linux-libc-dev-5.4.0-170.188 (Ubuntu 20.04) - Vulnerability Remediation
Cengiz Can
cengiz.can at canonical.com
Fri Feb 16 03:18:04 UTC 2024
On Tue, 2024-02-06 at 08:36 +0000, Abhimanyu Singhal (abhimsi2) wrote:
>
> Hi Team,
Hello Abhimanyu.
Sorry for the late reply.
I'm a member of Ubuntu Kernel Security team here at Canonical.
>
>
> We have a container running onUbuntu 20.04 and observed 3 high
> vulnerabilities (CVE-2023-4244, CVE-2023-20569, and CVE-2023-4563) on
> linux-libc-dev-5.4.0-170.188, but don't see an available upgrade.
> Can you please help if there is any update on when this vulnerability
> will be patched?
To answer your concerns:
- CVE-2023-4244 is already fixed for linux-generic 5.4 and it will
available with the next update: 5.4.0-173.191. (This status update will
be visible in the next 24 hours). Until that, you can refer to the
mitigations that we shared in our Security webpage.
- CVE-2023-20569 amd64 microcode update was released with linux-
firmware 3.20191218.1ubuntu1.2.
- CVE-2023-4563 is a duplicate of CVE-2023-4244 so it's invalid.
--
Cengiz Can <cengiz.can at canonical.com>
More information about the kernel-team
mailing list