0-1031.35~18.04.1 5.4.0-1051.54~18.04.1 5.4.0-1068.78~18.04.1 5.4.0-1080.86~18.04.1 5.4.0-1081.89~18.04.1 5.4.0-1083.90~18.04.1 5.4.0-1086.94~18.04.1 5.4.0-1089.94~18.04.1 5.4.0-124.140~18.04.1 2.7.1-2ubuntu0.1 1.6.7-1ubuntu2.5 1:1.2.11.dfsg-0ubuntu2.2 10.22-0ubuntu0.18.04.1 3.1.2-2.1ubuntu1.5 4.90.1-1ubuntu1.9 1.1.29-5ubuntu0.3 2:11.0.5-4ubuntu0.18.04.2 104.0+build3-0ubuntu0.18.04.1 237-3ubuntu10.54 237-3ubuntu10.56 1.6.10-4ubuntu0.1 5.2.2-1ubuntu0.1 7.58.0-2ubuntu3.20 4.15.0-1052.57 4.15.0-1126.131 4.15.0-1135.151 4.15.0-1136.146 4.15.0-1150.165 4.15.0-192.203 4.15.0-1140.151 5.4.0-1032.36~18.04.1 5.4.0-1082.90~18.04.1 5.4.0-1087.95~18.04.1 5.4.0-1084.91~18.04.1 5.4.0-1090.95~18.04.1 4.15.0-1105.116 5.4.0-125.141~18.04.1 5.4.0-1069.79~18.04.1 0.62.0-2ubuntu2.13 0.62.0-2ubuntu2.14 17.11.10-0ubuntu0.2 3.20220809.0ubuntu0.18.04.1 2:8.0.1453-1ubuntu1.9 1.16.0-1ubuntu1.1~18.04.4 3.22.0-1ubuntu0.6 4.0.9-5ubuntu0.7 4.15.0-1053.58 4.15.0-1106.117 4.15.0-1119.127 4.15.0-1127.132 4.15.0-1136.152 4.15.0-1137.147 4.15.0-1141.152 4.15.0-1151.166 4.15.0-193.204 5.4.0-1033.37~18.04.1 5.4.0-1083.91~18.04.1 5.4.0-1085.92~18.04.1 5.4.0-1091.96~18.04.1 5.4.0-126.142~18.04.1 1.0.7+ds1-1ubuntu0.2 1:9.11.3+dfsg-1ubuntu1.18 10.31-2ubuntu0.1~esm1 3.2.17+dfsg-1ubuntu0.1~esm1 5.4.0-1070.80~18.04.1 1.5.2-0ubuntu5.18.04.6 4.3-1ubuntu0.18.04.2 2.2.5-3ubuntu0.8 2.2.5-3ubuntu0.9 3.5.27-1ubuntu1.14 9.26~dfsg+0-0ubuntu0.18.04.17 105.0+build2-0ubuntu0.18.04.1 5.6.2-1ubuntu2.9 4.3.5-3ubuntu7.4 5.4.0-1089.97~18.04.1 6.7.0-1ubuntu0.1~esm2 1:102.2.2+build1-0ubuntu0.18.04.1 5.4.0-1034.38~18.04.1 5.4.0-128.144~18.04.1 4.15.0-1054.59 4.15.0-1107.118 4.15.0-1120.128 4.15.0-1128.133 4.15.0-1138.148 4.15.0-194.205 2.1-1ubuntu0.18.04.2 2:6.1.2+dfsg-2ubuntu0.1 6.0-21ubuntu1.2 7.5.0+dfsg-1ubuntu0.1 5.4.0-1071.81~18.04.1 5.4.0-1084.92~18.04.1 4.15.0-1137.153 4.15.0-1142.154 3:3.6.1-1ubuntu0.1~esm1 5.4.0-1086.93~18.04.1 1:2.17.1-1ubuntu0.13 4.15.0-1153.168 1.3.5-2ubuntu0.18.04.1 5.26.1-6ubuntu0.6 5.4.0-1036.41~18.04.1 5.4.0-1073.84~18.04.1 5.4.0-1086.95~18.04.1 5.4.0-1088.96~18.04.1 5.4.0-1092.101~18.04.1 5.4.0-1094.100~18.04.1 5.4.0-131.147~18.04.1 0.9+LibO6.0.7-0ubuntu0.18.04.12 1.0.2+LibO6.0.7-0ubuntu0.18.04.12 1.2.0+LibO6.0.7-0ubuntu0.18.04.12 1:6.0.7-0ubuntu0.18.04.12 2:102.10+LibO6.0.7-0ubuntu0.18.04.12 6.0.7-0ubuntu0.18.04.12 5.7.40-0ubuntu0.18.04.1 1:6.0.1-0ubuntu1.2 2.9.8-0ubuntu0.18.04.3 7.58.0-2ubuntu3.21 1.12.2-1ubuntu1.4 106.0.2+build1-0ubuntu0.18.04.1 106.0.5+build1-0ubuntu0.18.04.1 1:2017.3.23-2ubuntu0.18.04.5 4.0.9-5ubuntu0.8 0.18.8-1ubuntu0.4 3.22.0-1ubuntu0.7 7.2.24-0ubuntu0.18.04.15 0.34.0-2ubuntu0.1 11.0.17+8-1ubuntu2~18.04 17.0.5+8-2ubuntu1~18.04 8u352-ga-1~18.04 1.14.0-0ubuntu1.11 1:102.4.2+build2-0ubuntu0.18.04.1 1.13.8-1ubuntu1~18.04.4 107.0+build2-0ubuntu0.18.04.1 4.15.0-1055.60 4.15.0-1108.119 4.15.0-1121.129 4.15.0-1129.134 4.15.0-1139.149 4.15.0-1143.155 4.15.0-197.208 4.15.0-1138.154 5.4.0-1037.42~18.04.1 5.4.0-1087.96~18.04.1 5.4.0-1089.97~18.04.1 5.4.0-1095.101~18.04.1 5.4.0-132.148~18.04.1 5.4.0-1074.85~18.04.1 5.4.0-1093.102~18.04.1 0.7.4-2ubuntu3.2 1.6.7-1ubuntu2.6 1.3.2-1ubuntu0.1 2.2.0+dfsg1-0ubuntu0.18.04.4 8:6.9.7.4+dfsg-16ubuntu6.14 2:1.19.6-1ubuntu4.12 2:1.20.8-2ubuntu2.2~18.04.8 4.90.1-1ubuntu1.10 2.1-3.1ubuntu0.18.04.1 4.0.9-5ubuntu0.9 2:1.0.9-2ubuntu0.18.04.1 1:4.5-1ubuntu2.4 1:4.5-1ubuntu2.5 11.6.1-1ubuntu0.2 2.57.5+18.04ubuntu0.1 5.4.0-1040.45~18.04.2 5.4.0-1077.88~18.04.2 5.4.0-1090.99~18.04.2 5.4.0-1092.100~18.04.2 5.4.0-1096.105~18.04.2 5.4.0-135.152~18.04.2 5.4.0-1098.104~18.04.2 4.15.0-1057.62 4.15.0-1111.122 4.15.0-1124.132 4.15.0-1132.137 4.15.0-1141.157 4.15.0-1142.152 4.15.0-1146.158 4.15.0-200.211 2.9.4+dfsg1-6.1ubuntu1.8 20211016ubuntu0.18.04.1 2.30-21ubuntu1~18.04.8 2020.10+dfsg-1ubuntu0~18.04.3 7.5.0+dfsg-1ubuntu0.2 2.7.17-1~18.04ubuntu1.10 3.6.9-1~18.04ubuntu1.9 3.6.9-1~18.04ubuntu1.10 1:2.11+dfsg-1ubuntu7.41 4.15.0-1157.172 1.5.9-0ubuntu1~18.04.2 2:1.19.6-1ubuntu4.13 2:1.20.8-2ubuntu2.2~18.04.9 108.0+build2-0ubuntu0.18.04.1 108.0.1+build1-0ubuntu0.18.04.1 108.0.2+build1-0ubuntu0.18.04.1 0.7.1-1ubuntu0.18.04.1 3.0.16+dfsg-1ubuntu3.2 1:3.26.4-0~ubuntu18.04.6 1.3.5-2ubuntu0.18.04.2 7.58.0-2ubuntu3.22 4.15.0-1058.63 4.15.0-1112.123 4.15.0-1125.133 4.15.0-1133.138 4.15.0-1142.158 4.15.0-1143.153 4.15.0-1147.159 4.15.0-1158.173 4.15.0-201.212 5.4.0-1041.46~18.04.1 5.4.0-1078.89~18.04.1 5.4.0-1091.100~18.04.1 5.4.0-1093.102~18.04.2 5.4.0-1097.106~18.04.1 5.4.0-136.153~18.04.1 5.4.0-1100.106~18.04.1 5.7.3+dfsg-1.8ubuntu3.8 0.5.3-36ubuntu0.1 7.5.0+dfsg-1ubuntu0.3 2:8.0.1453-1ubuntu1.10 4.15.0-1134.139 4.15.0-1159.174 4.15.0-202.213 5.4.0-1092.101~18.04.1 5.4.0-1098.107~18.04.1 4.15.0-1143.159 4.15.0-1148.160 2.5.1-1ubuntu1.13 1:3.5.12-1ubuntu0.18.04.2 5.4.0-1042.47~18.04.1 1:2.17.1-1ubuntu0.14 1:2.17.1-1ubuntu0.15 1.8.21p2-3ubuntu1.5 4.15.0-1113.124 4.15.0-1144.154 5.4.0-1094.102~18.04.1 5.4.0-137.154~18.04.1 109.0+build2-0ubuntu0.18.04.1 109.0.1+build1-0ubuntu0.18.04.2 39.0.1-2ubuntu0.1 7.2.24-0ubuntu0.18.04.16 1:5.9~svn20110310-11ubuntu0.1 0.30.0-0.2ubuntu0.1 9.0.1-2.3~ubuntu1.18.04.7 9.0.1-2.3~ubuntu1.18.04.8 5.7.41-0ubuntu0.18.04.1 1:102.7.1+build2-0ubuntu0.18.04.1 1.1.8-3.6ubuntu2.18.04.4 1.1.8-3.6ubuntu2.18.04.6 3.0.26-5ubuntu0.3 1.16-2ubuntu0.3 5.4.0-1079.90~18.04.1 4.15.0-1126.134 5.4.0-1101.107~18.04.1 0.15.2-4ubuntu2.1 2:12.0.10-0ubuntu2.2 2:17.0.13-0ubuntu5.2 1:1.11.11-1ubuntu1.19 2.1-1ubuntu0.18.04.3 2.4.29-1ubuntu4.26 0.631-1+deb9u3build0.18.04.1 0.12.1-1.1ubuntu0.18.04.1~esm1 2.6-3ubuntu0.3 1.1.1-1ubuntu2.1~18.04.21 1.0.2n-1ubuntu5.11 2:1.19.6-1ubuntu4.14 2:1.20.8-2ubuntu2.2~18.04.10 1.0.1-8ubuntu0.1+esm1 7.5.0+dfsg-1ubuntu0.4 5.4.0-1080.91~18.04.1 5.4.0-1103.109~18.04.1 4.15.0-1114.125 4.15.0-1127.135 4.15.0-1135.140 4.15.0-1145.161 4.15.0-1150.163 4.15.0-204.215 8:6.9.7.4+dfsg-16ubuntu6.15 4.15.0-1060.65 4.15.0-1145.155 1:3.2.6a-6ubuntu1.1 4.15.0-1161.176 2:17.0.13-0ubuntu5.3 1:1.11.11-1ubuntu1.20 1.8.8-1ubuntu0.13 1.6.1-2ubuntu0.1 1:2.17.1-1ubuntu0.16 1:2.17.1-1ubuntu0.17 0.0~git20170627.0.6353ef0-1ubuntu2.1 5.4.0-1044.49~18.04.1 5.4.0-1093.102~18.04.1 5.4.0-1096.104~18.04.1 5.4.0-1100.109~18.04.1 5.4.0-139.156~18.04.1 110.0+build3-0ubuntu0.18.04.1 110.0.1+build2-0ubuntu0.18.04.1 110.0.5481.100-0ubuntu0.18.04.1 3.6.2-3ubuntu0.1~esm1 3.20230214.0ubuntu0.18.04.1 0.103.8+dfsg-0ubuntu0.18.04.1 2.9.8-0ubuntu0.18.04.4 7.58.0-2ubuntu3.23 2:3.35-2ubuntu2.16 2:1.3.0-7ubuntu0.2 1.6.4-4ubuntu0.2+esm2 11.0.18+10-0ubuntu1~18.04.1 17.0.6+10-0ubuntu1~18.04.1 8u362-ga-0ubuntu1~18.04.1 7.6+dfsg-2ubuntu0.18.04.2 1.29b-2ubuntu0.4 7.2.24-0ubuntu0.18.04.17 14.4.2-3ubuntu0.18.04.2 14.4.2-3ubuntu0.18.04.3 1.14.0-1ubuntu0.2 1.6.4-4ubuntu0.2+esm4 5.4.0-1094.103~18.04.1 5.4.0-1097.105~18.04.1 5.4.0-1104.110~18.04.1 5.4.0-144.161~18.04.1 4.15.0-1061.66 4.15.0-1115.126 4.15.0-1146.162 4.15.0-1151.164 4.15.0-206.217 3.1.2-2.1ubuntu1.6 4.0.9-5ubuntu0.10 4.15.0-1128.136 4.15.0-1136.141 4.15.0-1146.156 4.15.0-1162.177 237-3ubuntu10.57 3.7.5-2ubuntu1~18.04.2+esm2 3.8.0-3ubuntu1~18.04.2+esm1 1.12.11+20110422.1-2.1+deb10u3build0.18.04.1 0.9+20170913-1ubuntu0.18.04.1~esm1 5.4.0-1101.110~18.04.1 5.4.0-1081.92~18.04.1 2.4.29-1ubuntu4.27 1:102.8.0+build2-0ubuntu0.18.04.1 1.23-1+deb10u1build0.18.04.1 3.0.0-9.1ubuntu1.1 1.4.11.1-1+deb10u4build0.18.04.1 2.4.6-1ubuntu0.1~esm1 0.14.1+dfsg1-1ubuntu0.2 111.0.5563.64-0ubuntu0.18.04.5 5.4.0-1045.50~18.04.1 2.3.0-2+deb10u2build0.18.04.1 5.5.0-1ubuntu0.1~esm1 111.0+build2-0ubuntu0.18.04.1 111.0.1+build2-0ubuntu0.18.04.1 5.2.14+dfsg-2.3+deb9u2ubuntu0.1~esm1 5.2.14+dfsg-2.3+deb9u2ubuntu0.1~esm2 2.1.2-1ubuntu0.1~esm1 7:3.4.11-0ubuntu0.1+esm1 1.16-2ubuntu0.4 2.7.17-1~18.04ubuntu1.11 3.6.9-1~18.04ubuntu1.12 7.8.9-1+deb9u1build0.18.04.1 2:8.0.1453-1ubuntu1.11 7.58.0-2ubuntu3.24 1:3.5.1-1ubuntu0.1 1:3.5.1-1ubuntu0.2 1:3.5.1-1ubuntu0.3 0.11.3-1ubuntu0.1 2.1.8-1ubuntu0.1~esm1 1.9+srconly-2ubuntu0.1 2.40.1-2ubuntu0.1~esm1 1:102.9.0+build1-0ubuntu0.18.04.1 1.2.0-1ubuntu0.1 1.3.28-2ubuntu0.2+esm1 2.4-20160731-1ubuntu0.1 4.15.0-1062.67 4.15.0-1116.127 4.15.0-1129.137 4.15.0-1137.142 4.15.0-1153.166 4.15.0-208.220 5.4.0-1046.51~18.04.1 5.4.0-1082.93~18.04.1 5.4.0-1098.107~18.04.1 5.4.0-1099.107~18.04.1 5.4.0-1102.111~18.04.2 5.4.0-1105.111~18.04.1 5.4.0-146.163~18.04.1 2:1.19.6-1ubuntu4.15 2:1.20.8-2ubuntu2.2~18.04.11 1.0.7-6ubuntu0.1 1.1.19-1ubuntu0.1~esm1 4.15.0-1147.163 2:8.0.1453-1ubuntu1.12 3.5.0-1ubuntu0.5 1.8.18-5ubuntu0.2 1.2.17-8+deb10u1ubuntu0.2 1.0.0-1ubuntu0.18.04.1 1.8.21p2-3ubuntu1.6 0.12.2-0ubuntu0.18.04.1+esm1 112.0+build2-0ubuntu0.18.04.1 112.0.1+build1-0ubuntu0.18.04.1 112.0.2+build1-0ubuntu0.18.04.1 2.2-2ubuntu0.18.04.1 1:102.10.0+build2-0ubuntu0.18.04.1 3.3.0-1+deb10u1build0.18.04.1 9.26~dfsg+0-0ubuntu0.18.04.18 2.20.9-0ubuntu7.29 112.0.5615.49-0ubuntu0.18.04.1 5.1.2-1ubuntu2+esm1 0.9+LibO6.0.7-0ubuntu0.18.04.13 1.0.2+LibO6.0.7-0ubuntu0.18.04.13 1.2.0+LibO6.0.7-0ubuntu0.18.04.13 1:6.0.7-0ubuntu0.18.04.13 2:102.10+LibO6.0.7-0ubuntu0.18.04.13 6.0.7-0ubuntu0.18.04.13 2:8.0.1453-1ubuntu1.13 5.4.0-1047.52~18.04.1 5.4.0-1083.94~18.04.1 5.4.0-1099.108~18.04.1 5.4.0-1100.108~18.04.1 5.4.0-1103.112~18.04.1 5.4.0-1106.112~18.04.1 5.4.0-147.164~18.04.1 2.9.4+dfsg1-6.1ubuntu1.9 4.15.0-1063.68 4.15.0-1117.128 4.15.0-1130.138 4.15.0-1138.143 4.15.0-1148.164 4.15.0-1154.167 4.15.0-1163.178 4.15.0-209.220 4.15.0-1148.158 2.79-1ubuntu0.7 5.44.0-0ubuntu1+esm1 3.6-1+deb11u1build0.18.04.1 1.18.1-1ubuntu1~18.04.4 1.13.8-1ubuntu1~18.04.4+esm1 1.16.2-0ubuntu1~18.04.2+esm1 1.0.2n-1ubuntu5.12 1.1.1-1ubuntu2.1~18.04.22 23.1.2-0ubuntu0~18.04.1 1.4.1-0ubuntu1.2 4.15.0-1118.129 4.15.0-1139.144 4.15.0-1149.165 4.15.0-1164.179 4.15.0-210.221 5.4.0-1100.109~18.04.1 5.4.0-1101.109~18.04.1 5.4.0-1104.113~18.04.1 5.4.0-1107.113~18.04.1 5.4.0-148.165~18.04.1 0.4.37-1ubuntu0.18.04.1 1:4.1.7-4ubuntu0.1+esm2 1:2.17.1-1ubuntu0.18 4.15.0-1149.159 5.4.0-1048.53~18.04.1 1:1.11.11-1ubuntu1.21 2.5.1-1ubuntu1.14 2.5.1-1ubuntu1.15 4.15.0-1155.168 5.7.42-0ubuntu0.18.04.1 12.2.13-0ubuntu0.18.04.11 0.2.4-0.1ubuntu0.1 2.1.0-1+deb10u1build0.18.04.1 1:10.0.2-0ubuntu1.1 2:12.1.1-0ubuntu8.1 2.9.8-0ubuntu0.18.04.5 4.15.0-1131.139 5.4.0-1084.95~18.04.1 113.0+build2-0ubuntu0.18.04.1 113.0.1+build1-0ubuntu0.18.04.1 113.0.2+build1-0ubuntu0.18.04.1 1:102.11.0+build1-0ubuntu0.18.04.1 0.24.0+dfsg-1ubuntu0.1~esm1 11.0.19+7~us1-0ubuntu1~18.04.1 17.0.7+7~us1-0ubuntu1~18.04 8u372-ga~us1-0ubuntu1~18.04 0.6.1-2ubuntu0.18.04.2 4.15.0-1140.145 4.15.0-1156.169 4.15.0-211.222 0.2.1-1+deb10u1build0.18.04.1 1.20.2-0ubuntu3.3 4.15.0-1119.130 4.15.0-1150.166 3.0.4-3+deb10u1build0.18.04.1 2.5.1-1ubuntu1.16 1.1.4-0ubuntu1~18.04.2 4.15.0-1165.180 5.4.0-1049.54~18.04.1 5.4.0-1105.114~18.04.1 5.4.0-1108.114~18.04.1 5.4.0-149.166~18.04.1 4.15.0-1132.140 4.15.0-1150.160 1.8-1ubuntu0.1 1:3.00-8~ubuntu0.1 6.1-1ubuntu1.18.04.1 1.06-1ubuntu0.18.04.1 2.30-21ubuntu1~18.04.9 0.2.3-1+deb10u1build0.18.04.1 10.23-0ubuntu0.18.04.2 20230311ubuntu0.18.04.1 1:3.00-8~ubuntu0.2 5.4.0-1085.96~18.04.1 1:3.00-8~ubuntu0.2+esm1 5.26.1-6ubuntu0.7 1.0.1-1+deb10u1build0.18.04.1 2017.20170613.44572-8ubuntu0.2 6.0.1+dfsg-1+deb10u1build0.18.04.1 1.10-2~18.04.1 5.4.0-1101.110~18.04.1 1.0.2n-1ubuntu5.13 1.1.1-1ubuntu2.1~18.04.23 2.58+18.04.1 2.2.7-1ubuntu2.10 0.7-3.1ubuntu1.3+esm1 4.15.0-1120.131 4.15.0-1141.146 4.15.0-1151.161 4.15.0-1151.167 4.15.0-1157.170 4.15.0-1166.181 4.15.0-212.223 5.4.0-1050.55~18.04.1 5.4.0-1102.111~18.04.1 5.4.0-1106.115~18.04.1 5.4.0-1109.115~18.04.1 5.4.0-150.167~18.04.1 5.4.0-1103.111~18.04.1 2.7.17-1~18.04ubuntu1.13 3.6.9-1~18.04ubuntu1.13 1.30.0-1ubuntu1+esm1 11.6.1-1ubuntu0.2+esm1 2.2.6-1ubuntu0.18.04.2+esm1 0.5.0-2ubuntu0.1~esm1 4.4.0-2ubuntu0.1~esm1 2:8.0.1453-1ubuntu1.13+esm1 2.18.4-2ubuntu0.1+esm1 1.7.3-1ubuntu0.1~esm1 2.9.19+dfsg-3ubuntu0.18.04.1~esm1 1.14.0-1ubuntu0.2+esm1 2.56.4-0ubuntu0.18.04.9+esm3 1:2.25-1.2ubuntu0.1~esm1 1:2.11+dfsg-1ubuntu7.42+esm1 2:1.6.4-3ubuntu0.4+esm1 1.8.0-8ubuntu3+esm2 1.26.0-2ubuntu0.1~esm1 1.4.0-1ubuntu0.18.04.1~esm1 1.2.3+dfsg1-3ubuntu1+esm1 1.4.0-1ubuntu0.18.04.1~esm2 3.0.8-0ubuntu18.04.1+esm1 2.3.0-7ubuntu0.18.04.1~esm1 1:9.11.3+dfsg-1ubuntu1.19+esm1 2.2.7-1ubuntu2.10+esm1 3.2.17+dfsg-1ubuntu0.1+esm2 0.6.45-1ubuntu1.3+esm1 4.15.0-1067.72 4.15.0-1121.132 4.15.0-1134.142 4.15.0-1142.147 4.15.0-1152.162 4.15.0-1152.168 4.15.0-1158.171 4.15.0-1167.182 4.15.0-213.224 5.4.0-1052.57~18.04.1 5.4.0-1089.100~18.04.1 5.4.0-1104.113~18.04.1 5.4.0-1105.113~18.04.1 5.4.0-1108.117~18.04.1 5.4.0-1111.117~18.04.1 5.4.0-153.170~18.04.1 2.4.45+dfsg-1ubuntu1.11+esm1 4.6.2-1ubuntu1.1+esm1 7.2.24-0ubuntu0.18.04.17+esm1 8:6.9.7.4+dfsg-16ubuntu6.15+esm1 1.6.12-0ubuntu1~18.04.1+esm1 1:1.11.11-1ubuntu1.21+esm1 1.2.0-1ubuntu2+esm1 2.6.1-3ubuntu0.1~esm1 4.3.1-1ubuntu0.1~esm1 1.21-0ubuntu1~18.04.1+esm1 2.5.1-1ubuntu1.16+esm1 2.1.1-1ubuntu0.1~esm2 4.0.9-5ubuntu0.10+esm1 0.12.4-1ubuntu0.1~esm1 2.1.0-2ubuntu0.18.04.1~esm1 1.35-6ubuntu0.1~esm1 7.58.0-2ubuntu3.24+esm1 0.3.2+git20151018-2ubuntu0.18.04.1~esm1 1:7.6p1-4ubuntu0.7+esm1 1.0.2+debian-2ubuntu0.1~esm1 1.0.2+debian-2ubuntu0.1~esm2 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm1 5.4.0-1053.58~18.04.1 5.4.0-1090.101~18.04.1 5.4.0-1105.114~18.04.1 5.4.0-1106.114~18.04.1 5.4.0-1109.118~18.04.1 5.4.0-1112.118~18.04.1 5.4.0-155.172~18.04.1 4.15.0-1068.73 4.15.0-1122.133 4.15.0-1143.148 4.15.0-1153.163 4.15.0-1153.170 4.15.0-1159.172 4.15.0-1168.183 4.15.0-214.225 2:11.0.5-4ubuntu0.18.04.3+esm1 2.0.874-5ubuntu2.11+esm1 2.6.10-1~ubuntu18.04.0+esm1 11.0.20+8-1ubuntu1~18.04 17.0.8+7-1~18.04 8u382-ga-1~18.04.1 11.0.20.1+1-0ubuntu1~18.04 17.0.8.1+1~us1-0ubuntu1~18.04 2:8.0.1453-1ubuntu1.13+esm3 2.0.13-1.2ubuntu0.1~esm1 0.66.0+ds0ubuntu0.libgit2-0ubuntu0.18.04.1~esm1 0.6.2+dfsg-3ubuntu0.18.04.1~esm1 1:7.6p1-4ubuntu0.7+esm2 1.26.0-2ubuntu0.1~esm2 1.7-5ubuntu0.18.04.1~esm1 2.0-7ubuntu0.18.04.1~esm1 5.4.0-1091.102~18.04.1 5.4.0-1106.115~18.04.1 5.4.0-1107.115~18.04.1 5.4.0-1110.119~18.04.1 3.20230808.0ubuntu0.18.04.1+esm1 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 5.7.43-0ubuntu0.18.04.1+esm1 4.0.9-5ubuntu0.10+esm2 9.26~dfsg+0-0ubuntu0.18.04.18+esm1 0.13.62-3.1ubuntu0.18.04.1+esm1 0.62.0-2ubuntu2.14+esm1 5.4.0-156.173~18.04.1 2:8.0.1453-1ubuntu1.13+esm4 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 7.2.24-0ubuntu0.18.04.17+esm2 0.6.0+dfsg1-1ubuntu0.1~esm1 5.4.0-1054.59~18.04.1 2.8.8-1ubuntu0.1~esm1 5.4.0-1108.116~18.04.1 5.4.0-159.176~18.04.1 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm2 0.170-0.4ubuntu0.1+esm1 2.1.8-1ubuntu0.1~esm2 5.4.0-1107.116~18.04.1 5.4.0-1111.120~18.04.1 0.7.git20120829-3.1~0.18.04.1+esm1 1:1.27.2-2ubuntu3.4+esm1 2.6.2~ds1-1ubuntu0.1~esm1 5.4.0-1113.119~18.04.1 5.4.0-1108.117~18.04.1 5.4.0-1109.118~18.04.1 5.4.0-162.179~18.04.1 5.4.0-1093.104~18.04.1 5.4.0-1112.121~18.04.1 5.4.0-1115.122~18.04.1 4.15.0-1123.134 4.15.0-1144.149 4.15.0-1154.171 4.15.0-1160.173 4.15.0-216.227 4.15.0-1169.184 14.4.2-3ubuntu0.18.04.3+esm1 5.4.0-1092.103~18.04.1 1.3.2-3ubuntu0.18.04.1~esm1 1.8.5-8ubuntu0.18.04.1~esm1 2.7.17-1~18.04ubuntu1.13+esm1 1.3.2-3ubuntu0.2 5.4.0-1056.61~18.04.1 4.3.2-3ubuntu0.1~esm1 1.3.2-1ubuntu0.1+esm1 2.2.7-1ubuntu2.10+esm3 9.26~dfsg+0-0ubuntu0.18.04.18+esm2 2:11.0.5-4ubuntu0.18.04.3+esm2 0.6.1-2ubuntu0.18.04.2+esm1 2.9.2-1ubuntu0.1~esm1 1.8.0-1ubuntu0.1 1:4.1.4+dfsg-1ubuntu0.1~esm1 1.9.4-3ubuntu0.6+esm1 8.10.0~dfsg-2ubuntu0.4+esm2 2.30-21ubuntu1~18.04.9+esm1 1.5.6-0ubuntu1.2+esm1 5.4.0-1057.62~18.04.1 5.4.0-1109.118~18.04.1 5.4.0-1110.119~18.04.1 5.4.0-1113.122~18.04.1 5.4.0-1116.123~18.04.1 5.4.0-163.180~18.04.1 5.4.0-1094.105~18.04.1 2.2.7-1ubuntu2.10+esm2 8:6.9.7.4+dfsg-16ubuntu6.15+esm2 2.7.17-1~18.04ubuntu1.13+esm3 4.15.0-1124.135 4.15.0-1155.172 4.15.0-1161.174 4.15.0-1170.185 4.15.0-218.229 4.15.0-1145.150 1.2.1+dfsg-1ubuntu0.18.04.1+esm1 2.7.17-1~18.04ubuntu1.13+esm2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 1.0.1-1ubuntu0.1~esm1 1.7.0-3ubuntu0.18.04.1+esm1 2:1.6.4-3ubuntu0.4+esm2 1:3.5.12-1ubuntu0.18.04.2+esm1 4.90.1-1ubuntu1.10+esm1 2.30-21ubuntu1~18.04.9+esm3 1:1.11.11-1ubuntu1.21+esm2 5.4.0-1058.63~18.04.1 5.4.0-1095.106~18.04.1 5.4.0-1110.119~18.04.1 5.4.0-1111.120~18.04.1 5.4.0-1115.124~18.04.1 5.4.0-1117.124~18.04.1 5.4.0-164.181~18.04.1 8.10.0~dfsg-2ubuntu0.4+esm3 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 2:8.0.1453-1ubuntu1.13+esm5 1:9.11.3+dfsg-1ubuntu1.19+esm2 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 4.0.9-5ubuntu0.10+esm3 7.58.0-2ubuntu3.24+esm2 7:3.4.11-0ubuntu0.1+esm2 3.1.3-1ubuntu0.1~esm1 1.2.4-1ubuntu0.1~esm1 2.1.1~rc1-1ubuntu0.1~esm1 1.1.1-1ubuntu2.1~18.04.23+esm3 8.4.5-1ubuntu0.1~esm1 4.15.0-1125.136 4.15.0-1146.151 4.15.0-1156.173 4.15.0-1162.175 4.15.0-1171.186 4.15.0-219.230 5.4.0-1059.64~18.04.1 5.4.0-1111.120~18.04.1 5.4.0-1112.121~18.04.2 5.4.0-1118.125~18.04.1 5.4.0-165.182~18.04.1 5.4.0-1116.125~18.04.1 5.4.0-1096.107~18.04.1 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1 7:3.4.11-0ubuntu0.1+esm3 7:3.4.11-0ubuntu0.1+esm4 6.1-1ubuntu1.18.04.1+esm1 2:8.0.1453-1ubuntu1.13+esm6 2:1.19.6-1ubuntu4.15+esm1 4.90.1-1ubuntu1.10+esm2 5.4.0-1060.65~18.04.1 5.4.0-1097.109~18.04.2 5.4.0-1112.121~18.04.4 5.4.0-1113.123~18.04.1 5.4.0-1117.126~18.04.1 5.4.0-1119.126~18.04.2 5.4.0-166.183~18.04.2 2:11.0.5-4ubuntu0.18.04.3+esm3 1.16-2ubuntu0.4+esm1 0.9.5-2ubuntu0.1~esm1 1.4-25ubuntu0.1~esm1 1.0.28-4ubuntu0.18.04.2+esm1 2.4+dfsg-6ubuntu0.1~esm1 1.22-1ubuntu0.18.04.2+esm1 9.0.1-2.3~ubuntu1.18.04.8+esm2 0.9.5-2ubuntu0.1~esm2 2:3.3.12-3ubuntu1.2+esm1 1:2.1.0-2ubuntu0.18.04.1~esm1 3.20231114.0ubuntu0.18.04.1+esm1 0.7-3.1ubuntu1.3+esm2 5.6.2-1ubuntu2.9+esm1 6-1ubuntu0.1~esm1 8.10.0~dfsg-2ubuntu0.4+esm4 1.0.1-0ubuntu1.18.04.1+esm1 4.15.0-1126.137 4.15.0-1147.152 4.15.0-1163.176 4.15.0-220.231 4.15.0-1157.174 4.15.0-1172.187 5.4.0-1061.66~18.04.1 5.4.0-1098.110~18.04.2 5.4.0-1113.122~18.04.1 5.4.0-1114.124~18.04.1 5.4.0-167.184~18.04.1 5.4.0-1118.127~18.04.1 5.4.0-1120.127~18.04.1 3.5.18-1ubuntu1.6+esm1 3.5.27-1ubuntu1.14+esm1 0.62.0-2ubuntu2.14+esm2 0.62.0-2ubuntu2.14+esm3 2.4.29-1ubuntu4.27+esm1 4.0.9-5ubuntu0.10+esm4 2.7.17-1~18.04ubuntu1.13+esm4 3.6.9-1~18.04ubuntu1.13+esm1 2.9.8-0ubuntu0.18.04.5+esm1 3.7.16-2ubuntu0.1~esm1 1.0.0-0ubuntu4~18.04.6+esm1 2.2.0+dfsg1-0ubuntu0.18.04.4+esm2 11.0.21+9-0ubuntu1~18.04 17.0.9+9-1~18.04 8u392-ga-1~18.04 4.4.2-2ubuntu0.1~esm1 5:4.0.9-1ubuntu0.2+esm4 10.23-0ubuntu0.18.04.2+esm1 5.48-0ubuntu3.9+esm1 2.27-3ubuntu1.6+esm1 2.6.2-4ubuntu0.18.04.1~esm1 1.29b-2ubuntu0.4+esm1 5.4.0-1063.68~18.04.1 5.4.0-1116.126~18.04.1 5.4.0-1120.129~18.04.1 5.4.0-1121.128~18.04.1 5.4.0-169.187~18.04.1 5.4.0-1100.112~18.04.1 5.4.0-1115.124~18.04.1 3.0.2-2ubuntu0.1~esm1 2:1.19.6-1ubuntu4.15+esm3 2:8.0.1453-1ubuntu1.13+esm7 0.3.6-4ubuntu0.1~esm1 3.4.13-3ubuntu0.1~esm1 1:7.6p1-4ubuntu0.7+esm3 1:5.25.1-1ubuntu0.1~esm2 3.2.0+debian-2ubuntu0.1~esm2 0.5.3-36ubuntu0.1+esm1 5.7.44-0ubuntu0.18.04.1+esm1 1.2.10-7ubuntu0.18.04.1~esm1 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 2:1.19.6-1ubuntu4.15+esm4 2:1.19.6-1ubuntu4.15+esm5 1.1.8-3.6ubuntu2.18.04.6+esm1 3.2.0+debian-2ubuntu0.1~esm3 3.3.0-1ubuntu0.4+esm2 3.3.0-1ubuntu0.4+esm3 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3 0.4-1ubuntu0.18.04.1~esm1 2.10-1ubuntu0.18.04.1+esm1 4.15.0-1127.138 4.15.0-1148.153 4.15.0-1158.175 4.15.0-1164.177 4.15.0-221.232 4.15.0-1173.188 5.4.0-1064.69~18.04.1 5.4.0-1101.113~18.04.1 5.4.0-1116.125~18.04.1 5.4.0-1117.127~18.04.1 5.4.0-1121.130~18.04.1 5.4.0-1122.129~18.04.1 5.4.0-170.188~18.04.1 4.90.1-1ubuntu1.10+esm3 2.6.2-4ubuntu0.18.04.1~esm2 12.2.13-0ubuntu0.18.04.11+esm1 1:3.5.1-1ubuntu0.3+esm1 1.0.2-2ubuntu0.18.04.1~esm1 1.1.4-0ubuntu1~18.04.2+esm1 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 1:1.11.11-1ubuntu1.21+esm3 5.4.0-1065.70~18.04.1 5.4.0-1117.126~18.04.1 5.4.0-1118.128~18.04.1 5.4.0-1123.130~18.04.1 5.4.0-171.189~18.04.1 5.4.0-1122.131~18.04.1 5.4.0-1102.114~18.04.1 1.0.2-2ubuntu0.18.04.1~esm2 1.35-2ubuntu0.1~esm1 1.1.1-1ubuntu2.1~18.04.23+esm4 1:4.5-1ubuntu2.5+esm1 7.58.0-2ubuntu3.24+esm3 1.1.5-1ubuntu0.1~esm1 4.0.9-5ubuntu0.10+esm5 4.15.0-1128.139 4.15.0-1149.154 4.15.0-1159.176 4.15.0-1165.178 4.15.0-1174.189 4.15.0-222.233 5.4.0-1066.71~18.04.1 5.4.0-1103.115~18.04.1 5.4.0-1118.127~18.04.1 5.4.0-1119.129~18.04.1 5.4.0-1123.132~18.04.1 5.4.0-172.190~18.04.1 5.4.0-1124.131~18.04.1 1.3.6+dfsg.1-1ubuntu0.1~esm3 2.90-0ubuntu0.18.04.1+esm1 2.9.4+dfsg1-6.1ubuntu1.9+esm1 1.0.2-2ubuntu0.18.04.1~esm3 11.0.22+7-0ubuntu2~18.04.1 17.0.10+7-1~18.04.1 1.1.1-1ubuntu2.1~18.04.23+esm5 487-0.1ubuntu0.1~esm1 2.1.4-1ubuntu1.4+esm1 1:1.11.11-1ubuntu1.21+esm4 1.14.0-1ubuntu0.2+esm2 1.0.2-2ubuntu0.18.04.1~esm4 0.26.0+dfsg.1-1.1ubuntu0.2+esm1 5.4.0-1124.133~18.04.1 5.4.0-173.191~18.04.1 5.4.0-1104.116~18.04.1 5.4.0-1067.72~18.04.1 5.4.0-1119.128~18.04.1 5.4.0-1120.130~18.04.1 2.21-2ubuntu0.1~esm1 6.1-1ubuntu1.18.04.1+esm2 1.14-1ubuntu0.18.04.1~esm1 2.8.5-3~18.04.1~esm1 8u402-ga-2ubuntu1~18.04 2:8.0.1453-1ubuntu1.13+esm8 4.15.0-1129.140 4.15.0-1150.155 4.15.0-1166.179 4.15.0-223.235 4.15.0-1160.177 4.15.0-1175.190 5.4.0-1068.73~18.04.1 5.4.0-1120.129~18.04.1 5.4.0-174.193~18.04.1 5.4.0-1105.117~18.04.1 5.4.0-1121.131~18.04.1 5.4.0-1125.134~18.04.1 2.40.1-2ubuntu0.1~esm2 1.0.2n-1ubuntu5.13+esm1 2.3.4-1.1ubuntu3+esm1 5.4.0-1126.133~18.04.1 7.58.0-2ubuntu3.24+esm4 2:1.19.6-1ubuntu4.15+esm7 2:1.19.6-1ubuntu4.15+esm8 1:9.11.3+dfsg-1ubuntu1.19+esm3 5.4.0-1069.74~18.04.1 5.4.0-1106.118~18.04.1 5.4.0-1121.130~18.04.1 5.4.0-1122.132~18.04.1 5.4.0-1126.135~18.04.1 5.4.0-1127.134~18.04.1 5.4.0-175.195~18.04.1 2.4.29-1ubuntu4.27+esm2 3.3.0-1ubuntu0.18.04.1~esm1 0.9.12-2ubuntu0.1~esm1 8.10.0~dfsg-2ubuntu0.4+esm5 2.0.4-9ubuntu2.2+esm1 3.0.3-0ubuntu1~18.04.2+esm1 4.15.0-1130.141 4.15.0-1151.156 4.15.0-1161.178 4.15.0-1167.180 4.15.0-1176.191 4.15.0-224.236 5.4.0-1070.75~18.04.1 5.4.0-1107.119~18.04.1 5.4.0-1122.131~18.04.1 5.4.0-1123.133~18.04.1 5.4.0-1127.136~18.04.1 5.4.0-1128.135~18.04.1 5.4.0-177.197~18.04.1 5.1.0-1ubuntu0.8+esm1 2.4.9-0ubuntu2+esm1 1:3.0.12+dfsg-1ubuntu0.1~esm4 3.1.2+dfsg-2ubuntu0.18.04.1~esm1 1.30.0-1ubuntu1+esm2 487-0.1ubuntu0.1~esm2 7.2.24-0ubuntu0.18.04.17+esm3 0.5.1-1ubuntu0.1~esm1 2.6.1-3ubuntu0.1~esm2 2.0.4-2ubuntu0.1~esm1 2.27-3ubuntu1.6+esm2 ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw16(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^librte-pmd-thunderx-nicvf17.11(?::\w+|)\s+(.*)$ ^dpdk-igb-uio-dkms(?::\w+|)\s+(.*)$ ^librte-pmd-softnic17.11(?::\w+|)\s+(.*)$ ^librte-timer17.11(?::\w+|)\s+(.*)$ ^librte-pmd-af-packet17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sw-event17.11(?::\w+|)\s+(.*)$ ^librte-pmd-fm10k17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bond17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vmxnet3-uio17.11(?::\w+|)\s+(.*)$ ^librte-flow-classify17.11(?::\w+|)\s+(.*)$ ^librte-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sfc-efx17.11(?::\w+|)\s+(.*)$ ^librte-bus-pci17.11(?::\w+|)\s+(.*)$ ^dpdk-doc(?::\w+|)\s+(.*)$ ^librte-distributor17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vhost17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null-crypto17.11(?::\w+|)\s+(.*)$ ^librte-net17.11(?::\w+|)\s+(.*)$ ^librte-ip-frag17.11(?::\w+|)\s+(.*)$ ^librte-lpm17.11(?::\w+|)\s+(.*)$ ^librte-vhost17.11(?::\w+|)\s+(.*)$ ^dpdk-dev(?::\w+|)\s+(.*)$ ^librte-mbuf17.11(?::\w+|)\s+(.*)$ ^librte-pmd-e1000-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-nfp17.11(?::\w+|)\s+(.*)$ ^librte-mempool-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-latencystats17.11(?::\w+|)\s+(.*)$ ^librte-pmd-avp17.11(?::\w+|)\s+(.*)$ ^dpdk-rte-kni-dkms(?::\w+|)\s+(.*)$ ^librte-gro17.11(?::\w+|)\s+(.*)$ ^librte-pmd-crypto-scheduler17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ixgbe17.11(?::\w+|)\s+(.*)$ ^librte-cryptodev17.11(?::\w+|)\s+(.*)$ ^librte-cmdline17.11(?::\w+|)\s+(.*)$ ^librte-kni17.11(?::\w+|)\s+(.*)$ ^librte-bus-vdev17.11(?::\w+|)\s+(.*)$ ^librte-pdump17.11(?::\w+|)\s+(.*)$ ^librte-pmd-skeleton-event17.11(?::\w+|)\s+(.*)$ ^librte-table17.11(?::\w+|)\s+(.*)$ ^librte-gso17.11(?::\w+|)\s+(.*)$ ^librte-pmd-i40e17.11(?::\w+|)\s+(.*)$ ^librte-eventdev17.11(?::\w+|)\s+(.*)$ ^librte-kvargs17.11(?::\w+|)\s+(.*)$ ^librte-mempool-stack17.11(?::\w+|)\s+(.*)$ ^librte-metrics17.11(?::\w+|)\s+(.*)$ ^librte-jobstats17.11(?::\w+|)\s+(.*)$ ^librte-eal17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-sched17.11(?::\w+|)\s+(.*)$ ^librte-pmd-enic17.11(?::\w+|)\s+(.*)$ ^librte-pmd-pcap17.11(?::\w+|)\s+(.*)$ ^librte-pci17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx-ssovf17.11(?::\w+|)\s+(.*)$ ^librte-bitratestats17.11(?::\w+|)\s+(.*)$ ^librte-security17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null17.11(?::\w+|)\s+(.*)$ ^librte-hash17.11(?::\w+|)\s+(.*)$ ^librte-member17.11(?::\w+|)\s+(.*)$ ^librte-pmd-tap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ark17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bnxt17.11(?::\w+|)\s+(.*)$ ^librte-meter17.11(?::\w+|)\s+(.*)$ ^librte-pmd-virtio17.11(?::\w+|)\s+(.*)$ ^librte-power17.11(?::\w+|)\s+(.*)$ ^librte-port17.11(?::\w+|)\s+(.*)$ ^librte-mempool17.11(?::\w+|)\s+(.*)$ ^librte-cfgfile17.11(?::\w+|)\s+(.*)$ ^librte-efd17.11(?::\w+|)\s+(.*)$ ^librte-pmd-cxgbe17.11(?::\w+|)\s+(.*)$ ^dpdk(?::\w+|)\s+(.*)$ ^librte-pipeline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-qede17.11(?::\w+|)\s+(.*)$ ^librte-pmd-lio17.11(?::\w+|)\s+(.*)$ ^librte-pmd-failsafe17.11(?::\w+|)\s+(.*)$ ^librte-reorder17.11(?::\w+|)\s+(.*)$ ^librte-pmd-kni17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ena17.11(?::\w+|)\s+(.*)$ ^librte-mempool-ring17.11(?::\w+|)\s+(.*)$ ^librte-ethdev17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ring17.11(?::\w+|)\s+(.*)$ ^librte-acl17.11(?::\w+|)\s+(.*)$ ^libdpdk-dev(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libprocps-dev(?::\w+|)\s+(.*)$ ^procps(?::\w+|)\s+(.*)$ ^libprocps6(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^libservlet3.1-java(?::\w+|)\s+(.*)$ ^libservlet3.1-java-doc(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^libtomcat8-embed-java(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^liblouis14(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^liblouis14(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python3-unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^gpgv-static(?::\w+|)\s+(.*)$ ^gpgv-win32(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gpg(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgconf(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpg-wks-client(?::\w+|)\s+(.*)$ ^gpg-wks-server(?::\w+|)\s+(.*)$ ^gpg-agent(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^gnupg-utils(?::\w+|)\s+(.*)$ ^gnupg-l10n(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.26(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^libperl5.26(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^libmagic-mgc(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libmozjs-52-dev(?::\w+|)\s+(.*)$ ^libmozjs-52-0(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt-mingw-w64-dev(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^zziplib-bin(?::\w+|)\s+(.*)$ ^libzzip-dev(?::\w+|)\s+(.*)$ ^libzzip-0-13(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-1(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-dev(?::\w+|)\s+(.*)$ ^gir1.2-soup-2.4(?::\w+|)\s+(.*)$ ^libsoup2.4-1(?::\w+|)\s+(.*)$ ^libsoup2.4-dev(?::\w+|)\s+(.*)$ ^libsoup2.4-doc(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libarchive-zip-perl(?::\w+|)\s+(.*)$ ^devscripts(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libturbojpeg0-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^sntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^xapian-doc(?::\w+|)\s+(.*)$ ^libxapian-dev(?::\w+|)\s+(.*)$ ^xapian-examples(?::\w+|)\s+(.*)$ ^libxapian30(?::\w+|)\s+(.*)$ ^xapian-tools(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libpng-tools(?::\w+|)\s+(.*)$ ^libpng16-16-udeb(?::\w+|)\s+(.*)$ ^libpng16-16(?::\w+|)\s+(.*)$ ^libpng-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^lxc-dev(?::\w+|)\s+(.*)$ ^liblxc1(?::\w+|)\s+(.*)$ ^liblxc-dev(?::\w+|)\s+(.*)$ ^lxc-utils(?::\w+|)\s+(.*)$ ^lxc1(?::\w+|)\s+(.*)$ ^lxc(?::\w+|)\s+(.*)$ ^libpam-cgfs(?::\w+|)\s+(.*)$ ^liblxc-common(?::\w+|)\s+(.*)$ ^lftp(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive-tools(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^gir1.2-gdm-1.0(?::\w+|)\s+(.*)$ ^libgdm-dev(?::\w+|)\s+(.*)$ ^gdm3(?::\w+|)\s+(.*)$ ^libgdm1(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^lsb-release-udeb(?::\w+|)\s+(.*)$ ^base-files(?::\w+|)\s+(.*)$ ^libmozjs-52-dev(?::\w+|)\s+(.*)$ ^libmozjs-52-0(?::\w+|)\s+(.*)$ ^libpango-1.0-0(?::\w+|)\s+(.*)$ ^libpango1.0-dev(?::\w+|)\s+(.*)$ ^libpango1.0-doc(?::\w+|)\s+(.*)$ ^libpangoxft-1.0-0(?::\w+|)\s+(.*)$ ^gir1.2-pango-1.0(?::\w+|)\s+(.*)$ ^libpangocairo-1.0-0(?::\w+|)\s+(.*)$ ^libpango1.0-udeb(?::\w+|)\s+(.*)$ ^libpangoft2-1.0-0(?::\w+|)\s+(.*)$ ^pango1.0-tests(?::\w+|)\s+(.*)$ ^libpango1.0-0(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libtirpc1(?::\w+|)\s+(.*)$ ^libtirpc-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^liblcms2-dev(?::\w+|)\s+(.*)$ ^liblcms2-2(?::\w+|)\s+(.*)$ ^liblcms2-utils(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^udisks2-lvm2(?::\w+|)\s+(.*)$ ^udisks2(?::\w+|)\s+(.*)$ ^libudisks2-0(?::\w+|)\s+(.*)$ ^udisks2-btrfs(?::\w+|)\s+(.*)$ ^gir1.2-udisks-2.0(?::\w+|)\s+(.*)$ ^libudisks2-dev(?::\w+|)\s+(.*)$ ^udisks2-doc(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws|-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^liblouis14(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^python-apparmor(?::\w+|)\s+(.*)$ ^libapparmor-dev(?::\w+|)\s+(.*)$ ^libapparmor-perl(?::\w+|)\s+(.*)$ ^apparmor-profiles(?::\w+|)\s+(.*)$ ^apparmor-notify(?::\w+|)\s+(.*)$ ^libapparmor1(?::\w+|)\s+(.*)$ ^python3-libapparmor(?::\w+|)\s+(.*)$ ^python-libapparmor(?::\w+|)\s+(.*)$ ^libpam-apparmor(?::\w+|)\s+(.*)$ ^apparmor-easyprof(?::\w+|)\s+(.*)$ ^apparmor(?::\w+|)\s+(.*)$ ^python3-apparmor(?::\w+|)\s+(.*)$ ^apparmor-utils(?::\w+|)\s+(.*)$ ^libapache2-mod-apparmor(?::\w+|)\s+(.*)$ ^dh-apparmor(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libxkbcommon-x11-dev(?::\w+|)\s+(.*)$ ^libxkbcommon-dev(?::\w+|)\s+(.*)$ ^libxkbcommon0(?::\w+|)\s+(.*)$ ^libxkbcommon-x11-0(?::\w+|)\s+(.*)$ ^libptexenc-dev(?::\w+|)\s+(.*)$ ^libkpathsea-dev(?::\w+|)\s+(.*)$ ^libptexenc1(?::\w+|)\s+(.*)$ ^libtexluajit2(?::\w+|)\s+(.*)$ ^libtexluajit-dev(?::\w+|)\s+(.*)$ ^texlive-binaries(?::\w+|)\s+(.*)$ ^libtexlua52-dev(?::\w+|)\s+(.*)$ ^libtexlua52(?::\w+|)\s+(.*)$ ^libsynctex-dev(?::\w+|)\s+(.*)$ ^libkpathsea6(?::\w+|)\s+(.*)$ ^libsynctex1(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^python3-requests(?::\w+|)\s+(.*)$ ^python-requests(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^python-moinmoin(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^python3-paramiko(?::\w+|)\s+(.*)$ ^paramiko-doc(?::\w+|)\s+(.*)$ ^python-paramiko(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnm-glib-vpn-dev(?::\w+|)\s+(.*)$ ^libnm-util2(?::\w+|)\s+(.*)$ ^network-manager-dev(?::\w+|)\s+(.*)$ ^network-manager-config-connectivity-ubuntu(?::\w+|)\s+(.*)$ ^libnm-glib-dev(?::\w+|)\s+(.*)$ ^gir1.2-networkmanager-1.0(?::\w+|)\s+(.*)$ ^network-manager(?::\w+|)\s+(.*)$ ^libnm-dev(?::\w+|)\s+(.*)$ ^libnm-glib4(?::\w+|)\s+(.*)$ ^network-manager-config-connectivity-debian(?::\w+|)\s+(.*)$ ^libnm0(?::\w+|)\s+(.*)$ ^gir1.2-nm-1.0(?::\w+|)\s+(.*)$ ^libnm-glib-vpn1(?::\w+|)\s+(.*)$ ^libnm-util-dev(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^libasprintf-dev(?::\w+|)\s+(.*)$ ^gettext(?::\w+|)\s+(.*)$ ^gettext-el(?::\w+|)\s+(.*)$ ^libgettextpo0(?::\w+|)\s+(.*)$ ^gettext-base(?::\w+|)\s+(.*)$ ^libasprintf0v5(?::\w+|)\s+(.*)$ ^libgettextpo-dev(?::\w+|)\s+(.*)$ ^autopoint(?::\w+|)\s+(.*)$ ^gettext-doc(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2-doc(?::\w+|)\s+(.*)$ ^libapache2-mod-perl2-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.26(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^libperl5.26(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw16(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^libfreerdp-common1.1.0(?::\w+|)\s+(.*)$ ^libwinpr-dev(?::\w+|)\s+(.*)$ ^libfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-crt0.1(?::\w+|)\s+(.*)$ ^libfreerdp-primitives1.1(?::\w+|)\s+(.*)$ ^libwinpr-pool0.1(?::\w+|)\s+(.*)$ ^libwinpr-library0.1(?::\w+|)\s+(.*)$ ^libwinpr-io0.1(?::\w+|)\s+(.*)$ ^libfreerdp-core1.1(?::\w+|)\s+(.*)$ ^libfreerdp-locale1.1(?::\w+|)\s+(.*)$ ^libfreerdp-gdi1.1(?::\w+|)\s+(.*)$ ^libwinpr-winhttp0.1(?::\w+|)\s+(.*)$ ^libwinpr-synch0.1(?::\w+|)\s+(.*)$ ^libwinpr-sysinfo0.1(?::\w+|)\s+(.*)$ ^libfreerdp-codec1.1(?::\w+|)\s+(.*)$ ^libwinpr-rpc0.1(?::\w+|)\s+(.*)$ ^libfreerdp-dev(?::\w+|)\s+(.*)$ ^libwinpr-environment0.1(?::\w+|)\s+(.*)$ ^libfreerdp-cache1.1(?::\w+|)\s+(.*)$ ^libwinpr-crypto0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspi0.1(?::\w+|)\s+(.*)$ ^libfreerdp-utils1.1(?::\w+|)\s+(.*)$ ^libwinpr-credui0.1(?::\w+|)\s+(.*)$ ^freerdp-x11(?::\w+|)\s+(.*)$ ^libwinpr-heap0.1(?::\w+|)\s+(.*)$ ^libfreerdp-rail1.1(?::\w+|)\s+(.*)$ ^libwinpr-thread0.1(?::\w+|)\s+(.*)$ ^libwinpr-asn1-0.1(?::\w+|)\s+(.*)$ ^libwinpr-bcrypt0.1(?::\w+|)\s+(.*)$ ^libxfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-file0.1(?::\w+|)\s+(.*)$ ^libwinpr-handle0.1(?::\w+|)\s+(.*)$ ^libwinpr-interlocked0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspicli0.1(?::\w+|)\s+(.*)$ ^libwinpr-utils0.1(?::\w+|)\s+(.*)$ ^libwinpr-path0.1(?::\w+|)\s+(.*)$ ^libwinpr-error0.1(?::\w+|)\s+(.*)$ ^libwinpr-dsparse0.1(?::\w+|)\s+(.*)$ ^libfreerdp-plugins-standard(?::\w+|)\s+(.*)$ ^libwinpr-timezone0.1(?::\w+|)\s+(.*)$ ^libfreerdp-crypto1.1(?::\w+|)\s+(.*)$ ^libwinpr-winsock0.1(?::\w+|)\s+(.*)$ ^libwinpr-pipe0.1(?::\w+|)\s+(.*)$ ^libwinpr-credentials0.1(?::\w+|)\s+(.*)$ ^libwinpr-registry0.1(?::\w+|)\s+(.*)$ ^libwinpr-input0.1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^gpgv-static(?::\w+|)\s+(.*)$ ^gpgv-win32(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gpg(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgconf(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpg-wks-client(?::\w+|)\s+(.*)$ ^gpg-wks-server(?::\w+|)\s+(.*)$ ^gpg-agent(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^gnupg-utils(?::\w+|)\s+(.*)$ ^gnupg-l10n(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^gnome-bluetooth(?::\w+|)\s+(.*)$ ^libgnome-bluetooth13(?::\w+|)\s+(.*)$ ^libgnome-bluetooth-dev(?::\w+|)\s+(.*)$ ^gir1.2-gnomebluetooth-1.0(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive-tools(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-core7-udeb(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-common3-udeb(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^gir1.2-avahi-0.6(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive-tools(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^openssh-server-udeb(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^openssh-client-udeb(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^gvfs-backends(?::\w+|)\s+(.*)$ ^gvfs-libs(?::\w+|)\s+(.*)$ ^gvfs-daemons(?::\w+|)\s+(.*)$ ^gvfs-bin(?::\w+|)\s+(.*)$ ^gvfs-common(?::\w+|)\s+(.*)$ ^gvfs-fuse(?::\w+|)\s+(.*)$ ^gvfs(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^gir1.2-gdm-1.0(?::\w+|)\s+(.*)$ ^libgdm-dev(?::\w+|)\s+(.*)$ ^gdm3(?::\w+|)\s+(.*)$ ^libgdm1(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^ldb-tools(?::\w+|)\s+(.*)$ ^libldb-dev(?::\w+|)\s+(.*)$ ^python-ldb-dev(?::\w+|)\s+(.*)$ ^python-ldb(?::\w+|)\s+(.*)$ ^libldb1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-testsuite(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^walinuxagent(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^libmagic-mgc(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^libmagic-mgc(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libntfs-3g88(?::\w+|)\s+(.*)$ ^ntfs-3g-udeb(?::\w+|)\s+(.*)$ ^libntfs-3g88(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^ntfs-3g-udeb(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^xmltooling-schemas(?::\w+|)\s+(.*)$ ^libxmltooling7(?::\w+|)\s+(.*)$ ^libxmltooling-dev(?::\w+|)\s+(.*)$ ^libxmltooling-doc(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libapache2-mod-auth-mellon(?::\w+|)\s+(.*)$ ^gpac-modules-base(?::\w+|)\s+(.*)$ ^libgpac-dev(?::\w+|)\s+(.*)$ ^libgpac4(?::\w+|)\s+(.*)$ ^gpac(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^busybox-udeb(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^libclamav7(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^lua5.3(?::\w+|)\s+(.*)$ ^liblua5.3-dev(?::\w+|)\s+(.*)$ ^liblua5.3-0(?::\w+|)\s+(.*)$ ^wget(?::\w+|)\s+(.*)$ ^wget-udeb(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^rssh(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^pacemaker-remote(?::\w+|)\s+(.*)$ ^libcrmcommon-dev(?::\w+|)\s+(.*)$ ^pacemaker-resource-agents(?::\w+|)\s+(.*)$ ^pacemaker-cli-utils(?::\w+|)\s+(.*)$ ^pacemaker-common(?::\w+|)\s+(.*)$ ^liblrmd1(?::\w+|)\s+(.*)$ ^libcrmcluster-dev(?::\w+|)\s+(.*)$ ^libstonithd-dev(?::\w+|)\s+(.*)$ ^libpe-status10(?::\w+|)\s+(.*)$ ^libtransitioner2(?::\w+|)\s+(.*)$ ^libstonithd2(?::\w+|)\s+(.*)$ ^libcrmservice3(?::\w+|)\s+(.*)$ ^libcrmcommon3(?::\w+|)\s+(.*)$ ^libcib-dev(?::\w+|)\s+(.*)$ ^pacemaker(?::\w+|)\s+(.*)$ ^libcrmservice-dev(?::\w+|)\s+(.*)$ ^libpe-rules2(?::\w+|)\s+(.*)$ ^liblrmd-dev(?::\w+|)\s+(.*)$ ^libpengine10(?::\w+|)\s+(.*)$ ^libpengine-dev(?::\w+|)\s+(.*)$ ^pacemaker-doc(?::\w+|)\s+(.*)$ ^libcrmcluster4(?::\w+|)\s+(.*)$ ^libcib4(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libfreeradius-dev(?::\w+|)\s+(.*)$ ^freeradius-ldap(?::\w+|)\s+(.*)$ ^freeradius-redis(?::\w+|)\s+(.*)$ ^libfreeradius3(?::\w+|)\s+(.*)$ ^freeradius-yubikey(?::\w+|)\s+(.*)$ ^freeradius-config(?::\w+|)\s+(.*)$ ^freeradius-mysql(?::\w+|)\s+(.*)$ ^freeradius-postgresql(?::\w+|)\s+(.*)$ ^freeradius-dhcp(?::\w+|)\s+(.*)$ ^freeradius-utils(?::\w+|)\s+(.*)$ ^freeradius(?::\w+|)\s+(.*)$ ^freeradius-iodbc(?::\w+|)\s+(.*)$ ^freeradius-common(?::\w+|)\s+(.*)$ ^freeradius-rest(?::\w+|)\s+(.*)$ ^freeradius-memcached(?::\w+|)\s+(.*)$ ^freeradius-krb5(?::\w+|)\s+(.*)$ ^tcpflow-nox(?::\w+|)\s+(.*)$ ^tcpflow(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-x(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-doc(?::\w+|)\s+(.*)$ ^libgstreamer-gl1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-gl(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-alsa(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-apps(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^browser-plugin-evince(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libpng-tools(?::\w+|)\s+(.*)$ ^libpng16-16-udeb(?::\w+|)\s+(.*)$ ^libpng-dev(?::\w+|)\s+(.*)$ ^libpng16-16(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^python3-gnupg(?::\w+|)\s+(.*)$ ^python-gnupg(?::\w+|)\s+(.*)$ ^gnome-shell(?::\w+|)\s+(.*)$ ^gnome-shell-common(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-client-udeb(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^python-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo-dev(?::\w+|)\s+(.*)$ ^python3-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo0v5(?::\w+|)\s+(.*)$ ^libmediainfo-doc(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw16(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libgnome-desktop-3-17(?::\w+|)\s+(.*)$ ^gir1.2-gnomedesktop-3.0(?::\w+|)\s+(.*)$ ^gnome-desktop3-data(?::\w+|)\s+(.*)$ ^libgnome-desktop-3-dev(?::\w+|)\s+(.*)$ ^keepalived(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^libedata-cal1.2-dev(?::\w+|)\s+(.*)$ ^libedataserver-1.2-23(?::\w+|)\s+(.*)$ ^libebackend-1.2-10(?::\w+|)\s+(.*)$ ^libebook1.2-dev(?::\w+|)\s+(.*)$ ^libecal1.2-dev(?::\w+|)\s+(.*)$ ^evolution-data-server-tests(?::\w+|)\s+(.*)$ ^gir1.2-camel-1.2(?::\w+|)\s+(.*)$ ^libebook-contacts-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book1.2-dev(?::\w+|)\s+(.*)$ ^libecal-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-online-accounts(?::\w+|)\s+(.*)$ ^libebackend1.2-dev(?::\w+|)\s+(.*)$ ^libcamel1.2-dev(?::\w+|)\s+(.*)$ ^libedataserverui-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book-1.2-25(?::\w+|)\s+(.*)$ ^gir1.2-edataserver-1.2(?::\w+|)\s+(.*)$ ^libedataserver1.2-dev(?::\w+|)\s+(.*)$ ^libebook-contacts1.2-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebookcontacts-1.2(?::\w+|)\s+(.*)$ ^libcamel-1.2-61(?::\w+|)\s+(.*)$ ^evolution-data-server(?::\w+|)\s+(.*)$ ^evolution-data-server-common(?::\w+|)\s+(.*)$ ^gir1.2-edataserverui-1.2(?::\w+|)\s+(.*)$ ^libedataserverui1.2-dev(?::\w+|)\s+(.*)$ ^libebook-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-doc(?::\w+|)\s+(.*)$ ^evolution-data-server-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebook-1.2(?::\w+|)\s+(.*)$ ^libedata-cal-1.2-28(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dane0(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^corosync-notifyd(?::\w+|)\s+(.*)$ ^libcmap-dev(?::\w+|)\s+(.*)$ ^libvotequorum-dev(?::\w+|)\s+(.*)$ ^libquorum5(?::\w+|)\s+(.*)$ ^libcmap4(?::\w+|)\s+(.*)$ ^libtotem-pg-dev(?::\w+|)\s+(.*)$ ^libvotequorum8(?::\w+|)\s+(.*)$ ^corosync(?::\w+|)\s+(.*)$ ^libtotem-pg5(?::\w+|)\s+(.*)$ ^corosync-dev(?::\w+|)\s+(.*)$ ^libquorum-dev(?::\w+|)\s+(.*)$ ^libcpg-dev(?::\w+|)\s+(.*)$ ^corosync-qdevice(?::\w+|)\s+(.*)$ ^libcorosync-common-dev(?::\w+|)\s+(.*)$ ^libcfg-dev(?::\w+|)\s+(.*)$ ^libcfg6(?::\w+|)\s+(.*)$ ^corosync-qnetd(?::\w+|)\s+(.*)$ ^libcpg4(?::\w+|)\s+(.*)$ ^libsam4(?::\w+|)\s+(.*)$ ^libsam-dev(?::\w+|)\s+(.*)$ ^corosync-doc(?::\w+|)\s+(.*)$ ^libcorosync-common4(?::\w+|)\s+(.*)$ ^libseccomp-dev(?::\w+|)\s+(.*)$ ^libseccomp2(?::\w+|)\s+(.*)$ ^seccomp(?::\w+|)\s+(.*)$ ^libqt5widgets5(?::\w+|)\s+(.*)$ ^libqt5opengl5(?::\w+|)\s+(.*)$ ^libqt5concurrent5(?::\w+|)\s+(.*)$ ^libqt5sql5-mysql(?::\w+|)\s+(.*)$ ^libqt5sql5-tds(?::\w+|)\s+(.*)$ ^libqt5sql5-sqlite(?::\w+|)\s+(.*)$ ^libqt5sql5-psql(?::\w+|)\s+(.*)$ ^libqt5core5a(?::\w+|)\s+(.*)$ ^libqt5network5(?::\w+|)\s+(.*)$ ^libqt5sql5(?::\w+|)\s+(.*)$ ^libqt5dbus5(?::\w+|)\s+(.*)$ ^libqt5gui5(?::\w+|)\s+(.*)$ ^qtbase5-doc(?::\w+|)\s+(.*)$ ^libqt5opengl5-dev(?::\w+|)\s+(.*)$ ^qtbase5-doc-html(?::\w+|)\s+(.*)$ ^qtbase5-dev-tools(?::\w+|)\s+(.*)$ ^qt5-qmake(?::\w+|)\s+(.*)$ ^libqt5xml5(?::\w+|)\s+(.*)$ ^qtbase5-dev(?::\w+|)\s+(.*)$ ^qtbase5-private-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-ibase(?::\w+|)\s+(.*)$ ^libqt5printsupport5(?::\w+|)\s+(.*)$ ^qt5-qmake-bin(?::\w+|)\s+(.*)$ ^qt5-gtk-platformtheme(?::\w+|)\s+(.*)$ ^qtbase5-examples(?::\w+|)\s+(.*)$ ^libqt5test5(?::\w+|)\s+(.*)$ ^libqt5sql5-odbc(?::\w+|)\s+(.*)$ ^qt5-default(?::\w+|)\s+(.*)$ ^db5.3-doc(?::\w+|)\s+(.*)$ ^libdb5.3-java-jni(?::\w+|)\s+(.*)$ ^libdb5.3-tcl(?::\w+|)\s+(.*)$ ^libdb5.3-java-dev(?::\w+|)\s+(.*)$ ^libdb5.3-dev(?::\w+|)\s+(.*)$ ^db5.3-util(?::\w+|)\s+(.*)$ ^libdb5.3-stl-dev(?::\w+|)\s+(.*)$ ^libdb5.3-sql(?::\w+|)\s+(.*)$ ^libdb5.3++-dev(?::\w+|)\s+(.*)$ ^db5.3-sql-util(?::\w+|)\s+(.*)$ ^libdb5.3(?::\w+|)\s+(.*)$ ^libdb5.3-stl(?::\w+|)\s+(.*)$ ^libdb5.3-sql-dev(?::\w+|)\s+(.*)$ ^libdb5.3-java(?::\w+|)\s+(.*)$ ^libdb5.3++(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^python-jinja2(?::\w+|)\s+(.*)$ ^python-jinja2-doc(?::\w+|)\s+(.*)$ ^python3-jinja2(?::\w+|)\s+(.*)$ ^libasm1(?::\w+|)\s+(.*)$ ^libdw-dev(?::\w+|)\s+(.*)$ ^libelf1(?::\w+|)\s+(.*)$ ^libelf-dev(?::\w+|)\s+(.*)$ ^elfutils(?::\w+|)\s+(.*)$ ^libdw1(?::\w+|)\s+(.*)$ ^libasm-dev(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-udeb(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^libdbus-1-3-udeb(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^mosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto1(?::\w+|)\s+(.*)$ ^mosquitto(?::\w+|)\s+(.*)$ ^libmosquittopp1(?::\w+|)\s+(.*)$ ^libmosquittopp-dev(?::\w+|)\s+(.*)$ ^mosquitto-clients(?::\w+|)\s+(.*)$ ^gir1.2-evince-3.0(?::\w+|)\s+(.*)$ ^libevview3-3(?::\w+|)\s+(.*)$ ^evince-common(?::\w+|)\s+(.*)$ ^libevince-dev(?::\w+|)\s+(.*)$ ^evince(?::\w+|)\s+(.*)$ ^libevdocument3-4(?::\w+|)\s+(.*)$ ^browser-plugin-evince(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-testsuite(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libmysofa-utils(?::\w+|)\s+(.*)$ ^libmysofa0(?::\w+|)\s+(.*)$ ^libmysofa-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^policykit-desktop-privileges(?::\w+|)\s+(.*)$ ^bzip2(?::\w+|)\s+(.*)$ ^bzip2-doc(?::\w+|)\s+(.*)$ ^libbz2-dev(?::\w+|)\s+(.*)$ ^libbz2-1.0(?::\w+|)\s+(.*)$ ^bzip2(?::\w+|)\s+(.*)$ ^bzip2-doc(?::\w+|)\s+(.*)$ ^libbz2-dev(?::\w+|)\s+(.*)$ ^libbz2-1.0(?::\w+|)\s+(.*)$ ^cimg-doc(?::\w+|)\s+(.*)$ ^cimg-dev(?::\w+|)\s+(.*)$ ^cimg-examples(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.18.0-\d+(?:-generic|-generic-lpae|-lowlatency|-snapdragon)(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^znc(?::\w+|)\s+(.*)$ ^znc-python(?::\w+|)\s+(.*)$ ^znc-tcl(?::\w+|)\s+(.*)$ ^znc-dev(?::\w+|)\s+(.*)$ ^znc-perl(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^irssi-dev(?::\w+|)\s+(.*)$ ^irssi(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^libzmq5(?::\w+|)\s+(.*)$ ^libzmq3-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^gvfs-backends(?::\w+|)\s+(.*)$ ^gvfs-libs(?::\w+|)\s+(.*)$ ^gvfs-daemons(?::\w+|)\s+(.*)$ ^gvfs-bin(?::\w+|)\s+(.*)$ ^gvfs-common(?::\w+|)\s+(.*)$ ^gvfs-fuse(?::\w+|)\s+(.*)$ ^gvfs(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libflightcrew0v5(?::\w+|)\s+(.*)$ ^libflightcrew-dev(?::\w+|)\s+(.*)$ ^flightcrew(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libzipios++0v5(?::\w+|)\s+(.*)$ ^libzipios++-dev(?::\w+|)\s+(.*)$ ^libzipios++-doc(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libmspack0(?::\w+|)\s+(.*)$ ^libmspack-dev(?::\w+|)\s+(.*)$ ^libmspack-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^patch(?::\w+|)\s+(.*)$ ^ansible(?::\w+|)\s+(.*)$ ^libebml4v5(?::\w+|)\s+(.*)$ ^libebml-dev(?::\w+|)\s+(.*)$ ^vlc-l10n(?::\w+|)\s+(.*)$ ^vlc-plugin-video-splitter(?::\w+|)\s+(.*)$ ^libvlc-bin(?::\w+|)\s+(.*)$ ^vlc-plugin-visualization(?::\w+|)\s+(.*)$ ^vlc-plugin-samba(?::\w+|)\s+(.*)$ ^vlc-plugin-skins2(?::\w+|)\s+(.*)$ ^vlc-data(?::\w+|)\s+(.*)$ ^libvlc5(?::\w+|)\s+(.*)$ ^vlc-plugin-base(?::\w+|)\s+(.*)$ ^vlc-plugin-access-extra(?::\w+|)\s+(.*)$ ^vlc-plugin-qt(?::\w+|)\s+(.*)$ ^vlc-plugin-video-output(?::\w+|)\s+(.*)$ ^vlc-plugin-svg(?::\w+|)\s+(.*)$ ^libvlccore9(?::\w+|)\s+(.*)$ ^vlc(?::\w+|)\s+(.*)$ ^vlc-bin(?::\w+|)\s+(.*)$ ^libvlccore-dev(?::\w+|)\s+(.*)$ ^vlc-plugin-notify(?::\w+|)\s+(.*)$ ^libvlc-dev(?::\w+|)\s+(.*)$ ^vlc-plugin-fluidsynth(?::\w+|)\s+(.*)$ ^vlc-plugin-jack(?::\w+|)\s+(.*)$ ^vlc-plugin-zvbi(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^tmpreaper(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox3(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^sigil(?::\w+|)\s+(.*)$ ^sigil-data(?::\w+|)\s+(.*)$ ^bwa(?::\w+|)\s+(.*)$ ^libbwa-dev(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^libktexteditor4(?::\w+|)\s+(.*)$ ^libkde3support4(?::\w+|)\s+(.*)$ ^libkutils4(?::\w+|)\s+(.*)$ ^libkdeui5(?::\w+|)\s+(.*)$ ^libkprintutils4(?::\w+|)\s+(.*)$ ^kdelibs5-data(?::\w+|)\s+(.*)$ ^kdelibs-bin(?::\w+|)\s+(.*)$ ^libsolid4(?::\w+|)\s+(.*)$ ^libkdeclarative5(?::\w+|)\s+(.*)$ ^libknotifyconfig4(?::\w+|)\s+(.*)$ ^kdelibs5-plugins(?::\w+|)\s+(.*)$ ^libkdnssd4(?::\w+|)\s+(.*)$ ^libkhtml5(?::\w+|)\s+(.*)$ ^libkfile4(?::\w+|)\s+(.*)$ ^libkemoticons4(?::\w+|)\s+(.*)$ ^libkunitconversion4(?::\w+|)\s+(.*)$ ^libkidletime4(?::\w+|)\s+(.*)$ ^libkmediaplayer4(?::\w+|)\s+(.*)$ ^libplasma3(?::\w+|)\s+(.*)$ ^libkdecore5(?::\w+|)\s+(.*)$ ^libkntlm4(?::\w+|)\s+(.*)$ ^libkpty4(?::\w+|)\s+(.*)$ ^libknewstuff3-4(?::\w+|)\s+(.*)$ ^libkparts4(?::\w+|)\s+(.*)$ ^libkdewebkit5(?::\w+|)\s+(.*)$ ^libkrosscore4(?::\w+|)\s+(.*)$ ^kdelibs5-dev(?::\w+|)\s+(.*)$ ^libkio5(?::\w+|)\s+(.*)$ ^libkcmutils4(?::\w+|)\s+(.*)$ ^libknewstuff2-4(?::\w+|)\s+(.*)$ ^libkdesu5(?::\w+|)\s+(.*)$ ^libkrossui4(?::\w+|)\s+(.*)$ ^libkimproxy4(?::\w+|)\s+(.*)$ ^libthreadweaver4(?::\w+|)\s+(.*)$ ^libkjsembed4(?::\w+|)\s+(.*)$ ^kdoctools(?::\w+|)\s+(.*)$ ^libkjsapi4(?::\w+|)\s+(.*)$ ^libkf5configgui5(?::\w+|)\s+(.*)$ ^libkf5config-bin(?::\w+|)\s+(.*)$ ^libkf5config-bin-dev(?::\w+|)\s+(.*)$ ^libkf5configcore5(?::\w+|)\s+(.*)$ ^libkf5config-dev(?::\w+|)\s+(.*)$ ^libkf5config-data(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-globalmenu(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^nova-api(?::\w+|)\s+(.*)$ ^nova-common(?::\w+|)\s+(.*)$ ^nova-compute-xen(?::\w+|)\s+(.*)$ ^nova-api-os-compute(?::\w+|)\s+(.*)$ ^nova-novncproxy(?::\w+|)\s+(.*)$ ^nova-serialproxy(?::\w+|)\s+(.*)$ ^nova-api-os-volume(?::\w+|)\s+(.*)$ ^nova-compute-lxc(?::\w+|)\s+(.*)$ ^nova-placement-api(?::\w+|)\s+(.*)$ ^nova-consoleauth(?::\w+|)\s+(.*)$ ^python-nova(?::\w+|)\s+(.*)$ ^nova-network(?::\w+|)\s+(.*)$ ^nova-api-metadata(?::\w+|)\s+(.*)$ ^nova-compute-libvirt(?::\w+|)\s+(.*)$ ^nova-compute-kvm(?::\w+|)\s+(.*)$ ^nova-xvpvncproxy(?::\w+|)\s+(.*)$ ^nova-doc(?::\w+|)\s+(.*)$ ^nova-conductor(?::\w+|)\s+(.*)$ ^nova-volume(?::\w+|)\s+(.*)$ ^nova-compute-vmware(?::\w+|)\s+(.*)$ ^nova-spiceproxy(?::\w+|)\s+(.*)$ ^nova-scheduler(?::\w+|)\s+(.*)$ ^nova-console(?::\w+|)\s+(.*)$ ^nova-ajax-console-proxy(?::\w+|)\s+(.*)$ ^nova-compute(?::\w+|)\s+(.*)$ ^nova-compute-qemu(?::\w+|)\s+(.*)$ ^nova-cells(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^python-nltk(?::\w+|)\s+(.*)$ ^python3-nltk(?::\w+|)\s+(.*)$ ^libgif7(?::\w+|)\s+(.*)$ ^libgif-dev(?::\w+|)\s+(.*)$ ^giflib-tools(?::\w+|)\s+(.*)$ ^zstd(?::\w+|)\s+(.*)$ ^libzstd1-udeb(?::\w+|)\s+(.*)$ ^libzstd1-dev(?::\w+|)\s+(.*)$ ^libzstd-dev(?::\w+|)\s+(.*)$ ^libzstd1(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^node-fstream(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^tomcat8-docs(?::\w+|)\s+(.*)$ ^tomcat8-user(?::\w+|)\s+(.*)$ ^tomcat8-examples(?::\w+|)\s+(.*)$ ^libtomcat8-embed-java(?::\w+|)\s+(.*)$ ^tomcat8-admin(?::\w+|)\s+(.*)$ ^libtomcat8-java(?::\w+|)\s+(.*)$ ^tomcat8-common(?::\w+|)\s+(.*)$ ^tomcat8(?::\w+|)\s+(.*)$ ^tomcat9-docs(?::\w+|)\s+(.*)$ ^libtomcat9-embed-java(?::\w+|)\s+(.*)$ ^tomcat9-admin(?::\w+|)\s+(.*)$ ^tomcat9-common(?::\w+|)\s+(.*)$ ^libtomcat9-java(?::\w+|)\s+(.*)$ ^tomcat9-user(?::\w+|)\s+(.*)$ ^tomcat9(?::\w+|)\s+(.*)$ ^tomcat9-examples(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^vlc-l10n(?::\w+|)\s+(.*)$ ^vlc-plugin-video-splitter(?::\w+|)\s+(.*)$ ^libvlc-bin(?::\w+|)\s+(.*)$ ^vlc-plugin-visualization(?::\w+|)\s+(.*)$ ^vlc-plugin-samba(?::\w+|)\s+(.*)$ ^vlc-plugin-skins2(?::\w+|)\s+(.*)$ ^vlc-data(?::\w+|)\s+(.*)$ ^libvlc5(?::\w+|)\s+(.*)$ ^vlc-plugin-base(?::\w+|)\s+(.*)$ ^vlc-plugin-access-extra(?::\w+|)\s+(.*)$ ^vlc-plugin-qt(?::\w+|)\s+(.*)$ ^vlc-plugin-video-output(?::\w+|)\s+(.*)$ ^vlc-plugin-svg(?::\w+|)\s+(.*)$ ^libvlccore9(?::\w+|)\s+(.*)$ ^vlc(?::\w+|)\s+(.*)$ ^vlc-bin(?::\w+|)\s+(.*)$ ^libvlccore-dev(?::\w+|)\s+(.*)$ ^vlc-plugin-notify(?::\w+|)\s+(.*)$ ^libvlc-dev(?::\w+|)\s+(.*)$ ^vlc-plugin-fluidsynth(?::\w+|)\s+(.*)$ ^vlc-plugin-jack(?::\w+|)\s+(.*)$ ^vlc-plugin-zvbi(?::\w+|)\s+(.*)$ ^libexpat1-udeb(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^ibus-wayland(?::\w+|)\s+(.*)$ ^ibus-doc(?::\w+|)\s+(.*)$ ^gir1.2-ibus-1.0(?::\w+|)\s+(.*)$ ^ibus(?::\w+|)\s+(.*)$ ^ibus-gtk(?::\w+|)\s+(.*)$ ^ibus-gtk3(?::\w+|)\s+(.*)$ ^libibus-1.0-5(?::\w+|)\s+(.*)$ ^libibus-1.0-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^libcom-err2(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^e2fsprogs-l10n(?::\w+|)\s+(.*)$ ^libext2fs-dev(?::\w+|)\s+(.*)$ ^e2fsprogs-udeb(?::\w+|)\s+(.*)$ ^libext2fs2(?::\w+|)\s+(.*)$ ^fuse2fs(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^libsdl2-dev(?::\w+|)\s+(.*)$ ^libsdl2-doc(?::\w+|)\s+(.*)$ ^libsdl2-2.0-0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-globalmenu(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-1(?::\w+|)\s+(.*)$ ^libsoup-gnome2.4-dev(?::\w+|)\s+(.*)$ ^gir1.2-soup-2.4(?::\w+|)\s+(.*)$ ^libsoup2.4-1(?::\w+|)\s+(.*)$ ^libsoup2.4-dev(?::\w+|)\s+(.*)$ ^libsoup2.4-doc(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^libaspell15(?::\w+|)\s+(.*)$ ^aspell-doc(?::\w+|)\s+(.*)$ ^aspell(?::\w+|)\s+(.*)$ ^libpspell-dev(?::\w+|)\s+(.*)$ ^libaspell-dev(?::\w+|)\s+(.*)$ ^libsdl1.2debian(?::\w+|)\s+(.*)$ ^libsdl1.2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libc-client2007e(?::\w+|)\s+(.*)$ ^uw-mailutils(?::\w+|)\s+(.*)$ ^libc-client2007e-dev(?::\w+|)\s+(.*)$ ^mlock(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^libidn2-doc(?::\w+|)\s+(.*)$ ^libidn2-0-dev(?::\w+|)\s+(.*)$ ^libidn2-dev(?::\w+|)\s+(.*)$ ^libidn2-0(?::\w+|)\s+(.*)$ ^idn2(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive-tools(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libmagic-dev(?::\w+|)\s+(.*)$ ^libmagic-mgc(?::\w+|)\s+(.*)$ ^libmagic1(?::\w+|)\s+(.*)$ ^file(?::\w+|)\s+(.*)$ ^freetds-bin(?::\w+|)\s+(.*)$ ^freetds-dev(?::\w+|)\s+(.*)$ ^freetds-common(?::\w+|)\s+(.*)$ ^tdsodbc(?::\w+|)\s+(.*)$ ^libct4(?::\w+|)\s+(.*)$ ^libsybdb5(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^ruby-nokogiri(?::\w+|)\s+(.*)$ ^cpio(?::\w+|)\s+(.*)$ ^cpio-win32(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^librte-pmd-thunderx-nicvf17.11(?::\w+|)\s+(.*)$ ^dpdk-igb-uio-dkms(?::\w+|)\s+(.*)$ ^librte-pmd-softnic17.11(?::\w+|)\s+(.*)$ ^librte-timer17.11(?::\w+|)\s+(.*)$ ^librte-pmd-af-packet17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sw-event17.11(?::\w+|)\s+(.*)$ ^librte-pmd-fm10k17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bond17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vmxnet3-uio17.11(?::\w+|)\s+(.*)$ ^librte-flow-classify17.11(?::\w+|)\s+(.*)$ ^librte-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sfc-efx17.11(?::\w+|)\s+(.*)$ ^librte-bus-pci17.11(?::\w+|)\s+(.*)$ ^dpdk-doc(?::\w+|)\s+(.*)$ ^librte-distributor17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vhost17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null-crypto17.11(?::\w+|)\s+(.*)$ ^librte-net17.11(?::\w+|)\s+(.*)$ ^librte-ip-frag17.11(?::\w+|)\s+(.*)$ ^librte-lpm17.11(?::\w+|)\s+(.*)$ ^librte-vhost17.11(?::\w+|)\s+(.*)$ ^dpdk-dev(?::\w+|)\s+(.*)$ ^librte-mbuf17.11(?::\w+|)\s+(.*)$ ^librte-pmd-e1000-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-nfp17.11(?::\w+|)\s+(.*)$ ^librte-mempool-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-latencystats17.11(?::\w+|)\s+(.*)$ ^librte-pmd-avp17.11(?::\w+|)\s+(.*)$ ^dpdk-rte-kni-dkms(?::\w+|)\s+(.*)$ ^librte-gro17.11(?::\w+|)\s+(.*)$ ^librte-pmd-crypto-scheduler17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ixgbe17.11(?::\w+|)\s+(.*)$ ^librte-cryptodev17.11(?::\w+|)\s+(.*)$ ^librte-cmdline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-lio17.11(?::\w+|)\s+(.*)$ ^librte-bus-vdev17.11(?::\w+|)\s+(.*)$ ^librte-pdump17.11(?::\w+|)\s+(.*)$ ^librte-pmd-skeleton-event17.11(?::\w+|)\s+(.*)$ ^librte-table17.11(?::\w+|)\s+(.*)$ ^librte-gso17.11(?::\w+|)\s+(.*)$ ^librte-pmd-i40e17.11(?::\w+|)\s+(.*)$ ^librte-eventdev17.11(?::\w+|)\s+(.*)$ ^librte-kvargs17.11(?::\w+|)\s+(.*)$ ^librte-mempool-stack17.11(?::\w+|)\s+(.*)$ ^librte-metrics17.11(?::\w+|)\s+(.*)$ ^librte-jobstats17.11(?::\w+|)\s+(.*)$ ^librte-kni17.11(?::\w+|)\s+(.*)$ ^librte-eal17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-sched17.11(?::\w+|)\s+(.*)$ ^librte-pmd-enic17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx5-17.11(?::\w+|)\s+(.*)$ ^librte-pci17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx-ssovf17.11(?::\w+|)\s+(.*)$ ^librte-bitratestats17.11(?::\w+|)\s+(.*)$ ^librte-security17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null17.11(?::\w+|)\s+(.*)$ ^librte-hash17.11(?::\w+|)\s+(.*)$ ^librte-member17.11(?::\w+|)\s+(.*)$ ^librte-pmd-tap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-pcap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx4-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ark17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bnxt17.11(?::\w+|)\s+(.*)$ ^librte-meter17.11(?::\w+|)\s+(.*)$ ^librte-pmd-virtio17.11(?::\w+|)\s+(.*)$ ^librte-power17.11(?::\w+|)\s+(.*)$ ^librte-port17.11(?::\w+|)\s+(.*)$ ^librte-mempool17.11(?::\w+|)\s+(.*)$ ^librte-cfgfile17.11(?::\w+|)\s+(.*)$ ^librte-efd17.11(?::\w+|)\s+(.*)$ ^librte-pmd-cxgbe17.11(?::\w+|)\s+(.*)$ ^dpdk(?::\w+|)\s+(.*)$ ^librte-pipeline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-qede17.11(?::\w+|)\s+(.*)$ ^librte-pmd-failsafe17.11(?::\w+|)\s+(.*)$ ^librte-reorder17.11(?::\w+|)\s+(.*)$ ^librte-pmd-kni17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ena17.11(?::\w+|)\s+(.*)$ ^librte-mempool-ring17.11(?::\w+|)\s+(.*)$ ^librte-ethdev17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ring17.11(?::\w+|)\s+(.*)$ ^librte-acl17.11(?::\w+|)\s+(.*)$ ^libdpdk-dev(?::\w+|)\s+(.*)$ ^librte-pmd-thunderx-nicvf17.11(?::\w+|)\s+(.*)$ ^dpdk-igb-uio-dkms(?::\w+|)\s+(.*)$ ^librte-pmd-softnic17.11(?::\w+|)\s+(.*)$ ^librte-timer17.11(?::\w+|)\s+(.*)$ ^librte-pmd-af-packet17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sw-event17.11(?::\w+|)\s+(.*)$ ^librte-pmd-fm10k17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bond17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vmxnet3-uio17.11(?::\w+|)\s+(.*)$ ^librte-flow-classify17.11(?::\w+|)\s+(.*)$ ^librte-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sfc-efx17.11(?::\w+|)\s+(.*)$ ^librte-bus-pci17.11(?::\w+|)\s+(.*)$ ^dpdk-doc(?::\w+|)\s+(.*)$ ^librte-distributor17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vhost17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null-crypto17.11(?::\w+|)\s+(.*)$ ^librte-net17.11(?::\w+|)\s+(.*)$ ^librte-ip-frag17.11(?::\w+|)\s+(.*)$ ^librte-lpm17.11(?::\w+|)\s+(.*)$ ^librte-vhost17.11(?::\w+|)\s+(.*)$ ^dpdk-dev(?::\w+|)\s+(.*)$ ^librte-mbuf17.11(?::\w+|)\s+(.*)$ ^librte-pmd-e1000-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-nfp17.11(?::\w+|)\s+(.*)$ ^librte-mempool-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-latencystats17.11(?::\w+|)\s+(.*)$ ^librte-pmd-avp17.11(?::\w+|)\s+(.*)$ ^dpdk-rte-kni-dkms(?::\w+|)\s+(.*)$ ^librte-gro17.11(?::\w+|)\s+(.*)$ ^librte-pmd-crypto-scheduler17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ixgbe17.11(?::\w+|)\s+(.*)$ ^librte-cryptodev17.11(?::\w+|)\s+(.*)$ ^librte-cmdline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-lio17.11(?::\w+|)\s+(.*)$ ^librte-bus-vdev17.11(?::\w+|)\s+(.*)$ ^librte-pdump17.11(?::\w+|)\s+(.*)$ ^librte-pmd-skeleton-event17.11(?::\w+|)\s+(.*)$ ^librte-table17.11(?::\w+|)\s+(.*)$ ^librte-gso17.11(?::\w+|)\s+(.*)$ ^librte-pmd-i40e17.11(?::\w+|)\s+(.*)$ ^librte-eventdev17.11(?::\w+|)\s+(.*)$ ^librte-kvargs17.11(?::\w+|)\s+(.*)$ ^librte-mempool-stack17.11(?::\w+|)\s+(.*)$ ^librte-metrics17.11(?::\w+|)\s+(.*)$ ^librte-jobstats17.11(?::\w+|)\s+(.*)$ ^librte-kni17.11(?::\w+|)\s+(.*)$ ^librte-eal17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-sched17.11(?::\w+|)\s+(.*)$ ^librte-pmd-enic17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx5-17.11(?::\w+|)\s+(.*)$ ^librte-pci17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx-ssovf17.11(?::\w+|)\s+(.*)$ ^librte-bitratestats17.11(?::\w+|)\s+(.*)$ ^librte-security17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null17.11(?::\w+|)\s+(.*)$ ^librte-hash17.11(?::\w+|)\s+(.*)$ ^librte-member17.11(?::\w+|)\s+(.*)$ ^librte-pmd-tap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-pcap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx4-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ark17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bnxt17.11(?::\w+|)\s+(.*)$ ^librte-meter17.11(?::\w+|)\s+(.*)$ ^librte-pmd-virtio17.11(?::\w+|)\s+(.*)$ ^librte-power17.11(?::\w+|)\s+(.*)$ ^librte-port17.11(?::\w+|)\s+(.*)$ ^librte-mempool17.11(?::\w+|)\s+(.*)$ ^librte-cfgfile17.11(?::\w+|)\s+(.*)$ ^librte-efd17.11(?::\w+|)\s+(.*)$ ^librte-pmd-cxgbe17.11(?::\w+|)\s+(.*)$ ^dpdk(?::\w+|)\s+(.*)$ ^librte-pipeline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-qede17.11(?::\w+|)\s+(.*)$ ^librte-pmd-failsafe17.11(?::\w+|)\s+(.*)$ ^librte-reorder17.11(?::\w+|)\s+(.*)$ ^librte-pmd-kni17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ena17.11(?::\w+|)\s+(.*)$ ^librte-mempool-ring17.11(?::\w+|)\s+(.*)$ ^librte-ethdev17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ring17.11(?::\w+|)\s+(.*)$ ^librte-acl17.11(?::\w+|)\s+(.*)$ ^libdpdk-dev(?::\w+|)\s+(.*)$ ^libturbojpeg0-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^postgresql(?::\w+|)\s+(.*)$ ^postgresql-contrib(?::\w+|)\s+(.*)$ ^postgresql-all(?::\w+|)\s+(.*)$ ^postgresql-doc(?::\w+|)\s+(.*)$ ^postgresql-client(?::\w+|)\s+(.*)$ ^postgresql-server-dev-all(?::\w+|)\s+(.*)$ ^postgresql-client-common(?::\w+|)\s+(.*)$ ^postgresql-common(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^python-ecdsa(?::\w+|)\s+(.*)$ ^python3-ecdsa(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^libvpx-dev(?::\w+|)\s+(.*)$ ^vpx-tools(?::\w+|)\s+(.*)$ ^libvpx-doc(?::\w+|)\s+(.*)$ ^libvpx5(?::\w+|)\s+(.*)$ ^redmine-sqlite(?::\w+|)\s+(.*)$ ^redmine(?::\w+|)\s+(.*)$ ^redmine-mysql(?::\w+|)\s+(.*)$ ^redmine-pgsql(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python-psutil-doc(?::\w+|)\s+(.*)$ ^python-psutil(?::\w+|)\s+(.*)$ ^python3-psutil(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^librabbitmq4(?::\w+|)\s+(.*)$ ^amqp-tools(?::\w+|)\s+(.*)$ ^librabbitmq-dev(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^libpcap-dev(?::\w+|)\s+(.*)$ ^libpcap0.8-dev(?::\w+|)\s+(.*)$ ^libpcap0.8(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^sntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dane0(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dane0(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt-mingw-w64-dev(?::\w+|)\s+(.*)$ ^libgcrypt20-udeb(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libsdl-image1.2(?::\w+|)\s+(.*)$ ^libsdl-image1.2-dev(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^libbsd-dev(?::\w+|)\s+(.*)$ ^libbsd0-udeb(?::\w+|)\s+(.*)$ ^libbsd0(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^libcom-err2(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^e2fsprogs-l10n(?::\w+|)\s+(.*)$ ^libext2fs-dev(?::\w+|)\s+(.*)$ ^e2fsprogs-udeb(?::\w+|)\s+(.*)$ ^libext2fs2(?::\w+|)\s+(.*)$ ^fuse2fs(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libsasl2-2(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-heimdal(?::\w+|)\s+(.*)$ ^sasl2-bin(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-mit(?::\w+|)\s+(.*)$ ^libsasl2-dev(?::\w+|)\s+(.*)$ ^libsasl2-modules-sql(?::\w+|)\s+(.*)$ ^cyrus-sasl2-doc(?::\w+|)\s+(.*)$ ^libsasl2-modules(?::\w+|)\s+(.*)$ ^libsasl2-modules-otp(?::\w+|)\s+(.*)$ ^libsasl2-modules-ldap(?::\w+|)\s+(.*)$ ^libsasl2-modules-db(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^opensmtpd(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^mesa-common-dev(?::\w+|)\s+(.*)$ ^libxatracker-dev(?::\w+|)\s+(.*)$ ^libd3dadapter9-mesa-dev(?::\w+|)\s+(.*)$ ^libgl1-mesa-glx(?::\w+|)\s+(.*)$ ^libegl1-mesa-dev(?::\w+|)\s+(.*)$ ^libglapi-mesa(?::\w+|)\s+(.*)$ ^libgles2-mesa(?::\w+|)\s+(.*)$ ^libegl1-mesa(?::\w+|)\s+(.*)$ ^libosmesa6-dev(?::\w+|)\s+(.*)$ ^mesa-vulkan-drivers(?::\w+|)\s+(.*)$ ^mesa-opencl-icd(?::\w+|)\s+(.*)$ ^libglx-mesa0(?::\w+|)\s+(.*)$ ^libegl-mesa0(?::\w+|)\s+(.*)$ ^libxatracker2(?::\w+|)\s+(.*)$ ^libgl1-mesa-dri(?::\w+|)\s+(.*)$ ^libosmesa6(?::\w+|)\s+(.*)$ ^libgbm-dev(?::\w+|)\s+(.*)$ ^libgles2-mesa-dev(?::\w+|)\s+(.*)$ ^libwayland-egl1-mesa(?::\w+|)\s+(.*)$ ^libgl1-mesa-dev(?::\w+|)\s+(.*)$ ^mesa-vdpau-drivers(?::\w+|)\s+(.*)$ ^libd3dadapter9-mesa(?::\w+|)\s+(.*)$ ^mesa-va-drivers(?::\w+|)\s+(.*)$ ^libgbm1(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python-reportlab-doc(?::\w+|)\s+(.*)$ ^python-reportlab-accel(?::\w+|)\s+(.*)$ ^python3-reportlab-accel(?::\w+|)\s+(.*)$ ^python3-reportlab(?::\w+|)\s+(.*)$ ^python-renderpm(?::\w+|)\s+(.*)$ ^python-reportlab(?::\w+|)\s+(.*)$ ^python3-renderpm(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libqt5widgets5(?::\w+|)\s+(.*)$ ^libqt5opengl5(?::\w+|)\s+(.*)$ ^libqt5concurrent5(?::\w+|)\s+(.*)$ ^libqt5sql5-mysql(?::\w+|)\s+(.*)$ ^libqt5sql5-tds(?::\w+|)\s+(.*)$ ^libqt5sql5-sqlite(?::\w+|)\s+(.*)$ ^libqt5sql5-psql(?::\w+|)\s+(.*)$ ^libqt5core5a(?::\w+|)\s+(.*)$ ^libqt5network5(?::\w+|)\s+(.*)$ ^libqt5sql5(?::\w+|)\s+(.*)$ ^libqt5dbus5(?::\w+|)\s+(.*)$ ^libqt5gui5(?::\w+|)\s+(.*)$ ^qtbase5-doc(?::\w+|)\s+(.*)$ ^libqt5opengl5-dev(?::\w+|)\s+(.*)$ ^qtbase5-doc-html(?::\w+|)\s+(.*)$ ^qtbase5-dev-tools(?::\w+|)\s+(.*)$ ^qt5-qmake(?::\w+|)\s+(.*)$ ^libqt5xml5(?::\w+|)\s+(.*)$ ^qtbase5-dev(?::\w+|)\s+(.*)$ ^qtbase5-private-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-ibase(?::\w+|)\s+(.*)$ ^libqt5printsupport5(?::\w+|)\s+(.*)$ ^qt5-qmake-bin(?::\w+|)\s+(.*)$ ^qt5-gtk-platformtheme(?::\w+|)\s+(.*)$ ^qtbase5-examples(?::\w+|)\s+(.*)$ ^libqt5test5(?::\w+|)\s+(.*)$ ^libqt5sql5-odbc(?::\w+|)\s+(.*)$ ^qt5-default(?::\w+|)\s+(.*)$ ^libykpiv-dev(?::\w+|)\s+(.*)$ ^libykpiv1(?::\w+|)\s+(.*)$ ^ykcs11(?::\w+|)\s+(.*)$ ^yubico-piv-tool(?::\w+|)\s+(.*)$ ^libexif-doc(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libpam-radius-auth(?::\w+|)\s+(.*)$ ^libapache2-mod-auth-mellon(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^bsdcpio(?::\w+|)\s+(.*)$ ^libarchive-tools(?::\w+|)\s+(.*)$ ^libarchive13(?::\w+|)\s+(.*)$ ^bsdtar(?::\w+|)\s+(.*)$ ^libarchive-dev(?::\w+|)\s+(.*)$ ^opensmtpd(?::\w+|)\s+(.*)$ ^rake(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libiculx60(?::\w+|)\s+(.*)$ ^libicu60(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^dino-im-common(?::\w+|)\s+(.*)$ ^dino-im(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^twisted-doc(?::\w+|)\s+(.*)$ ^python-twisted-news(?::\w+|)\s+(.*)$ ^python3-twisted(?::\w+|)\s+(.*)$ ^python-twisted-names(?::\w+|)\s+(.*)$ ^python-twisted-words(?::\w+|)\s+(.*)$ ^python-twisted-runner(?::\w+|)\s+(.*)$ ^python-twisted-core(?::\w+|)\s+(.*)$ ^python3-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-web(?::\w+|)\s+(.*)$ ^python-twisted(?::\w+|)\s+(.*)$ ^python-twisted-mail(?::\w+|)\s+(.*)$ ^python-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-conch(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libpam-heimdal(?::\w+|)\s+(.*)$ ^libpam-krb5(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^libiberty-dev(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^qemu-efi-arm(?::\w+|)\s+(.*)$ ^qemu-efi(?::\w+|)\s+(.*)$ ^qemu-efi-aarch64(?::\w+|)\s+(.*)$ ^ovmf(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^scsi-firmware(?::\w+|)\s+(.*)$ ^nic-firmware(?::\w+|)\s+(.*)$ ^linux-firmware(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libpulse0(?::\w+|)\s+(.*)$ ^pulseaudio-module-zeroconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-bluetooth(?::\w+|)\s+(.*)$ ^libpulse-dev(?::\w+|)\s+(.*)$ ^pulseaudio-utils(?::\w+|)\s+(.*)$ ^pulseaudio-module-raop(?::\w+|)\s+(.*)$ ^pulseaudio(?::\w+|)\s+(.*)$ ^libpulsedsp(?::\w+|)\s+(.*)$ ^pulseaudio-esound-compat(?::\w+|)\s+(.*)$ ^pulseaudio-equalizer(?::\w+|)\s+(.*)$ ^pulseaudio-module-gconf(?::\w+|)\s+(.*)$ ^libpulse-mainloop-glib0(?::\w+|)\s+(.*)$ ^pulseaudio-module-lirc(?::\w+|)\s+(.*)$ ^pulseaudio-module-jack(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^iproute2(?::\w+|)\s+(.*)$ ^iproute2-doc(?::\w+|)\s+(.*)$ ^libexif-doc(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^libjson-c3(?::\w+|)\s+(.*)$ ^libjson-c3-udeb(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^libjson-c3(?::\w+|)\s+(.*)$ ^libjson-c3-udeb(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^libjson-c3(?::\w+|)\s+(.*)$ ^libjson-c3-udeb(?::\w+|)\s+(.*)$ ^libjson-c-doc(?::\w+|)\s+(.*)$ ^libjson-c-dev(?::\w+|)\s+(.*)$ ^librte-pmd-thunderx-nicvf17.11(?::\w+|)\s+(.*)$ ^dpdk-igb-uio-dkms(?::\w+|)\s+(.*)$ ^librte-pmd-softnic17.11(?::\w+|)\s+(.*)$ ^librte-timer17.11(?::\w+|)\s+(.*)$ ^librte-pmd-af-packet17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sw-event17.11(?::\w+|)\s+(.*)$ ^librte-pmd-fm10k17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bond17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vmxnet3-uio17.11(?::\w+|)\s+(.*)$ ^librte-flow-classify17.11(?::\w+|)\s+(.*)$ ^librte-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sfc-efx17.11(?::\w+|)\s+(.*)$ ^librte-bus-pci17.11(?::\w+|)\s+(.*)$ ^dpdk-doc(?::\w+|)\s+(.*)$ ^librte-distributor17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vhost17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null-crypto17.11(?::\w+|)\s+(.*)$ ^librte-net17.11(?::\w+|)\s+(.*)$ ^librte-ip-frag17.11(?::\w+|)\s+(.*)$ ^librte-lpm17.11(?::\w+|)\s+(.*)$ ^librte-vhost17.11(?::\w+|)\s+(.*)$ ^dpdk-dev(?::\w+|)\s+(.*)$ ^librte-mbuf17.11(?::\w+|)\s+(.*)$ ^librte-pmd-e1000-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-nfp17.11(?::\w+|)\s+(.*)$ ^librte-mempool-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-latencystats17.11(?::\w+|)\s+(.*)$ ^librte-pmd-avp17.11(?::\w+|)\s+(.*)$ ^dpdk-rte-kni-dkms(?::\w+|)\s+(.*)$ ^librte-gro17.11(?::\w+|)\s+(.*)$ ^librte-pmd-crypto-scheduler17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ixgbe17.11(?::\w+|)\s+(.*)$ ^librte-cryptodev17.11(?::\w+|)\s+(.*)$ ^librte-cmdline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-lio17.11(?::\w+|)\s+(.*)$ ^librte-bus-vdev17.11(?::\w+|)\s+(.*)$ ^librte-pdump17.11(?::\w+|)\s+(.*)$ ^librte-pmd-skeleton-event17.11(?::\w+|)\s+(.*)$ ^librte-table17.11(?::\w+|)\s+(.*)$ ^librte-gso17.11(?::\w+|)\s+(.*)$ ^librte-pmd-i40e17.11(?::\w+|)\s+(.*)$ ^librte-eventdev17.11(?::\w+|)\s+(.*)$ ^librte-kvargs17.11(?::\w+|)\s+(.*)$ ^librte-mempool-stack17.11(?::\w+|)\s+(.*)$ ^librte-metrics17.11(?::\w+|)\s+(.*)$ ^librte-jobstats17.11(?::\w+|)\s+(.*)$ ^librte-kni17.11(?::\w+|)\s+(.*)$ ^librte-eal17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-sched17.11(?::\w+|)\s+(.*)$ ^librte-pmd-enic17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx5-17.11(?::\w+|)\s+(.*)$ ^librte-pci17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx-ssovf17.11(?::\w+|)\s+(.*)$ ^librte-bitratestats17.11(?::\w+|)\s+(.*)$ ^librte-security17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null17.11(?::\w+|)\s+(.*)$ ^librte-hash17.11(?::\w+|)\s+(.*)$ ^librte-member17.11(?::\w+|)\s+(.*)$ ^librte-pmd-tap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-pcap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx4-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ark17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bnxt17.11(?::\w+|)\s+(.*)$ ^librte-meter17.11(?::\w+|)\s+(.*)$ ^librte-pmd-virtio17.11(?::\w+|)\s+(.*)$ ^librte-power17.11(?::\w+|)\s+(.*)$ ^librte-port17.11(?::\w+|)\s+(.*)$ ^librte-mempool17.11(?::\w+|)\s+(.*)$ ^librte-cfgfile17.11(?::\w+|)\s+(.*)$ ^librte-efd17.11(?::\w+|)\s+(.*)$ ^librte-pmd-cxgbe17.11(?::\w+|)\s+(.*)$ ^dpdk(?::\w+|)\s+(.*)$ ^librte-pipeline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-qede17.11(?::\w+|)\s+(.*)$ ^librte-pmd-failsafe17.11(?::\w+|)\s+(.*)$ ^librte-reorder17.11(?::\w+|)\s+(.*)$ ^librte-pmd-kni17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ena17.11(?::\w+|)\s+(.*)$ ^librte-mempool-ring17.11(?::\w+|)\s+(.*)$ ^librte-ethdev17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ring17.11(?::\w+|)\s+(.*)$ ^librte-acl17.11(?::\w+|)\s+(.*)$ ^libdpdk-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python3-unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^python-flask-doc(?::\w+|)\s+(.*)$ ^python-flask(?::\w+|)\s+(.*)$ ^python3-flask(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libfreerdp-common1.1.0(?::\w+|)\s+(.*)$ ^libwinpr-dev(?::\w+|)\s+(.*)$ ^libfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-crt0.1(?::\w+|)\s+(.*)$ ^libfreerdp-primitives1.1(?::\w+|)\s+(.*)$ ^libwinpr-pool0.1(?::\w+|)\s+(.*)$ ^libwinpr-library0.1(?::\w+|)\s+(.*)$ ^libwinpr-io0.1(?::\w+|)\s+(.*)$ ^libfreerdp-core1.1(?::\w+|)\s+(.*)$ ^libfreerdp-locale1.1(?::\w+|)\s+(.*)$ ^libfreerdp-gdi1.1(?::\w+|)\s+(.*)$ ^libwinpr-winhttp0.1(?::\w+|)\s+(.*)$ ^libwinpr-synch0.1(?::\w+|)\s+(.*)$ ^libwinpr-sysinfo0.1(?::\w+|)\s+(.*)$ ^libfreerdp-codec1.1(?::\w+|)\s+(.*)$ ^libwinpr-rpc0.1(?::\w+|)\s+(.*)$ ^libfreerdp-dev(?::\w+|)\s+(.*)$ ^libwinpr-environment0.1(?::\w+|)\s+(.*)$ ^libfreerdp-cache1.1(?::\w+|)\s+(.*)$ ^libwinpr-crypto0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspi0.1(?::\w+|)\s+(.*)$ ^libfreerdp-utils1.1(?::\w+|)\s+(.*)$ ^libwinpr-credui0.1(?::\w+|)\s+(.*)$ ^freerdp-x11(?::\w+|)\s+(.*)$ ^libwinpr-heap0.1(?::\w+|)\s+(.*)$ ^libfreerdp-rail1.1(?::\w+|)\s+(.*)$ ^libwinpr-thread0.1(?::\w+|)\s+(.*)$ ^libwinpr-asn1-0.1(?::\w+|)\s+(.*)$ ^libwinpr-bcrypt0.1(?::\w+|)\s+(.*)$ ^libxfreerdp-client1.1(?::\w+|)\s+(.*)$ ^libwinpr-file0.1(?::\w+|)\s+(.*)$ ^libwinpr-handle0.1(?::\w+|)\s+(.*)$ ^libwinpr-interlocked0.1(?::\w+|)\s+(.*)$ ^libwinpr-sspicli0.1(?::\w+|)\s+(.*)$ ^libwinpr-utils0.1(?::\w+|)\s+(.*)$ ^libwinpr-path0.1(?::\w+|)\s+(.*)$ ^libwinpr-error0.1(?::\w+|)\s+(.*)$ ^libwinpr-dsparse0.1(?::\w+|)\s+(.*)$ ^libfreerdp-plugins-standard(?::\w+|)\s+(.*)$ ^libwinpr-timezone0.1(?::\w+|)\s+(.*)$ ^libfreerdp-crypto1.1(?::\w+|)\s+(.*)$ ^libwinpr-winsock0.1(?::\w+|)\s+(.*)$ ^libwinpr-pipe0.1(?::\w+|)\s+(.*)$ ^libwinpr-credentials0.1(?::\w+|)\s+(.*)$ ^libwinpr-registry0.1(?::\w+|)\s+(.*)$ ^libwinpr-input0.1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libturbojpeg0-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke|-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^fwupd-amd64-signed-template(?::\w+|)\s+(.*)$ ^libfwupd-dev(?::\w+|)\s+(.*)$ ^fwupd-armhf-signed-template(?::\w+|)\s+(.*)$ ^fwupd-i386-signed-template(?::\w+|)\s+(.*)$ ^gir1.2-fwupd-2.0(?::\w+|)\s+(.*)$ ^fwupd-tests(?::\w+|)\s+(.*)$ ^fwupd-doc(?::\w+|)\s+(.*)$ ^fwupd-arm64-signed-template(?::\w+|)\s+(.*)$ ^fwupd(?::\w+|)\s+(.*)$ ^libfwupd2(?::\w+|)\s+(.*)$ ^libexif-doc(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-udeb(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^libdbus-1-3-udeb(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^nfs-kernel-server(?::\w+|)\s+(.*)$ ^nfs-common(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440(?::\w+|)\s+(.*)$ ^libnvidia-decode-440(?::\w+|)\s+(.*)$ ^libnvidia-gl-430(?::\w+|)\s+(.*)$ ^libnvidia-common-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-430(?::\w+|)\s+(.*)$ ^libnvidia-encode-440(?::\w+|)\s+(.*)$ ^nvidia-dkms-440(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-430(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-430(?::\w+|)\s+(.*)$ ^nvidia-utils-430(?::\w+|)\s+(.*)$ ^libnvidia-encode-430(?::\w+|)\s+(.*)$ ^nvidia-headless-440(?::\w+|)\s+(.*)$ ^libnvidia-extra-440(?::\w+|)\s+(.*)$ ^libnvidia-compute-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-430(?::\w+|)\s+(.*)$ ^nvidia-utils-440(?::\w+|)\s+(.*)$ ^nvidia-driver-440(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-430(?::\w+|)\s+(.*)$ ^nvidia-driver-430(?::\w+|)\s+(.*)$ ^libnvidia-common-430(?::\w+|)\s+(.*)$ ^libnvidia-decode-430(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-430(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-430(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440(?::\w+|)\s+(.*)$ ^libnvidia-compute-430(?::\w+|)\s+(.*)$ ^nvidia-dkms-430(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-430(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440(?::\w+|)\s+(.*)$ ^libnvidia-gl-440(?::\w+|)\s+(.*)$ ^nvidia-headless-430(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^glib-networking(?::\w+|)\s+(.*)$ ^glib-networking-services(?::\w+|)\s+(.*)$ ^glib-networking-tests(?::\w+|)\s+(.*)$ ^glib-networking-common(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws|-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure|-oem)(?::\w+|)\s+(.*)$ ^coturn(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-udeb(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^python-os-brick(?::\w+|)\s+(.*)$ ^os-brick-common(?::\w+|)\s+(.*)$ ^python-os-brick-doc(?::\w+|)\s+(.*)$ ^python3-os-brick(?::\w+|)\s+(.*)$ ^python-cinder(?::\w+|)\s+(.*)$ ^cinder-backup(?::\w+|)\s+(.*)$ ^cinder-api(?::\w+|)\s+(.*)$ ^cinder-volume(?::\w+|)\s+(.*)$ ^cinder-common(?::\w+|)\s+(.*)$ ^cinder-scheduler(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libecal1.2-dev(?::\w+|)\s+(.*)$ ^libedataserver-1.2-23(?::\w+|)\s+(.*)$ ^libebackend-1.2-10(?::\w+|)\s+(.*)$ ^libebook1.2-dev(?::\w+|)\s+(.*)$ ^libedata-cal1.2-dev(?::\w+|)\s+(.*)$ ^evolution-data-server-tests(?::\w+|)\s+(.*)$ ^gir1.2-camel-1.2(?::\w+|)\s+(.*)$ ^libebook-contacts-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book1.2-dev(?::\w+|)\s+(.*)$ ^libecal-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-online-accounts(?::\w+|)\s+(.*)$ ^libebackend1.2-dev(?::\w+|)\s+(.*)$ ^libcamel1.2-dev(?::\w+|)\s+(.*)$ ^libedataserverui-1.2-2(?::\w+|)\s+(.*)$ ^libedata-book-1.2-25(?::\w+|)\s+(.*)$ ^gir1.2-edataserver-1.2(?::\w+|)\s+(.*)$ ^libedataserver1.2-dev(?::\w+|)\s+(.*)$ ^libebook-contacts1.2-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebookcontacts-1.2(?::\w+|)\s+(.*)$ ^libcamel-1.2-61(?::\w+|)\s+(.*)$ ^evolution-data-server(?::\w+|)\s+(.*)$ ^evolution-data-server-common(?::\w+|)\s+(.*)$ ^gir1.2-edataserverui-1.2(?::\w+|)\s+(.*)$ ^libedataserverui1.2-dev(?::\w+|)\s+(.*)$ ^libebook-1.2-19(?::\w+|)\s+(.*)$ ^evolution-data-server-doc(?::\w+|)\s+(.*)$ ^evolution-data-server-dev(?::\w+|)\s+(.*)$ ^gir1.2-ebook-1.2(?::\w+|)\s+(.*)$ ^libedata-cal-1.2-28(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^grub-efi-amd64-signed(?::\w+|)\s+(.*)$ ^grub-efi-arm64-signed(?::\w+|)\s+(.*)$ ^grub-firmware-qemu(?::\w+|)\s+(.*)$ ^grub-ieee1275(?::\w+|)\s+(.*)$ ^grub-efi-amd64(?::\w+|)\s+(.*)$ ^grub2-common(?::\w+|)\s+(.*)$ ^grub-uboot-bin(?::\w+|)\s+(.*)$ ^grub-common(?::\w+|)\s+(.*)$ ^grub-efi-amd64-bin(?::\w+|)\s+(.*)$ ^grub-pc-bin(?::\w+|)\s+(.*)$ ^grub-theme-starfield(?::\w+|)\s+(.*)$ ^grub-efi-arm(?::\w+|)\s+(.*)$ ^grub2(?::\w+|)\s+(.*)$ ^grub-xen-host(?::\w+|)\s+(.*)$ ^grub-efi-arm64-bin(?::\w+|)\s+(.*)$ ^grub-pc(?::\w+|)\s+(.*)$ ^grub-emu(?::\w+|)\s+(.*)$ ^grub-efi-arm-bin(?::\w+|)\s+(.*)$ ^grub-linuxbios(?::\w+|)\s+(.*)$ ^grub-xen(?::\w+|)\s+(.*)$ ^grub-uboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32(?::\w+|)\s+(.*)$ ^grub-coreboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32-bin(?::\w+|)\s+(.*)$ ^grub-ieee1275-bin(?::\w+|)\s+(.*)$ ^grub-xen-bin(?::\w+|)\s+(.*)$ ^grub-rescue-pc(?::\w+|)\s+(.*)$ ^grub-mount-udeb(?::\w+|)\s+(.*)$ ^grub-coreboot-bin(?::\w+|)\s+(.*)$ ^grub-efi-arm64(?::\w+|)\s+(.*)$ ^grub-efi(?::\w+|)\s+(.*)$ ^grub-efi-amd64-signed(?::\w+|)\s+(.*)$ ^grub-efi-arm64-signed(?::\w+|)\s+(.*)$ ^grub-firmware-qemu(?::\w+|)\s+(.*)$ ^grub-ieee1275(?::\w+|)\s+(.*)$ ^grub-efi-amd64(?::\w+|)\s+(.*)$ ^grub2-common(?::\w+|)\s+(.*)$ ^grub-uboot-bin(?::\w+|)\s+(.*)$ ^grub-common(?::\w+|)\s+(.*)$ ^grub-efi-amd64-bin(?::\w+|)\s+(.*)$ ^grub-pc-bin(?::\w+|)\s+(.*)$ ^grub-theme-starfield(?::\w+|)\s+(.*)$ ^grub-efi-arm(?::\w+|)\s+(.*)$ ^grub2(?::\w+|)\s+(.*)$ ^grub-xen-host(?::\w+|)\s+(.*)$ ^grub-efi-arm64-bin(?::\w+|)\s+(.*)$ ^grub-pc(?::\w+|)\s+(.*)$ ^grub-emu(?::\w+|)\s+(.*)$ ^grub-efi-arm-bin(?::\w+|)\s+(.*)$ ^grub-linuxbios(?::\w+|)\s+(.*)$ ^grub-xen(?::\w+|)\s+(.*)$ ^grub-uboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32(?::\w+|)\s+(.*)$ ^grub-coreboot(?::\w+|)\s+(.*)$ ^grub-efi-ia32-bin(?::\w+|)\s+(.*)$ ^grub-ieee1275-bin(?::\w+|)\s+(.*)$ ^grub-xen-bin(?::\w+|)\s+(.*)$ ^grub-rescue-pc(?::\w+|)\s+(.*)$ ^grub-mount-udeb(?::\w+|)\s+(.*)$ ^grub-coreboot-bin(?::\w+|)\s+(.*)$ ^grub-efi-arm64(?::\w+|)\s+(.*)$ ^grub-efi(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^librsvg2-common(?::\w+|)\s+(.*)$ ^gir1.2-rsvg-2.0(?::\w+|)\s+(.*)$ ^librsvg2-doc(?::\w+|)\s+(.*)$ ^librsvg2-bin(?::\w+|)\s+(.*)$ ^librsvg2-2(?::\w+|)\s+(.*)$ ^librsvg2-dev(?::\w+|)\s+(.*)$ ^librsvg2-common(?::\w+|)\s+(.*)$ ^gir1.2-rsvg-2.0(?::\w+|)\s+(.*)$ ^librsvg2-doc(?::\w+|)\s+(.*)$ ^librsvg2-bin(?::\w+|)\s+(.*)$ ^librsvg2-2(?::\w+|)\s+(.*)$ ^librsvg2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^sympa(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^whoopsie(?::\w+|)\s+(.*)$ ^libwhoopsie0(?::\w+|)\s+(.*)$ ^libwhoopsie-dev(?::\w+|)\s+(.*)$ ^ppp-udeb(?::\w+|)\s+(.*)$ ^ppp(?::\w+|)\s+(.*)$ ^ppp-dev(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^software-properties-common(?::\w+|)\s+(.*)$ ^software-properties-kde(?::\w+|)\s+(.*)$ ^python3-software-properties(?::\w+|)\s+(.*)$ ^software-properties-gtk(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^salt-doc(?::\w+|)\s+(.*)$ ^salt-minion(?::\w+|)\s+(.*)$ ^salt-proxy(?::\w+|)\s+(.*)$ ^salt-api(?::\w+|)\s+(.*)$ ^salt-syndic(?::\w+|)\s+(.*)$ ^salt-ssh(?::\w+|)\s+(.*)$ ^salt-common(?::\w+|)\s+(.*)$ ^salt-master(?::\w+|)\s+(.*)$ ^salt-cloud(?::\w+|)\s+(.*)$ ^ark(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libsane-common(?::\w+|)\s+(.*)$ ^libsane1(?::\w+|)\s+(.*)$ ^sane-utils(?::\w+|)\s+(.*)$ ^libsane-dev(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libmysofa-utils(?::\w+|)\s+(.*)$ ^libmysofa0(?::\w+|)\s+(.*)$ ^libmysofa-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^chrony(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python-rsa(?::\w+|)\s+(.*)$ ^python3-rsa(?::\w+|)\s+(.*)$ ^python-keystone(?::\w+|)\s+(.*)$ ^keystone-doc(?::\w+|)\s+(.*)$ ^keystone(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^ark(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^liblog4j1.2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java(?::\w+|)\s+(.*)$ ^libxmlrpc3-common-java(?::\w+|)\s+(.*)$ ^libxmlrpc3-server-java(?::\w+|)\s+(.*)$ ^libxmlrpc3-java-doc(?::\w+|)\s+(.*)$ ^libxmlrpc3-client-java(?::\w+|)\s+(.*)$ ^ruby-websocket-extensions(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libphp-phpmailer(?::\w+|)\s+(.*)$ ^storebackup(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^bsdutils(?::\w+|)\s+(.*)$ ^util-linux-locales(?::\w+|)\s+(.*)$ ^libmount1-udeb(?::\w+|)\s+(.*)$ ^libsmartcols1-udeb(?::\w+|)\s+(.*)$ ^uuid-dev(?::\w+|)\s+(.*)$ ^setpriv(?::\w+|)\s+(.*)$ ^libfdisk1(?::\w+|)\s+(.*)$ ^libfdisk-dev(?::\w+|)\s+(.*)$ ^libfdisk1-udeb(?::\w+|)\s+(.*)$ ^libsmartcols1(?::\w+|)\s+(.*)$ ^fdisk(?::\w+|)\s+(.*)$ ^rfkill(?::\w+|)\s+(.*)$ ^libblkid-dev(?::\w+|)\s+(.*)$ ^libmount1(?::\w+|)\s+(.*)$ ^libsmartcols-dev(?::\w+|)\s+(.*)$ ^libmount-dev(?::\w+|)\s+(.*)$ ^uuid-runtime(?::\w+|)\s+(.*)$ ^util-linux(?::\w+|)\s+(.*)$ ^libblkid1-udeb(?::\w+|)\s+(.*)$ ^fdisk-udeb(?::\w+|)\s+(.*)$ ^libuuid1-udeb(?::\w+|)\s+(.*)$ ^mount(?::\w+|)\s+(.*)$ ^util-linux-udeb(?::\w+|)\s+(.*)$ ^libblkid1(?::\w+|)\s+(.*)$ ^libuuid1(?::\w+|)\s+(.*)$ ^libproxy-cil-dev(?::\w+|)\s+(.*)$ ^python-libproxy(?::\w+|)\s+(.*)$ ^libproxy1v5(?::\w+|)\s+(.*)$ ^libproxy0.4-cil(?::\w+|)\s+(.*)$ ^libproxy1-plugin-gsettings(?::\w+|)\s+(.*)$ ^libproxy-dev(?::\w+|)\s+(.*)$ ^python3-libproxy(?::\w+|)\s+(.*)$ ^libproxy1-plugin-webkit(?::\w+|)\s+(.*)$ ^libproxy1-plugin-kconfig(?::\w+|)\s+(.*)$ ^libproxy1-plugin-networkmanager(?::\w+|)\s+(.*)$ ^libproxy-tools(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^gpgv-static(?::\w+|)\s+(.*)$ ^gpgv-win32(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gpg(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgconf(?::\w+|)\s+(.*)$ ^gpgv-udeb(?::\w+|)\s+(.*)$ ^gpg-wks-client(?::\w+|)\s+(.*)$ ^gpg-wks-server(?::\w+|)\s+(.*)$ ^gpg-agent(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^gnupg-utils(?::\w+|)\s+(.*)$ ^gnupg-l10n(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^libemail-address-list-perl(?::\w+|)\s+(.*)$ ^libpam-tacplus(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^libfreeimageplus-dev(?::\w+|)\s+(.*)$ ^libfreeimage-dev(?::\w+|)\s+(.*)$ ^libfreeimageplus3(?::\w+|)\s+(.*)$ ^libfreeimage3(?::\w+|)\s+(.*)$ ^libfreeimageplus-doc(?::\w+|)\s+(.*)$ ^debian-lan-config(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^busybox-udeb(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^libnetty-3.9-java(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^spip(?::\w+|)\s+(.*)$ ^python3-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python-aptdaemon(?::\w+|)\s+(.*)$ ^aptdaemon-data(?::\w+|)\s+(.*)$ ^python3-aptdaemon.test(?::\w+|)\s+(.*)$ ^aptdaemon(?::\w+|)\s+(.*)$ ^python-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python3-aptdaemon(?::\w+|)\s+(.*)$ ^packagekit-docs(?::\w+|)\s+(.*)$ ^libpackagekit-glib2-dev(?::\w+|)\s+(.*)$ ^packagekit(?::\w+|)\s+(.*)$ ^packagekit-tools(?::\w+|)\s+(.*)$ ^libpackagekit-glib2-18(?::\w+|)\s+(.*)$ ^packagekit-command-not-found(?::\w+|)\s+(.*)$ ^packagekit-gtk3-module(?::\w+|)\s+(.*)$ ^gir1.2-packagekitglib-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-packagekit(?::\w+|)\s+(.*)$ ^atftp(?::\w+|)\s+(.*)$ ^atftpd(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^italc-master(?::\w+|)\s+(.*)$ ^italc-client(?::\w+|)\s+(.*)$ ^libitalccore(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^libpam-python(?::\w+|)\s+(.*)$ ^libpam-python(?::\w+|)\s+(.*)$ ^libpam-python-doc(?::\w+|)\s+(.*)$ ^libapreq2-doc(?::\w+|)\s+(.*)$ ^libapache2-mod-apreq2(?::\w+|)\s+(.*)$ ^libapreq2-dev(?::\w+|)\s+(.*)$ ^libapache2-request-perl(?::\w+|)\s+(.*)$ ^libapreq2-3(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^ruby-gon(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^ntp(?::\w+|)\s+(.*)$ ^sntp(?::\w+|)\s+(.*)$ ^ntp-doc(?::\w+|)\s+(.*)$ ^ntpdate(?::\w+|)\s+(.*)$ ^openconnect(?::\w+|)\s+(.*)$ ^libopenconnect-dev(?::\w+|)\s+(.*)$ ^libopenconnect5(?::\w+|)\s+(.*)$ ^cyrus-doc(?::\w+|)\s+(.*)$ ^cyrus-caldav(?::\w+|)\s+(.*)$ ^cyrus-dev(?::\w+|)\s+(.*)$ ^cyrus-pop3d(?::\w+|)\s+(.*)$ ^cyrus-common(?::\w+|)\s+(.*)$ ^cyrus-nntpd(?::\w+|)\s+(.*)$ ^cyrus-admin(?::\w+|)\s+(.*)$ ^libcyrus-imap-perl(?::\w+|)\s+(.*)$ ^cyrus-murder(?::\w+|)\s+(.*)$ ^cyrus-imapd(?::\w+|)\s+(.*)$ ^cyrus-clients(?::\w+|)\s+(.*)$ ^cyrus-replication(?::\w+|)\s+(.*)$ ^libopendmarc-dev(?::\w+|)\s+(.*)$ ^rddmarc(?::\w+|)\s+(.*)$ ^opendmarc(?::\w+|)\s+(.*)$ ^libopendmarc2(?::\w+|)\s+(.*)$ ^libbrotli1(?::\w+|)\s+(.*)$ ^python-brotli(?::\w+|)\s+(.*)$ ^python3-brotli(?::\w+|)\s+(.*)$ ^brotli(?::\w+|)\s+(.*)$ ^libbrotli-dev(?::\w+|)\s+(.*)$ ^yaws-mail(?::\w+|)\s+(.*)$ ^yaws-chat(?::\w+|)\s+(.*)$ ^yaws-wiki(?::\w+|)\s+(.*)$ ^erlang-yaws(?::\w+|)\s+(.*)$ ^yaws(?::\w+|)\s+(.*)$ ^yaws-yapp(?::\w+|)\s+(.*)$ ^erlang-yapp(?::\w+|)\s+(.*)$ ^yaws-doc(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^libspice-server1(?::\w+|)\s+(.*)$ ^libspice-server-dev(?::\w+|)\s+(.*)$ ^vino(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^php-imagick(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^libfreetype6-udeb(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^quassel-client(?::\w+|)\s+(.*)$ ^quassel-core(?::\w+|)\s+(.*)$ ^quassel(?::\w+|)\s+(.*)$ ^quassel-data(?::\w+|)\s+(.*)$ ^grunt(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnetty-java(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.26(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^libperl5.26(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^blueman(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^gir1.2-gdm-1.0(?::\w+|)\s+(.*)$ ^libgdm-dev(?::\w+|)\s+(.*)$ ^gdm3(?::\w+|)\s+(.*)$ ^libgdm1(?::\w+|)\s+(.*)$ ^accountsservice(?::\w+|)\s+(.*)$ ^gir1.2-accountsservice-1.0(?::\w+|)\s+(.*)$ ^libaccountsservice-doc(?::\w+|)\s+(.*)$ ^libaccountsservice-dev(?::\w+|)\s+(.*)$ ^libaccountsservice0(?::\w+|)\s+(.*)$ ^spice-vdagent(?::\w+|)\s+(.*)$ ^phpldapadmin(?::\w+|)\s+(.*)$ ^qmail(?::\w+|)\s+(.*)$ ^qmail-uids-gids(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^pacemaker-remote(?::\w+|)\s+(.*)$ ^libcrmcommon-dev(?::\w+|)\s+(.*)$ ^pacemaker-resource-agents(?::\w+|)\s+(.*)$ ^pacemaker-cli-utils(?::\w+|)\s+(.*)$ ^pacemaker-common(?::\w+|)\s+(.*)$ ^liblrmd1(?::\w+|)\s+(.*)$ ^libcrmcluster-dev(?::\w+|)\s+(.*)$ ^libstonithd-dev(?::\w+|)\s+(.*)$ ^libpe-status10(?::\w+|)\s+(.*)$ ^libtransitioner2(?::\w+|)\s+(.*)$ ^libstonithd2(?::\w+|)\s+(.*)$ ^libcrmservice3(?::\w+|)\s+(.*)$ ^libcrmcommon3(?::\w+|)\s+(.*)$ ^libcib-dev(?::\w+|)\s+(.*)$ ^pacemaker(?::\w+|)\s+(.*)$ ^libcrmservice-dev(?::\w+|)\s+(.*)$ ^libpe-rules2(?::\w+|)\s+(.*)$ ^liblrmd-dev(?::\w+|)\s+(.*)$ ^libpengine10(?::\w+|)\s+(.*)$ ^libpengine-dev(?::\w+|)\s+(.*)$ ^pacemaker-doc(?::\w+|)\s+(.*)$ ^libcrmcluster4(?::\w+|)\s+(.*)$ ^libcib4(?::\w+|)\s+(.*)$ ^libexif-doc(?::\w+|)\s+(.*)$ ^libexif-dev(?::\w+|)\s+(.*)$ ^libexif12(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-oem-osp1)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^python-moinmoin(?::\w+|)\s+(.*)$ ^libraptor2-doc(?::\w+|)\s+(.*)$ ^raptor2-utils(?::\w+|)\s+(.*)$ ^libraptor2-dev(?::\w+|)\s+(.*)$ ^libraptor2-0(?::\w+|)\s+(.*)$ ^slirp(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^krb5-kpropd(?::\w+|)\s+(.*)$ ^libkdb5-9(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^libkadm5srv-mit11(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit11(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^libvncserver-config(?::\w+|)\s+(.*)$ ^libvncserver-dev(?::\w+|)\s+(.*)$ ^libvncserver1(?::\w+|)\s+(.*)$ ^libvncclient1(?::\w+|)\s+(.*)$ ^vino(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^phpmyadmin(?::\w+|)\s+(.*)$ ^libpulse0(?::\w+|)\s+(.*)$ ^pulseaudio-module-zeroconf(?::\w+|)\s+(.*)$ ^pulseaudio-module-bluetooth(?::\w+|)\s+(.*)$ ^libpulse-dev(?::\w+|)\s+(.*)$ ^pulseaudio-utils(?::\w+|)\s+(.*)$ ^pulseaudio-module-raop(?::\w+|)\s+(.*)$ ^pulseaudio(?::\w+|)\s+(.*)$ ^libpulsedsp(?::\w+|)\s+(.*)$ ^pulseaudio-esound-compat(?::\w+|)\s+(.*)$ ^pulseaudio-equalizer(?::\w+|)\s+(.*)$ ^pulseaudio-module-gconf(?::\w+|)\s+(.*)$ ^libpulse-mainloop-glib0(?::\w+|)\s+(.*)$ ^pulseaudio-module-lirc(?::\w+|)\s+(.*)$ ^pulseaudio-module-jack(?::\w+|)\s+(.*)$ ^libigraph0v5(?::\w+|)\s+(.*)$ ^libigraph0-dev(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^xdg-utils(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^python3-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug-doc(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke|-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oem)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^snapcraft-parser(?::\w+|)\s+(.*)$ ^snapcraft(?::\w+|)\s+(.*)$ ^snapcraft-examples(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^python3-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^aptdaemon-data(?::\w+|)\s+(.*)$ ^python3-aptdaemon.test(?::\w+|)\s+(.*)$ ^python-aptdaemon(?::\w+|)\s+(.*)$ ^aptdaemon(?::\w+|)\s+(.*)$ ^python-aptdaemon.gtk3widgets(?::\w+|)\s+(.*)$ ^python3-aptdaemon(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^apt-doc(?::\w+|)\s+(.*)$ ^apt-transport-https(?::\w+|)\s+(.*)$ ^libapt-pkg5.0(?::\w+|)\s+(.*)$ ^libapt-pkg-doc(?::\w+|)\s+(.*)$ ^apt(?::\w+|)\s+(.*)$ ^apt-utils(?::\w+|)\s+(.*)$ ^libapt-inst2.0(?::\w+|)\s+(.*)$ ^libapt-pkg-dev(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^python3-apt(?::\w+|)\s+(.*)$ ^python-apt(?::\w+|)\s+(.*)$ ^python-apt-common(?::\w+|)\s+(.*)$ ^python-apt-dev(?::\w+|)\s+(.*)$ ^python-apt-doc(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^unzip(?::\w+|)\s+(.*)$ ^libproxy-cil-dev(?::\w+|)\s+(.*)$ ^python-libproxy(?::\w+|)\s+(.*)$ ^libproxy1v5(?::\w+|)\s+(.*)$ ^libproxy0.4-cil(?::\w+|)\s+(.*)$ ^libproxy1-plugin-gsettings(?::\w+|)\s+(.*)$ ^libproxy-dev(?::\w+|)\s+(.*)$ ^python3-libproxy(?::\w+|)\s+(.*)$ ^libproxy1-plugin-webkit(?::\w+|)\s+(.*)$ ^libproxy1-plugin-kconfig(?::\w+|)\s+(.*)$ ^libproxy1-plugin-networkmanager(?::\w+|)\s+(.*)$ ^libproxy-tools(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^openstack-dashboard(?::\w+|)\s+(.*)$ ^python-django-horizon(?::\w+|)\s+(.*)$ ^openstack-dashboard-ubuntu-theme(?::\w+|)\s+(.*)$ ^python3-django-openstack-auth(?::\w+|)\s+(.*)$ ^python-django-openstack-auth(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^libp11-kit0(?::\w+|)\s+(.*)$ ^libp11-kit-dev(?::\w+|)\s+(.*)$ ^p11-kit-modules(?::\w+|)\s+(.*)$ ^p11-kit(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke|-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libwavpack1(?::\w+|)\s+(.*)$ ^libwavpack-dev(?::\w+|)\s+(.*)$ ^wavpack(?::\w+|)\s+(.*)$ ^qemu-efi-arm(?::\w+|)\s+(.*)$ ^qemu-efi(?::\w+|)\s+(.*)$ ^qemu-efi-aarch64(?::\w+|)\s+(.*)$ ^ovmf(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^libnvidia-encode-440(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450(?::\w+|)\s+(.*)$ ^libnvidia-compute-440(?::\w+|)\s+(.*)$ ^libnvidia-common-450(?::\w+|)\s+(.*)$ ^libnvidia-encode-450(?::\w+|)\s+(.*)$ ^libnvidia-common-440(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450(?::\w+|)\s+(.*)$ ^nvidia-driver-450(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440(?::\w+|)\s+(.*)$ ^libnvidia-decode-440(?::\w+|)\s+(.*)$ ^nvidia-driver-440(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450(?::\w+|)\s+(.*)$ ^nvidia-utils-440(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450(?::\w+|)\s+(.*)$ ^libnvidia-decode-450(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450(?::\w+|)\s+(.*)$ ^nvidia-headless-440(?::\w+|)\s+(.*)$ ^nvidia-dkms-440(?::\w+|)\s+(.*)$ ^libnvidia-extra-440(?::\w+|)\s+(.*)$ ^libnvidia-gl-450(?::\w+|)\s+(.*)$ ^nvidia-utils-450(?::\w+|)\s+(.*)$ ^nvidia-dkms-450(?::\w+|)\s+(.*)$ ^nvidia-headless-450(?::\w+|)\s+(.*)$ ^libnvidia-compute-450(?::\w+|)\s+(.*)$ ^libnvidia-extra-450(?::\w+|)\s+(.*)$ ^libnvidia-gl-440(?::\w+|)\s+(.*)$ ^libnvidia-common-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-455(?::\w+|)\s+(.*)$ ^nvidia-headless-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-460(?::\w+|)\s+(.*)$ ^libnvidia-common-455(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-455(?::\w+|)\s+(.*)$ ^nvidia-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-455(?::\w+|)\s+(.*)$ ^nvidia-driver-455(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460(?::\w+|)\s+(.*)$ ^nvidia-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-extra-460(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-455(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-455(?::\w+|)\s+(.*)$ ^libnvidia-decode-455(?::\w+|)\s+(.*)$ ^nvidia-driver-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-455(?::\w+|)\s+(.*)$ ^libnvidia-decode-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460(?::\w+|)\s+(.*)$ ^nvidia-utils-455(?::\w+|)\s+(.*)$ ^libnvidia-gl-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460(?::\w+|)\s+(.*)$ ^nvidia-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-headless-455(?::\w+|)\s+(.*)$ ^libnvidia-extra-455(?::\w+|)\s+(.*)$ ^libnvidia-compute-455(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^nvidia-headless-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-418-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-418-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-418-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-418-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-418-server(?::\w+|)\s+(.*)$ ^nvidia-utils-418-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-418-server(?::\w+|)\s+(.*)$ ^libnvidia-common-418-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-418-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-418-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-418-server(?::\w+|)\s+(.*)$ ^nvidia-driver-418-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-418-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-450-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440-server(?::\w+|)\s+(.*)$ ^nvidia-utils-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-440-server(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^coturn(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^htmldoc(?::\w+|)\s+(.*)$ ^htmldoc-common(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^liblog4net1.2-cil(?::\w+|)\s+(.*)$ ^liblog4net-cil-dev(?::\w+|)\s+(.*)$ ^python3-xdg(?::\w+|)\s+(.*)$ ^python-xdg(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke|-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.0.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^libxstream-java(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^fastd(?::\w+|)\s+(.*)$ ^ca-certificates-udeb(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libflatpak0(?::\w+|)\s+(.*)$ ^libflatpak-dev(?::\w+|)\s+(.*)$ ^gir1.2-flatpak-1.0(?::\w+|)\s+(.*)$ ^libflatpak-doc(?::\w+|)\s+(.*)$ ^flatpak(?::\w+|)\s+(.*)$ ^flatpak-tests(?::\w+|)\s+(.*)$ ^minidlna(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^postsrsd(?::\w+|)\s+(.*)$ ^junit4(?::\w+|)\s+(.*)$ ^junit4-doc(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-dev(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-0(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoar-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoargtk-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-doc(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-0(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-dev(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-0(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoar-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoargtk-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-doc(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-0(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.0.0-udeb(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libshiro-java(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^xterm(?::\w+|)\s+(.*)$ ^screen(?::\w+|)\s+(.*)$ ^screen-udeb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gke|-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^python3.7-doc(?::\w+|)\s+(.*)$ ^libpython3.7-minimal(?::\w+|)\s+(.*)$ ^python3.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.7-dev(?::\w+|)\s+(.*)$ ^python3.7-dev(?::\w+|)\s+(.*)$ ^libpython3.7-testsuite(?::\w+|)\s+(.*)$ ^libpython3.7-stdlib(?::\w+|)\s+(.*)$ ^python3.7(?::\w+|)\s+(.*)$ ^python3.7-venv(?::\w+|)\s+(.*)$ ^python3.7-examples(?::\w+|)\s+(.*)$ ^idle-python3.7(?::\w+|)\s+(.*)$ ^libpython3.7(?::\w+|)\s+(.*)$ ^libpython3.8-minimal(?::\w+|)\s+(.*)$ ^python3.8-venv(?::\w+|)\s+(.*)$ ^libpython3.8-dev(?::\w+|)\s+(.*)$ ^libpython3.8-stdlib(?::\w+|)\s+(.*)$ ^idle-python3.8(?::\w+|)\s+(.*)$ ^libpython3.8-testsuite(?::\w+|)\s+(.*)$ ^python3.8(?::\w+|)\s+(.*)$ ^python3.8-minimal(?::\w+|)\s+(.*)$ ^python3.8-examples(?::\w+|)\s+(.*)$ ^python3.8-dev(?::\w+|)\s+(.*)$ ^libpython3.8(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^hostapd(?::\w+|)\s+(.*)$ ^wpagui(?::\w+|)\s+(.*)$ ^wpasupplicant(?::\w+|)\s+(.*)$ ^wpasupplicant-udeb(?::\w+|)\s+(.*)$ ^golang-1.10-go(?::\w+|)\s+(.*)$ ^golang-1.10-src(?::\w+|)\s+(.*)$ ^golang-1.10(?::\w+|)\s+(.*)$ ^golang-1.10-doc(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^zstd(?::\w+|)\s+(.*)$ ^libzstd1-dev(?::\w+|)\s+(.*)$ ^libzstd-dev(?::\w+|)\s+(.*)$ ^libzstd1(?::\w+|)\s+(.*)$ ^libzstd1-udeb(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-udeb(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^libcommons-beanutils-java(?::\w+|)\s+(.*)$ ^libcommons-beanutils-java-doc(?::\w+|)\s+(.*)$ ^zabbix-java-gateway(?::\w+|)\s+(.*)$ ^zabbix-frontend-php(?::\w+|)\s+(.*)$ ^zabbix-proxy-mysql(?::\w+|)\s+(.*)$ ^zabbix-server-pgsql(?::\w+|)\s+(.*)$ ^zabbix-server-mysql(?::\w+|)\s+(.*)$ ^zabbix-proxy-pgsql(?::\w+|)\s+(.*)$ ^zabbix-proxy-sqlite3(?::\w+|)\s+(.*)$ ^zabbix-agent(?::\w+|)\s+(.*)$ ^glusterfs-client(?::\w+|)\s+(.*)$ ^glusterfs-server(?::\w+|)\s+(.*)$ ^glusterfs-common(?::\w+|)\s+(.*)$ ^lighttpd-mod-mysql-vhost(?::\w+|)\s+(.*)$ ^lighttpd-doc(?::\w+|)\s+(.*)$ ^lighttpd-mod-magnet(?::\w+|)\s+(.*)$ ^lighttpd-dev(?::\w+|)\s+(.*)$ ^lighttpd(?::\w+|)\s+(.*)$ ^lighttpd-mod-authn-ldap(?::\w+|)\s+(.*)$ ^lighttpd-mod-cml(?::\w+|)\s+(.*)$ ^lighttpd-mod-authn-mysql(?::\w+|)\s+(.*)$ ^lighttpd-mod-geoip(?::\w+|)\s+(.*)$ ^lighttpd-mod-authn-gssapi(?::\w+|)\s+(.*)$ ^lighttpd-mod-webdav(?::\w+|)\s+(.*)$ ^lighttpd-mod-trigger-b4-dl(?::\w+|)\s+(.*)$ ^ocaml-mode(?::\w+|)\s+(.*)$ ^ocaml-base-nox(?::\w+|)\s+(.*)$ ^ocaml-nox(?::\w+|)\s+(.*)$ ^ocaml(?::\w+|)\s+(.*)$ ^ocaml-source(?::\w+|)\s+(.*)$ ^ocaml-compiler-libs(?::\w+|)\s+(.*)$ ^ocaml-interp(?::\w+|)\s+(.*)$ ^ocaml-base(?::\w+|)\s+(.*)$ ^libpmi0-dev(?::\w+|)\s+(.*)$ ^libslurmdb32(?::\w+|)\s+(.*)$ ^slurmctld(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins-dev(?::\w+|)\s+(.*)$ ^libslurm-perl(?::\w+|)\s+(.*)$ ^libpmi0(?::\w+|)\s+(.*)$ ^slurm-wlm(?::\w+|)\s+(.*)$ ^libslurm-dev(?::\w+|)\s+(.*)$ ^slurm-client(?::\w+|)\s+(.*)$ ^libpam-slurm(?::\w+|)\s+(.*)$ ^slurmd(?::\w+|)\s+(.*)$ ^slurm-wlm-torque(?::\w+|)\s+(.*)$ ^slurm-client-emulator(?::\w+|)\s+(.*)$ ^slurm-wlm-emulator(?::\w+|)\s+(.*)$ ^libpmi2-0(?::\w+|)\s+(.*)$ ^slurm-wlm-doc(?::\w+|)\s+(.*)$ ^libpmi2-0-dev(?::\w+|)\s+(.*)$ ^libslurmdb-perl(?::\w+|)\s+(.*)$ ^libslurmdb-dev(?::\w+|)\s+(.*)$ ^sview(?::\w+|)\s+(.*)$ ^libslurm32(?::\w+|)\s+(.*)$ ^slurm-wlm-basic-plugins(?::\w+|)\s+(.*)$ ^slurmdbd(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c3.2(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^npm(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-doc(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^lynx-common(?::\w+|)\s+(.*)$ ^lynx(?::\w+|)\s+(.*)$ ^libhts-dev(?::\w+|)\s+(.*)$ ^libhts-private-dev(?::\w+|)\s+(.*)$ ^libhts2(?::\w+|)\s+(.*)$ ^htslib-test(?::\w+|)\s+(.*)$ ^tabix(?::\w+|)\s+(.*)$ ^tinyproxy-bin(?::\w+|)\s+(.*)$ ^tinyproxy(?::\w+|)\s+(.*)$ ^libzip-dev(?::\w+|)\s+(.*)$ ^zipmerge(?::\w+|)\s+(.*)$ ^ziptool(?::\w+|)\s+(.*)$ ^libzip4(?::\w+|)\s+(.*)$ ^zipcmp(?::\w+|)\s+(.*)$ ^libbson-doc(?::\w+|)\s+(.*)$ ^libbson-1.0-0(?::\w+|)\s+(.*)$ ^libbson-dev(?::\w+|)\s+(.*)$ ^libhdf5-doc(?::\w+|)\s+(.*)$ ^hdf5-helpers(?::\w+|)\s+(.*)$ ^libhdf5-cpp-100(?::\w+|)\s+(.*)$ ^libhdf5-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpich-dev(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-100(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpich-100(?::\w+|)\s+(.*)$ ^libhdf5-100(?::\w+|)\s+(.*)$ ^libhdf5-jni(?::\w+|)\s+(.*)$ ^libhdf5-java(?::\w+|)\s+(.*)$ ^libhdf5-mpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-serial-dev(?::\w+|)\s+(.*)$ ^hdf5-tools(?::\w+|)\s+(.*)$ ^libopencv-imgcodecs3.2(?::\w+|)\s+(.*)$ ^libopencv-features2d-dev(?::\w+|)\s+(.*)$ ^libopencv-videoio-dev(?::\w+|)\s+(.*)$ ^libopencv-photo-dev(?::\w+|)\s+(.*)$ ^libopencv-videostab-dev(?::\w+|)\s+(.*)$ ^libopencv-flann-dev(?::\w+|)\s+(.*)$ ^libopencv-ts-dev(?::\w+|)\s+(.*)$ ^libopencv-flann3.2(?::\w+|)\s+(.*)$ ^libopencv-stitching3.2(?::\w+|)\s+(.*)$ ^libopencv-ml-dev(?::\w+|)\s+(.*)$ ^libopencv-imgproc3.2(?::\w+|)\s+(.*)$ ^libopencv-videoio3.2(?::\w+|)\s+(.*)$ ^libopencv-viz3.2(?::\w+|)\s+(.*)$ ^libopencv3.2-java(?::\w+|)\s+(.*)$ ^libopencv-objdetect-dev(?::\w+|)\s+(.*)$ ^libopencv-imgcodecs-dev(?::\w+|)\s+(.*)$ ^libopencv-stitching-dev(?::\w+|)\s+(.*)$ ^libopencv-imgproc-dev(?::\w+|)\s+(.*)$ ^python-opencv(?::\w+|)\s+(.*)$ ^libopencv3.2-jni(?::\w+|)\s+(.*)$ ^libopencv-superres3.2(?::\w+|)\s+(.*)$ ^libopencv-viz-dev(?::\w+|)\s+(.*)$ ^libopencv-calib3d-dev(?::\w+|)\s+(.*)$ ^libopencv-objdetect3.2(?::\w+|)\s+(.*)$ ^opencv-data(?::\w+|)\s+(.*)$ ^libopencv-ml3.2(?::\w+|)\s+(.*)$ ^opencv-doc(?::\w+|)\s+(.*)$ ^libopencv-shape-dev(?::\w+|)\s+(.*)$ ^libopencv-video3.2(?::\w+|)\s+(.*)$ ^libopencv-calib3d3.2(?::\w+|)\s+(.*)$ ^libopencv-contrib-dev(?::\w+|)\s+(.*)$ ^libopencv-shape3.2(?::\w+|)\s+(.*)$ ^libopencv-video-dev(?::\w+|)\s+(.*)$ ^libopencv-highgui3.2(?::\w+|)\s+(.*)$ ^libopencv-dev(?::\w+|)\s+(.*)$ ^libopencv-photo3.2(?::\w+|)\s+(.*)$ ^libopencv-highgui-dev(?::\w+|)\s+(.*)$ ^libopencv-features2d3.2(?::\w+|)\s+(.*)$ ^libopencv-core3.2(?::\w+|)\s+(.*)$ ^libopencv-contrib3.2(?::\w+|)\s+(.*)$ ^libopencv-superres-dev(?::\w+|)\s+(.*)$ ^python3-opencv(?::\w+|)\s+(.*)$ ^libopencv-core-dev(?::\w+|)\s+(.*)$ ^libopencv-videostab3.2(?::\w+|)\s+(.*)$ ^mosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto-dev(?::\w+|)\s+(.*)$ ^libmosquitto1(?::\w+|)\s+(.*)$ ^mosquitto(?::\w+|)\s+(.*)$ ^libmosquittopp1(?::\w+|)\s+(.*)$ ^libmosquittopp-dev(?::\w+|)\s+(.*)$ ^mosquitto-clients(?::\w+|)\s+(.*)$ ^libsoundtouch-dev(?::\w+|)\s+(.*)$ ^soundstretch(?::\w+|)\s+(.*)$ ^libsoundtouch1(?::\w+|)\s+(.*)$ ^librelp0(?::\w+|)\s+(.*)$ ^librelp-dev(?::\w+|)\s+(.*)$ ^libokular5core8(?::\w+|)\s+(.*)$ ^okular-extra-backends(?::\w+|)\s+(.*)$ ^okular(?::\w+|)\s+(.*)$ ^okular-mobile(?::\w+|)\s+(.*)$ ^okular-dev(?::\w+|)\s+(.*)$ ^qml-module-org-kde-okular(?::\w+|)\s+(.*)$ ^libopenmpt0(?::\w+|)\s+(.*)$ ^libopenmpt-dev(?::\w+|)\s+(.*)$ ^libopenmpt-modplug-dev(?::\w+|)\s+(.*)$ ^libopenmpt-modplug1(?::\w+|)\s+(.*)$ ^openmpt123(?::\w+|)\s+(.*)$ ^libopenmpt-doc(?::\w+|)\s+(.*)$ ^libplexus-archiver-java(?::\w+|)\s+(.*)$ ^prosody(?::\w+|)\s+(.*)$ ^vcftools(?::\w+|)\s+(.*)$ ^php-symfony-framework-bundle(?::\w+|)\s+(.*)$ ^php-symfony-security-core(?::\w+|)\s+(.*)$ ^php-symfony-ldap(?::\w+|)\s+(.*)$ ^php-symfony-browser-kit(?::\w+|)\s+(.*)$ ^php-symfony-filesystem(?::\w+|)\s+(.*)$ ^php-symfony-twig-bundle(?::\w+|)\s+(.*)$ ^php-symfony-web-profiler-bundle(?::\w+|)\s+(.*)$ ^php-symfony-asset(?::\w+|)\s+(.*)$ ^php-symfony-security-http(?::\w+|)\s+(.*)$ ^php-symfony-phpunit-bridge(?::\w+|)\s+(.*)$ ^php-symfony-yaml(?::\w+|)\s+(.*)$ ^php-symfony-web-server-bundle(?::\w+|)\s+(.*)$ ^php-symfony-http-kernel(?::\w+|)\s+(.*)$ ^php-symfony-templating(?::\w+|)\s+(.*)$ ^php-symfony-property-access(?::\w+|)\s+(.*)$ ^php-symfony-doctrine-bridge(?::\w+|)\s+(.*)$ ^php-symfony-intl(?::\w+|)\s+(.*)$ ^php-symfony-twig-bridge(?::\w+|)\s+(.*)$ ^php-symfony-security-guard(?::\w+|)\s+(.*)$ ^php-symfony-process(?::\w+|)\s+(.*)$ ^php-symfony-serializer(?::\w+|)\s+(.*)$ ^php-symfony-class-loader(?::\w+|)\s+(.*)$ ^php-symfony-debug-bundle(?::\w+|)\s+(.*)$ ^php-symfony-css-selector(?::\w+|)\s+(.*)$ ^php-symfony-expression-language(?::\w+|)\s+(.*)$ ^php-symfony-security(?::\w+|)\s+(.*)$ ^php-symfony-var-dumper(?::\w+|)\s+(.*)$ ^php-symfony-property-info(?::\w+|)\s+(.*)$ ^php-symfony-routing(?::\w+|)\s+(.*)$ ^php-symfony-security-bundle(?::\w+|)\s+(.*)$ ^php-symfony-finder(?::\w+|)\s+(.*)$ ^php-symfony-lock(?::\w+|)\s+(.*)$ ^php-symfony-validator(?::\w+|)\s+(.*)$ ^php-symfony-debug(?::\w+|)\s+(.*)$ ^php-symfony-inflector(?::\w+|)\s+(.*)$ ^php-symfony-form(?::\w+|)\s+(.*)$ ^php-symfony-cache(?::\w+|)\s+(.*)$ ^php-symfony-monolog-bridge(?::\w+|)\s+(.*)$ ^php-symfony(?::\w+|)\s+(.*)$ ^php-symfony-workflow(?::\w+|)\s+(.*)$ ^php-symfony-dependency-injection(?::\w+|)\s+(.*)$ ^php-symfony-security-csrf(?::\w+|)\s+(.*)$ ^php-symfony-proxy-manager-bridge(?::\w+|)\s+(.*)$ ^php-symfony-http-foundation(?::\w+|)\s+(.*)$ ^php-symfony-event-dispatcher(?::\w+|)\s+(.*)$ ^php-symfony-options-resolver(?::\w+|)\s+(.*)$ ^php-symfony-dotenv(?::\w+|)\s+(.*)$ ^php-symfony-web-link(?::\w+|)\s+(.*)$ ^php-symfony-translation(?::\w+|)\s+(.*)$ ^php-symfony-dom-crawler(?::\w+|)\s+(.*)$ ^php-symfony-stopwatch(?::\w+|)\s+(.*)$ ^php-symfony-config(?::\w+|)\s+(.*)$ ^php-symfony-console(?::\w+|)\s+(.*)$ ^libsass0(?::\w+|)\s+(.*)$ ^libsass-dev(?::\w+|)\s+(.*)$ ^singularity-container(?::\w+|)\s+(.*)$ ^ntopng(?::\w+|)\s+(.*)$ ^ntopng-data(?::\w+|)\s+(.*)$ ^phpmyadmin(?::\w+|)\s+(.*)$ ^cinnamon-common(?::\w+|)\s+(.*)$ ^cinnamon-doc(?::\w+|)\s+(.*)$ ^cinnamon(?::\w+|)\s+(.*)$ ^libcgroup-dev(?::\w+|)\s+(.*)$ ^libpam-cgroup(?::\w+|)\s+(.*)$ ^libcgroup1(?::\w+|)\s+(.*)$ ^cgroup-tools(?::\w+|)\s+(.*)$ ^cgroup-bin(?::\w+|)\s+(.*)$ ^mini-httpd(?::\w+|)\s+(.*)$ ^python3-solv(?::\w+|)\s+(.*)$ ^libsolvext0-dev(?::\w+|)\s+(.*)$ ^libsolvext0(?::\w+|)\s+(.*)$ ^libsolv-doc(?::\w+|)\s+(.*)$ ^libsolv-tools(?::\w+|)\s+(.*)$ ^python-solv(?::\w+|)\s+(.*)$ ^libsolv-perl(?::\w+|)\s+(.*)$ ^libsolv0(?::\w+|)\s+(.*)$ ^libsolv0-dev(?::\w+|)\s+(.*)$ ^liblivemedia62(?::\w+|)\s+(.*)$ ^liblivemedia-dev(?::\w+|)\s+(.*)$ ^libusageenvironment3(?::\w+|)\s+(.*)$ ^livemedia-utils(?::\w+|)\s+(.*)$ ^libgroupsock8(?::\w+|)\s+(.*)$ ^libbasicusageenvironment1(?::\w+|)\s+(.*)$ ^python-asyncssh-doc(?::\w+|)\s+(.*)$ ^python3-asyncssh(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-credential-helpers-dev(?::\w+|)\s+(.*)$ ^golang-docker-credential-helpers(?::\w+|)\s+(.*)$ ^libgradle-core-java(?::\w+|)\s+(.*)$ ^libgradle-plugins-java(?::\w+|)\s+(.*)$ ^gradle-doc(?::\w+|)\s+(.*)$ ^gradle(?::\w+|)\s+(.*)$ ^monit(?::\w+|)\s+(.*)$ ^neovim(?::\w+|)\s+(.*)$ ^neovim-runtime(?::\w+|)\s+(.*)$ ^libnetty-java(?::\w+|)\s+(.*)$ ^libtomcrypt-dev(?::\w+|)\s+(.*)$ ^libtomcrypt1(?::\w+|)\s+(.*)$ ^aria2(?::\w+|)\s+(.*)$ ^ruby-bundler(?::\w+|)\s+(.*)$ ^bundler(?::\w+|)\s+(.*)$ ^axel(?::\w+|)\s+(.*)$ ^ant(?::\w+|)\s+(.*)$ ^ant-doc(?::\w+|)\s+(.*)$ ^ant-optional(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-pygments-doc(?::\w+|)\s+(.*)$ ^python3-pygments(?::\w+|)\s+(.*)$ ^python-pygments(?::\w+|)\s+(.*)$ ^privoxy(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ldb-tools(?::\w+|)\s+(.*)$ ^python-ldb-dev(?::\w+|)\s+(.*)$ ^python-ldb(?::\w+|)\s+(.*)$ ^libldb1(?::\w+|)\s+(.*)$ ^libldb-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libcrypto1.1-udeb(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1-udeb(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python-pygments-doc(?::\w+|)\s+(.*)$ ^python3-pygments(?::\w+|)\s+(.*)$ ^python-pygments(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^spamassassin(?::\w+|)\s+(.*)$ ^sa-compile(?::\w+|)\s+(.*)$ ^spamc(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core-udeb(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^nettle-bin(?::\w+|)\s+(.*)$ ^libnettle6(?::\w+|)\s+(.*)$ ^libhogweed4(?::\w+|)\s+(.*)$ ^nettle-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libjs-underscore(?::\w+|)\s+(.*)$ ^node-underscore(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libzmq5(?::\w+|)\s+(.*)$ ^libzmq3-dev(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^file-roller(?::\w+|)\s+(.*)$ ^gstreamer1.0-gtk3(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-qt5(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libisc-export169-udeb(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisccc-export160-udeb(?::\w+|)\s+(.*)$ ^libirs-export160-udeb(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libisccfg-export160-udeb(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100-udeb(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^openvpn(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-418-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-418-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-418-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-418-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-418-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-418-server(?::\w+|)\s+(.*)$ ^nvidia-driver-418-server(?::\w+|)\s+(.*)$ ^nvidia-utils-418-server(?::\w+|)\s+(.*)$ ^libnvidia-common-418-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-418-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-418-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-418-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-418-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440(?::\w+|)\s+(.*)$ ^nvidia-driver-450-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450(?::\w+|)\s+(.*)$ ^libnvidia-compute-440(?::\w+|)\s+(.*)$ ^libnvidia-decode-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-450(?::\w+|)\s+(.*)$ ^libnvidia-common-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450(?::\w+|)\s+(.*)$ ^libnvidia-extra-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450(?::\w+|)\s+(.*)$ ^nvidia-driver-450(?::\w+|)\s+(.*)$ ^nvidia-driver-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440(?::\w+|)\s+(.*)$ ^libnvidia-decode-440(?::\w+|)\s+(.*)$ ^nvidia-driver-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450(?::\w+|)\s+(.*)$ ^libnvidia-decode-450(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450(?::\w+|)\s+(.*)$ ^nvidia-utils-450(?::\w+|)\s+(.*)$ ^nvidia-headless-440(?::\w+|)\s+(.*)$ ^nvidia-dkms-440(?::\w+|)\s+(.*)$ ^libnvidia-extra-440(?::\w+|)\s+(.*)$ ^libnvidia-gl-450(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-440-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440(?::\w+|)\s+(.*)$ ^libnvidia-gl-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-450(?::\w+|)\s+(.*)$ ^libnvidia-extra-450(?::\w+|)\s+(.*)$ ^libnvidia-gl-440(?::\w+|)\s+(.*)$ ^libnvidia-common-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-460-server(?::\w+|)\s+(.*)$ ^nvidia-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-455(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-455(?::\w+|)\s+(.*)$ ^nvidia-headless-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-460-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-460(?::\w+|)\s+(.*)$ ^libnvidia-common-455(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-455(?::\w+|)\s+(.*)$ ^nvidia-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-decode-460-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-455(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-extra-460(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-455(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-455(?::\w+|)\s+(.*)$ ^nvidia-dkms-460-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-455(?::\w+|)\s+(.*)$ ^libnvidia-decode-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460(?::\w+|)\s+(.*)$ ^nvidia-utils-455(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-headless-455(?::\w+|)\s+(.*)$ ^libnvidia-extra-455(?::\w+|)\s+(.*)$ ^libnvidia-compute-455(?::\w+|)\s+(.*)$ ^nvidia-driver-460-server(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-dev(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-0(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoar-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoargtk-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-doc(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-0(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-dev(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-0(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoar-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-gtk-0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gnomeautoargtk-0.1(?::\w+|)\s+(.*)$ ^libgnome-autoar-doc(?::\w+|)\s+(.*)$ ^libgnome-autoar-0-0(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python3-unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libxstream-java(?::\w+|)\s+(.*)$ ^mariadb-plugin-cracklib-password-check(?::\w+|)\s+(.*)$ ^mariadb-plugin-connect(?::\w+|)\s+(.*)$ ^mariadb-plugin-spider(?::\w+|)\s+(.*)$ ^libmariadbclient-dev(?::\w+|)\s+(.*)$ ^mariadb-client-10.1(?::\w+|)\s+(.*)$ ^libmariadbd18(?::\w+|)\s+(.*)$ ^mariadb-client-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-plugin-tokudb(?::\w+|)\s+(.*)$ ^mariadb-client(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-client(?::\w+|)\s+(.*)$ ^mariadb-server-10.1(?::\w+|)\s+(.*)$ ^mariadb-server-core-10.1(?::\w+|)\s+(.*)$ ^mariadb-test-data(?::\w+|)\s+(.*)$ ^libmariadbclient-dev-compat(?::\w+|)\s+(.*)$ ^mariadb-server(?::\w+|)\s+(.*)$ ^mariadb-plugin-mroonga(?::\w+|)\s+(.*)$ ^libmariadbd-dev(?::\w+|)\s+(.*)$ ^mariadb-test(?::\w+|)\s+(.*)$ ^mariadb-plugin-gssapi-server(?::\w+|)\s+(.*)$ ^mariadb-common(?::\w+|)\s+(.*)$ ^libmariadbclient18(?::\w+|)\s+(.*)$ ^mariadb-plugin-oqgraph(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libflatpak0(?::\w+|)\s+(.*)$ ^libflatpak-dev(?::\w+|)\s+(.*)$ ^gir1.2-flatpak-1.0(?::\w+|)\s+(.*)$ ^libflatpak-doc(?::\w+|)\s+(.*)$ ^flatpak(?::\w+|)\s+(.*)$ ^flatpak-tests(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^awstats(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-x(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-doc(?::\w+|)\s+(.*)$ ^libgstreamer-gl1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-gl(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-base1.0-dev(?::\w+|)\s+(.*)$ ^gir1.2-gst-plugins-base-1.0(?::\w+|)\s+(.*)$ ^gstreamer1.0-alsa(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-base-apps(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^python-babel-localedata(?::\w+|)\s+(.*)$ ^python-babel-doc(?::\w+|)\s+(.*)$ ^python-babel(?::\w+|)\s+(.*)$ ^python3-babel(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-6-udeb(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^liblz4-tool(?::\w+|)\s+(.*)$ ^liblz4-dev(?::\w+|)\s+(.*)$ ^liblz4-1(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-client-udeb(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^webp(?::\w+|)\s+(.*)$ ^libwebp6(?::\w+|)\s+(.*)$ ^libwebpmux3(?::\w+|)\s+(.*)$ ^libwebp-dev(?::\w+|)\s+(.*)$ ^libwebpdemux2(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^liblasso-perl(?::\w+|)\s+(.*)$ ^liblasso3(?::\w+|)\s+(.*)$ ^liblasso3-dev(?::\w+|)\s+(.*)$ ^python3-lasso(?::\w+|)\s+(.*)$ ^python-lasso(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^rpcbind(?::\w+|)\s+(.*)$ ^rpcbind(?::\w+|)\s+(.*)$ ^libimage-exiftool-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^nettle-bin(?::\w+|)\s+(.*)$ ^libnettle6(?::\w+|)\s+(.*)$ ^libhogweed4(?::\w+|)\s+(.*)$ ^nettle-dev(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-udeb(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^grub-efi-arm64-signed(?::\w+|)\s+(.*)$ ^grub-efi-amd64-signed(?::\w+|)\s+(.*)$ ^grub-efi-arm64-bin(?::\w+|)\s+(.*)$ ^grub-efi-amd64(?::\w+|)\s+(.*)$ ^grub-efi-amd64-bin(?::\w+|)\s+(.*)$ ^grub-efi-arm64(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^rabbitmq-server(?::\w+|)\s+(.*)$ ^libdjvulibre21(?::\w+|)\s+(.*)$ ^libdjvulibre-text(?::\w+|)\s+(.*)$ ^djvulibre-desktop(?::\w+|)\s+(.*)$ ^djview3(?::\w+|)\s+(.*)$ ^djvuserve(?::\w+|)\s+(.*)$ ^libdjvulibre-dev(?::\w+|)\s+(.*)$ ^djview(?::\w+|)\s+(.*)$ ^djvulibre-bin(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-core7-udeb(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^libavahi-common3-udeb(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^gir1.2-avahi-0.6(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^golang-github-containerd-containerd-dev(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^udev-udeb(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1-udeb(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.3.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-418-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-418-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-418-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-418-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-418-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-418-server(?::\w+|)\s+(.*)$ ^nvidia-driver-418-server(?::\w+|)\s+(.*)$ ^nvidia-utils-418-server(?::\w+|)\s+(.*)$ ^libnvidia-common-418-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-418-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-418-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-418-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-418-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-418-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-418-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-450-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-440-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-440-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-460-server(?::\w+|)\s+(.*)$ ^nvidia-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-455(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-455(?::\w+|)\s+(.*)$ ^nvidia-headless-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-460-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-460(?::\w+|)\s+(.*)$ ^libnvidia-common-450(?::\w+|)\s+(.*)$ ^libnvidia-common-455(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-450(?::\w+|)\s+(.*)$ ^libnvidia-gl-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-455(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450(?::\w+|)\s+(.*)$ ^nvidia-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-decode-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-450(?::\w+|)\s+(.*)$ ^libnvidia-compute-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450(?::\w+|)\s+(.*)$ ^nvidia-driver-455(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450(?::\w+|)\s+(.*)$ ^libnvidia-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-extra-460(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450(?::\w+|)\s+(.*)$ ^libnvidia-decode-450(?::\w+|)\s+(.*)$ ^nvidia-dkms-460-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-455(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450(?::\w+|)\s+(.*)$ ^libnvidia-decode-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-455(?::\w+|)\s+(.*)$ ^nvidia-utils-450(?::\w+|)\s+(.*)$ ^nvidia-utils-455(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-460-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-455(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460(?::\w+|)\s+(.*)$ ^nvidia-dkms-450(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-455(?::\w+|)\s+(.*)$ ^nvidia-headless-450(?::\w+|)\s+(.*)$ ^nvidia-headless-455(?::\w+|)\s+(.*)$ ^libnvidia-compute-450(?::\w+|)\s+(.*)$ ^libnvidia-extra-455(?::\w+|)\s+(.*)$ ^libnvidia-compute-455(?::\w+|)\s+(.*)$ ^libnvidia-extra-450(?::\w+|)\s+(.*)$ ^nvidia-driver-460-server(?::\w+|)\s+(.*)$ ^libnvidia-common-465(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-470(?::\w+|)\s+(.*)$ ^nvidia-headless-465(?::\w+|)\s+(.*)$ ^libnvidia-gl-470(?::\w+|)\s+(.*)$ ^libnvidia-gl-465(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-470(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-465(?::\w+|)\s+(.*)$ ^nvidia-headless-470(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-465(?::\w+|)\s+(.*)$ ^libnvidia-compute-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-465(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-465(?::\w+|)\s+(.*)$ ^nvidia-utils-465(?::\w+|)\s+(.*)$ ^libnvidia-encode-465(?::\w+|)\s+(.*)$ ^libnvidia-compute-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-470(?::\w+|)\s+(.*)$ ^nvidia-utils-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-465(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-encode-470(?::\w+|)\s+(.*)$ ^nvidia-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-465(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-470(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-470(?::\w+|)\s+(.*)$ ^nvidia-driver-470(?::\w+|)\s+(.*)$ ^nvidia-dkms-470(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-470(?::\w+|)\s+(.*)$ ^nvidia-driver-465(?::\w+|)\s+(.*)$ ^libnvidia-decode-465(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-470(?::\w+|)\s+(.*)$ ^libnvidia-common-470(?::\w+|)\s+(.*)$ ^libnvidia-decode-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-465(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libaspell15(?::\w+|)\s+(.*)$ ^aspell-doc(?::\w+|)\s+(.*)$ ^aspell(?::\w+|)\s+(.*)$ ^libpspell-dev(?::\w+|)\s+(.*)$ ^libaspell-dev(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^libqpdf-dev(?::\w+|)\s+(.*)$ ^qpdf(?::\w+|)\s+(.*)$ ^libqpdf21(?::\w+|)\s+(.*)$ ^php-pear(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^libdbi-perl(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^tor(?::\w+|)\s+(.*)$ ^tor-geoipdb(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^exiv2(?::\w+|)\s+(.*)$ ^libexiv2-14(?::\w+|)\s+(.*)$ ^libexiv2-doc(?::\w+|)\s+(.*)$ ^libexiv2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^inetutils-tools(?::\w+|)\s+(.*)$ ^inetutils-ftpd(?::\w+|)\s+(.*)$ ^inetutils-talkd(?::\w+|)\s+(.*)$ ^inetutils-traceroute(?::\w+|)\s+(.*)$ ^inetutils-talk(?::\w+|)\s+(.*)$ ^inetutils-telnetd(?::\w+|)\s+(.*)$ ^inetutils-inetd(?::\w+|)\s+(.*)$ ^inetutils-ping(?::\w+|)\s+(.*)$ ^inetutils-syslogd(?::\w+|)\s+(.*)$ ^inetutils-ftp(?::\w+|)\s+(.*)$ ^inetutils-telnet(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^mongodb-server(?::\w+|)\s+(.*)$ ^mongodb(?::\w+|)\s+(.*)$ ^mongodb-clients(?::\w+|)\s+(.*)$ ^mongodb-server-core(?::\w+|)\s+(.*)$ ^libapache2-mod-uwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rados(?::\w+|)\s+(.*)$ ^uwsgi-plugin-xslt(?::\w+|)\s+(.*)$ ^uwsgi-plugin-servlet-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rack-ruby2.5(?::\w+|)\s+(.*)$ ^uwsgi-plugin-ring-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-asyncio-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-curl-cron(?::\w+|)\s+(.*)$ ^uwsgi-infrastructure-plugins(?::\w+|)\s+(.*)$ ^uwsgi-dev(?::\w+|)\s+(.*)$ ^uwsgi-plugin-geoip(?::\w+|)\s+(.*)$ ^uwsgi-plugin-jwsgi-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-glusterfs(?::\w+|)\s+(.*)$ ^uwsgi-plugin-greenlet-python(?::\w+|)\s+(.*)$ ^python3-uwsgidecorators(?::\w+|)\s+(.*)$ ^uwsgi-app-integration-plugins(?::\w+|)\s+(.*)$ ^uwsgi-plugin-alarm-curl(?::\w+|)\s+(.*)$ ^uwsgi-plugin-lua5.1(?::\w+|)\s+(.*)$ ^uwsgi-plugin-lua5.2(?::\w+|)\s+(.*)$ ^uwsgi-plugin-python(?::\w+|)\s+(.*)$ ^uwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-emperor-pg(?::\w+|)\s+(.*)$ ^uwsgi-plugin-gevent-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-graylog2(?::\w+|)\s+(.*)$ ^uwsgi-plugin-asyncio-python3(?::\w+|)\s+(.*)$ ^uwsgi-emperor(?::\w+|)\s+(.*)$ ^uwsgi-plugin-fiber(?::\w+|)\s+(.*)$ ^uwsgi-plugins-all(?::\w+|)\s+(.*)$ ^libapache2-mod-proxy-uwsgi(?::\w+|)\s+(.*)$ ^libapache2-mod-ruwsgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-rbthreads(?::\w+|)\s+(.*)$ ^python-uwsgidecorators(?::\w+|)\s+(.*)$ ^uwsgi-plugin-gccgo(?::\w+|)\s+(.*)$ ^uwsgi-plugin-alarm-xmpp(?::\w+|)\s+(.*)$ ^uwsgi-plugin-python3(?::\w+|)\s+(.*)$ ^uwsgi-plugin-router-access(?::\w+|)\s+(.*)$ ^uwsgi-core(?::\w+|)\s+(.*)$ ^uwsgi-extra(?::\w+|)\s+(.*)$ ^uwsgi-plugin-jvm-openjdk-8(?::\w+|)\s+(.*)$ ^uwsgi-plugin-sqlite3(?::\w+|)\s+(.*)$ ^uwsgi-plugin-tornado-python(?::\w+|)\s+(.*)$ ^uwsgi-plugin-mono(?::\w+|)\s+(.*)$ ^uwsgi-src(?::\w+|)\s+(.*)$ ^uwsgi-plugin-psgi(?::\w+|)\s+(.*)$ ^uwsgi-plugin-ldap(?::\w+|)\s+(.*)$ ^gir1.2-grilo-0.3(?::\w+|)\s+(.*)$ ^libgrilo-0.3-bin(?::\w+|)\s+(.*)$ ^libgrilo-0.3-0(?::\w+|)\s+(.*)$ ^libgrilo-0.3-dev(?::\w+|)\s+(.*)$ ^libgrilo-0.3-doc(?::\w+|)\s+(.*)$ ^squashfs-tools(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^libntfs-3g88(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^cpio(?::\w+|)\s+(.*)$ ^cpio-win32(?::\w+|)\s+(.*)$ ^python-pysaml2-doc(?::\w+|)\s+(.*)$ ^python-pysaml2(?::\w+|)\s+(.*)$ ^python3-pysaml2(?::\w+|)\s+(.*)$ ^libsss-certmap-dev(?::\w+|)\s+(.*)$ ^libipa-hbac-dev(?::\w+|)\s+(.*)$ ^sssd-ad(?::\w+|)\s+(.*)$ ^libsss-sudo(?::\w+|)\s+(.*)$ ^libsss-nss-idmap0(?::\w+|)\s+(.*)$ ^libnss-sss(?::\w+|)\s+(.*)$ ^sssd-ipa(?::\w+|)\s+(.*)$ ^libsss-simpleifp0(?::\w+|)\s+(.*)$ ^libsss-idmap-dev(?::\w+|)\s+(.*)$ ^python3-libsss-nss-idmap(?::\w+|)\s+(.*)$ ^libsss-certmap0(?::\w+|)\s+(.*)$ ^python3-sss(?::\w+|)\s+(.*)$ ^libpam-sss(?::\w+|)\s+(.*)$ ^sssd(?::\w+|)\s+(.*)$ ^python-libsss-nss-idmap(?::\w+|)\s+(.*)$ ^libsss-idmap0(?::\w+|)\s+(.*)$ ^libipa-hbac0(?::\w+|)\s+(.*)$ ^libsss-nss-idmap-dev(?::\w+|)\s+(.*)$ ^libsss-simpleifp-dev(?::\w+|)\s+(.*)$ ^sssd-kcm(?::\w+|)\s+(.*)$ ^python-libipa-hbac(?::\w+|)\s+(.*)$ ^libwbclient-sssd(?::\w+|)\s+(.*)$ ^libwbclient-sssd-dev(?::\w+|)\s+(.*)$ ^sssd-common(?::\w+|)\s+(.*)$ ^python3-libipa-hbac(?::\w+|)\s+(.*)$ ^sssd-ldap(?::\w+|)\s+(.*)$ ^sssd-tools(?::\w+|)\s+(.*)$ ^sssd-ad-common(?::\w+|)\s+(.*)$ ^sssd-krb5-common(?::\w+|)\s+(.*)$ ^sssd-dbus(?::\w+|)\s+(.*)$ ^sssd-krb5(?::\w+|)\s+(.*)$ ^python-sss(?::\w+|)\s+(.*)$ ^sssd-proxy(?::\w+|)\s+(.*)$ ^libgd3(?::\w+|)\s+(.*)$ ^libgd-tools(?::\w+|)\s+(.*)$ ^libgd-dev(?::\w+|)\s+(.*)$ ^libapache2-mod-auth-mellon(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^squashfs-tools(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libgcrypt11-dev(?::\w+|)\s+(.*)$ ^libgcrypt20(?::\w+|)\s+(.*)$ ^libgcrypt-mingw-w64-dev(?::\w+|)\s+(.*)$ ^libgcrypt20-doc(?::\w+|)\s+(.*)$ ^libgcrypt20-dev(?::\w+|)\s+(.*)$ ^libqt5widgets5(?::\w+|)\s+(.*)$ ^libqt5opengl5(?::\w+|)\s+(.*)$ ^libqt5concurrent5(?::\w+|)\s+(.*)$ ^libqt5sql5-mysql(?::\w+|)\s+(.*)$ ^qtbase5-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-sqlite(?::\w+|)\s+(.*)$ ^libqt5sql5-psql(?::\w+|)\s+(.*)$ ^libqt5core5a(?::\w+|)\s+(.*)$ ^libqt5network5(?::\w+|)\s+(.*)$ ^libqt5sql5(?::\w+|)\s+(.*)$ ^libqt5sql5-odbc(?::\w+|)\s+(.*)$ ^libqt5dbus5(?::\w+|)\s+(.*)$ ^libqt5gui5(?::\w+|)\s+(.*)$ ^qtbase5-doc(?::\w+|)\s+(.*)$ ^libqt5opengl5-dev(?::\w+|)\s+(.*)$ ^qtbase5-doc-html(?::\w+|)\s+(.*)$ ^qtbase5-dev-tools(?::\w+|)\s+(.*)$ ^qt5-qmake(?::\w+|)\s+(.*)$ ^qt5-gtk-platformtheme(?::\w+|)\s+(.*)$ ^libqt5sql5-tds(?::\w+|)\s+(.*)$ ^qtbase5-private-dev(?::\w+|)\s+(.*)$ ^libqt5sql5-ibase(?::\w+|)\s+(.*)$ ^libqt5printsupport5(?::\w+|)\s+(.*)$ ^libqt5xml5(?::\w+|)\s+(.*)$ ^qtbase5-examples(?::\w+|)\s+(.*)$ ^libqt5test5(?::\w+|)\s+(.*)$ ^qt5-qmake-bin(?::\w+|)\s+(.*)$ ^qt5-default(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^gir1.2-javascriptcoregtk-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37-gtk2(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-dev(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-37(?::\w+|)\s+(.*)$ ^webkit2gtk-driver(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-18(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-doc(?::\w+|)\s+(.*)$ ^libjavascriptcoregtk-4.0-bin(?::\w+|)\s+(.*)$ ^gir1.2-webkit2-4.0(?::\w+|)\s+(.*)$ ^libwebkit2gtk-4.0-dev(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^libcommons-io-java-doc(?::\w+|)\s+(.*)$ ^libcommons-io-java(?::\w+|)\s+(.*)$ ^node-bl(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-docker-containerd-dev(?::\w+|)\s+(.*)$ ^golang-github-containerd-containerd-dev(?::\w+|)\s+(.*)$ ^mongodb-server(?::\w+|)\s+(.*)$ ^mongodb(?::\w+|)\s+(.*)$ ^mongodb-clients(?::\w+|)\s+(.*)$ ^mongodb-server-core(?::\w+|)\s+(.*)$ ^mercurial(?::\w+|)\s+(.*)$ ^mercurial-common(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^python3-bottle(?::\w+|)\s+(.*)$ ^python-bottle(?::\w+|)\s+(.*)$ ^python-bottle-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libntlm0(?::\w+|)\s+(.*)$ ^libntlm0-dev(?::\w+|)\s+(.*)$ ^ardour-video-timeline(?::\w+|)\s+(.*)$ ^ardour(?::\w+|)\s+(.*)$ ^ardour-data(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^caca-utils(?::\w+|)\s+(.*)$ ^libcaca-dev(?::\w+|)\s+(.*)$ ^libcaca0(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^icu-devtools(?::\w+|)\s+(.*)$ ^libiculx60(?::\w+|)\s+(.*)$ ^libicu60(?::\w+|)\s+(.*)$ ^libicu-dev(?::\w+|)\s+(.*)$ ^icu-doc(?::\w+|)\s+(.*)$ ^golang-github-docker-docker-dev(?::\w+|)\s+(.*)$ ^docker.io(?::\w+|)\s+(.*)$ ^golang-docker-dev(?::\w+|)\s+(.*)$ ^vim-syntax-docker(?::\w+|)\s+(.*)$ ^docker-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^pypy-py(?::\w+|)\s+(.*)$ ^python3-py(?::\w+|)\s+(.*)$ ^python-py(?::\w+|)\s+(.*)$ ^leptonica-progs(?::\w+|)\s+(.*)$ ^libleptonica-dev(?::\w+|)\s+(.*)$ ^liblept5(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^libhivex-bin(?::\w+|)\s+(.*)$ ^libhivex-ocaml-dev(?::\w+|)\s+(.*)$ ^libhivex-dev(?::\w+|)\s+(.*)$ ^libhivex0(?::\w+|)\s+(.*)$ ^python3-hivex(?::\w+|)\s+(.*)$ ^libwin-hivex-perl(?::\w+|)\s+(.*)$ ^libhivex-ocaml(?::\w+|)\s+(.*)$ ^python-hivex(?::\w+|)\s+(.*)$ ^ruby-hivex(?::\w+|)\s+(.*)$ ^libopenexr-dev(?::\w+|)\s+(.*)$ ^openexr(?::\w+|)\s+(.*)$ ^libopenexr22(?::\w+|)\s+(.*)$ ^openexr-doc(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^python-django-postorius(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^mc-data(?::\w+|)\s+(.*)$ ^mc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^oddjob(?::\w+|)\s+(.*)$ ^oddjob-mkhomedir(?::\w+|)\s+(.*)$ ^lrzip(?::\w+|)\s+(.*)$ ^liburiparser-doc(?::\w+|)\s+(.*)$ ^liburiparser-dev(?::\w+|)\s+(.*)$ ^liburiparser1(?::\w+|)\s+(.*)$ ^libmodbus-dev(?::\w+|)\s+(.*)$ ^libmodbus5(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^inetutils-tools(?::\w+|)\s+(.*)$ ^inetutils-ftpd(?::\w+|)\s+(.*)$ ^inetutils-talkd(?::\w+|)\s+(.*)$ ^inetutils-traceroute(?::\w+|)\s+(.*)$ ^inetutils-talk(?::\w+|)\s+(.*)$ ^inetutils-telnetd(?::\w+|)\s+(.*)$ ^inetutils-inetd(?::\w+|)\s+(.*)$ ^inetutils-ping(?::\w+|)\s+(.*)$ ^inetutils-syslogd(?::\w+|)\s+(.*)$ ^inetutils-ftp(?::\w+|)\s+(.*)$ ^inetutils-telnet(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^mailman(?::\w+|)\s+(.*)$ ^node-jquery-ui(?::\w+|)\s+(.*)$ ^libjs-jquery-ui(?::\w+|)\s+(.*)$ ^libjs-jquery-ui-docs(?::\w+|)\s+(.*)$ ^roundcube-pgsql(?::\w+|)\s+(.*)$ ^roundcube-mysql(?::\w+|)\s+(.*)$ ^roundcube-plugins(?::\w+|)\s+(.*)$ ^roundcube(?::\w+|)\s+(.*)$ ^roundcube-core(?::\w+|)\s+(.*)$ ^roundcube-sqlite3(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^libmysofa-utils(?::\w+|)\s+(.*)$ ^libmysofa0(?::\w+|)\s+(.*)$ ^libmysofa-dev(?::\w+|)\s+(.*)$ ^libmatio-doc(?::\w+|)\s+(.*)$ ^libmatio4(?::\w+|)\s+(.*)$ ^libmatio-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^glances(?::\w+|)\s+(.*)$ ^glances-doc(?::\w+|)\s+(.*)$ ^keepalived(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libflatpak0(?::\w+|)\s+(.*)$ ^libflatpak-dev(?::\w+|)\s+(.*)$ ^gir1.2-flatpak-1.0(?::\w+|)\s+(.*)$ ^libflatpak-doc(?::\w+|)\s+(.*)$ ^flatpak(?::\w+|)\s+(.*)$ ^flatpak-tests(?::\w+|)\s+(.*)$ ^liblog4j2-java(?::\w+|)\s+(.*)$ ^liblog4j2-java-doc(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^mumble(?::\w+|)\s+(.*)$ ^mumble-server(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.7-doc(?::\w+|)\s+(.*)$ ^libpython3.7-minimal(?::\w+|)\s+(.*)$ ^python3.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.7-dev(?::\w+|)\s+(.*)$ ^python3.7-dev(?::\w+|)\s+(.*)$ ^libpython3.7-testsuite(?::\w+|)\s+(.*)$ ^libpython3.7-stdlib(?::\w+|)\s+(.*)$ ^python3.7(?::\w+|)\s+(.*)$ ^python3.7-venv(?::\w+|)\s+(.*)$ ^python3.7-examples(?::\w+|)\s+(.*)$ ^idle-python3.7(?::\w+|)\s+(.*)$ ^libpython3.7(?::\w+|)\s+(.*)$ ^libpython3.8-minimal(?::\w+|)\s+(.*)$ ^python3.8-venv(?::\w+|)\s+(.*)$ ^libpython3.8-stdlib(?::\w+|)\s+(.*)$ ^libpython3.8-dev(?::\w+|)\s+(.*)$ ^idle-python3.8(?::\w+|)\s+(.*)$ ^libpython3.8-testsuite(?::\w+|)\s+(.*)$ ^python3.8(?::\w+|)\s+(.*)$ ^python3.8-minimal(?::\w+|)\s+(.*)$ ^python3.8-examples(?::\w+|)\s+(.*)$ ^python3.8-dev(?::\w+|)\s+(.*)$ ^libpython3.8(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^tcpreplay(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp|-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^cacti(?::\w+|)\s+(.*)$ ^python-nltk(?::\w+|)\s+(.*)$ ^python3-nltk(?::\w+|)\s+(.*)$ ^node-hosted-git-info(?::\w+|)\s+(.*)$ ^composer(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^liblog4j2-java(?::\w+|)\s+(.*)$ ^liblog4j2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^python3-lxml(?::\w+|)\s+(.*)$ ^python-lxml(?::\w+|)\s+(.*)$ ^python-lxml-doc(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^cpanminus(?::\w+|)\s+(.*)$ ^389-ds-base(?::\w+|)\s+(.*)$ ^389-ds-base-libs(?::\w+|)\s+(.*)$ ^python3-lib389(?::\w+|)\s+(.*)$ ^python3-dirsrvtests(?::\w+|)\s+(.*)$ ^389-ds-base-dev(?::\w+|)\s+(.*)$ ^389-ds(?::\w+|)\s+(.*)$ ^fail2ban(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^python-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo-dev(?::\w+|)\s+(.*)$ ^python3-mediainfodll(?::\w+|)\s+(.*)$ ^libmediainfo0v5(?::\w+|)\s+(.*)$ ^libmediainfo-doc(?::\w+|)\s+(.*)$ ^libpostgresql-jdbc-java(?::\w+|)\s+(.*)$ ^libpostgresql-jdbc-java-doc(?::\w+|)\s+(.*)$ ^libhttpmime-java(?::\w+|)\s+(.*)$ ^libhttpclient-java(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libqt5svg5-dev(?::\w+|)\s+(.*)$ ^qtsvg5-examples(?::\w+|)\s+(.*)$ ^qtsvg5-doc-html(?::\w+|)\s+(.*)$ ^libqt5svg5(?::\w+|)\s+(.*)$ ^qtsvg5-doc(?::\w+|)\s+(.*)$ ^aide-dynamic(?::\w+|)\s+(.*)$ ^aide-common(?::\w+|)\s+(.*)$ ^aide-xen(?::\w+|)\s+(.*)$ ^aide(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^maven(?::\w+|)\s+(.*)$ ^libmaven3-core-java(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^usbview(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^libgegl-0.3-0(?::\w+|)\s+(.*)$ ^gir1.2-gegl-0.3(?::\w+|)\s+(.*)$ ^gegl(?::\w+|)\s+(.*)$ ^libgegl-doc(?::\w+|)\s+(.*)$ ^libgegl-dev(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-0(?::\w+|)\s+(.*)$ ^policykit-1-doc(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-0(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-gobject-1-0(?::\w+|)\s+(.*)$ ^policykit-1(?::\w+|)\s+(.*)$ ^gir1.2-polkit-1.0(?::\w+|)\s+(.*)$ ^libpolkit-backend-1-dev(?::\w+|)\s+(.*)$ ^libpolkit-agent-1-dev(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^liburiparser-doc(?::\w+|)\s+(.*)$ ^liburiparser-dev(?::\w+|)\s+(.*)$ ^liburiparser1(?::\w+|)\s+(.*)$ ^libldns-dev(?::\w+|)\s+(.*)$ ^libldns2(?::\w+|)\s+(.*)$ ^python3-ldns(?::\w+|)\s+(.*)$ ^ldnsutils(?::\w+|)\s+(.*)$ ^python-ldns(?::\w+|)\s+(.*)$ ^weechat-dev(?::\w+|)\s+(.*)$ ^weechat-core(?::\w+|)\s+(.*)$ ^weechat-curses(?::\w+|)\s+(.*)$ ^weechat-doc(?::\w+|)\s+(.*)$ ^weechat-plugins(?::\w+|)\s+(.*)$ ^weechat(?::\w+|)\s+(.*)$ ^cron(?::\w+|)\s+(.*)$ ^cron(?::\w+|)\s+(.*)$ ^libparse-pidl-perl(?::\w+|)\s+(.*)$ ^samba(?::\w+|)\s+(.*)$ ^libnss-winbind(?::\w+|)\s+(.*)$ ^libpam-winbind(?::\w+|)\s+(.*)$ ^winbind(?::\w+|)\s+(.*)$ ^ctdb(?::\w+|)\s+(.*)$ ^smbclient(?::\w+|)\s+(.*)$ ^python-samba(?::\w+|)\s+(.*)$ ^samba-testsuite(?::\w+|)\s+(.*)$ ^samba-dev(?::\w+|)\s+(.*)$ ^samba-common-bin(?::\w+|)\s+(.*)$ ^libwbclient0(?::\w+|)\s+(.*)$ ^samba-dsdb-modules(?::\w+|)\s+(.*)$ ^libwbclient-dev(?::\w+|)\s+(.*)$ ^libsmbclient-dev(?::\w+|)\s+(.*)$ ^samba-vfs-modules(?::\w+|)\s+(.*)$ ^samba-common(?::\w+|)\s+(.*)$ ^registry-tools(?::\w+|)\s+(.*)$ ^samba-libs(?::\w+|)\s+(.*)$ ^libsmbclient(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^adminer(?::\w+|)\s+(.*)$ ^libhdf5-doc(?::\w+|)\s+(.*)$ ^hdf5-helpers(?::\w+|)\s+(.*)$ ^libhdf5-cpp-100(?::\w+|)\s+(.*)$ ^libhdf5-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpich-dev(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-100(?::\w+|)\s+(.*)$ ^libhdf5-openmpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-mpich-100(?::\w+|)\s+(.*)$ ^libhdf5-100(?::\w+|)\s+(.*)$ ^libhdf5-jni(?::\w+|)\s+(.*)$ ^libhdf5-java(?::\w+|)\s+(.*)$ ^libhdf5-mpi-dev(?::\w+|)\s+(.*)$ ^libhdf5-serial-dev(?::\w+|)\s+(.*)$ ^hdf5-tools(?::\w+|)\s+(.*)$ ^debugedit(?::\w+|)\s+(.*)$ ^rpm-i18n(?::\w+|)\s+(.*)$ ^python-rpm(?::\w+|)\s+(.*)$ ^rpm-common(?::\w+|)\s+(.*)$ ^rpm(?::\w+|)\s+(.*)$ ^librpm-dev(?::\w+|)\s+(.*)$ ^rpm2cpio(?::\w+|)\s+(.*)$ ^librpmio8(?::\w+|)\s+(.*)$ ^python3-rpm(?::\w+|)\s+(.*)$ ^librpm8(?::\w+|)\s+(.*)$ ^librpmsign8(?::\w+|)\s+(.*)$ ^librpmbuild8(?::\w+|)\s+(.*)$ ^libsdl2-dev(?::\w+|)\s+(.*)$ ^libsdl2-doc(?::\w+|)\s+(.*)$ ^libsdl2-2.0-0(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^libnvidia-compute-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-450-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-440-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-440-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-465(?::\w+|)\s+(.*)$ ^nvidia-driver-470-server(?::\w+|)\s+(.*)$ ^libnvidia-common-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-460-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-470-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-470-server(?::\w+|)\s+(.*)$ ^nvidia-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-470(?::\w+|)\s+(.*)$ ^nvidia-headless-465(?::\w+|)\s+(.*)$ ^nvidia-headless-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-470(?::\w+|)\s+(.*)$ ^libnvidia-compute-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-470-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-465(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-470(?::\w+|)\s+(.*)$ ^nvidia-utils-470-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-465(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460(?::\w+|)\s+(.*)$ ^nvidia-headless-470(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-465(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-465(?::\w+|)\s+(.*)$ ^nvidia-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-465(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-470-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-460-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-470(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460-server(?::\w+|)\s+(.*)$ ^nvidia-utils-470(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-470-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-470-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-470-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-465(?::\w+|)\s+(.*)$ ^libnvidia-encode-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-470-server(?::\w+|)\s+(.*)$ ^libnvidia-common-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-470-server(?::\w+|)\s+(.*)$ ^libnvidia-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-470-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-470(?::\w+|)\s+(.*)$ ^nvidia-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-470(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-470(?::\w+|)\s+(.*)$ ^nvidia-dkms-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-470(?::\w+|)\s+(.*)$ ^libnvidia-extra-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-470(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-465(?::\w+|)\s+(.*)$ ^libnvidia-compute-470-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-470(?::\w+|)\s+(.*)$ ^nvidia-utils-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460(?::\w+|)\s+(.*)$ ^libnvidia-decode-465(?::\w+|)\s+(.*)$ ^nvidia-driver-465(?::\w+|)\s+(.*)$ ^libnvidia-decode-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-470(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-470-server(?::\w+|)\s+(.*)$ ^libnvidia-common-470(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-465(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-470-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-510(?::\w+|)\s+(.*)$ ^libnvidia-common-510(?::\w+|)\s+(.*)$ ^nvidia-utils-495(?::\w+|)\s+(.*)$ ^libnvidia-decode-495(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-495(?::\w+|)\s+(.*)$ ^libnvidia-compute-495(?::\w+|)\s+(.*)$ ^nvidia-headless-495(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-510(?::\w+|)\s+(.*)$ ^nvidia-dkms-495(?::\w+|)\s+(.*)$ ^libnvidia-encode-510(?::\w+|)\s+(.*)$ ^libnvidia-extra-495(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-495(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-495(?::\w+|)\s+(.*)$ ^nvidia-driver-510(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-510(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-510(?::\w+|)\s+(.*)$ ^nvidia-utils-510(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-510(?::\w+|)\s+(.*)$ ^libnvidia-decode-510(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-495(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-510(?::\w+|)\s+(.*)$ ^libnvidia-gl-495(?::\w+|)\s+(.*)$ ^libnvidia-gl-510(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-510(?::\w+|)\s+(.*)$ ^libnvidia-common-495(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-495(?::\w+|)\s+(.*)$ ^libnvidia-encode-495(?::\w+|)\s+(.*)$ ^libnvidia-compute-510(?::\w+|)\s+(.*)$ ^nvidia-dkms-510(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-495(?::\w+|)\s+(.*)$ ^libnvidia-extra-510(?::\w+|)\s+(.*)$ ^nvidia-driver-495(?::\w+|)\s+(.*)$ ^nvidia-headless-510(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-495(?::\w+|)\s+(.*)$ ^speex(?::\w+|)\s+(.*)$ ^libspeexdsp-dev(?::\w+|)\s+(.*)$ ^libspeex-dev(?::\w+|)\s+(.*)$ ^libspeexdsp1(?::\w+|)\s+(.*)$ ^speex-doc(?::\w+|)\s+(.*)$ ^libspeex1(?::\w+|)\s+(.*)$ ^opensc-pkcs11(?::\w+|)\s+(.*)$ ^opensc(?::\w+|)\s+(.*)$ ^pdfresurrect(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^php-symfony-framework-bundle(?::\w+|)\s+(.*)$ ^php-symfony-security-core(?::\w+|)\s+(.*)$ ^php-symfony-ldap(?::\w+|)\s+(.*)$ ^php-symfony-browser-kit(?::\w+|)\s+(.*)$ ^php-symfony-filesystem(?::\w+|)\s+(.*)$ ^php-symfony-twig-bundle(?::\w+|)\s+(.*)$ ^php-symfony-web-profiler-bundle(?::\w+|)\s+(.*)$ ^php-symfony-asset(?::\w+|)\s+(.*)$ ^php-symfony-security-http(?::\w+|)\s+(.*)$ ^php-symfony-phpunit-bridge(?::\w+|)\s+(.*)$ ^php-symfony-yaml(?::\w+|)\s+(.*)$ ^php-symfony-web-server-bundle(?::\w+|)\s+(.*)$ ^php-symfony-http-kernel(?::\w+|)\s+(.*)$ ^php-symfony-templating(?::\w+|)\s+(.*)$ ^php-symfony-property-access(?::\w+|)\s+(.*)$ ^php-symfony-doctrine-bridge(?::\w+|)\s+(.*)$ ^php-symfony-intl(?::\w+|)\s+(.*)$ ^php-symfony-twig-bridge(?::\w+|)\s+(.*)$ ^php-symfony-security-guard(?::\w+|)\s+(.*)$ ^php-symfony-process(?::\w+|)\s+(.*)$ ^php-symfony-serializer(?::\w+|)\s+(.*)$ ^php-symfony-class-loader(?::\w+|)\s+(.*)$ ^php-symfony-debug-bundle(?::\w+|)\s+(.*)$ ^php-symfony-css-selector(?::\w+|)\s+(.*)$ ^php-symfony-expression-language(?::\w+|)\s+(.*)$ ^php-symfony-security(?::\w+|)\s+(.*)$ ^php-symfony-var-dumper(?::\w+|)\s+(.*)$ ^php-symfony-property-info(?::\w+|)\s+(.*)$ ^php-symfony-routing(?::\w+|)\s+(.*)$ ^php-symfony-security-bundle(?::\w+|)\s+(.*)$ ^php-symfony-finder(?::\w+|)\s+(.*)$ ^php-symfony-lock(?::\w+|)\s+(.*)$ ^php-symfony-validator(?::\w+|)\s+(.*)$ ^php-symfony-debug(?::\w+|)\s+(.*)$ ^php-symfony-inflector(?::\w+|)\s+(.*)$ ^php-symfony-form(?::\w+|)\s+(.*)$ ^php-symfony-cache(?::\w+|)\s+(.*)$ ^php-symfony-monolog-bridge(?::\w+|)\s+(.*)$ ^php-symfony(?::\w+|)\s+(.*)$ ^php-symfony-workflow(?::\w+|)\s+(.*)$ ^php-symfony-dependency-injection(?::\w+|)\s+(.*)$ ^php-symfony-security-csrf(?::\w+|)\s+(.*)$ ^php-symfony-proxy-manager-bridge(?::\w+|)\s+(.*)$ ^php-symfony-http-foundation(?::\w+|)\s+(.*)$ ^php-symfony-event-dispatcher(?::\w+|)\s+(.*)$ ^php-symfony-options-resolver(?::\w+|)\s+(.*)$ ^php-symfony-dotenv(?::\w+|)\s+(.*)$ ^php-symfony-web-link(?::\w+|)\s+(.*)$ ^php-symfony-translation(?::\w+|)\s+(.*)$ ^php-symfony-dom-crawler(?::\w+|)\s+(.*)$ ^php-symfony-stopwatch(?::\w+|)\s+(.*)$ ^php-symfony-config(?::\w+|)\s+(.*)$ ^php-symfony-console(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^libc3p0-java-doc(?::\w+|)\s+(.*)$ ^libc3p0-java(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libsasl2-2(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-heimdal(?::\w+|)\s+(.*)$ ^sasl2-bin(?::\w+|)\s+(.*)$ ^libsasl2-modules-db(?::\w+|)\s+(.*)$ ^libsasl2-modules-gssapi-mit(?::\w+|)\s+(.*)$ ^libsasl2-dev(?::\w+|)\s+(.*)$ ^libsasl2-modules-sql(?::\w+|)\s+(.*)$ ^libsasl2-modules(?::\w+|)\s+(.*)$ ^libsasl2-modules-otp(?::\w+|)\s+(.*)$ ^libsasl2-modules-ldap(?::\w+|)\s+(.*)$ ^cyrus-sasl2-doc(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^libc6-lse(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-containerd-containerd-dev(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ansible(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^nbd-server(?::\w+|)\s+(.*)$ ^nbd-client(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^zsh-static(?::\w+|)\s+(.*)$ ^zsh-common(?::\w+|)\s+(.*)$ ^zsh-dev(?::\w+|)\s+(.*)$ ^zsh(?::\w+|)\s+(.*)$ ^zsh-doc(?::\w+|)\s+(.*)$ ^rsh-server(?::\w+|)\s+(.*)$ ^rsh-client(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^tcpdump(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ckeditor(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^python3.7-doc(?::\w+|)\s+(.*)$ ^libpython3.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.7-testsuite(?::\w+|)\s+(.*)$ ^libpython3.7-stdlib(?::\w+|)\s+(.*)$ ^python3.7-minimal(?::\w+|)\s+(.*)$ ^python3.7(?::\w+|)\s+(.*)$ ^python3.7-venv(?::\w+|)\s+(.*)$ ^libpython3.7-dev(?::\w+|)\s+(.*)$ ^python3.7-examples(?::\w+|)\s+(.*)$ ^python3.7-dev(?::\w+|)\s+(.*)$ ^idle-python3.7(?::\w+|)\s+(.*)$ ^libpython3.7(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^openvpn(?::\w+|)\s+(.*)$ ^smarty3(?::\w+|)\s+(.*)$ ^chromium-chromedriver(?::\w+|)\s+(.*)$ ^chromium-browser-l10n(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg-extra(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg(?::\w+|)\s+(.*)$ ^chromium-browser(?::\w+|)\s+(.*)$ ^python3-paramiko(?::\w+|)\s+(.*)$ ^paramiko-doc(?::\w+|)\s+(.*)$ ^python-paramiko(?::\w+|)\s+(.*)$ ^twisted-doc(?::\w+|)\s+(.*)$ ^python-twisted-news(?::\w+|)\s+(.*)$ ^python3-twisted(?::\w+|)\s+(.*)$ ^python-twisted-names(?::\w+|)\s+(.*)$ ^python-twisted-words(?::\w+|)\s+(.*)$ ^python-twisted-runner(?::\w+|)\s+(.*)$ ^python-twisted-core(?::\w+|)\s+(.*)$ ^python3-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-web(?::\w+|)\s+(.*)$ ^python-twisted(?::\w+|)\s+(.*)$ ^python-twisted-mail(?::\w+|)\s+(.*)$ ^python-twisted-bin(?::\w+|)\s+(.*)$ ^python-twisted-conch(?::\w+|)\s+(.*)$ ^libx32z1-dev(?::\w+|)\s+(.*)$ ^lib64z1(?::\w+|)\s+(.*)$ ^libx32z1(?::\w+|)\s+(.*)$ ^lib64z1-dev(?::\w+|)\s+(.*)$ ^lib32z1(?::\w+|)\s+(.*)$ ^zlib1g(?::\w+|)\s+(.*)$ ^lib32z1-dev(?::\w+|)\s+(.*)$ ^zlib1g-dev(?::\w+|)\s+(.*)$ ^dosbox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^tomcat9-docs(?::\w+|)\s+(.*)$ ^libtomcat9-embed-java(?::\w+|)\s+(.*)$ ^tomcat9-admin(?::\w+|)\s+(.*)$ ^tomcat9-common(?::\w+|)\s+(.*)$ ^libtomcat9-java(?::\w+|)\s+(.*)$ ^tomcat9-user(?::\w+|)\s+(.*)$ ^tomcat9(?::\w+|)\s+(.*)$ ^tomcat9-examples(?::\w+|)\s+(.*)$ ^libfribidi-bin(?::\w+|)\s+(.*)$ ^libfribidi0(?::\w+|)\s+(.*)$ ^libfribidi-dev(?::\w+|)\s+(.*)$ ^python-oslo.utils(?::\w+|)\s+(.*)$ ^python-oslo.utils-doc(?::\w+|)\s+(.*)$ ^python3-oslo.utils(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^cflow(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^gzip(?::\w+|)\s+(.*)$ ^gzip-win32(?::\w+|)\s+(.*)$ ^liblzma5(?::\w+|)\s+(.*)$ ^liblzma-doc(?::\w+|)\s+(.*)$ ^liblzma-dev(?::\w+|)\s+(.*)$ ^xz-utils(?::\w+|)\s+(.*)$ ^xzdec(?::\w+|)\s+(.*)$ ^klibc-utils(?::\w+|)\s+(.*)$ ^libklibc(?::\w+|)\s+(.*)$ ^libklibc-dev(?::\w+|)\s+(.*)$ ^bash-builtins(?::\w+|)\s+(.*)$ ^bash-doc(?::\w+|)\s+(.*)$ ^bash(?::\w+|)\s+(.*)$ ^bash-static(?::\w+|)\s+(.*)$ ^libinput-dev(?::\w+|)\s+(.*)$ ^libinput-bin(?::\w+|)\s+(.*)$ ^libinput10(?::\w+|)\s+(.*)$ ^libinput-tools(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python3-aiohttp(?::\w+|)\s+(.*)$ ^barbican-keystone-listener(?::\w+|)\s+(.*)$ ^barbican-api(?::\w+|)\s+(.*)$ ^barbican-worker(?::\w+|)\s+(.*)$ ^python-barbican(?::\w+|)\s+(.*)$ ^barbican-common(?::\w+|)\s+(.*)$ ^barbican-doc(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^libsepol1(?::\w+|)\s+(.*)$ ^libsepol1-dev(?::\w+|)\s+(.*)$ ^sepol-utils(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^networkd-dispatcher(?::\w+|)\s+(.*)$ ^networkd-dispatcher(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libsdl1.2debian(?::\w+|)\s+(.*)$ ^libsdl1.2-dev(?::\w+|)\s+(.*)$ ^libvirt0(?::\w+|)\s+(.*)$ ^libvirt-dev(?::\w+|)\s+(.*)$ ^libnss-libvirt(?::\w+|)\s+(.*)$ ^libvirt-daemon(?::\w+|)\s+(.*)$ ^libvirt-sanlock(?::\w+|)\s+(.*)$ ^libvirt-wireshark(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-rbd(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-gluster(?::\w+|)\s+(.*)$ ^libvirt-doc(?::\w+|)\s+(.*)$ ^libvirt-daemon-system(?::\w+|)\s+(.*)$ ^libvirt-clients(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-zfs(?::\w+|)\s+(.*)$ ^libvirt-daemon-driver-storage-sheepdog(?::\w+|)\s+(.*)$ ^libvirt-bin(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^rsyslog-gssapi(?::\w+|)\s+(.*)$ ^rsyslog-czmq(?::\w+|)\s+(.*)$ ^rsyslog-pgsql(?::\w+|)\s+(.*)$ ^rsyslog-hiredis(?::\w+|)\s+(.*)$ ^rsyslog-mysql(?::\w+|)\s+(.*)$ ^rsyslog-gnutls(?::\w+|)\s+(.*)$ ^rsyslog-mongodb(?::\w+|)\s+(.*)$ ^rsyslog(?::\w+|)\s+(.*)$ ^rsyslog-relp(?::\w+|)\s+(.*)$ ^rsyslog-elasticsearch(?::\w+|)\s+(.*)$ ^rsyslog-kafka(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^pcregrep(?::\w+|)\s+(.*)$ ^libpcre3-dev(?::\w+|)\s+(.*)$ ^libpcre3(?::\w+|)\s+(.*)$ ^libpcrecpp0v5(?::\w+|)\s+(.*)$ ^libpcre16-3(?::\w+|)\s+(.*)$ ^libpcre32-3(?::\w+|)\s+(.*)$ ^needrestart(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^gpgv-static(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gpg(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gnupg-l10n(?::\w+|)\s+(.*)$ ^gpg-wks-client(?::\w+|)\s+(.*)$ ^gpgconf(?::\w+|)\s+(.*)$ ^gpg-wks-server(?::\w+|)\s+(.*)$ ^gpg-agent(?::\w+|)\s+(.*)$ ^gpgv-win32(?::\w+|)\s+(.*)$ ^gnupg-utils(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^htmldoc(?::\w+|)\s+(.*)$ ^htmldoc-common(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libsvn-dev(?::\w+|)\s+(.*)$ ^ruby-svn(?::\w+|)\s+(.*)$ ^subversion-tools(?::\w+|)\s+(.*)$ ^libapache2-mod-svn(?::\w+|)\s+(.*)$ ^python-subversion(?::\w+|)\s+(.*)$ ^libsvn1(?::\w+|)\s+(.*)$ ^subversion(?::\w+|)\s+(.*)$ ^libsvn-doc(?::\w+|)\s+(.*)$ ^libsvn-java(?::\w+|)\s+(.*)$ ^libsvn-perl(?::\w+|)\s+(.*)$ ^dpkg-dev(?::\w+|)\s+(.*)$ ^dselect(?::\w+|)\s+(.*)$ ^dpkg(?::\w+|)\s+(.*)$ ^libdpkg-dev(?::\w+|)\s+(.*)$ ^libdpkg-perl(?::\w+|)\s+(.*)$ ^influxdb-dev(?::\w+|)\s+(.*)$ ^golang-github-influxdb-influxdb-dev(?::\w+|)\s+(.*)$ ^influxdb(?::\w+|)\s+(.*)$ ^influxdb-client(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^libxmltok1(?::\w+|)\s+(.*)$ ^libxmltok1-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^cifs-utils(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^libntfs-3g88(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libss2(?::\w+|)\s+(.*)$ ^e2fslibs-dev(?::\w+|)\s+(.*)$ ^libcomerr2(?::\w+|)\s+(.*)$ ^libcom-err2(?::\w+|)\s+(.*)$ ^e2fsprogs(?::\w+|)\s+(.*)$ ^e2fsck-static(?::\w+|)\s+(.*)$ ^e2fslibs(?::\w+|)\s+(.*)$ ^e2fsprogs-l10n(?::\w+|)\s+(.*)$ ^libext2fs-dev(?::\w+|)\s+(.*)$ ^libext2fs2(?::\w+|)\s+(.*)$ ^fuse2fs(?::\w+|)\s+(.*)$ ^ss-dev(?::\w+|)\s+(.*)$ ^comerr-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^varnish(?::\w+|)\s+(.*)$ ^varnish-doc(?::\w+|)\s+(.*)$ ^libvarnishapi-dev(?::\w+|)\s+(.*)$ ^libvarnishapi1(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^liblouis14(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^spip(?::\w+|)\s+(.*)$ ^exempi(?::\w+|)\s+(.*)$ ^libexempi3(?::\w+|)\s+(.*)$ ^libexempi-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws|-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^cloud-init(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^dirmngr(?::\w+|)\s+(.*)$ ^gpgv-static(?::\w+|)\s+(.*)$ ^gpgv-win32(?::\w+|)\s+(.*)$ ^scdaemon(?::\w+|)\s+(.*)$ ^gpgsm(?::\w+|)\s+(.*)$ ^gpgv(?::\w+|)\s+(.*)$ ^gpg(?::\w+|)\s+(.*)$ ^gnupg-agent(?::\w+|)\s+(.*)$ ^gnupg2(?::\w+|)\s+(.*)$ ^gpgconf(?::\w+|)\s+(.*)$ ^gpgv2(?::\w+|)\s+(.*)$ ^gnupg-utils(?::\w+|)\s+(.*)$ ^gpg-wks-server(?::\w+|)\s+(.*)$ ^gpg-agent(?::\w+|)\s+(.*)$ ^gnupg(?::\w+|)\s+(.*)$ ^gpg-wks-client(?::\w+|)\s+(.*)$ ^gnupg-l10n(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^python3-pyldap(?::\w+|)\s+(.*)$ ^python-pyldap(?::\w+|)\s+(.*)$ ^python3-ldap(?::\w+|)\s+(.*)$ ^python-ldap(?::\w+|)\s+(.*)$ ^dovecot-pgsql(?::\w+|)\s+(.*)$ ^dovecot-mysql(?::\w+|)\s+(.*)$ ^dovecot-core(?::\w+|)\s+(.*)$ ^dovecot-sieve(?::\w+|)\s+(.*)$ ^dovecot-ldap(?::\w+|)\s+(.*)$ ^dovecot-sqlite(?::\w+|)\s+(.*)$ ^dovecot-dev(?::\w+|)\s+(.*)$ ^dovecot-pop3d(?::\w+|)\s+(.*)$ ^dovecot-imapd(?::\w+|)\s+(.*)$ ^dovecot-managesieved(?::\w+|)\s+(.*)$ ^mail-stack-delivery(?::\w+|)\s+(.*)$ ^dovecot-gssapi(?::\w+|)\s+(.*)$ ^dovecot-lmtpd(?::\w+|)\s+(.*)$ ^dovecot-solr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libhttp-daemon-perl(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libxml-security-java-doc(?::\w+|)\s+(.*)$ ^libxml-security-java(?::\w+|)\s+(.*)$ ^python-jwt(?::\w+|)\s+(.*)$ ^python3-jwt(?::\w+|)\s+(.*)$ ^check-mk-config-icinga(?::\w+|)\s+(.*)$ ^check-mk-multisite(?::\w+|)\s+(.*)$ ^check-mk-server(?::\w+|)\s+(.*)$ ^check-mk-doc(?::\w+|)\s+(.*)$ ^check-mk-livestatus(?::\w+|)\s+(.*)$ ^check-mk-agent-logwatch(?::\w+|)\s+(.*)$ ^check-mk-agent(?::\w+|)\s+(.*)$ ^libfreetype6-dev(?::\w+|)\s+(.*)$ ^freetype2-demos(?::\w+|)\s+(.*)$ ^libfreetype6(?::\w+|)\s+(.*)$ ^python3-bottle(?::\w+|)\s+(.*)$ ^python-bottle(?::\w+|)\s+(.*)$ ^python-bottle-doc(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-390(?::\w+|)\s+(.*)$ ^libnvidia-decode-390(?::\w+|)\s+(.*)$ ^nvidia-utils-390(?::\w+|)\s+(.*)$ ^libnvidia-gl-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-390(?::\w+|)\s+(.*)$ ^nvidia-384-dev(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-390(?::\w+|)\s+(.*)$ ^libcuda1-384(?::\w+|)\s+(.*)$ ^nvidia-384(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-390(?::\w+|)\s+(.*)$ ^libnvidia-encode-390(?::\w+|)\s+(.*)$ ^nvidia-opencl-icd-384(?::\w+|)\s+(.*)$ ^libnvidia-common-390(?::\w+|)\s+(.*)$ ^nvidia-dkms-390(?::\w+|)\s+(.*)$ ^nvidia-libopencl1-384(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-390(?::\w+|)\s+(.*)$ ^nvidia-driver-390(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-390(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-390(?::\w+|)\s+(.*)$ ^nvidia-headless-390(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-390(?::\w+|)\s+(.*)$ ^libnvidia-compute-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-450-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-450-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-450-server(?::\w+|)\s+(.*)$ ^libnvidia-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-450-server(?::\w+|)\s+(.*)$ ^nvidia-utils-440-server(?::\w+|)\s+(.*)$ ^nvidia-headless-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-450-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-440-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-450-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-450-server(?::\w+|)\s+(.*)$ ^nvidia-driver-440-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-440-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-440-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-440-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-450-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-440-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-440-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-450-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-450-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-450-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-440-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-450-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-440-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-440-server(?::\w+|)\s+(.*)$ ^libnvidia-common-465(?::\w+|)\s+(.*)$ ^libnvidia-common-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-460-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-470-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-470(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-470-server(?::\w+|)\s+(.*)$ ^nvidia-utils-460-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-470(?::\w+|)\s+(.*)$ ^nvidia-headless-465(?::\w+|)\s+(.*)$ ^nvidia-headless-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-470(?::\w+|)\s+(.*)$ ^libnvidia-compute-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-470-server(?::\w+|)\s+(.*)$ ^libnvidia-gl-460(?::\w+|)\s+(.*)$ ^libnvidia-gl-465(?::\w+|)\s+(.*)$ ^nvidia-utils-470-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-465(?::\w+|)\s+(.*)$ ^libnvidia-compute-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-470(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-465(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-465(?::\w+|)\s+(.*)$ ^libnvidia-encode-465(?::\w+|)\s+(.*)$ ^libnvidia-decode-460-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-460(?::\w+|)\s+(.*)$ ^libnvidia-compute-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-470(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-470(?::\w+|)\s+(.*)$ ^nvidia-utils-470(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-470-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-470-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-470-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-470-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-470-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-460-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460-server(?::\w+|)\s+(.*)$ ^libnvidia-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-470-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-470(?::\w+|)\s+(.*)$ ^nvidia-dkms-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-465(?::\w+|)\s+(.*)$ ^libnvidia-extra-460(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-470(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-470-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-470(?::\w+|)\s+(.*)$ ^nvidia-driver-470-server(?::\w+|)\s+(.*)$ ^nvidia-driver-470(?::\w+|)\s+(.*)$ ^libnvidia-extra-460-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-470(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-465(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-460(?::\w+|)\s+(.*)$ ^libnvidia-extra-470(?::\w+|)\s+(.*)$ ^nvidia-utils-465(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-460-server(?::\w+|)\s+(.*)$ ^nvidia-driver-460(?::\w+|)\s+(.*)$ ^nvidia-utils-460(?::\w+|)\s+(.*)$ ^libnvidia-decode-465(?::\w+|)\s+(.*)$ ^nvidia-driver-465(?::\w+|)\s+(.*)$ ^libnvidia-decode-460(?::\w+|)\s+(.*)$ ^libnvidia-encode-460(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-470(?::\w+|)\s+(.*)$ ^nvidia-headless-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-470-server(?::\w+|)\s+(.*)$ ^libnvidia-common-470-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-470(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-465(?::\w+|)\s+(.*)$ ^libnvidia-common-470(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-460-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-470(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-460-server(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-460(?::\w+|)\s+(.*)$ ^libnvidia-ifr1-465(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-460-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-460-server(?::\w+|)\s+(.*)$ ^nvidia-headless-470-server(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-510(?::\w+|)\s+(.*)$ ^libnvidia-common-510(?::\w+|)\s+(.*)$ ^nvidia-utils-495(?::\w+|)\s+(.*)$ ^libnvidia-decode-495(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-495(?::\w+|)\s+(.*)$ ^libnvidia-compute-495(?::\w+|)\s+(.*)$ ^nvidia-headless-495(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-510(?::\w+|)\s+(.*)$ ^nvidia-dkms-495(?::\w+|)\s+(.*)$ ^libnvidia-encode-510(?::\w+|)\s+(.*)$ ^nvidia-driver-510-server(?::\w+|)\s+(.*)$ ^libnvidia-common-510-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-495(?::\w+|)\s+(.*)$ ^libnvidia-gl-510-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-495(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-495(?::\w+|)\s+(.*)$ ^nvidia-driver-510(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-510-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-510-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-510-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-510(?::\w+|)\s+(.*)$ ^libnvidia-compute-510-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-510(?::\w+|)\s+(.*)$ ^libnvidia-gl-510(?::\w+|)\s+(.*)$ ^nvidia-utils-510(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-510-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-510-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-510-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-510(?::\w+|)\s+(.*)$ ^nvidia-headless-510-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-510(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-495(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-510(?::\w+|)\s+(.*)$ ^libnvidia-decode-510-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-495(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-510-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-510(?::\w+|)\s+(.*)$ ^nvidia-dkms-510-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-510-server(?::\w+|)\s+(.*)$ ^libnvidia-common-495(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-510-server(?::\w+|)\s+(.*)$ ^nvidia-utils-510-server(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-495(?::\w+|)\s+(.*)$ ^libnvidia-compute-510(?::\w+|)\s+(.*)$ ^nvidia-dkms-510(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-495(?::\w+|)\s+(.*)$ ^libnvidia-extra-510(?::\w+|)\s+(.*)$ ^libnvidia-gl-495(?::\w+|)\s+(.*)$ ^nvidia-driver-495(?::\w+|)\s+(.*)$ ^nvidia-headless-510(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-495(?::\w+|)\s+(.*)$ ^nvidia-dkms-515-server(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-515(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-515(?::\w+|)\s+(.*)$ ^libnvidia-compute-515-server(?::\w+|)\s+(.*)$ ^nvidia-utils-515-server(?::\w+|)\s+(.*)$ ^libnvidia-common-515(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-515(?::\w+|)\s+(.*)$ ^libnvidia-encode-515-server(?::\w+|)\s+(.*)$ ^libnvidia-encode-515(?::\w+|)\s+(.*)$ ^libnvidia-decode-515-server(?::\w+|)\s+(.*)$ ^nvidia-driver-515(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-515-server(?::\w+|)\s+(.*)$ ^libnvidia-cfg1-515-server(?::\w+|)\s+(.*)$ ^libnvidia-decode-515(?::\w+|)\s+(.*)$ ^nvidia-utils-515(?::\w+|)\s+(.*)$ ^libnvidia-extra-515-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-common-515(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-515-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-515-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-515-server(?::\w+|)\s+(.*)$ ^nvidia-dkms-515(?::\w+|)\s+(.*)$ ^nvidia-headless-515-server(?::\w+|)\s+(.*)$ ^nvidia-kernel-source-515(?::\w+|)\s+(.*)$ ^libnvidia-gl-515(?::\w+|)\s+(.*)$ ^nvidia-compute-utils-515(?::\w+|)\s+(.*)$ ^nvidia-headless-no-dkms-515-server(?::\w+|)\s+(.*)$ ^xserver-xorg-video-nvidia-515(?::\w+|)\s+(.*)$ ^libnvidia-gl-515-server(?::\w+|)\s+(.*)$ ^libnvidia-compute-515(?::\w+|)\s+(.*)$ ^libnvidia-fbc1-515-server(?::\w+|)\s+(.*)$ ^libnvidia-common-515-server(?::\w+|)\s+(.*)$ ^nvidia-driver-515-server(?::\w+|)\s+(.*)$ ^libnvidia-extra-515(?::\w+|)\s+(.*)$ ^nvidia-headless-515(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dane0(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^libapache2-mod-wsgi(?::\w+|)\s+(.*)$ ^libapache2-mod-wsgi-py3(?::\w+|)\s+(.*)$ ^phpliteadmin-themes(?::\w+|)\s+(.*)$ ^phpliteadmin(?::\w+|)\s+(.*)$ ^gstreamer1.0-gtk3(?::\w+|)\s+(.*)$ ^gstreamer1.0-pulseaudio(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good-doc(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-dev(?::\w+|)\s+(.*)$ ^libgstreamer-plugins-good1.0-0(?::\w+|)\s+(.*)$ ^gstreamer1.0-plugins-good(?::\w+|)\s+(.*)$ ^gstreamer1.0-qt5(?::\w+|)\s+(.*)$ ^node-moment(?::\w+|)\s+(.*)$ ^libjs-moment(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gkeop)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gke)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libhttp-parser2.7.1(?::\w+|)\s+(.*)$ ^libhttp-parser-dev(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python3-unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^libx32z1-dev(?::\w+|)\s+(.*)$ ^lib64z1(?::\w+|)\s+(.*)$ ^libx32z1(?::\w+|)\s+(.*)$ ^lib64z1-dev(?::\w+|)\s+(.*)$ ^lib32z1(?::\w+|)\s+(.*)$ ^zlib1g(?::\w+|)\s+(.*)$ ^lib32z1-dev(?::\w+|)\s+(.*)$ ^zlib1g-dev(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^python-libxslt1(?::\w+|)\s+(.*)$ ^libxslt1-dev(?::\w+|)\s+(.*)$ ^libxslt1.1(?::\w+|)\s+(.*)$ ^xsltproc(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^schroot(?::\w+|)\s+(.*)$ ^schroot-common(?::\w+|)\s+(.*)$ ^python3-notebook(?::\w+|)\s+(.*)$ ^python-notebook-doc(?::\w+|)\s+(.*)$ ^python-notebook(?::\w+|)\s+(.*)$ ^jupyter-notebook(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^librte-pmd-thunderx-nicvf17.11(?::\w+|)\s+(.*)$ ^dpdk-igb-uio-dkms(?::\w+|)\s+(.*)$ ^librte-pmd-softnic17.11(?::\w+|)\s+(.*)$ ^librte-timer17.11(?::\w+|)\s+(.*)$ ^librte-pmd-nfp17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sw-event17.11(?::\w+|)\s+(.*)$ ^librte-pmd-fm10k17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bond17.11(?::\w+|)\s+(.*)$ ^librte-bitratestats17.11(?::\w+|)\s+(.*)$ ^librte-flow-classify17.11(?::\w+|)\s+(.*)$ ^librte-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-sfc-efx17.11(?::\w+|)\s+(.*)$ ^librte-bus-pci17.11(?::\w+|)\s+(.*)$ ^dpdk-doc(?::\w+|)\s+(.*)$ ^librte-distributor17.11(?::\w+|)\s+(.*)$ ^librte-pmd-pcap17.11(?::\w+|)\s+(.*)$ ^librte-net17.11(?::\w+|)\s+(.*)$ ^librte-ip-frag17.11(?::\w+|)\s+(.*)$ ^librte-jobstats17.11(?::\w+|)\s+(.*)$ ^librte-vhost17.11(?::\w+|)\s+(.*)$ ^dpdk-dev(?::\w+|)\s+(.*)$ ^librte-member17.11(?::\w+|)\s+(.*)$ ^librte-pmd-e1000-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-af-packet17.11(?::\w+|)\s+(.*)$ ^librte-pipeline17.11(?::\w+|)\s+(.*)$ ^librte-mempool-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-pmd-crypto-scheduler17.11(?::\w+|)\s+(.*)$ ^librte-pmd-avp17.11(?::\w+|)\s+(.*)$ ^dpdk-rte-kni-dkms(?::\w+|)\s+(.*)$ ^librte-latencystats17.11(?::\w+|)\s+(.*)$ ^librte-port17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ixgbe17.11(?::\w+|)\s+(.*)$ ^librte-cryptodev17.11(?::\w+|)\s+(.*)$ ^librte-cmdline17.11(?::\w+|)\s+(.*)$ ^librte-pmd-lio17.11(?::\w+|)\s+(.*)$ ^librte-bus-vdev17.11(?::\w+|)\s+(.*)$ ^librte-pdump17.11(?::\w+|)\s+(.*)$ ^librte-pmd-skeleton-event17.11(?::\w+|)\s+(.*)$ ^librte-table17.11(?::\w+|)\s+(.*)$ ^librte-gso17.11(?::\w+|)\s+(.*)$ ^librte-pmd-i40e17.11(?::\w+|)\s+(.*)$ ^librte-eventdev17.11(?::\w+|)\s+(.*)$ ^librte-kvargs17.11(?::\w+|)\s+(.*)$ ^librte-mempool-stack17.11(?::\w+|)\s+(.*)$ ^librte-metrics17.11(?::\w+|)\s+(.*)$ ^librte-lpm17.11(?::\w+|)\s+(.*)$ ^librte-kni17.11(?::\w+|)\s+(.*)$ ^librte-eal17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx17.11(?::\w+|)\s+(.*)$ ^librte-sched17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx4-17.11(?::\w+|)\s+(.*)$ ^librte-pmd-mlx5-17.11(?::\w+|)\s+(.*)$ ^librte-pci17.11(?::\w+|)\s+(.*)$ ^librte-pmd-octeontx-ssovf17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null-crypto17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vmxnet3-uio17.11(?::\w+|)\s+(.*)$ ^librte-security17.11(?::\w+|)\s+(.*)$ ^librte-pmd-null17.11(?::\w+|)\s+(.*)$ ^librte-hash17.11(?::\w+|)\s+(.*)$ ^librte-pmd-tap17.11(?::\w+|)\s+(.*)$ ^librte-pmd-enic17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ark17.11(?::\w+|)\s+(.*)$ ^librte-ethdev17.11(?::\w+|)\s+(.*)$ ^librte-meter17.11(?::\w+|)\s+(.*)$ ^librte-pmd-virtio17.11(?::\w+|)\s+(.*)$ ^librte-power17.11(?::\w+|)\s+(.*)$ ^librte-pmd-vhost17.11(?::\w+|)\s+(.*)$ ^librte-mempool17.11(?::\w+|)\s+(.*)$ ^librte-cfgfile17.11(?::\w+|)\s+(.*)$ ^librte-efd17.11(?::\w+|)\s+(.*)$ ^librte-pmd-cxgbe17.11(?::\w+|)\s+(.*)$ ^librte-mbuf17.11(?::\w+|)\s+(.*)$ ^dpdk(?::\w+|)\s+(.*)$ ^librte-gro17.11(?::\w+|)\s+(.*)$ ^librte-pmd-qede17.11(?::\w+|)\s+(.*)$ ^librte-pmd-failsafe17.11(?::\w+|)\s+(.*)$ ^librte-reorder17.11(?::\w+|)\s+(.*)$ ^librte-pmd-kni17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ena17.11(?::\w+|)\s+(.*)$ ^librte-mempool-ring17.11(?::\w+|)\s+(.*)$ ^librte-pmd-bnxt17.11(?::\w+|)\s+(.*)$ ^librte-pmd-ring17.11(?::\w+|)\s+(.*)$ ^librte-acl17.11(?::\w+|)\s+(.*)$ ^libdpdk-dev(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^libwayland-egl1(?::\w+|)\s+(.*)$ ^libwayland-bin(?::\w+|)\s+(.*)$ ^libwayland-dev(?::\w+|)\s+(.*)$ ^libwayland-cursor0(?::\w+|)\s+(.*)$ ^libwayland-egl-backend-dev(?::\w+|)\s+(.*)$ ^libwayland-server0(?::\w+|)\s+(.*)$ ^libwayland-doc(?::\w+|)\s+(.*)$ ^libwayland-client0(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-mako(?::\w+|)\s+(.*)$ ^python-mako-doc(?::\w+|)\s+(.*)$ ^python3-mako(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^libpcre2-16-0(?::\w+|)\s+(.*)$ ^libpcre2-32-0(?::\w+|)\s+(.*)$ ^libpcre2-posix0(?::\w+|)\s+(.*)$ ^pcre2-utils(?::\w+|)\s+(.*)$ ^libpcre2-dev(?::\w+|)\s+(.*)$ ^libpcre2-8-0(?::\w+|)\s+(.*)$ ^etcd-server(?::\w+|)\s+(.*)$ ^golang-etcd-server-dev(?::\w+|)\s+(.*)$ ^etcd-client(?::\w+|)\s+(.*)$ ^etcd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^libturbojpeg0-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo8-dev(?::\w+|)\s+(.*)$ ^libjpeg-turbo-progs(?::\w+|)\s+(.*)$ ^libturbojpeg(?::\w+|)\s+(.*)$ ^libjpeg-turbo8(?::\w+|)\s+(.*)$ ^libjpeg-turbo-test(?::\w+|)\s+(.*)$ ^sosreport(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^expat(?::\w+|)\s+(.*)$ ^libexpat1-dev(?::\w+|)\s+(.*)$ ^libexpat1(?::\w+|)\s+(.*)$ ^squid-common(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid-cgi(?::\w+|)\s+(.*)$ ^squid-purge(?::\w+|)\s+(.*)$ ^squidclient(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^isc-dhcp-dev(?::\w+|)\s+(.*)$ ^isc-dhcp-client-ddns(?::\w+|)\s+(.*)$ ^isc-dhcp-relay(?::\w+|)\s+(.*)$ ^isc-dhcp-client(?::\w+|)\s+(.*)$ ^isc-dhcp-common(?::\w+|)\s+(.*)$ ^isc-dhcp-server(?::\w+|)\s+(.*)$ ^isc-dhcp-server-ldap(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^libonig4(?::\w+|)\s+(.*)$ ^libonig-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^libgmp10-doc(?::\w+|)\s+(.*)$ ^libgmpxx4ldbl(?::\w+|)\s+(.*)$ ^libgmp3-dev(?::\w+|)\s+(.*)$ ^libgmp10(?::\w+|)\s+(.*)$ ^libgmp-dev(?::\w+|)\s+(.*)$ ^unzip(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^gthumb-dev(?::\w+|)\s+(.*)$ ^gthumb-data(?::\w+|)\s+(.*)$ ^gthumb(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libksba-mingw-w64-dev(?::\w+|)\s+(.*)$ ^libksba8(?::\w+|)\s+(.*)$ ^libksba-dev(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.26(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^libperl5.26(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^python-barbican(?::\w+|)\s+(.*)$ ^barbican-api(?::\w+|)\s+(.*)$ ^barbican-worker(?::\w+|)\s+(.*)$ ^barbican-keystone-listener(?::\w+|)\s+(.*)$ ^barbican-common(?::\w+|)\s+(.*)$ ^barbican-doc(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^dbus-1-doc(?::\w+|)\s+(.*)$ ^dbus(?::\w+|)\s+(.*)$ ^libdbus-1-dev(?::\w+|)\s+(.*)$ ^dbus-user-session(?::\w+|)\s+(.*)$ ^dbus-x11(?::\w+|)\s+(.*)$ ^dbus-tests(?::\w+|)\s+(.*)$ ^libdbus-1-3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^ntfs-3g(?::\w+|)\s+(.*)$ ^libntfs-3g88(?::\w+|)\s+(.*)$ ^ntfs-3g-dev(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libraw-doc(?::\w+|)\s+(.*)$ ^libraw-bin(?::\w+|)\s+(.*)$ ^libraw16(?::\w+|)\s+(.*)$ ^libraw-dev(?::\w+|)\s+(.*)$ ^lemon(?::\w+|)\s+(.*)$ ^sqlite3-doc(?::\w+|)\s+(.*)$ ^libsqlite3-0(?::\w+|)\s+(.*)$ ^libsqlite3-tcl(?::\w+|)\s+(.*)$ ^sqlite3(?::\w+|)\s+(.*)$ ^libsqlite3-dev(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libpixman-1-0(?::\w+|)\s+(.*)$ ^libpixman-1-dev(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^libnginx-mod-stream(?::\w+|)\s+(.*)$ ^libnginx-mod-http-subs-filter(?::\w+|)\s+(.*)$ ^nginx-doc(?::\w+|)\s+(.*)$ ^libnginx-mod-mail(?::\w+|)\s+(.*)$ ^libnginx-mod-http-image-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-echo(?::\w+|)\s+(.*)$ ^libnginx-mod-nchan(?::\w+|)\s+(.*)$ ^nginx-common(?::\w+|)\s+(.*)$ ^libnginx-mod-http-fancyindex(?::\w+|)\s+(.*)$ ^libnginx-mod-http-auth-pam(?::\w+|)\s+(.*)$ ^nginx-light(?::\w+|)\s+(.*)$ ^libnginx-mod-http-headers-more-filter(?::\w+|)\s+(.*)$ ^nginx-extras(?::\w+|)\s+(.*)$ ^libnginx-mod-http-upstream-fair(?::\w+|)\s+(.*)$ ^libnginx-mod-http-xslt-filter(?::\w+|)\s+(.*)$ ^libnginx-mod-http-lua(?::\w+|)\s+(.*)$ ^libnginx-mod-http-perl(?::\w+|)\s+(.*)$ ^nginx-core(?::\w+|)\s+(.*)$ ^libnginx-mod-http-geoip(?::\w+|)\s+(.*)$ ^libnginx-mod-http-dav-ext(?::\w+|)\s+(.*)$ ^nginx(?::\w+|)\s+(.*)$ ^libnginx-mod-http-ndk(?::\w+|)\s+(.*)$ ^libnginx-mod-http-uploadprogress(?::\w+|)\s+(.*)$ ^libnginx-mod-http-cache-purge(?::\w+|)\s+(.*)$ ^nginx-full(?::\w+|)\s+(.*)$ ^libnginx-mod-rtmp(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^golang-1.13-doc(?::\w+|)\s+(.*)$ ^golang-1.13-src(?::\w+|)\s+(.*)$ ^golang-1.13(?::\w+|)\s+(.*)$ ^golang-1.13-go(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^kpartx-boot(?::\w+|)\s+(.*)$ ^multipath-tools-boot(?::\w+|)\s+(.*)$ ^kpartx(?::\w+|)\s+(.*)$ ^multipath-tools(?::\w+|)\s+(.*)$ ^libunbound2(?::\w+|)\s+(.*)$ ^unbound(?::\w+|)\s+(.*)$ ^python3-unbound(?::\w+|)\s+(.*)$ ^python-unbound(?::\w+|)\s+(.*)$ ^unbound-anchor(?::\w+|)\s+(.*)$ ^unbound-host(?::\w+|)\s+(.*)$ ^libunbound-dev(?::\w+|)\s+(.*)$ ^libflac-doc(?::\w+|)\s+(.*)$ ^libflac-dev(?::\w+|)\s+(.*)$ ^libflac++-dev(?::\w+|)\s+(.*)$ ^flac(?::\w+|)\s+(.*)$ ^libflac++6v5(?::\w+|)\s+(.*)$ ^libflac8(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^jbigkit-bin(?::\w+|)\s+(.*)$ ^libjbig-dev(?::\w+|)\s+(.*)$ ^libjbig0(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libice6(?::\w+|)\s+(.*)$ ^libice-doc(?::\w+|)\s+(.*)$ ^libice-dev(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^u-boot(?::\w+|)\s+(.*)$ ^u-boot-qemu(?::\w+|)\s+(.*)$ ^u-boot-amlogic(?::\w+|)\s+(.*)$ ^u-boot-tools(?::\w+|)\s+(.*)$ ^u-boot-imx(?::\w+|)\s+(.*)$ ^u-boot-tegra(?::\w+|)\s+(.*)$ ^u-boot-sunxi(?::\w+|)\s+(.*)$ ^u-boot-qcom(?::\w+|)\s+(.*)$ ^u-boot-rpi(?::\w+|)\s+(.*)$ ^u-boot-omap(?::\w+|)\s+(.*)$ ^u-boot-mvebu(?::\w+|)\s+(.*)$ ^u-boot-rockchip(?::\w+|)\s+(.*)$ ^u-boot-exynos(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-containerd-containerd-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libusbredirparser-dev(?::\w+|)\s+(.*)$ ^libusbredirhost-dev(?::\w+|)\s+(.*)$ ^usbredirserver(?::\w+|)\s+(.*)$ ^libusbredirhost1(?::\w+|)\s+(.*)$ ^libusbredirparser1(?::\w+|)\s+(.*)$ ^freeradius-ldap(?::\w+|)\s+(.*)$ ^freeradius-redis(?::\w+|)\s+(.*)$ ^libfreeradius3(?::\w+|)\s+(.*)$ ^freeradius-yubikey(?::\w+|)\s+(.*)$ ^freeradius-memcached(?::\w+|)\s+(.*)$ ^freeradius-postgresql(?::\w+|)\s+(.*)$ ^freeradius-mysql(?::\w+|)\s+(.*)$ ^libfreeradius-dev(?::\w+|)\s+(.*)$ ^freeradius-dhcp(?::\w+|)\s+(.*)$ ^freeradius-utils(?::\w+|)\s+(.*)$ ^freeradius(?::\w+|)\s+(.*)$ ^freeradius-iodbc(?::\w+|)\s+(.*)$ ^freeradius-common(?::\w+|)\s+(.*)$ ^freeradius-rest(?::\w+|)\s+(.*)$ ^freeradius-config(?::\w+|)\s+(.*)$ ^freeradius-krb5(?::\w+|)\s+(.*)$ ^nautilus-data(?::\w+|)\s+(.*)$ ^gir1.2-nautilus-3.0(?::\w+|)\s+(.*)$ ^nautilus(?::\w+|)\s+(.*)$ ^libnautilus-extension-dev(?::\w+|)\s+(.*)$ ^libnautilus-extension1a(?::\w+|)\s+(.*)$ ^libksba-mingw-w64-dev(?::\w+|)\s+(.*)$ ^libksba8(?::\w+|)\s+(.*)$ ^libksba-dev(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^snmptrapd(?::\w+|)\s+(.*)$ ^libsnmp-perl(?::\w+|)\s+(.*)$ ^libsnmp-dev(?::\w+|)\s+(.*)$ ^libsnmp-base(?::\w+|)\s+(.*)$ ^snmp(?::\w+|)\s+(.*)$ ^libsnmp30(?::\w+|)\s+(.*)$ ^tkmib(?::\w+|)\s+(.*)$ ^snmpd(?::\w+|)\s+(.*)$ ^python-netsnmp(?::\w+|)\s+(.*)$ ^w3m-img(?::\w+|)\s+(.*)$ ^w3m(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^xpmutils(?::\w+|)\s+(.*)$ ^libxpm-dev(?::\w+|)\s+(.*)$ ^libxpm4(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^python-setuptools(?::\w+|)\s+(.*)$ ^python-setuptools-doc(?::\w+|)\s+(.*)$ ^python3-pkg-resources(?::\w+|)\s+(.*)$ ^pypy-setuptools(?::\w+|)\s+(.*)$ ^pypy-pkg-resources(?::\w+|)\s+(.*)$ ^python3-setuptools(?::\w+|)\s+(.*)$ ^python-pkg-resources(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^exuberant-ctags(?::\w+|)\s+(.*)$ ^python-wheel(?::\w+|)\s+(.*)$ ^python-wheel-common(?::\w+|)\s+(.*)$ ^python3-wheel(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^privoxy(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^krb5-kpropd(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^libkdb5-9(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv-mit11(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit11(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^python-future-doc(?::\w+|)\s+(.*)$ ^python3-future(?::\w+|)\s+(.*)$ ^python-future(?::\w+|)\s+(.*)$ ^python-cinder(?::\w+|)\s+(.*)$ ^cinder-backup(?::\w+|)\s+(.*)$ ^cinder-api(?::\w+|)\s+(.*)$ ^cinder-volume(?::\w+|)\s+(.*)$ ^cinder-common(?::\w+|)\s+(.*)$ ^cinder-scheduler(?::\w+|)\s+(.*)$ ^nova-api(?::\w+|)\s+(.*)$ ^nova-common(?::\w+|)\s+(.*)$ ^nova-compute-xen(?::\w+|)\s+(.*)$ ^nova-api-os-compute(?::\w+|)\s+(.*)$ ^nova-novncproxy(?::\w+|)\s+(.*)$ ^nova-serialproxy(?::\w+|)\s+(.*)$ ^nova-api-os-volume(?::\w+|)\s+(.*)$ ^nova-compute-lxc(?::\w+|)\s+(.*)$ ^nova-placement-api(?::\w+|)\s+(.*)$ ^nova-consoleauth(?::\w+|)\s+(.*)$ ^python-nova(?::\w+|)\s+(.*)$ ^nova-network(?::\w+|)\s+(.*)$ ^nova-api-metadata(?::\w+|)\s+(.*)$ ^nova-ajax-console-proxy(?::\w+|)\s+(.*)$ ^nova-compute-kvm(?::\w+|)\s+(.*)$ ^nova-xvpvncproxy(?::\w+|)\s+(.*)$ ^nova-doc(?::\w+|)\s+(.*)$ ^nova-conductor(?::\w+|)\s+(.*)$ ^nova-volume(?::\w+|)\s+(.*)$ ^nova-compute-vmware(?::\w+|)\s+(.*)$ ^nova-spiceproxy(?::\w+|)\s+(.*)$ ^nova-scheduler(?::\w+|)\s+(.*)$ ^nova-console(?::\w+|)\s+(.*)$ ^nova-compute-libvirt(?::\w+|)\s+(.*)$ ^nova-compute(?::\w+|)\s+(.*)$ ^nova-compute-qemu(?::\w+|)\s+(.*)$ ^nova-cells(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^advancecomp(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^lrzip(?::\w+|)\s+(.*)$ ^editorconfig-doc(?::\w+|)\s+(.*)$ ^libeditorconfig0(?::\w+|)\s+(.*)$ ^editorconfig(?::\w+|)\s+(.*)$ ^libeditorconfig-dev(?::\w+|)\s+(.*)$ ^tmux(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^grunt(?::\w+|)\s+(.*)$ ^libhcrypto4-heimdal(?::\w+|)\s+(.*)$ ^libwind0-heimdal(?::\w+|)\s+(.*)$ ^libroken18-heimdal(?::\w+|)\s+(.*)$ ^libgssapi3-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kcm(?::\w+|)\s+(.*)$ ^libhdb9-heimdal(?::\w+|)\s+(.*)$ ^libasn1-8-heimdal(?::\w+|)\s+(.*)$ ^libsl0-heimdal(?::\w+|)\s+(.*)$ ^libkadm5clnt7-heimdal(?::\w+|)\s+(.*)$ ^heimdal-kdc(?::\w+|)\s+(.*)$ ^libkdc2-heimdal(?::\w+|)\s+(.*)$ ^heimdal-servers(?::\w+|)\s+(.*)$ ^libheimntlm0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-docs(?::\w+|)\s+(.*)$ ^libheimbase1-heimdal(?::\w+|)\s+(.*)$ ^libkrb5-26-heimdal(?::\w+|)\s+(.*)$ ^libotp0-heimdal(?::\w+|)\s+(.*)$ ^heimdal-dev(?::\w+|)\s+(.*)$ ^libkafs0-heimdal(?::\w+|)\s+(.*)$ ^libhx509-5-heimdal(?::\w+|)\s+(.*)$ ^heimdal-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv8-heimdal(?::\w+|)\s+(.*)$ ^heimdal-clients(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^transfig(?::\w+|)\s+(.*)$ ^fig2dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^nova-api(?::\w+|)\s+(.*)$ ^nova-common(?::\w+|)\s+(.*)$ ^nova-compute-xen(?::\w+|)\s+(.*)$ ^nova-api-os-compute(?::\w+|)\s+(.*)$ ^nova-novncproxy(?::\w+|)\s+(.*)$ ^nova-serialproxy(?::\w+|)\s+(.*)$ ^nova-api-os-volume(?::\w+|)\s+(.*)$ ^nova-compute-lxc(?::\w+|)\s+(.*)$ ^nova-placement-api(?::\w+|)\s+(.*)$ ^nova-consoleauth(?::\w+|)\s+(.*)$ ^python-nova(?::\w+|)\s+(.*)$ ^nova-network(?::\w+|)\s+(.*)$ ^nova-api-metadata(?::\w+|)\s+(.*)$ ^nova-ajax-console-proxy(?::\w+|)\s+(.*)$ ^nova-compute-kvm(?::\w+|)\s+(.*)$ ^nova-xvpvncproxy(?::\w+|)\s+(.*)$ ^nova-doc(?::\w+|)\s+(.*)$ ^nova-conductor(?::\w+|)\s+(.*)$ ^nova-volume(?::\w+|)\s+(.*)$ ^nova-compute-vmware(?::\w+|)\s+(.*)$ ^nova-spiceproxy(?::\w+|)\s+(.*)$ ^nova-scheduler(?::\w+|)\s+(.*)$ ^nova-console(?::\w+|)\s+(.*)$ ^nova-compute-libvirt(?::\w+|)\s+(.*)$ ^nova-compute(?::\w+|)\s+(.*)$ ^nova-compute-qemu(?::\w+|)\s+(.*)$ ^nova-cells(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^haproxy(?::\w+|)\s+(.*)$ ^haproxy-doc(?::\w+|)\s+(.*)$ ^vim-haproxy(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-odbc(?::\w+|)\s+(.*)$ ^libaprutil1(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-mysql(?::\w+|)\s+(.*)$ ^libaprutil1-ldap(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-sqlite3(?::\w+|)\s+(.*)$ ^libaprutil1-dbd-pgsql(?::\w+|)\s+(.*)$ ^libaprutil1-dev(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^golang-golang-x-text-dev(?::\w+|)\s+(.*)$ ^golang-x-text-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^chromium-chromedriver(?::\w+|)\s+(.*)$ ^chromium-browser-l10n(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg-extra(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg(?::\w+|)\s+(.*)$ ^chromium-browser(?::\w+|)\s+(.*)$ ^dcmtk(?::\w+|)\s+(.*)$ ^dcmtk-doc(?::\w+|)\s+(.*)$ ^libdcmtk-dev(?::\w+|)\s+(.*)$ ^libdcmtk12(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libnss3-dev(?::\w+|)\s+(.*)$ ^libnss3(?::\w+|)\s+(.*)$ ^libnss3-tools(?::\w+|)\s+(.*)$ ^mplayer-doc(?::\w+|)\s+(.*)$ ^mplayer-gui(?::\w+|)\s+(.*)$ ^mplayer(?::\w+|)\s+(.*)$ ^mencoder(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^awstats(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox3(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^libsox3(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^ruby-rack(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^rsync(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^systemd-tests(?::\w+|)\s+(.*)$ ^systemd-coredump(?::\w+|)\s+(.*)$ ^systemd(?::\w+|)\s+(.*)$ ^libsystemd0(?::\w+|)\s+(.*)$ ^systemd-container(?::\w+|)\s+(.*)$ ^libnss-myhostname(?::\w+|)\s+(.*)$ ^libudev1(?::\w+|)\s+(.*)$ ^libsystemd-dev(?::\w+|)\s+(.*)$ ^libnss-systemd(?::\w+|)\s+(.*)$ ^systemd-journal-remote(?::\w+|)\s+(.*)$ ^libpam-systemd(?::\w+|)\s+(.*)$ ^libnss-mymachines(?::\w+|)\s+(.*)$ ^libnss-resolve(?::\w+|)\s+(.*)$ ^systemd-sysv(?::\w+|)\s+(.*)$ ^udev(?::\w+|)\s+(.*)$ ^libudev-dev(?::\w+|)\s+(.*)$ ^python3.7-doc(?::\w+|)\s+(.*)$ ^libpython3.7-minimal(?::\w+|)\s+(.*)$ ^libpython3.7-testsuite(?::\w+|)\s+(.*)$ ^libpython3.7-stdlib(?::\w+|)\s+(.*)$ ^python3.7-minimal(?::\w+|)\s+(.*)$ ^python3.7(?::\w+|)\s+(.*)$ ^python3.7-venv(?::\w+|)\s+(.*)$ ^libpython3.7-dev(?::\w+|)\s+(.*)$ ^python3.7-examples(?::\w+|)\s+(.*)$ ^python3.7-dev(?::\w+|)\s+(.*)$ ^idle-python3.7(?::\w+|)\s+(.*)$ ^libpython3.7(?::\w+|)\s+(.*)$ ^python3.8-minimal(?::\w+|)\s+(.*)$ ^python3.8-examples(?::\w+|)\s+(.*)$ ^python3.8-dev(?::\w+|)\s+(.*)$ ^libpython3.8-minimal(?::\w+|)\s+(.*)$ ^libpython3.8-dev(?::\w+|)\s+(.*)$ ^python3.8-venv(?::\w+|)\s+(.*)$ ^libpython3.8(?::\w+|)\s+(.*)$ ^idle-python3.8(?::\w+|)\s+(.*)$ ^libpython3.8-testsuite(?::\w+|)\s+(.*)$ ^libpython3.8-stdlib(?::\w+|)\s+(.*)$ ^python3.8(?::\w+|)\s+(.*)$ ^sofia-sip-doc(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib3(?::\w+|)\s+(.*)$ ^libsofia-sip-ua0(?::\w+|)\s+(.*)$ ^sofia-sip-bin(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-dev(?::\w+|)\s+(.*)$ ^libopusfile-doc(?::\w+|)\s+(.*)$ ^libopusfile-dev(?::\w+|)\s+(.*)$ ^libopusfile0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^libyaml-snake-java(?::\w+|)\s+(.*)$ ^libyaml-snake-java-doc(?::\w+|)\s+(.*)$ ^libprotoc10(?::\w+|)\s+(.*)$ ^libprotobuf10(?::\w+|)\s+(.*)$ ^python3-protobuf(?::\w+|)\s+(.*)$ ^libprotobuf-lite10(?::\w+|)\s+(.*)$ ^libprotoc-dev(?::\w+|)\s+(.*)$ ^python-protobuf(?::\w+|)\s+(.*)$ ^libprotobuf-dev(?::\w+|)\s+(.*)$ ^libprotobuf-java(?::\w+|)\s+(.*)$ ^protobuf-compiler(?::\w+|)\s+(.*)$ ^libxstream-java(?::\w+|)\s+(.*)$ ^php-twig-doc(?::\w+|)\s+(.*)$ ^php-twig(?::\w+|)\s+(.*)$ ^python3-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug(?::\w+|)\s+(.*)$ ^python-werkzeug-doc(?::\w+|)\s+(.*)$ ^chromium-chromedriver(?::\w+|)\s+(.*)$ ^chromium-browser-l10n(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg-extra(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg(?::\w+|)\s+(.*)$ ^chromium-browser(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^libopenjp2-tools(?::\w+|)\s+(.*)$ ^libopenjpip-server(?::\w+|)\s+(.*)$ ^libopenjpip-viewer(?::\w+|)\s+(.*)$ ^libopenjp3d-tools(?::\w+|)\s+(.*)$ ^libopenjpip7(?::\w+|)\s+(.*)$ ^libopenjp2-7(?::\w+|)\s+(.*)$ ^libopenjp2-7-dev(?::\w+|)\s+(.*)$ ^libopenjp3d7(?::\w+|)\s+(.*)$ ^libopenjpip-dec-server(?::\w+|)\s+(.*)$ ^ipython(?::\w+|)\s+(.*)$ ^python-ipython-doc(?::\w+|)\s+(.*)$ ^python-ipython(?::\w+|)\s+(.*)$ ^python3-ipython(?::\w+|)\s+(.*)$ ^ipython3(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libphp-phpmailer(?::\w+|)\s+(.*)$ ^libphp-phpmailer(?::\w+|)\s+(.*)$ ^librecad-data(?::\w+|)\s+(.*)$ ^librecad(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^krb5-kpropd(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^libkdb5-9(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^libkadm5srv-mit11(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit11(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^abcm2ps(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^node-object-path(?::\w+|)\s+(.*)$ ^python-git-doc(?::\w+|)\s+(.*)$ ^python-git(?::\w+|)\s+(.*)$ ^python3-git(?::\w+|)\s+(.*)$ ^gif2apng(?::\w+|)\s+(.*)$ ^libgv-perl(?::\w+|)\s+(.*)$ ^python3-gv(?::\w+|)\s+(.*)$ ^libcgraph6(?::\w+|)\s+(.*)$ ^libgv-tcl(?::\w+|)\s+(.*)$ ^python-gv(?::\w+|)\s+(.*)$ ^libgvc6(?::\w+|)\s+(.*)$ ^libgraphviz-dev(?::\w+|)\s+(.*)$ ^libxdot4(?::\w+|)\s+(.*)$ ^libgv-php7(?::\w+|)\s+(.*)$ ^graphviz-doc(?::\w+|)\s+(.*)$ ^graphviz(?::\w+|)\s+(.*)$ ^libgv-lua(?::\w+|)\s+(.*)$ ^libpathplan4(?::\w+|)\s+(.*)$ ^libcdt5(?::\w+|)\s+(.*)$ ^libgvpr2(?::\w+|)\s+(.*)$ ^liblab-gamut1(?::\w+|)\s+(.*)$ ^libgvc6-plugins-gtk(?::\w+|)\s+(.*)$ ^libgv-guile(?::\w+|)\s+(.*)$ ^libgv-ruby(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^node-url-parse(?::\w+|)\s+(.*)$ ^libgraphics-magick-perl(?::\w+|)\s+(.*)$ ^libgraphicsmagick-q16-3(?::\w+|)\s+(.*)$ ^libgraphicsmagick1-dev(?::\w+|)\s+(.*)$ ^graphicsmagick(?::\w+|)\s+(.*)$ ^graphicsmagick-imagemagick-compat(?::\w+|)\s+(.*)$ ^graphicsmagick-libmagick-dev-compat(?::\w+|)\s+(.*)$ ^libgraphicsmagick++-q16-12(?::\w+|)\s+(.*)$ ^libgraphicsmagick++1-dev(?::\w+|)\s+(.*)$ ^php-nette(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xorg-server-source-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-dev-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xephyr-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy-hwe-18.04(?::\w+|)\s+(.*)$ ^xwayland-hwe-18.04(?::\w+|)\s+(.*)$ ^xserver-xorg-core-hwe-18.04(?::\w+|)\s+(.*)$ ^xcftools(?::\w+|)\s+(.*)$ ^musl-dev(?::\w+|)\s+(.*)$ ^musl-tools(?::\w+|)\s+(.*)$ ^musl(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^liblouis-bin(?::\w+|)\s+(.*)$ ^liblouis14(?::\w+|)\s+(.*)$ ^python-louis(?::\w+|)\s+(.*)$ ^liblouis-dev(?::\w+|)\s+(.*)$ ^python3-louis(?::\w+|)\s+(.*)$ ^liblouis-data(?::\w+|)\s+(.*)$ ^ipmitool(?::\w+|)\s+(.*)$ ^liblog4j1.2-java-doc(?::\w+|)\s+(.*)$ ^liblog4j1.2-java(?::\w+|)\s+(.*)$ ^node-trim-newlines(?::\w+|)\s+(.*)$ ^sudo-ldap(?::\w+|)\s+(.*)$ ^sudo(?::\w+|)\s+(.*)$ ^libexo-2-dev(?::\w+|)\s+(.*)$ ^libexo-helpers(?::\w+|)\s+(.*)$ ^libexo-common(?::\w+|)\s+(.*)$ ^libexo-1-0(?::\w+|)\s+(.*)$ ^exo-utils(?::\w+|)\s+(.*)$ ^libexo-1-dev(?::\w+|)\s+(.*)$ ^libexo-2-0(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^libjson-smart-java(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^node-thenify(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^python-apport(?::\w+|)\s+(.*)$ ^python3-problem-report(?::\w+|)\s+(.*)$ ^apport-kde(?::\w+|)\s+(.*)$ ^apport-retrace(?::\w+|)\s+(.*)$ ^apport-valgrind(?::\w+|)\s+(.*)$ ^python3-apport(?::\w+|)\s+(.*)$ ^dh-apport(?::\w+|)\s+(.*)$ ^apport-gtk(?::\w+|)\s+(.*)$ ^apport(?::\w+|)\s+(.*)$ ^python-problem-report(?::\w+|)\s+(.*)$ ^apport-noui(?::\w+|)\s+(.*)$ ^chromium-chromedriver(?::\w+|)\s+(.*)$ ^chromium-browser-l10n(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg-extra(?::\w+|)\s+(.*)$ ^chromium-codecs-ffmpeg(?::\w+|)\s+(.*)$ ^chromium-browser(?::\w+|)\s+(.*)$ ^kamailio-radius-modules(?::\w+|)\s+(.*)$ ^kamailio-lua-modules(?::\w+|)\s+(.*)$ ^kamailio-postgres-modules(?::\w+|)\s+(.*)$ ^kamailio-perl-modules(?::\w+|)\s+(.*)$ ^kamailio-mysql-modules(?::\w+|)\s+(.*)$ ^kamailio-utils-modules(?::\w+|)\s+(.*)$ ^kamailio-extra-modules(?::\w+|)\s+(.*)$ ^kamailio(?::\w+|)\s+(.*)$ ^kamailio-cpl-modules(?::\w+|)\s+(.*)$ ^kamailio-mono-modules(?::\w+|)\s+(.*)$ ^kamailio-kazoo-modules(?::\w+|)\s+(.*)$ ^kamailio-rabbitmq-modules(?::\w+|)\s+(.*)$ ^kamailio-cnxcc-modules(?::\w+|)\s+(.*)$ ^kamailio-snmpstats-modules(?::\w+|)\s+(.*)$ ^kamailio-carrierroute-modules(?::\w+|)\s+(.*)$ ^kamailio-tls-modules(?::\w+|)\s+(.*)$ ^kamailio-xmpp-modules(?::\w+|)\s+(.*)$ ^kamailio-presence-modules(?::\w+|)\s+(.*)$ ^kamailio-json-modules(?::\w+|)\s+(.*)$ ^kamailio-sctp-modules(?::\w+|)\s+(.*)$ ^kamailio-mongodb-modules(?::\w+|)\s+(.*)$ ^kamailio-geoip-modules(?::\w+|)\s+(.*)$ ^kamailio-sqlite-modules(?::\w+|)\s+(.*)$ ^kamailio-ldap-modules(?::\w+|)\s+(.*)$ ^kamailio-websocket-modules(?::\w+|)\s+(.*)$ ^kamailio-ims-modules(?::\w+|)\s+(.*)$ ^kamailio-phonenum-modules(?::\w+|)\s+(.*)$ ^kamailio-redis-modules(?::\w+|)\s+(.*)$ ^kamailio-erlang-modules(?::\w+|)\s+(.*)$ ^kamailio-autheph-modules(?::\w+|)\s+(.*)$ ^kamailio-outbound-modules(?::\w+|)\s+(.*)$ ^kamailio-python-modules(?::\w+|)\s+(.*)$ ^kamailio-systemd-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-modules(?::\w+|)\s+(.*)$ ^kamailio-geoip2-modules(?::\w+|)\s+(.*)$ ^kamailio-unixodbc-modules(?::\w+|)\s+(.*)$ ^kamailio-xml-modules(?::\w+|)\s+(.*)$ ^kamailio-berkeley-bin(?::\w+|)\s+(.*)$ ^kamailio-memcached-modules(?::\w+|)\s+(.*)$ ^libreoffice-nlpsolver(?::\w+|)\s+(.*)$ ^libreoffice-mysql-connector(?::\w+|)\s+(.*)$ ^libreoffice-wiki-publisher(?::\w+|)\s+(.*)$ ^libreoffice-impress(?::\w+|)\s+(.*)$ ^libreoffice-evolution(?::\w+|)\s+(.*)$ ^libreoffice-dev-common(?::\w+|)\s+(.*)$ ^libreoffice-librelogo(?::\w+|)\s+(.*)$ ^libreoffice-java-common(?::\w+|)\s+(.*)$ ^gir1.2-lokdocview-0.1(?::\w+|)\s+(.*)$ ^libreoffice-subsequentcheckbase(?::\w+|)\s+(.*)$ ^libreoffice-style-elementary(?::\w+|)\s+(.*)$ ^libreoffice-officebean(?::\w+|)\s+(.*)$ ^libreoffice-kde(?::\w+|)\s+(.*)$ ^libreoffice-base(?::\w+|)\s+(.*)$ ^libreoffice-style-galaxy(?::\w+|)\s+(.*)$ ^libreoffice-style-hicontrast(?::\w+|)\s+(.*)$ ^libreoffice-style-breeze(?::\w+|)\s+(.*)$ ^libreoffice-core(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-bsh(?::\w+|)\s+(.*)$ ^libreoffice-avmedia-backend-gstreamer(?::\w+|)\s+(.*)$ ^libreofficekit-dev(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-python(?::\w+|)\s+(.*)$ ^libreoffice-common(?::\w+|)\s+(.*)$ ^libreoffice-gnome(?::\w+|)\s+(.*)$ ^libreofficekit-data(?::\w+|)\s+(.*)$ ^libreoffice-kde4(?::\w+|)\s+(.*)$ ^libreoffice-dev(?::\w+|)\s+(.*)$ ^libreoffice-gtk3(?::\w+|)\s+(.*)$ ^libreoffice-report-builder(?::\w+|)\s+(.*)$ ^libreoffice-pdfimport(?::\w+|)\s+(.*)$ ^libreoffice-base-core(?::\w+|)\s+(.*)$ ^libreoffice-math(?::\w+|)\s+(.*)$ ^libreoffice-ogltrans(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-hsqldb(?::\w+|)\s+(.*)$ ^libreoffice-gtk(?::\w+|)\s+(.*)$ ^libreoffice-systray(?::\w+|)\s+(.*)$ ^libreoffice-calc(?::\w+|)\s+(.*)$ ^libreoffice-base-drivers(?::\w+|)\s+(.*)$ ^libreoffice-style-oxygen(?::\w+|)\s+(.*)$ ^libreoffice-style-tango(?::\w+|)\s+(.*)$ ^libreoffice-style-human(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-firebird(?::\w+|)\s+(.*)$ ^python3-uno(?::\w+|)\s+(.*)$ ^libreoffice-gtk2(?::\w+|)\s+(.*)$ ^libreoffice-writer(?::\w+|)\s+(.*)$ ^libreoffice-report-builder-bin(?::\w+|)\s+(.*)$ ^libreoffice-dev-doc(?::\w+|)\s+(.*)$ ^libreoffice-script-provider-js(?::\w+|)\s+(.*)$ ^libreoffice-l10n-za(?::\w+|)\s+(.*)$ ^libreoffice(?::\w+|)\s+(.*)$ ^libreoffice-draw(?::\w+|)\s+(.*)$ ^libreoffice-style-sifr(?::\w+|)\s+(.*)$ ^libreoffice-sdbc-postgresql(?::\w+|)\s+(.*)$ ^liblibreofficekitgtk(?::\w+|)\s+(.*)$ ^libreoffice-l10n-in(?::\w+|)\s+(.*)$ ^fonts-opensymbol(?::\w+|)\s+(.*)$ ^uno-libs3(?::\w+|)\s+(.*)$ ^ure(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^libkf5auth-data(?::\w+|)\s+(.*)$ ^libkf5auth-bin-dev(?::\w+|)\s+(.*)$ ^libkf5auth-dev(?::\w+|)\s+(.*)$ ^libkf5auth5(?::\w+|)\s+(.*)$ ^libcommons-net-java-doc(?::\w+|)\s+(.*)$ ^libcommons-net-java(?::\w+|)\s+(.*)$ ^golang-1.18-go(?::\w+|)\s+(.*)$ ^golang-1.18-src(?::\w+|)\s+(.*)$ ^golang-1.18(?::\w+|)\s+(.*)$ ^golang-1.18-doc(?::\w+|)\s+(.*)$ ^golang-1.13(?::\w+|)\s+(.*)$ ^golang-1.13-doc(?::\w+|)\s+(.*)$ ^golang-1.13-go(?::\w+|)\s+(.*)$ ^golang-1.13-src(?::\w+|)\s+(.*)$ ^golang-1.16(?::\w+|)\s+(.*)$ ^golang-1.16-doc(?::\w+|)\s+(.*)$ ^golang-1.16-go(?::\w+|)\s+(.*)$ ^golang-1.16-src(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^cloud-init(?::\w+|)\s+(.*)$ ^openssl-ibmca(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^libzen-dev(?::\w+|)\s+(.*)$ ^libzen-doc(?::\w+|)\s+(.*)$ ^libzen0v5(?::\w+|)\s+(.*)$ ^libnetty-java(?::\w+|)\s+(.*)$ ^git(?::\w+|)\s+(.*)$ ^gitweb(?::\w+|)\s+(.*)$ ^git-gui(?::\w+|)\s+(.*)$ ^git-daemon-sysvinit(?::\w+|)\s+(.*)$ ^git-el(?::\w+|)\s+(.*)$ ^gitk(?::\w+|)\s+(.*)$ ^git-all(?::\w+|)\s+(.*)$ ^git-mediawiki(?::\w+|)\s+(.*)$ ^git-daemon-run(?::\w+|)\s+(.*)$ ^git-man(?::\w+|)\s+(.*)$ ^git-doc(?::\w+|)\s+(.*)$ ^git-svn(?::\w+|)\s+(.*)$ ^git-cvs(?::\w+|)\s+(.*)$ ^git-email(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^python-sqlparse(?::\w+|)\s+(.*)$ ^python3-sqlparse(?::\w+|)\s+(.*)$ ^python-sqlparse-doc(?::\w+|)\s+(.*)$ ^pypy-sqlparse(?::\w+|)\s+(.*)$ ^sqlformat(?::\w+|)\s+(.*)$ ^node-css-what(?::\w+|)\s+(.*)$ ^python-heat(?::\w+|)\s+(.*)$ ^heat-api-cfn(?::\w+|)\s+(.*)$ ^heat-engine(?::\w+|)\s+(.*)$ ^heat-api(?::\w+|)\s+(.*)$ ^heat-common(?::\w+|)\s+(.*)$ ^neutron-plugin-linuxbridge-agent(?::\w+|)\s+(.*)$ ^neutron-linuxbridge-agent(?::\w+|)\s+(.*)$ ^neutron-metering-agent(?::\w+|)\s+(.*)$ ^neutron-plugin-ml2(?::\w+|)\s+(.*)$ ^neutron-plugin-sriov-agent(?::\w+|)\s+(.*)$ ^neutron-plugin-openvswitch-agent(?::\w+|)\s+(.*)$ ^neutron-l3-agent(?::\w+|)\s+(.*)$ ^neutron-metadata-agent(?::\w+|)\s+(.*)$ ^python-neutron(?::\w+|)\s+(.*)$ ^neutron-dhcp-agent(?::\w+|)\s+(.*)$ ^neutron-sriov-agent(?::\w+|)\s+(.*)$ ^neutron-openvswitch-agent(?::\w+|)\s+(.*)$ ^neutron-server(?::\w+|)\s+(.*)$ ^neutron-common(?::\w+|)\s+(.*)$ ^neutron-macvtap-agent(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-locale-tg(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-locale-tg(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^firefox-locale-nl(?::\w+|)\s+(.*)$ ^firefox-locale-nn(?::\w+|)\s+(.*)$ ^firefox-locale-ne(?::\w+|)\s+(.*)$ ^firefox-locale-nb(?::\w+|)\s+(.*)$ ^firefox-locale-fa(?::\w+|)\s+(.*)$ ^firefox-locale-fi(?::\w+|)\s+(.*)$ ^firefox-locale-fr(?::\w+|)\s+(.*)$ ^firefox-locale-fy(?::\w+|)\s+(.*)$ ^firefox-locale-or(?::\w+|)\s+(.*)$ ^firefox-locale-kab(?::\w+|)\s+(.*)$ ^firefox-locale-oc(?::\w+|)\s+(.*)$ ^firefox-locale-cs(?::\w+|)\s+(.*)$ ^firefox-locale-ga(?::\w+|)\s+(.*)$ ^firefox-locale-gd(?::\w+|)\s+(.*)$ ^firefox-locale-gn(?::\w+|)\s+(.*)$ ^firefox-locale-gl(?::\w+|)\s+(.*)$ ^firefox-locale-gu(?::\w+|)\s+(.*)$ ^firefox-locale-pa(?::\w+|)\s+(.*)$ ^firefox-locale-pl(?::\w+|)\s+(.*)$ ^firefox-locale-cy(?::\w+|)\s+(.*)$ ^firefox-locale-pt(?::\w+|)\s+(.*)$ ^firefox-locale-szl(?::\w+|)\s+(.*)$ ^firefox-locale-hi(?::\w+|)\s+(.*)$ ^firefox-locale-uk(?::\w+|)\s+(.*)$ ^firefox-locale-he(?::\w+|)\s+(.*)$ ^firefox-locale-hy(?::\w+|)\s+(.*)$ ^firefox-locale-hr(?::\w+|)\s+(.*)$ ^firefox-locale-hu(?::\w+|)\s+(.*)$ ^firefox-locale-as(?::\w+|)\s+(.*)$ ^firefox-locale-ar(?::\w+|)\s+(.*)$ ^firefox-locale-ia(?::\w+|)\s+(.*)$ ^firefox-locale-az(?::\w+|)\s+(.*)$ ^firefox-locale-id(?::\w+|)\s+(.*)$ ^firefox-locale-mai(?::\w+|)\s+(.*)$ ^firefox-locale-af(?::\w+|)\s+(.*)$ ^firefox-locale-is(?::\w+|)\s+(.*)$ ^firefox-locale-it(?::\w+|)\s+(.*)$ ^firefox-locale-an(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hant(?::\w+|)\s+(.*)$ ^firefox(?::\w+|)\s+(.*)$ ^firefox-locale-ro(?::\w+|)\s+(.*)$ ^firefox-geckodriver(?::\w+|)\s+(.*)$ ^firefox-locale-ja(?::\w+|)\s+(.*)$ ^firefox-locale-ru(?::\w+|)\s+(.*)$ ^firefox-locale-br(?::\w+|)\s+(.*)$ ^firefox-locale-bs(?::\w+|)\s+(.*)$ ^firefox-locale-zh-hans(?::\w+|)\s+(.*)$ ^firefox-locale-bn(?::\w+|)\s+(.*)$ ^firefox-locale-be(?::\w+|)\s+(.*)$ ^firefox-locale-bg(?::\w+|)\s+(.*)$ ^firefox-locale-sl(?::\w+|)\s+(.*)$ ^firefox-locale-sk(?::\w+|)\s+(.*)$ ^firefox-locale-si(?::\w+|)\s+(.*)$ ^firefox-locale-sw(?::\w+|)\s+(.*)$ ^firefox-locale-sv(?::\w+|)\s+(.*)$ ^firefox-locale-sr(?::\w+|)\s+(.*)$ ^firefox-locale-sq(?::\w+|)\s+(.*)$ ^firefox-locale-ko(?::\w+|)\s+(.*)$ ^firefox-locale-kn(?::\w+|)\s+(.*)$ ^firefox-locale-km(?::\w+|)\s+(.*)$ ^firefox-locale-kk(?::\w+|)\s+(.*)$ ^firefox-locale-ka(?::\w+|)\s+(.*)$ ^firefox-locale-xh(?::\w+|)\s+(.*)$ ^firefox-locale-ca(?::\w+|)\s+(.*)$ ^firefox-locale-ku(?::\w+|)\s+(.*)$ ^firefox-mozsymbols(?::\w+|)\s+(.*)$ ^firefox-locale-lv(?::\w+|)\s+(.*)$ ^firefox-locale-lt(?::\w+|)\s+(.*)$ ^firefox-locale-th(?::\w+|)\s+(.*)$ ^firefox-locale-hsb(?::\w+|)\s+(.*)$ ^firefox-locale-tg(?::\w+|)\s+(.*)$ ^firefox-dev(?::\w+|)\s+(.*)$ ^firefox-locale-te(?::\w+|)\s+(.*)$ ^firefox-locale-cak(?::\w+|)\s+(.*)$ ^firefox-locale-ta(?::\w+|)\s+(.*)$ ^firefox-locale-lg(?::\w+|)\s+(.*)$ ^firefox-locale-tr(?::\w+|)\s+(.*)$ ^firefox-locale-nso(?::\w+|)\s+(.*)$ ^firefox-locale-de(?::\w+|)\s+(.*)$ ^firefox-locale-da(?::\w+|)\s+(.*)$ ^firefox-locale-ms(?::\w+|)\s+(.*)$ ^firefox-locale-mr(?::\w+|)\s+(.*)$ ^firefox-locale-my(?::\w+|)\s+(.*)$ ^firefox-locale-uz(?::\w+|)\s+(.*)$ ^firefox-locale-ml(?::\w+|)\s+(.*)$ ^firefox-locale-mn(?::\w+|)\s+(.*)$ ^firefox-locale-mk(?::\w+|)\s+(.*)$ ^firefox-locale-ur(?::\w+|)\s+(.*)$ ^firefox-locale-vi(?::\w+|)\s+(.*)$ ^firefox-locale-eu(?::\w+|)\s+(.*)$ ^firefox-locale-et(?::\w+|)\s+(.*)$ ^firefox-locale-es(?::\w+|)\s+(.*)$ ^firefox-locale-csb(?::\w+|)\s+(.*)$ ^firefox-locale-el(?::\w+|)\s+(.*)$ ^firefox-locale-eo(?::\w+|)\s+(.*)$ ^firefox-locale-en(?::\w+|)\s+(.*)$ ^firefox-locale-zu(?::\w+|)\s+(.*)$ ^firefox-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn(?::\w+|)\s+(.*)$ ^thunderbird-locale-be(?::\w+|)\s+(.*)$ ^thunderbird-locale-bg(?::\w+|)\s+(.*)$ ^thunderbird-locale-ja(?::\w+|)\s+(.*)$ ^thunderbird-locale-sl(?::\w+|)\s+(.*)$ ^thunderbird-locale-sk(?::\w+|)\s+(.*)$ ^thunderbird-locale-si(?::\w+|)\s+(.*)$ ^thunderbird-gnome-support(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv(?::\w+|)\s+(.*)$ ^thunderbird-locale-sr(?::\w+|)\s+(.*)$ ^thunderbird-locale-sq(?::\w+|)\s+(.*)$ ^thunderbird-locale-hsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-cy(?::\w+|)\s+(.*)$ ^thunderbird-locale-cs(?::\w+|)\s+(.*)$ ^thunderbird-locale-ca(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-br(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa(?::\w+|)\s+(.*)$ ^thunderbird-locale-ka(?::\w+|)\s+(.*)$ ^thunderbird-locale-ko(?::\w+|)\s+(.*)$ ^thunderbird-locale-kk(?::\w+|)\s+(.*)$ ^thunderbird-locale-kab(?::\w+|)\s+(.*)$ ^thunderbird-locale-pl(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-tw(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-us(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb-no(?::\w+|)\s+(.*)$ ^thunderbird-locale-bn-bd(?::\w+|)\s+(.*)$ ^thunderbird-locale-lv(?::\w+|)\s+(.*)$ ^thunderbird-locale-lt(?::\w+|)\s+(.*)$ ^thunderbird-locale-en-gb(?::\w+|)\s+(.*)$ ^thunderbird-locale-uz(?::\w+|)\s+(.*)$ ^xul-ext-calendar-timezones(?::\w+|)\s+(.*)$ ^thunderbird-locale-de(?::\w+|)\s+(.*)$ ^thunderbird-locale-da(?::\w+|)\s+(.*)$ ^thunderbird-locale-uk(?::\w+|)\s+(.*)$ ^thunderbird-dev(?::\w+|)\s+(.*)$ ^thunderbird-locale-el(?::\w+|)\s+(.*)$ ^thunderbird-locale-en(?::\w+|)\s+(.*)$ ^thunderbird-locale-rm(?::\w+|)\s+(.*)$ ^thunderbird-locale-ms(?::\w+|)\s+(.*)$ ^thunderbird-locale-ro(?::\w+|)\s+(.*)$ ^thunderbird-locale-eu(?::\w+|)\s+(.*)$ ^thunderbird-locale-et(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hant(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-hans(?::\w+|)\s+(.*)$ ^thunderbird-locale-ru(?::\w+|)\s+(.*)$ ^thunderbird-locale-mk(?::\w+|)\s+(.*)$ ^xul-ext-gdata-provider(?::\w+|)\s+(.*)$ ^thunderbird-locale-fr(?::\w+|)\s+(.*)$ ^thunderbird-locale-es-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta-lk(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy(?::\w+|)\s+(.*)$ ^thunderbird-locale-fa(?::\w+|)\s+(.*)$ ^thunderbird-locale-fi(?::\w+|)\s+(.*)$ ^thunderbird-locale-ast(?::\w+|)\s+(.*)$ ^thunderbird-locale-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nn(?::\w+|)\s+(.*)$ ^xul-ext-lightning(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga-ie(?::\w+|)\s+(.*)$ ^thunderbird-locale-fy-nl(?::\w+|)\s+(.*)$ ^thunderbird-locale-nb(?::\w+|)\s+(.*)$ ^thunderbird-mozsymbols(?::\w+|)\s+(.*)$ ^thunderbird-locale-zh-cn(?::\w+|)\s+(.*)$ ^thunderbird-locale-gl(?::\w+|)\s+(.*)$ ^thunderbird-locale-ga(?::\w+|)\s+(.*)$ ^thunderbird-locale-tr(?::\w+|)\s+(.*)$ ^thunderbird-locale-gd(?::\w+|)\s+(.*)$ ^thunderbird-locale-th(?::\w+|)\s+(.*)$ ^thunderbird-locale-ta(?::\w+|)\s+(.*)$ ^thunderbird-locale-dsb(?::\w+|)\s+(.*)$ ^thunderbird-locale-it(?::\w+|)\s+(.*)$ ^thunderbird-locale-hy(?::\w+|)\s+(.*)$ ^thunderbird-locale-sv-se(?::\w+|)\s+(.*)$ ^thunderbird-locale-hr(?::\w+|)\s+(.*)$ ^thunderbird-locale-hu(?::\w+|)\s+(.*)$ ^thunderbird-locale-pa-in(?::\w+|)\s+(.*)$ ^thunderbird-locale-he(?::\w+|)\s+(.*)$ ^thunderbird-locale-ar(?::\w+|)\s+(.*)$ ^thunderbird-locale-af(?::\w+|)\s+(.*)$ ^thunderbird-locale-pt-pt(?::\w+|)\s+(.*)$ ^thunderbird-locale-cak(?::\w+|)\s+(.*)$ ^thunderbird-locale-is(?::\w+|)\s+(.*)$ ^thunderbird(?::\w+|)\s+(.*)$ ^thunderbird-locale-vi(?::\w+|)\s+(.*)$ ^thunderbird-locale-es(?::\w+|)\s+(.*)$ ^thunderbird-locale-id(?::\w+|)\s+(.*)$ ^matrix-synapse(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^webp(?::\w+|)\s+(.*)$ ^libwebp6(?::\w+|)\s+(.*)$ ^libwebpmux3(?::\w+|)\s+(.*)$ ^libwebp-dev(?::\w+|)\s+(.*)$ ^libwebpdemux2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^node-eventsource(?::\w+|)\s+(.*)$ ^libfontembed-dev(?::\w+|)\s+(.*)$ ^libfontembed1(?::\w+|)\s+(.*)$ ^libcupsfilters-dev(?::\w+|)\s+(.*)$ ^cups-filters(?::\w+|)\s+(.*)$ ^cups-browsed(?::\w+|)\s+(.*)$ ^cups-filters-core-drivers(?::\w+|)\s+(.*)$ ^libcupsfilters1(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^node-minimatch(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linuxptp(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^libhtml-stripscripts-perl(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^node-json-schema(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^ca-certificates(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^jhead(?::\w+|)\s+(.*)$ ^libperl-dev(?::\w+|)\s+(.*)$ ^perl-modules-5.26(?::\w+|)\s+(.*)$ ^perl-doc(?::\w+|)\s+(.*)$ ^perl(?::\w+|)\s+(.*)$ ^perl-base(?::\w+|)\s+(.*)$ ^libperl5.26(?::\w+|)\s+(.*)$ ^perl-debug(?::\w+|)\s+(.*)$ ^node-nth-check(?::\w+|)\s+(.*)$ ^libptexenc-dev(?::\w+|)\s+(.*)$ ^libkpathsea-dev(?::\w+|)\s+(.*)$ ^texlive-binaries(?::\w+|)\s+(.*)$ ^libtexluajit2(?::\w+|)\s+(.*)$ ^libtexluajit-dev(?::\w+|)\s+(.*)$ ^libptexenc1(?::\w+|)\s+(.*)$ ^libtexlua52-dev(?::\w+|)\s+(.*)$ ^libtexlua52(?::\w+|)\s+(.*)$ ^libsynctex-dev(?::\w+|)\s+(.*)$ ^libkpathsea6(?::\w+|)\s+(.*)$ ^libsynctex1(?::\w+|)\s+(.*)$ ^node-hawk(?::\w+|)\s+(.*)$ ^libbatik-java(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^ubuntu-core-snapd-units(?::\w+|)\s+(.*)$ ^ubuntu-core-launcher(?::\w+|)\s+(.*)$ ^snap-confine(?::\w+|)\s+(.*)$ ^ubuntu-snappy-cli(?::\w+|)\s+(.*)$ ^golang-github-snapcore-snapd-dev(?::\w+|)\s+(.*)$ ^snapd-xdg-open(?::\w+|)\s+(.*)$ ^snapd(?::\w+|)\s+(.*)$ ^golang-github-ubuntu-core-snappy-dev(?::\w+|)\s+(.*)$ ^ubuntu-snappy(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^gir1.2-avahi-0.6(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libnghttp2-14(?::\w+|)\s+(.*)$ ^libnghttp2-doc(?::\w+|)\s+(.*)$ ^libnghttp2-dev(?::\w+|)\s+(.*)$ ^nghttp2-proxy(?::\w+|)\s+(.*)$ ^nghttp2(?::\w+|)\s+(.*)$ ^nghttp2-client(?::\w+|)\s+(.*)$ ^nghttp2-server(?::\w+|)\s+(.*)$ ^isag(?::\w+|)\s+(.*)$ ^sysstat(?::\w+|)\s+(.*)$ ^netatalk(?::\w+|)\s+(.*)$ ^sniproxy(?::\w+|)\s+(.*)$ ^python-jupyter-core-doc(?::\w+|)\s+(.*)$ ^python3-jupyter-core(?::\w+|)\s+(.*)$ ^jupyter(?::\w+|)\s+(.*)$ ^jupyter-core(?::\w+|)\s+(.*)$ ^python-jupyter-core(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^python3-requests(?::\w+|)\s+(.*)$ ^python-requests(?::\w+|)\s+(.*)$ ^node-fetch(?::\w+|)\s+(.*)$ ^libpano13-dev(?::\w+|)\s+(.*)$ ^libpano13-bin(?::\w+|)\s+(.*)$ ^libpano13-3(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libglib2.0-0(?::\w+|)\s+(.*)$ ^libglib2.0-bin(?::\w+|)\s+(.*)$ ^libglib2.0-data(?::\w+|)\s+(.*)$ ^libglib2.0-dev(?::\w+|)\s+(.*)$ ^libglib2.0-dev-bin(?::\w+|)\s+(.*)$ ^libglib2.0-doc(?::\w+|)\s+(.*)$ ^libglib2.0-tests(?::\w+|)\s+(.*)$ ^libcap2(?::\w+|)\s+(.*)$ ^libcap2-bin(?::\w+|)\s+(.*)$ ^libpam-cap(?::\w+|)\s+(.*)$ ^libcap-dev(?::\w+|)\s+(.*)$ ^qemu-system-common(?::\w+|)\s+(.*)$ ^qemu-user-static(?::\w+|)\s+(.*)$ ^qemu-system-misc(?::\w+|)\s+(.*)$ ^qemu-block-extra(?::\w+|)\s+(.*)$ ^qemu-system-s390x(?::\w+|)\s+(.*)$ ^qemu-kvm(?::\w+|)\s+(.*)$ ^qemu-user(?::\w+|)\s+(.*)$ ^qemu-guest-agent(?::\w+|)\s+(.*)$ ^qemu-system(?::\w+|)\s+(.*)$ ^qemu-utils(?::\w+|)\s+(.*)$ ^qemu(?::\w+|)\s+(.*)$ ^qemu-user-binfmt(?::\w+|)\s+(.*)$ ^qemu-system-x86(?::\w+|)\s+(.*)$ ^qemu-system-sparc(?::\w+|)\s+(.*)$ ^qemu-system-arm(?::\w+|)\s+(.*)$ ^qemu-system-ppc(?::\w+|)\s+(.*)$ ^qemu-system-mips(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libgsasl7(?::\w+|)\s+(.*)$ ^libgsasl7-dev(?::\w+|)\s+(.*)$ ^gsasl(?::\w+|)\s+(.*)$ ^python3-pypdf2(?::\w+|)\s+(.*)$ ^python-pypdf2(?::\w+|)\s+(.*)$ ^libjettison-java(?::\w+|)\s+(.*)$ ^libsvgpp-doc(?::\w+|)\s+(.*)$ ^libsvgpp-dev(?::\w+|)\s+(.*)$ ^libjettison-java(?::\w+|)\s+(.*)$ ^libvlc-bin(?::\w+|)\s+(.*)$ ^libvlc-dev(?::\w+|)\s+(.*)$ ^libvlc5(?::\w+|)\s+(.*)$ ^libvlccore-dev(?::\w+|)\s+(.*)$ ^libvlccore9(?::\w+|)\s+(.*)$ ^vlc(?::\w+|)\s+(.*)$ ^vlc-bin(?::\w+|)\s+(.*)$ ^vlc-data(?::\w+|)\s+(.*)$ ^vlc-l10n(?::\w+|)\s+(.*)$ ^vlc-plugin-access-extra(?::\w+|)\s+(.*)$ ^vlc-plugin-base(?::\w+|)\s+(.*)$ ^vlc-plugin-fluidsynth(?::\w+|)\s+(.*)$ ^vlc-plugin-jack(?::\w+|)\s+(.*)$ ^vlc-plugin-notify(?::\w+|)\s+(.*)$ ^vlc-plugin-qt(?::\w+|)\s+(.*)$ ^vlc-plugin-samba(?::\w+|)\s+(.*)$ ^vlc-plugin-skins2(?::\w+|)\s+(.*)$ ^vlc-plugin-svg(?::\w+|)\s+(.*)$ ^vlc-plugin-video-output(?::\w+|)\s+(.*)$ ^vlc-plugin-video-splitter(?::\w+|)\s+(.*)$ ^vlc-plugin-visualization(?::\w+|)\s+(.*)$ ^vlc-plugin-zvbi(?::\w+|)\s+(.*)$ ^pngcheck(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^etcd(?::\w+|)\s+(.*)$ ^etcd-client(?::\w+|)\s+(.*)$ ^etcd-server(?::\w+|)\s+(.*)$ ^golang-etcd-server-dev(?::\w+|)\s+(.*)$ ^accountsservice(?::\w+|)\s+(.*)$ ^gir1.2-accountsservice-1.0(?::\w+|)\s+(.*)$ ^libaccountsservice-dev(?::\w+|)\s+(.*)$ ^libaccountsservice-doc(?::\w+|)\s+(.*)$ ^libaccountsservice0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-raspi2)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^ldap-utils(?::\w+|)\s+(.*)$ ^libldap-2.4-2(?::\w+|)\s+(.*)$ ^libldap-common(?::\w+|)\s+(.*)$ ^libldap2-dev(?::\w+|)\s+(.*)$ ^slapd(?::\w+|)\s+(.*)$ ^slapd-smbk5pwd(?::\w+|)\s+(.*)$ ^screen(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^containerd(?::\w+|)\s+(.*)$ ^golang-github-containerd-containerd-dev(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^golang-github-gorilla-websocket-dev(?::\w+|)\s+(.*)$ ^golang-websocket-dev(?::\w+|)\s+(.*)$ ^gerbv(?::\w+|)\s+(.*)$ ^ruby-doorkeeper(?::\w+|)\s+(.*)$ ^dwarves(?::\w+|)\s+(.*)$ ^libruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5(?::\w+|)\s+(.*)$ ^ruby2.5-dev(?::\w+|)\s+(.*)$ ^ruby2.5-doc(?::\w+|)\s+(.*)$ ^knot-resolver(?::\w+|)\s+(.*)$ ^knot-resolver-doc(?::\w+|)\s+(.*)$ ^knot-resolver-module-http(?::\w+|)\s+(.*)$ ^libkres-dev(?::\w+|)\s+(.*)$ ^libkres6(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^wkhtmltopdf(?::\w+|)\s+(.*)$ ^libyajl-dev(?::\w+|)\s+(.*)$ ^libyajl-doc(?::\w+|)\s+(.*)$ ^libyajl2(?::\w+|)\s+(.*)$ ^yajl-tools(?::\w+|)\s+(.*)$ ^connman(?::\w+|)\s+(.*)$ ^connman-dev(?::\w+|)\s+(.*)$ ^connman-doc(?::\w+|)\s+(.*)$ ^connman-vpn(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^ecdsautils(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^graphite-web(?::\w+|)\s+(.*)$ ^graphite-web(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-dell300x)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-snapdragon)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^iscsiuio(?::\w+|)\s+(.*)$ ^open-iscsi(?::\w+|)\s+(.*)$ ^libwireshark-data(?::\w+|)\s+(.*)$ ^libwireshark-dev(?::\w+|)\s+(.*)$ ^libwireshark11(?::\w+|)\s+(.*)$ ^libwiretap-dev(?::\w+|)\s+(.*)$ ^libwiretap8(?::\w+|)\s+(.*)$ ^libwscodecs2(?::\w+|)\s+(.*)$ ^libwsutil-dev(?::\w+|)\s+(.*)$ ^libwsutil9(?::\w+|)\s+(.*)$ ^tshark(?::\w+|)\s+(.*)$ ^wireshark(?::\w+|)\s+(.*)$ ^wireshark-common(?::\w+|)\s+(.*)$ ^wireshark-dev(?::\w+|)\s+(.*)$ ^wireshark-doc(?::\w+|)\s+(.*)$ ^wireshark-gtk(?::\w+|)\s+(.*)$ ^wireshark-qt(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^duende(?::\w+|)\s+(.*)$ ^maradns(?::\w+|)\s+(.*)$ ^maradns-deadwood(?::\w+|)\s+(.*)$ ^maradns-docs(?::\w+|)\s+(.*)$ ^maradns-zoneserver(?::\w+|)\s+(.*)$ ^cargo(?::\w+|)\s+(.*)$ ^cargo-doc(?::\w+|)\s+(.*)$ ^php-dompdf(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^python-pypdf2(?::\w+|)\s+(.*)$ ^python3-pypdf2(?::\w+|)\s+(.*)$ ^velocity(?::\w+|)\s+(.*)$ ^velocity-doc(?::\w+|)\s+(.*)$ ^libvelocity-tools-java(?::\w+|)\s+(.*)$ ^libvelocity-tools-java-doc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^golang-gopkg-yaml.v2-dev(?::\w+|)\s+(.*)$ ^golang-yaml.v2-dev(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^libzzip-0-13(?::\w+|)\s+(.*)$ ^libzzip-dev(?::\w+|)\s+(.*)$ ^zziplib-bin(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^clamav(?::\w+|)\s+(.*)$ ^clamav-base(?::\w+|)\s+(.*)$ ^clamav-daemon(?::\w+|)\s+(.*)$ ^clamav-docs(?::\w+|)\s+(.*)$ ^clamav-freshclam(?::\w+|)\s+(.*)$ ^clamav-milter(?::\w+|)\s+(.*)$ ^clamav-testfiles(?::\w+|)\s+(.*)$ ^clamdscan(?::\w+|)\s+(.*)$ ^libclamav-dev(?::\w+|)\s+(.*)$ ^libclamav9(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^libcjose-dev(?::\w+|)\s+(.*)$ ^libcjose0(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^faad(?::\w+|)\s+(.*)$ ^libfaad-dev(?::\w+|)\s+(.*)$ ^libfaad2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-generic-lpae|-lowlatency)(?::\w+|)\s+(.*)$ ^amd64-microcode(?::\w+|)\s+(.*)$ ^elfutils(?::\w+|)\s+(.*)$ ^libasm-dev(?::\w+|)\s+(.*)$ ^libasm1(?::\w+|)\s+(.*)$ ^libdw-dev(?::\w+|)\s+(.*)$ ^libdw1(?::\w+|)\s+(.*)$ ^libelf-dev(?::\w+|)\s+(.*)$ ^libelf1(?::\w+|)\s+(.*)$ ^python-git(?::\w+|)\s+(.*)$ ^python-git-doc(?::\w+|)\s+(.*)$ ^python3-git(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^atftp(?::\w+|)\s+(.*)$ ^atftpd(?::\w+|)\s+(.*)$ ^busybox(?::\w+|)\s+(.*)$ ^busybox-initramfs(?::\w+|)\s+(.*)$ ^busybox-static(?::\w+|)\s+(.*)$ ^busybox-syslogd(?::\w+|)\s+(.*)$ ^udhcpc(?::\w+|)\s+(.*)$ ^udhcpd(?::\w+|)\s+(.*)$ ^docker-registry(?::\w+|)\s+(.*)$ ^golang-github-docker-distribution-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^libsox-dev(?::\w+|)\s+(.*)$ ^libsox-fmt-all(?::\w+|)\s+(.*)$ ^libsox-fmt-alsa(?::\w+|)\s+(.*)$ ^libsox-fmt-ao(?::\w+|)\s+(.*)$ ^libsox-fmt-base(?::\w+|)\s+(.*)$ ^libsox-fmt-mp3(?::\w+|)\s+(.*)$ ^libsox-fmt-oss(?::\w+|)\s+(.*)$ ^libsox-fmt-pulse(?::\w+|)\s+(.*)$ ^libsox3(?::\w+|)\s+(.*)$ ^sox(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^libshiro-java(?::\w+|)\s+(.*)$ ^libplib-dev(?::\w+|)\s+(.*)$ ^libplib1(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^libopendmarc-dev(?::\w+|)\s+(.*)$ ^libopendmarc2(?::\w+|)\s+(.*)$ ^opendmarc(?::\w+|)\s+(.*)$ ^rddmarc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^ruby-redcloth(?::\w+|)\s+(.*)$ ^flac(?::\w+|)\s+(.*)$ ^libflac++-dev(?::\w+|)\s+(.*)$ ^libflac++6v5(?::\w+|)\s+(.*)$ ^libflac-dev(?::\w+|)\s+(.*)$ ^libflac-doc(?::\w+|)\s+(.*)$ ^libflac8(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^ghostscript(?::\w+|)\s+(.*)$ ^ghostscript-doc(?::\w+|)\s+(.*)$ ^ghostscript-x(?::\w+|)\s+(.*)$ ^libgs-dev(?::\w+|)\s+(.*)$ ^libgs9(?::\w+|)\s+(.*)$ ^libgs9-common(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^libwebp-dev(?::\w+|)\s+(.*)$ ^libwebp6(?::\w+|)\s+(.*)$ ^libwebpdemux2(?::\w+|)\s+(.*)$ ^libwebpmux3(?::\w+|)\s+(.*)$ ^webp(?::\w+|)\s+(.*)$ ^libapache2-mod-security2(?::\w+|)\s+(.*)$ ^libssh2-1(?::\w+|)\s+(.*)$ ^libssh2-1-dev(?::\w+|)\s+(.*)$ ^gawk(?::\w+|)\s+(.*)$ ^mutt(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-doc(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^memcached(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^cups(?::\w+|)\s+(.*)$ ^cups-bsd(?::\w+|)\s+(.*)$ ^cups-client(?::\w+|)\s+(.*)$ ^cups-common(?::\w+|)\s+(.*)$ ^cups-core-drivers(?::\w+|)\s+(.*)$ ^cups-daemon(?::\w+|)\s+(.*)$ ^cups-ipp-utils(?::\w+|)\s+(.*)$ ^cups-ppdc(?::\w+|)\s+(.*)$ ^cups-server-common(?::\w+|)\s+(.*)$ ^libcups2(?::\w+|)\s+(.*)$ ^libcups2-dev(?::\w+|)\s+(.*)$ ^libcupscgi1(?::\w+|)\s+(.*)$ ^libcupsimage2(?::\w+|)\s+(.*)$ ^libcupsimage2-dev(?::\w+|)\s+(.*)$ ^libcupsmime1(?::\w+|)\s+(.*)$ ^libcupsppdc1(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^minidlna(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^libtommath-dev(?::\w+|)\s+(.*)$ ^libtommath-docs(?::\w+|)\s+(.*)$ ^libtommath1(?::\w+|)\s+(.*)$ ^libvpx-dev(?::\w+|)\s+(.*)$ ^libvpx-doc(?::\w+|)\s+(.*)$ ^libvpx5(?::\w+|)\s+(.*)$ ^vpx-tools(?::\w+|)\s+(.*)$ ^libx11-6(?::\w+|)\s+(.*)$ ^libx11-data(?::\w+|)\s+(.*)$ ^libx11-dev(?::\w+|)\s+(.*)$ ^libx11-doc(?::\w+|)\s+(.*)$ ^libx11-xcb-dev(?::\w+|)\s+(.*)$ ^libx11-xcb1(?::\w+|)\s+(.*)$ ^libxpm-dev(?::\w+|)\s+(.*)$ ^libxpm4(?::\w+|)\s+(.*)$ ^xpmutils(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^binutils(?::\w+|)\s+(.*)$ ^binutils-aarch64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-alpha-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabi(?::\w+|)\s+(.*)$ ^binutils-arm-linux-gnueabihf(?::\w+|)\s+(.*)$ ^binutils-common(?::\w+|)\s+(.*)$ ^binutils-dev(?::\w+|)\s+(.*)$ ^binutils-doc(?::\w+|)\s+(.*)$ ^binutils-for-build(?::\w+|)\s+(.*)$ ^binutils-for-host(?::\w+|)\s+(.*)$ ^binutils-hppa-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-hppa64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-i686-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-ia64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-m68k-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mips64el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsel-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa32r6el-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabi64(?::\w+|)\s+(.*)$ ^binutils-mipsisa64r6el-linux-gnuabin32(?::\w+|)\s+(.*)$ ^binutils-multiarch(?::\w+|)\s+(.*)$ ^binutils-multiarch-dev(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc-linux-gnuspe(?::\w+|)\s+(.*)$ ^binutils-powerpc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-powerpc64le-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-riscv64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-s390x-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-sh4-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-source(?::\w+|)\s+(.*)$ ^binutils-sparc64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-kfreebsd-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnu(?::\w+|)\s+(.*)$ ^binutils-x86-64-linux-gnux32(?::\w+|)\s+(.*)$ ^libbinutils(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-doc(?::\w+|)\s+(.*)$ ^libjs-jquery-ui(?::\w+|)\s+(.*)$ ^libjs-jquery-ui-docs(?::\w+|)\s+(.*)$ ^node-jquery-ui(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^ring(?::\w+|)\s+(.*)$ ^ring-daemon(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^iperf3(?::\w+|)\s+(.*)$ ^libiperf-dev(?::\w+|)\s+(.*)$ ^libiperf0(?::\w+|)\s+(.*)$ ^quagga(?::\w+|)\s+(.*)$ ^quagga-bgpd(?::\w+|)\s+(.*)$ ^quagga-core(?::\w+|)\s+(.*)$ ^quagga-doc(?::\w+|)\s+(.*)$ ^quagga-isisd(?::\w+|)\s+(.*)$ ^quagga-ospf6d(?::\w+|)\s+(.*)$ ^quagga-ospfd(?::\w+|)\s+(.*)$ ^quagga-pimd(?::\w+|)\s+(.*)$ ^quagga-ripd(?::\w+|)\s+(.*)$ ^quagga-ripngd(?::\w+|)\s+(.*)$ ^libpmi-pmix-dev(?::\w+|)\s+(.*)$ ^libpmi1-pmix(?::\w+|)\s+(.*)$ ^libpmi2-pmix(?::\w+|)\s+(.*)$ ^libpmix-dev(?::\w+|)\s+(.*)$ ^libpmix2(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^gir1.2-vips-8.0(?::\w+|)\s+(.*)$ ^libvips-dev(?::\w+|)\s+(.*)$ ^libvips-doc(?::\w+|)\s+(.*)$ ^libvips-tools(?::\w+|)\s+(.*)$ ^libvips42(?::\w+|)\s+(.*)$ ^python-vipscc(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib-dev(?::\w+|)\s+(.*)$ ^libsofia-sip-ua-glib3(?::\w+|)\s+(.*)$ ^libsofia-sip-ua0(?::\w+|)\s+(.*)$ ^sofia-sip-bin(?::\w+|)\s+(.*)$ ^sofia-sip-doc(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^ffmpeg(?::\w+|)\s+(.*)$ ^ffmpeg-doc(?::\w+|)\s+(.*)$ ^libavcodec-dev(?::\w+|)\s+(.*)$ ^libavcodec-extra(?::\w+|)\s+(.*)$ ^libavcodec-extra57(?::\w+|)\s+(.*)$ ^libavcodec57(?::\w+|)\s+(.*)$ ^libavdevice-dev(?::\w+|)\s+(.*)$ ^libavdevice57(?::\w+|)\s+(.*)$ ^libavfilter-dev(?::\w+|)\s+(.*)$ ^libavfilter-extra(?::\w+|)\s+(.*)$ ^libavfilter-extra6(?::\w+|)\s+(.*)$ ^libavfilter6(?::\w+|)\s+(.*)$ ^libavformat-dev(?::\w+|)\s+(.*)$ ^libavformat57(?::\w+|)\s+(.*)$ ^libavresample-dev(?::\w+|)\s+(.*)$ ^libavresample3(?::\w+|)\s+(.*)$ ^libavutil-dev(?::\w+|)\s+(.*)$ ^libavutil55(?::\w+|)\s+(.*)$ ^libpostproc-dev(?::\w+|)\s+(.*)$ ^libpostproc54(?::\w+|)\s+(.*)$ ^libswresample-dev(?::\w+|)\s+(.*)$ ^libswresample2(?::\w+|)\s+(.*)$ ^libswscale-dev(?::\w+|)\s+(.*)$ ^libswscale4(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^open-vm-tools(?::\w+|)\s+(.*)$ ^open-vm-tools-desktop(?::\w+|)\s+(.*)$ ^open-vm-tools-dev(?::\w+|)\s+(.*)$ ^krb5-admin-server(?::\w+|)\s+(.*)$ ^krb5-doc(?::\w+|)\s+(.*)$ ^krb5-gss-samples(?::\w+|)\s+(.*)$ ^krb5-k5tls(?::\w+|)\s+(.*)$ ^krb5-kdc(?::\w+|)\s+(.*)$ ^krb5-kdc-ldap(?::\w+|)\s+(.*)$ ^krb5-kpropd(?::\w+|)\s+(.*)$ ^krb5-locales(?::\w+|)\s+(.*)$ ^krb5-multidev(?::\w+|)\s+(.*)$ ^krb5-otp(?::\w+|)\s+(.*)$ ^krb5-pkinit(?::\w+|)\s+(.*)$ ^krb5-user(?::\w+|)\s+(.*)$ ^libgssapi-krb5-2(?::\w+|)\s+(.*)$ ^libgssrpc4(?::\w+|)\s+(.*)$ ^libk5crypto3(?::\w+|)\s+(.*)$ ^libkadm5clnt-mit11(?::\w+|)\s+(.*)$ ^libkadm5srv-mit11(?::\w+|)\s+(.*)$ ^libkdb5-9(?::\w+|)\s+(.*)$ ^libkrad-dev(?::\w+|)\s+(.*)$ ^libkrad0(?::\w+|)\s+(.*)$ ^libkrb5-3(?::\w+|)\s+(.*)$ ^libkrb5-dev(?::\w+|)\s+(.*)$ ^libkrb5support0(?::\w+|)\s+(.*)$ ^xorgxrdp(?::\w+|)\s+(.*)$ ^xrdp(?::\w+|)\s+(.*)$ ^xrdp-pulseaudio-installer(?::\w+|)\s+(.*)$ ^libaxis-java(?::\w+|)\s+(.*)$ ^libaxis-java-doc(?::\w+|)\s+(.*)$ ^libsndfile1(?::\w+|)\s+(.*)$ ^libsndfile1-dev(?::\w+|)\s+(.*)$ ^sndfile-programs(?::\w+|)\s+(.*)$ ^gsl-bin(?::\w+|)\s+(.*)$ ^libgsl-dev(?::\w+|)\s+(.*)$ ^libgsl23(?::\w+|)\s+(.*)$ ^libgslcblas0(?::\w+|)\s+(.*)$ ^python-urllib3(?::\w+|)\s+(.*)$ ^python3-urllib3(?::\w+|)\s+(.*)$ ^python-pip(?::\w+|)\s+(.*)$ ^python-pip-whl(?::\w+|)\s+(.*)$ ^python3-pip(?::\w+|)\s+(.*)$ ^xorgxrdp(?::\w+|)\s+(.*)$ ^xrdp(?::\w+|)\s+(.*)$ ^xrdp-pulseaudio-installer(?::\w+|)\s+(.*)$ ^libprocps-dev(?::\w+|)\s+(.*)$ ^libprocps6(?::\w+|)\s+(.*)$ ^procps(?::\w+|)\s+(.*)$ ^traceroute(?::\w+|)\s+(.*)$ ^intel-microcode(?::\w+|)\s+(.*)$ ^avahi-autoipd(?::\w+|)\s+(.*)$ ^avahi-daemon(?::\w+|)\s+(.*)$ ^avahi-discover(?::\w+|)\s+(.*)$ ^avahi-dnsconfd(?::\w+|)\s+(.*)$ ^avahi-ui-utils(?::\w+|)\s+(.*)$ ^avahi-utils(?::\w+|)\s+(.*)$ ^gir1.2-avahi-0.6(?::\w+|)\s+(.*)$ ^libavahi-client-dev(?::\w+|)\s+(.*)$ ^libavahi-client3(?::\w+|)\s+(.*)$ ^libavahi-common-data(?::\w+|)\s+(.*)$ ^libavahi-common-dev(?::\w+|)\s+(.*)$ ^libavahi-common3(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd-dev(?::\w+|)\s+(.*)$ ^libavahi-compat-libdnssd1(?::\w+|)\s+(.*)$ ^libavahi-core-dev(?::\w+|)\s+(.*)$ ^libavahi-core7(?::\w+|)\s+(.*)$ ^libavahi-glib-dev(?::\w+|)\s+(.*)$ ^libavahi-glib1(?::\w+|)\s+(.*)$ ^libavahi-gobject-dev(?::\w+|)\s+(.*)$ ^libavahi-gobject0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-0(?::\w+|)\s+(.*)$ ^libavahi-ui-gtk3-dev(?::\w+|)\s+(.*)$ ^python-avahi(?::\w+|)\s+(.*)$ ^charon-cmd(?::\w+|)\s+(.*)$ ^charon-systemd(?::\w+|)\s+(.*)$ ^libcharon-extra-plugins(?::\w+|)\s+(.*)$ ^libcharon-standard-plugins(?::\w+|)\s+(.*)$ ^libstrongswan(?::\w+|)\s+(.*)$ ^libstrongswan-extra-plugins(?::\w+|)\s+(.*)$ ^libstrongswan-standard-plugins(?::\w+|)\s+(.*)$ ^strongswan(?::\w+|)\s+(.*)$ ^strongswan-charon(?::\w+|)\s+(.*)$ ^strongswan-libcharon(?::\w+|)\s+(.*)$ ^strongswan-nm(?::\w+|)\s+(.*)$ ^strongswan-pki(?::\w+|)\s+(.*)$ ^strongswan-scepclient(?::\w+|)\s+(.*)$ ^strongswan-starter(?::\w+|)\s+(.*)$ ^strongswan-swanctl(?::\w+|)\s+(.*)$ ^strongswan-tnc-base(?::\w+|)\s+(.*)$ ^strongswan-tnc-client(?::\w+|)\s+(.*)$ ^strongswan-tnc-ifmap(?::\w+|)\s+(.*)$ ^strongswan-tnc-pdp(?::\w+|)\s+(.*)$ ^strongswan-tnc-server(?::\w+|)\s+(.*)$ ^tang(?::\w+|)\s+(.*)$ ^tang-nagios(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-doc(?::\w+|)\s+(.*)$ ^hibagent(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^gnutls-bin(?::\w+|)\s+(.*)$ ^gnutls-doc(?::\w+|)\s+(.*)$ ^libgnutls-dane0(?::\w+|)\s+(.*)$ ^libgnutls-openssl27(?::\w+|)\s+(.*)$ ^libgnutls28-dev(?::\w+|)\s+(.*)$ ^libgnutls30(?::\w+|)\s+(.*)$ ^libgnutlsxx28(?::\w+|)\s+(.*)$ ^squid(?::\w+|)\s+(.*)$ ^squid3(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^gir1.2-poppler-0.18(?::\w+|)\s+(.*)$ ^libpoppler-cpp-dev(?::\w+|)\s+(.*)$ ^libpoppler-cpp0v5(?::\w+|)\s+(.*)$ ^libpoppler-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-dev(?::\w+|)\s+(.*)$ ^libpoppler-glib-doc(?::\w+|)\s+(.*)$ ^libpoppler-glib8(?::\w+|)\s+(.*)$ ^libpoppler-private-dev(?::\w+|)\s+(.*)$ ^libpoppler-qt5-1(?::\w+|)\s+(.*)$ ^libpoppler-qt5-dev(?::\w+|)\s+(.*)$ ^libpoppler73(?::\w+|)\s+(.*)$ ^poppler-utils(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^idle-python2.7(?::\w+|)\s+(.*)$ ^libpython2.7(?::\w+|)\s+(.*)$ ^libpython2.7-dev(?::\w+|)\s+(.*)$ ^libpython2.7-minimal(?::\w+|)\s+(.*)$ ^libpython2.7-stdlib(?::\w+|)\s+(.*)$ ^libpython2.7-testsuite(?::\w+|)\s+(.*)$ ^python2.7(?::\w+|)\s+(.*)$ ^python2.7-dev(?::\w+|)\s+(.*)$ ^python2.7-doc(?::\w+|)\s+(.*)$ ^python2.7-examples(?::\w+|)\s+(.*)$ ^python2.7-minimal(?::\w+|)\s+(.*)$ ^idle-python3.6(?::\w+|)\s+(.*)$ ^libpython3.6(?::\w+|)\s+(.*)$ ^libpython3.6-dev(?::\w+|)\s+(.*)$ ^libpython3.6-minimal(?::\w+|)\s+(.*)$ ^libpython3.6-stdlib(?::\w+|)\s+(.*)$ ^libpython3.6-testsuite(?::\w+|)\s+(.*)$ ^python3.6(?::\w+|)\s+(.*)$ ^python3.6-dev(?::\w+|)\s+(.*)$ ^python3.6-doc(?::\w+|)\s+(.*)$ ^python3.6-examples(?::\w+|)\s+(.*)$ ^python3.6-minimal(?::\w+|)\s+(.*)$ ^python3.6-venv(?::\w+|)\s+(.*)$ ^openvswitch-common(?::\w+|)\s+(.*)$ ^openvswitch-doc(?::\w+|)\s+(.*)$ ^openvswitch-pki(?::\w+|)\s+(.*)$ ^openvswitch-switch(?::\w+|)\s+(.*)$ ^openvswitch-switch-dpdk(?::\w+|)\s+(.*)$ ^openvswitch-test(?::\w+|)\s+(.*)$ ^openvswitch-testcontroller(?::\w+|)\s+(.*)$ ^openvswitch-vtep(?::\w+|)\s+(.*)$ ^ovn-central(?::\w+|)\s+(.*)$ ^ovn-common(?::\w+|)\s+(.*)$ ^ovn-controller-vtep(?::\w+|)\s+(.*)$ ^ovn-docker(?::\w+|)\s+(.*)$ ^ovn-host(?::\w+|)\s+(.*)$ ^python-openvswitch(?::\w+|)\s+(.*)$ ^python3-openvswitch(?::\w+|)\s+(.*)$ ^afflib-tools(?::\w+|)\s+(.*)$ ^libafflib-dev(?::\w+|)\s+(.*)$ ^libafflib0v5(?::\w+|)\s+(.*)$ ^ec2-hibinit-agent(?::\w+|)\s+(.*)$ ^freerdp2-dev(?::\w+|)\s+(.*)$ ^freerdp2-shadow-x11(?::\w+|)\s+(.*)$ ^freerdp2-wayland(?::\w+|)\s+(.*)$ ^freerdp2-x11(?::\w+|)\s+(.*)$ ^libfreerdp-client2-2(?::\w+|)\s+(.*)$ ^libfreerdp-server2-2(?::\w+|)\s+(.*)$ ^libfreerdp-shadow-subsystem2-2(?::\w+|)\s+(.*)$ ^libfreerdp-shadow2-2(?::\w+|)\s+(.*)$ ^libfreerdp2-2(?::\w+|)\s+(.*)$ ^libuwac0-0(?::\w+|)\s+(.*)$ ^libuwac0-dev(?::\w+|)\s+(.*)$ ^libwinpr-tools2-2(?::\w+|)\s+(.*)$ ^libwinpr2-2(?::\w+|)\s+(.*)$ ^libwinpr2-dev(?::\w+|)\s+(.*)$ ^winpr-utils(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^request-tracker4(?::\w+|)\s+(.*)$ ^rt4-apache2(?::\w+|)\s+(.*)$ ^rt4-clients(?::\w+|)\s+(.*)$ ^rt4-db-mysql(?::\w+|)\s+(.*)$ ^rt4-db-postgresql(?::\w+|)\s+(.*)$ ^rt4-db-sqlite(?::\w+|)\s+(.*)$ ^rt4-doc-html(?::\w+|)\s+(.*)$ ^rt4-fcgi(?::\w+|)\s+(.*)$ ^rt4-standalone(?::\w+|)\s+(.*)$ ^redis(?::\w+|)\s+(.*)$ ^redis-sentinel(?::\w+|)\s+(.*)$ ^redis-server(?::\w+|)\s+(.*)$ ^redis-tools(?::\w+|)\s+(.*)$ ^libecpg-compat3(?::\w+|)\s+(.*)$ ^libecpg-dev(?::\w+|)\s+(.*)$ ^libecpg6(?::\w+|)\s+(.*)$ ^libpgtypes3(?::\w+|)\s+(.*)$ ^libpq-dev(?::\w+|)\s+(.*)$ ^libpq5(?::\w+|)\s+(.*)$ ^postgresql-10(?::\w+|)\s+(.*)$ ^postgresql-client-10(?::\w+|)\s+(.*)$ ^postgresql-doc-10(?::\w+|)\s+(.*)$ ^postgresql-plperl-10(?::\w+|)\s+(.*)$ ^postgresql-plpython-10(?::\w+|)\s+(.*)$ ^postgresql-plpython3-10(?::\w+|)\s+(.*)$ ^postgresql-pltcl-10(?::\w+|)\s+(.*)$ ^postgresql-server-dev-10(?::\w+|)\s+(.*)$ ^bluetooth(?::\w+|)\s+(.*)$ ^bluez(?::\w+|)\s+(.*)$ ^bluez-cups(?::\w+|)\s+(.*)$ ^bluez-hcidump(?::\w+|)\s+(.*)$ ^bluez-obexd(?::\w+|)\s+(.*)$ ^bluez-tests(?::\w+|)\s+(.*)$ ^libbluetooth-dev(?::\w+|)\s+(.*)$ ^libbluetooth3(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-lse(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$ ^libtinyxml-dev(?::\w+|)\s+(.*)$ ^libtinyxml-doc(?::\w+|)\s+(.*)$ ^libtinyxml2.6.2v5(?::\w+|)\s+(.*)$ ^tar(?::\w+|)\s+(.*)$ ^tar-scripts(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^postfixadmin(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^audiofile-tools(?::\w+|)\s+(.*)$ ^libaudiofile-dev(?::\w+|)\s+(.*)$ ^libaudiofile1(?::\w+|)\s+(.*)$ ^libzookeeper-java(?::\w+|)\s+(.*)$ ^libzookeeper-java-doc(?::\w+|)\s+(.*)$ ^libzookeeper-mt-dev(?::\w+|)\s+(.*)$ ^libzookeeper-mt2(?::\w+|)\s+(.*)$ ^libzookeeper-st-dev(?::\w+|)\s+(.*)$ ^libzookeeper-st2(?::\w+|)\s+(.*)$ ^python-zookeeper(?::\w+|)\s+(.*)$ ^zookeeper(?::\w+|)\s+(.*)$ ^zookeeper-bin(?::\w+|)\s+(.*)$ ^zookeeperd(?::\w+|)\s+(.*)$ ^openssh-client(?::\w+|)\s+(.*)$ ^openssh-server(?::\w+|)\s+(.*)$ ^openssh-sftp-server(?::\w+|)\s+(.*)$ ^ssh(?::\w+|)\s+(.*)$ ^ssh-askpass-gnome(?::\w+|)\s+(.*)$ ^monit(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c3.2(?::\w+|)\s+(.*)$ ^w3m(?::\w+|)\s+(.*)$ ^w3m-img(?::\w+|)\s+(.*)$ ^libmysqlclient-dev(?::\w+|)\s+(.*)$ ^libmysqlclient20(?::\w+|)\s+(.*)$ ^libmysqld-dev(?::\w+|)\s+(.*)$ ^mysql-client(?::\w+|)\s+(.*)$ ^mysql-client-5.7(?::\w+|)\s+(.*)$ ^mysql-client-core-5.7(?::\w+|)\s+(.*)$ ^mysql-server(?::\w+|)\s+(.*)$ ^mysql-server-5.7(?::\w+|)\s+(.*)$ ^mysql-server-core-5.7(?::\w+|)\s+(.*)$ ^mysql-source-5.7(?::\w+|)\s+(.*)$ ^mysql-testsuite(?::\w+|)\s+(.*)$ ^mysql-testsuite-5.7(?::\w+|)\s+(.*)$ ^libmail-spf-xs-perl(?::\w+|)\s+(.*)$ ^libspf2-2(?::\w+|)\s+(.*)$ ^libspf2-dev(?::\w+|)\s+(.*)$ ^spfquery(?::\w+|)\s+(.*)$ ^libfreeimage-dev(?::\w+|)\s+(.*)$ ^libfreeimage3(?::\w+|)\s+(.*)$ ^libfreeimageplus-dev(?::\w+|)\s+(.*)$ ^libfreeimageplus-doc(?::\w+|)\s+(.*)$ ^libfreeimageplus3(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^libpam-cracklib(?::\w+|)\s+(.*)$ ^libpam-doc(?::\w+|)\s+(.*)$ ^libpam-modules(?::\w+|)\s+(.*)$ ^libpam-modules-bin(?::\w+|)\s+(.*)$ ^libpam-runtime(?::\w+|)\s+(.*)$ ^libpam0g(?::\w+|)\s+(.*)$ ^libpam0g-dev(?::\w+|)\s+(.*)$ ^libxerces-c-dev(?::\w+|)\s+(.*)$ ^libxerces-c-doc(?::\w+|)\s+(.*)$ ^libxerces-c-samples(?::\w+|)\s+(.*)$ ^libxerces-c3.2(?::\w+|)\s+(.*)$ ^postfix(?::\w+|)\s+(.*)$ ^postfix-cdb(?::\w+|)\s+(.*)$ ^postfix-doc(?::\w+|)\s+(.*)$ ^postfix-ldap(?::\w+|)\s+(.*)$ ^postfix-lmdb(?::\w+|)\s+(.*)$ ^postfix-mysql(?::\w+|)\s+(.*)$ ^postfix-pcre(?::\w+|)\s+(.*)$ ^postfix-pgsql(?::\w+|)\s+(.*)$ ^postfix-sqlite(?::\w+|)\s+(.*)$ ^postfix(?::\w+|)\s+(.*)$ ^postfix-cdb(?::\w+|)\s+(.*)$ ^postfix-doc(?::\w+|)\s+(.*)$ ^postfix-ldap(?::\w+|)\s+(.*)$ ^postfix-lmdb(?::\w+|)\s+(.*)$ ^postfix-mysql(?::\w+|)\s+(.*)$ ^postfix-pcre(?::\w+|)\s+(.*)$ ^postfix-pgsql(?::\w+|)\s+(.*)$ ^postfix-sqlite(?::\w+|)\s+(.*)$ ^libssh-4(?::\w+|)\s+(.*)$ ^libssh-dev(?::\w+|)\s+(.*)$ ^libssh-doc(?::\w+|)\s+(.*)$ ^libssh-gcrypt-4(?::\w+|)\s+(.*)$ ^libssh-gcrypt-dev(?::\w+|)\s+(.*)$ ^libapache-session-ldap-perl(?::\w+|)\s+(.*)$ ^python-jinja2(?::\w+|)\s+(.*)$ ^python-jinja2-doc(?::\w+|)\s+(.*)$ ^python3-jinja2(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^exim4(?::\w+|)\s+(.*)$ ^exim4-base(?::\w+|)\s+(.*)$ ^exim4-config(?::\w+|)\s+(.*)$ ^exim4-daemon-heavy(?::\w+|)\s+(.*)$ ^exim4-daemon-light(?::\w+|)\s+(.*)$ ^exim4-dev(?::\w+|)\s+(.*)$ ^eximon4(?::\w+|)\s+(.*)$ ^libtinyxml-dev(?::\w+|)\s+(.*)$ ^libtinyxml-doc(?::\w+|)\s+(.*)$ ^libtinyxml2.6.2v5(?::\w+|)\s+(.*)$ ^ceph(?::\w+|)\s+(.*)$ ^ceph-base(?::\w+|)\s+(.*)$ ^ceph-common(?::\w+|)\s+(.*)$ ^ceph-fuse(?::\w+|)\s+(.*)$ ^ceph-mds(?::\w+|)\s+(.*)$ ^ceph-mgr(?::\w+|)\s+(.*)$ ^ceph-mon(?::\w+|)\s+(.*)$ ^ceph-osd(?::\w+|)\s+(.*)$ ^ceph-resource-agents(?::\w+|)\s+(.*)$ ^ceph-test(?::\w+|)\s+(.*)$ ^libcephfs-dev(?::\w+|)\s+(.*)$ ^libcephfs-java(?::\w+|)\s+(.*)$ ^libcephfs-jni(?::\w+|)\s+(.*)$ ^libcephfs2(?::\w+|)\s+(.*)$ ^librados-dev(?::\w+|)\s+(.*)$ ^librados2(?::\w+|)\s+(.*)$ ^libradosstriper-dev(?::\w+|)\s+(.*)$ ^libradosstriper1(?::\w+|)\s+(.*)$ ^librbd-dev(?::\w+|)\s+(.*)$ ^librbd1(?::\w+|)\s+(.*)$ ^librgw-dev(?::\w+|)\s+(.*)$ ^librgw2(?::\w+|)\s+(.*)$ ^python-ceph(?::\w+|)\s+(.*)$ ^python-cephfs(?::\w+|)\s+(.*)$ ^python-rados(?::\w+|)\s+(.*)$ ^python-rbd(?::\w+|)\s+(.*)$ ^python-rgw(?::\w+|)\s+(.*)$ ^python3-ceph-argparse(?::\w+|)\s+(.*)$ ^python3-cephfs(?::\w+|)\s+(.*)$ ^python3-rados(?::\w+|)\s+(.*)$ ^python3-rbd(?::\w+|)\s+(.*)$ ^python3-rgw(?::\w+|)\s+(.*)$ ^rados-objclass-dev(?::\w+|)\s+(.*)$ ^radosgw(?::\w+|)\s+(.*)$ ^rbd-fuse(?::\w+|)\s+(.*)$ ^rbd-mirror(?::\w+|)\s+(.*)$ ^rbd-nbd(?::\w+|)\s+(.*)$ ^amanda-client(?::\w+|)\s+(.*)$ ^amanda-common(?::\w+|)\s+(.*)$ ^amanda-server(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^golang-github-opencontainers-runc-dev(?::\w+|)\s+(.*)$ ^runc(?::\w+|)\s+(.*)$ ^imagemagick(?::\w+|)\s+(.*)$ ^imagemagick-6-common(?::\w+|)\s+(.*)$ ^imagemagick-6-doc(?::\w+|)\s+(.*)$ ^imagemagick-6.q16(?::\w+|)\s+(.*)$ ^imagemagick-6.q16hdri(?::\w+|)\s+(.*)$ ^imagemagick-common(?::\w+|)\s+(.*)$ ^imagemagick-doc(?::\w+|)\s+(.*)$ ^libimage-magick-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16-perl(?::\w+|)\s+(.*)$ ^libimage-magick-q16hdri-perl(?::\w+|)\s+(.*)$ ^libmagick++-6-headers(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-7(?::\w+|)\s+(.*)$ ^libmagick++-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagick++-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6-arch-config(?::\w+|)\s+(.*)$ ^libmagickcore-6-headers(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-3-extra(?::\w+|)\s+(.*)$ ^libmagickcore-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickcore-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6-headers(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16-dev(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-3(?::\w+|)\s+(.*)$ ^libmagickwand-6.q16hdri-dev(?::\w+|)\s+(.*)$ ^libmagickwand-dev(?::\w+|)\s+(.*)$ ^perlmagick(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^python-ujson(?::\w+|)\s+(.*)$ ^python3-ujson(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^login(?::\w+|)\s+(.*)$ ^passwd(?::\w+|)\s+(.*)$ ^uidmap(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^node-ip(?::\w+|)\s+(.*)$ ^libtiff-dev(?::\w+|)\s+(.*)$ ^libtiff-doc(?::\w+|)\s+(.*)$ ^libtiff-opengl(?::\w+|)\s+(.*)$ ^libtiff-tools(?::\w+|)\s+(.*)$ ^libtiff5(?::\w+|)\s+(.*)$ ^libtiff5-dev(?::\w+|)\s+(.*)$ ^libtiffxx5(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^roundcube(?::\w+|)\s+(.*)$ ^roundcube-core(?::\w+|)\s+(.*)$ ^roundcube-mysql(?::\w+|)\s+(.*)$ ^roundcube-pgsql(?::\w+|)\s+(.*)$ ^roundcube-plugins(?::\w+|)\s+(.*)$ ^roundcube-sqlite3(?::\w+|)\s+(.*)$ ^dnsmasq(?::\w+|)\s+(.*)$ ^dnsmasq-base(?::\w+|)\s+(.*)$ ^dnsmasq-base-lua(?::\w+|)\s+(.*)$ ^dnsmasq-utils(?::\w+|)\s+(.*)$ ^libxml2(?::\w+|)\s+(.*)$ ^libxml2-dev(?::\w+|)\s+(.*)$ ^libxml2-doc(?::\w+|)\s+(.*)$ ^libxml2-utils(?::\w+|)\s+(.*)$ ^python-libxml2(?::\w+|)\s+(.*)$ ^python3-libxml2(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^openjdk-11-demo(?::\w+|)\s+(.*)$ ^openjdk-11-doc(?::\w+|)\s+(.*)$ ^openjdk-11-jdk(?::\w+|)\s+(.*)$ ^openjdk-11-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre(?::\w+|)\s+(.*)$ ^openjdk-11-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-11-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-11-source(?::\w+|)\s+(.*)$ ^openjdk-17-demo(?::\w+|)\s+(.*)$ ^openjdk-17-doc(?::\w+|)\s+(.*)$ ^openjdk-17-jdk(?::\w+|)\s+(.*)$ ^openjdk-17-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre(?::\w+|)\s+(.*)$ ^openjdk-17-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-17-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-17-source(?::\w+|)\s+(.*)$ ^libssl-dev(?::\w+|)\s+(.*)$ ^libssl-doc(?::\w+|)\s+(.*)$ ^libssl1.1(?::\w+|)\s+(.*)$ ^openssl(?::\w+|)\s+(.*)$ ^less(?::\w+|)\s+(.*)$ ^python-cryptography(?::\w+|)\s+(.*)$ ^python-cryptography-doc(?::\w+|)\s+(.*)$ ^python3-cryptography(?::\w+|)\s+(.*)$ ^python-django(?::\w+|)\s+(.*)$ ^python-django-common(?::\w+|)\s+(.*)$ ^python-django-doc(?::\w+|)\s+(.*)$ ^python3-django(?::\w+|)\s+(.*)$ ^libc-ares-dev(?::\w+|)\s+(.*)$ ^libc-ares2(?::\w+|)\s+(.*)$ ^libde265-0(?::\w+|)\s+(.*)$ ^libde265-dev(?::\w+|)\s+(.*)$ ^libde265-examples(?::\w+|)\s+(.*)$ ^libgit2-26(?::\w+|)\s+(.*)$ ^libgit2-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^libhtmlcleaner-java(?::\w+|)\s+(.*)$ ^libhtmlcleaner-java-doc(?::\w+|)\s+(.*)$ ^lib32ncurses5(?::\w+|)\s+(.*)$ ^lib32ncurses5-dev(?::\w+|)\s+(.*)$ ^lib32ncursesw5(?::\w+|)\s+(.*)$ ^lib32ncursesw5-dev(?::\w+|)\s+(.*)$ ^lib32tinfo-dev(?::\w+|)\s+(.*)$ ^lib32tinfo5(?::\w+|)\s+(.*)$ ^lib64ncurses5(?::\w+|)\s+(.*)$ ^lib64ncurses5-dev(?::\w+|)\s+(.*)$ ^lib64tinfo5(?::\w+|)\s+(.*)$ ^libncurses5(?::\w+|)\s+(.*)$ ^libncurses5-dev(?::\w+|)\s+(.*)$ ^libncursesw5(?::\w+|)\s+(.*)$ ^libncursesw5-dev(?::\w+|)\s+(.*)$ ^libtinfo-dev(?::\w+|)\s+(.*)$ ^libtinfo5(?::\w+|)\s+(.*)$ ^libx32ncurses5(?::\w+|)\s+(.*)$ ^libx32ncurses5-dev(?::\w+|)\s+(.*)$ ^libx32ncursesw5(?::\w+|)\s+(.*)$ ^libx32ncursesw5-dev(?::\w+|)\s+(.*)$ ^libx32tinfo-dev(?::\w+|)\s+(.*)$ ^libx32tinfo5(?::\w+|)\s+(.*)$ ^ncurses-base(?::\w+|)\s+(.*)$ ^ncurses-bin(?::\w+|)\s+(.*)$ ^ncurses-doc(?::\w+|)\s+(.*)$ ^ncurses-examples(?::\w+|)\s+(.*)$ ^ncurses-term(?::\w+|)\s+(.*)$ ^libmqtt-client-java(?::\w+|)\s+(.*)$ ^libgoogle-gson-java(?::\w+|)\s+(.*)$ ^openjdk-8-demo(?::\w+|)\s+(.*)$ ^openjdk-8-doc(?::\w+|)\s+(.*)$ ^openjdk-8-jdk(?::\w+|)\s+(.*)$ ^openjdk-8-jdk-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre(?::\w+|)\s+(.*)$ ^openjdk-8-jre-headless(?::\w+|)\s+(.*)$ ^openjdk-8-jre-zero(?::\w+|)\s+(.*)$ ^openjdk-8-source(?::\w+|)\s+(.*)$ ^vim(?::\w+|)\s+(.*)$ ^vim-athena(?::\w+|)\s+(.*)$ ^vim-common(?::\w+|)\s+(.*)$ ^vim-doc(?::\w+|)\s+(.*)$ ^vim-gnome(?::\w+|)\s+(.*)$ ^vim-gtk(?::\w+|)\s+(.*)$ ^vim-gtk3(?::\w+|)\s+(.*)$ ^vim-gui-common(?::\w+|)\s+(.*)$ ^vim-nox(?::\w+|)\s+(.*)$ ^vim-runtime(?::\w+|)\s+(.*)$ ^vim-tiny(?::\w+|)\s+(.*)$ ^xxd(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^graphviz(?::\w+|)\s+(.*)$ ^graphviz-doc(?::\w+|)\s+(.*)$ ^libcdt5(?::\w+|)\s+(.*)$ ^libcgraph6(?::\w+|)\s+(.*)$ ^libgraphviz-dev(?::\w+|)\s+(.*)$ ^libgv-guile(?::\w+|)\s+(.*)$ ^libgv-lua(?::\w+|)\s+(.*)$ ^libgv-perl(?::\w+|)\s+(.*)$ ^libgv-php7(?::\w+|)\s+(.*)$ ^libgv-ruby(?::\w+|)\s+(.*)$ ^libgv-tcl(?::\w+|)\s+(.*)$ ^libgvc6(?::\w+|)\s+(.*)$ ^libgvc6-plugins-gtk(?::\w+|)\s+(.*)$ ^libgvpr2(?::\w+|)\s+(.*)$ ^liblab-gamut1(?::\w+|)\s+(.*)$ ^libpathplan4(?::\w+|)\s+(.*)$ ^libxdot4(?::\w+|)\s+(.*)$ ^python-gv(?::\w+|)\s+(.*)$ ^python3-gv(?::\w+|)\s+(.*)$ ^libssl1.0-dev(?::\w+|)\s+(.*)$ ^libssl1.0.0(?::\w+|)\s+(.*)$ ^openssl1.0(?::\w+|)\s+(.*)$ ^libodbc1(?::\w+|)\s+(.*)$ ^odbcinst(?::\w+|)\s+(.*)$ ^odbcinst1debian2(?::\w+|)\s+(.*)$ ^unixodbc(?::\w+|)\s+(.*)$ ^unixodbc-dev(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^curl(?::\w+|)\s+(.*)$ ^libcurl3-gnutls(?::\w+|)\s+(.*)$ ^libcurl3-nss(?::\w+|)\s+(.*)$ ^libcurl4(?::\w+|)\s+(.*)$ ^libcurl4-doc(?::\w+|)\s+(.*)$ ^libcurl4-gnutls-dev(?::\w+|)\s+(.*)$ ^libcurl4-nss-dev(?::\w+|)\s+(.*)$ ^libcurl4-openssl-dev(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^xdmx(?::\w+|)\s+(.*)$ ^xdmx-tools(?::\w+|)\s+(.*)$ ^xmir(?::\w+|)\s+(.*)$ ^xnest(?::\w+|)\s+(.*)$ ^xorg-server-source(?::\w+|)\s+(.*)$ ^xserver-common(?::\w+|)\s+(.*)$ ^xserver-xephyr(?::\w+|)\s+(.*)$ ^xserver-xorg-core(?::\w+|)\s+(.*)$ ^xserver-xorg-dev(?::\w+|)\s+(.*)$ ^xserver-xorg-legacy(?::\w+|)\s+(.*)$ ^xserver-xorg-xmir(?::\w+|)\s+(.*)$ ^xvfb(?::\w+|)\s+(.*)$ ^xwayland(?::\w+|)\s+(.*)$ ^bind9(?::\w+|)\s+(.*)$ ^bind9-doc(?::\w+|)\s+(.*)$ ^bind9-host(?::\w+|)\s+(.*)$ ^bind9utils(?::\w+|)\s+(.*)$ ^dnsutils(?::\w+|)\s+(.*)$ ^libbind-dev(?::\w+|)\s+(.*)$ ^libbind-export-dev(?::\w+|)\s+(.*)$ ^libbind9-160(?::\w+|)\s+(.*)$ ^libdns-export1100(?::\w+|)\s+(.*)$ ^libdns1100(?::\w+|)\s+(.*)$ ^libirs-export160(?::\w+|)\s+(.*)$ ^libirs160(?::\w+|)\s+(.*)$ ^libisc-export169(?::\w+|)\s+(.*)$ ^libisc169(?::\w+|)\s+(.*)$ ^libisccc-export160(?::\w+|)\s+(.*)$ ^libisccc160(?::\w+|)\s+(.*)$ ^libisccfg-export160(?::\w+|)\s+(.*)$ ^libisccfg160(?::\w+|)\s+(.*)$ ^liblwres160(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^apache2(?::\w+|)\s+(.*)$ ^apache2-bin(?::\w+|)\s+(.*)$ ^apache2-data(?::\w+|)\s+(.*)$ ^apache2-dev(?::\w+|)\s+(.*)$ ^apache2-doc(?::\w+|)\s+(.*)$ ^apache2-ssl-dev(?::\w+|)\s+(.*)$ ^apache2-suexec-custom(?::\w+|)\s+(.*)$ ^apache2-suexec-pristine(?::\w+|)\s+(.*)$ ^apache2-utils(?::\w+|)\s+(.*)$ ^libmaven-shared-utils-java(?::\w+|)\s+(.*)$ ^libmaven-shared-utils-java-doc(?::\w+|)\s+(.*)$ ^yard(?::\w+|)\s+(.*)$ ^yard-doc(?::\w+|)\s+(.*)$ ^nodejs(?::\w+|)\s+(.*)$ ^nodejs-dev(?::\w+|)\s+(.*)$ ^nodejs-doc(?::\w+|)\s+(.*)$ ^klibc-utils(?::\w+|)\s+(.*)$ ^libklibc(?::\w+|)\s+(.*)$ ^libklibc-dev(?::\w+|)\s+(.*)$ ^lxd(?::\w+|)\s+(.*)$ ^lxd-client(?::\w+|)\s+(.*)$ ^lxd-tools(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-kvm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?4.15.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-ibm)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-raspi)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-oracle)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-aws)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-gcp)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-azure)(?::\w+|)\s+(.*)$ ^linux-image-(?:unsigned-)?5.4.0-\d+(?:-generic|-lowlatency)(?::\w+|)\s+(.*)$ ^python-pil(?::\w+|)\s+(.*)$ ^python-pil-doc(?::\w+|)\s+(.*)$ ^python-pil.imagetk(?::\w+|)\s+(.*)$ ^python3-pil(?::\w+|)\s+(.*)$ ^python3-pil.imagetk(?::\w+|)\s+(.*)$ ^percona-xtrabackup(?::\w+|)\s+(.*)$ ^percona-xtrabackup-test(?::\w+|)\s+(.*)$ ^xtrabackup(?::\w+|)\s+(.*)$ ^zabbix-agent(?::\w+|)\s+(.*)$ ^zabbix-frontend-php(?::\w+|)\s+(.*)$ ^zabbix-java-gateway(?::\w+|)\s+(.*)$ ^zabbix-proxy-mysql(?::\w+|)\s+(.*)$ ^zabbix-proxy-pgsql(?::\w+|)\s+(.*)$ ^zabbix-proxy-sqlite3(?::\w+|)\s+(.*)$ ^zabbix-server-mysql(?::\w+|)\s+(.*)$ ^zabbix-server-pgsql(?::\w+|)\s+(.*)$ ^libjs-cryptojs(?::\w+|)\s+(.*)$ ^libnghttp2-14(?::\w+|)\s+(.*)$ ^libnghttp2-dev(?::\w+|)\s+(.*)$ ^libnghttp2-doc(?::\w+|)\s+(.*)$ ^nghttp2(?::\w+|)\s+(.*)$ ^nghttp2-client(?::\w+|)\s+(.*)$ ^nghttp2-proxy(?::\w+|)\s+(.*)$ ^nghttp2-server(?::\w+|)\s+(.*)$ ^less(?::\w+|)\s+(.*)$ ^libapache2-mod-php7.2(?::\w+|)\s+(.*)$ ^libphp7.2-embed(?::\w+|)\s+(.*)$ ^php7.2(?::\w+|)\s+(.*)$ ^php7.2-bcmath(?::\w+|)\s+(.*)$ ^php7.2-bz2(?::\w+|)\s+(.*)$ ^php7.2-cgi(?::\w+|)\s+(.*)$ ^php7.2-cli(?::\w+|)\s+(.*)$ ^php7.2-common(?::\w+|)\s+(.*)$ ^php7.2-curl(?::\w+|)\s+(.*)$ ^php7.2-dba(?::\w+|)\s+(.*)$ ^php7.2-dev(?::\w+|)\s+(.*)$ ^php7.2-enchant(?::\w+|)\s+(.*)$ ^php7.2-fpm(?::\w+|)\s+(.*)$ ^php7.2-gd(?::\w+|)\s+(.*)$ ^php7.2-gmp(?::\w+|)\s+(.*)$ ^php7.2-imap(?::\w+|)\s+(.*)$ ^php7.2-interbase(?::\w+|)\s+(.*)$ ^php7.2-intl(?::\w+|)\s+(.*)$ ^php7.2-json(?::\w+|)\s+(.*)$ ^php7.2-ldap(?::\w+|)\s+(.*)$ ^php7.2-mbstring(?::\w+|)\s+(.*)$ ^php7.2-mysql(?::\w+|)\s+(.*)$ ^php7.2-odbc(?::\w+|)\s+(.*)$ ^php7.2-opcache(?::\w+|)\s+(.*)$ ^php7.2-pgsql(?::\w+|)\s+(.*)$ ^php7.2-phpdbg(?::\w+|)\s+(.*)$ ^php7.2-pspell(?::\w+|)\s+(.*)$ ^php7.2-readline(?::\w+|)\s+(.*)$ ^php7.2-recode(?::\w+|)\s+(.*)$ ^php7.2-snmp(?::\w+|)\s+(.*)$ ^php7.2-soap(?::\w+|)\s+(.*)$ ^php7.2-sqlite3(?::\w+|)\s+(.*)$ ^php7.2-sybase(?::\w+|)\s+(.*)$ ^php7.2-tidy(?::\w+|)\s+(.*)$ ^php7.2-xml(?::\w+|)\s+(.*)$ ^php7.2-xmlrpc(?::\w+|)\s+(.*)$ ^php7.2-xsl(?::\w+|)\s+(.*)$ ^php7.2-zip(?::\w+|)\s+(.*)$ ^node-json5(?::\w+|)\s+(.*)$ ^gerbv(?::\w+|)\s+(.*)$ ^anope(?::\w+|)\s+(.*)$ ^glibc-doc(?::\w+|)\s+(.*)$ ^glibc-source(?::\w+|)\s+(.*)$ ^libc-bin(?::\w+|)\s+(.*)$ ^libc-dev-bin(?::\w+|)\s+(.*)$ ^libc6(?::\w+|)\s+(.*)$ ^libc6-amd64(?::\w+|)\s+(.*)$ ^libc6-armel(?::\w+|)\s+(.*)$ ^libc6-dev(?::\w+|)\s+(.*)$ ^libc6-dev-amd64(?::\w+|)\s+(.*)$ ^libc6-dev-armel(?::\w+|)\s+(.*)$ ^libc6-dev-i386(?::\w+|)\s+(.*)$ ^libc6-dev-s390(?::\w+|)\s+(.*)$ ^libc6-dev-x32(?::\w+|)\s+(.*)$ ^libc6-i386(?::\w+|)\s+(.*)$ ^libc6-lse(?::\w+|)\s+(.*)$ ^libc6-pic(?::\w+|)\s+(.*)$ ^libc6-s390(?::\w+|)\s+(.*)$ ^libc6-x32(?::\w+|)\s+(.*)$ ^locales(?::\w+|)\s+(.*)$ ^locales-all(?::\w+|)\s+(.*)$ ^multiarch-support(?::\w+|)\s+(.*)$ ^nscd(?::\w+|)\s+(.*)$