-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSyA9nA4R5iZYAVzFrgLM9xllPy5AUCZqsVigUDAAAAAAAKCRDgLM9xllPy5JHF
AQD5taVNoIa+MNCzPtTPJk01sRSHKF4G7fyHzdgS56otZAEAspgDUDx2bj9Xsd536ars0FcRtjOE
I71q2EP3cHz3VQc=
=bjhQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6933-1
July 31, 2024
clickhouse vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in ClickHouse.
Software Description:
- clickhouse: column-oriented database system (cli client)
Details:
It was discovered that ClickHouse incorrectly handled memory, leading to a
heap out-of-bounds data read. An attacker could possibly use this issue to
cause a denial of service, or leak sensitive information.
(CVE-2021-42387, CVE-2021-41388)
It was discovered that ClickHouse incorrectly handled memory, leading to a
heap-based buffer overflow. An attacker could possibly use this issue to
cause a denial of service, or execute arbitrary code.
(CVE-2021-43304, CVE-2021-43305)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
clickhouse-common 18.16.1+ds-7ubuntu0.1
clickhouse-server 18.16.1+ds-7ubuntu0.1
clickhouse-tools 18.16.1+ds-7ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6933-1
CVE-2021-42387, CVE-2021-42388, CVE-2021-43304, CVE-2021-43305
Package Information:
https://launchpad.net/ubuntu/+source/clickhouse/18.16.1+ds-7ubuntu0.1
Wednesday, July 31, 2024
[USN-6939-1] Exim vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmaqiqsFAwAAAAAACgkQCAvK1QvD6SA2
SBAAoFRxMSOZTCEbrIQgxmM5Zvxw6vZQTUte7fRaaYYzDVMlNXTMj8DDeW5fGs6XUATEgKwD/6Ih
q8CRAirgnWZ4x4S3IMEXRwngjIvRN+LSznbHelWEclxwFa8Q6iFZpIuqoMDsZqQVm9tW+dxrQaLe
ak6r7Ji32He7nDpm0Sq7i03lJ69Loi8ihh0hfbv+cxPJyPf5BOhBodPMcwJvzSqUE9BltEVXNdWY
Zjpr46hePkdq8wP62pF1QGfjcprrgO3qr18H1cb2KsH3YQRs8V/4ofIoGaUmPFKSy2OTOUb4Jobg
MfJ3S34thQi6DH3E7mIXtGWKggaxhuTVdbol3PMpZq4p94I6wteGmCFAcsYMcRBoPWNYuEQHW+i7
HcALQFUdyRz/MAGMJV6ZaYQTf++S4+XpprMpbwle426iO/6RRz83xf1AFxqywH55skYxAfMKXpPE
R/tWB+TDcPnTawcM2J+tDtfZngbxpUCdf20U2gpHQ6E9oTRa93a4h+fx864EJgi0uUqASidk3dVP
pQSf7hg1l8Z0vLDs7fuXuuPLPg7WLtzl4kPckSiD2WfKYAY17DNsVXF6C2g//Z52RrVLgGsiAcd4
ijOuc2DS5f6fQ8/D8ykJgPVkQS+4DaHkqiA0s+3KfM6pVjaIukHyyMA5nZfmEBvHaNcmk18RmRGJ
lvY=
=jJik
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6939-1
July 31, 2024
exim4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Exim could be made to bypass a MIME filename extension-blocking
protection mechanism if it received specially crafted input.
Software Description:
- exim4: Exim is a mail transport agent
Details:
Phillip Szelat discovered that Exim misparses multiline MIME header
filenames. A remote attacker could use this issue to bypass a MIME filename
extension-blocking protection mechanism and possibly deliver executable
attachments to the mailboxes of end users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
exim4 4.97-4ubuntu4.1
exim4-base 4.97-4ubuntu4.1
eximon4 4.97-4ubuntu4.1
Ubuntu 22.04 LTS
exim4 4.95-4ubuntu2.6
exim4-base 4.95-4ubuntu2.6
eximon4 4.95-4ubuntu2.6
Ubuntu 20.04 LTS
exim4 4.93-13ubuntu1.12
exim4-base 4.93-13ubuntu1.12
eximon4 4.93-13ubuntu1.12
Ubuntu 18.04 LTS
exim4 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
exim4-base 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
eximon4 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exim4 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
exim4-base 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
eximon4 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6939-1
CVE-2024-39929
Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.1
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.6
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.12
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmaqiqsFAwAAAAAACgkQCAvK1QvD6SA2
SBAAoFRxMSOZTCEbrIQgxmM5Zvxw6vZQTUte7fRaaYYzDVMlNXTMj8DDeW5fGs6XUATEgKwD/6Ih
q8CRAirgnWZ4x4S3IMEXRwngjIvRN+LSznbHelWEclxwFa8Q6iFZpIuqoMDsZqQVm9tW+dxrQaLe
ak6r7Ji32He7nDpm0Sq7i03lJ69Loi8ihh0hfbv+cxPJyPf5BOhBodPMcwJvzSqUE9BltEVXNdWY
Zjpr46hePkdq8wP62pF1QGfjcprrgO3qr18H1cb2KsH3YQRs8V/4ofIoGaUmPFKSy2OTOUb4Jobg
MfJ3S34thQi6DH3E7mIXtGWKggaxhuTVdbol3PMpZq4p94I6wteGmCFAcsYMcRBoPWNYuEQHW+i7
HcALQFUdyRz/MAGMJV6ZaYQTf++S4+XpprMpbwle426iO/6RRz83xf1AFxqywH55skYxAfMKXpPE
R/tWB+TDcPnTawcM2J+tDtfZngbxpUCdf20U2gpHQ6E9oTRa93a4h+fx864EJgi0uUqASidk3dVP
pQSf7hg1l8Z0vLDs7fuXuuPLPg7WLtzl4kPckSiD2WfKYAY17DNsVXF6C2g//Z52RrVLgGsiAcd4
ijOuc2DS5f6fQ8/D8ykJgPVkQS+4DaHkqiA0s+3KfM6pVjaIukHyyMA5nZfmEBvHaNcmk18RmRGJ
lvY=
=jJik
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6939-1
July 31, 2024
exim4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Exim could be made to bypass a MIME filename extension-blocking
protection mechanism if it received specially crafted input.
Software Description:
- exim4: Exim is a mail transport agent
Details:
Phillip Szelat discovered that Exim misparses multiline MIME header
filenames. A remote attacker could use this issue to bypass a MIME filename
extension-blocking protection mechanism and possibly deliver executable
attachments to the mailboxes of end users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
exim4 4.97-4ubuntu4.1
exim4-base 4.97-4ubuntu4.1
eximon4 4.97-4ubuntu4.1
Ubuntu 22.04 LTS
exim4 4.95-4ubuntu2.6
exim4-base 4.95-4ubuntu2.6
eximon4 4.95-4ubuntu2.6
Ubuntu 20.04 LTS
exim4 4.93-13ubuntu1.12
exim4-base 4.93-13ubuntu1.12
eximon4 4.93-13ubuntu1.12
Ubuntu 18.04 LTS
exim4 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
exim4-base 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
eximon4 4.90.1-1ubuntu1.10+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exim4 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
exim4-base 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
eximon4 4.86.2-2ubuntu2.6+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6939-1
CVE-2024-39929
Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.1
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.6
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.12
[USN-6936-1] Apache Commons Collections vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmaqilIFAwAAAAAACgkQCAvK1QvD6SDw
/w/+OMyBw2G+tsgzOpDafUGGW6PFsK/OX8qKVQOWFArX1arZ+2Fx/hdpNOJpEfR6BOtiQ6yHGrrv
kwJEkGkAozsGk6rdmU7GmgjnXMnsgdgR2YFCEdHzWcDTnW1N23m1l/6XLgs2NVS5Vth4A0GfcfCE
LsJUIpzjF7z9ji5zpE4lcNwI3w7jNTne0k6fX+W0d1gvMqDZJu1ywXyZn/cEjuOjaA5uZkjYHrOy
iybKoIcRtzu7zJ6v32hb2z7xA4SKe86Jfs+N5bXWgJjTaVySpx8fbFmMMgigeMpRkvVW14zreJS9
FhgC1ImeaFC2JVO6zsxkvhZUO7+1o/okY70d5HK43sMt5+XoWdDjdKqnC8DsGTTH+ogcpw659H8/
0NfQW2fNA1m8Ybl+RlTbAD9jKgUza7xvXJzqm8HKbVvUAKe0qlHQ1yhmHMO4jJKd+Euc9yk4nH41
OgAELLT/H1zoNsHo/WgUgAiKVPhPKpW0ObJCFFsXzkDeI7TwangekzmKVy5FCpT7VD3qDEqJVldv
3UHWgDVn/t3NQonglQcAjluGu5Rv7g4QUdz5DimYKEJsPyueE/aFYcnoKC/DYjlKX9k9w0vFeCwj
+DXc1fS6FXZYLoGnJ2zNPevdY4ADOsBJi0aXRkArRe4Q3GkbOEOej7ziNgbnvyl5V5RX0V1Ezlor
WEI=
=Yu2+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6936-1
July 31, 2024
libcommons-collections3-java vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Apache Commons Collections could be made to execute arbitrary code if it
received specially crafted input.
Software Description:
- libcommons-collections3-java: Apache Commons Collections - Extended
Collections API for Java
Details:
It was discovered that Apache Commons Collections allowed serialization
support for unsafe classes by default. A remote attacker could possibly
use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libcommons-collections3-java 3.2.1-6ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6936-1
CVE-2015-4852
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmaqilIFAwAAAAAACgkQCAvK1QvD6SDw
/w/+OMyBw2G+tsgzOpDafUGGW6PFsK/OX8qKVQOWFArX1arZ+2Fx/hdpNOJpEfR6BOtiQ6yHGrrv
kwJEkGkAozsGk6rdmU7GmgjnXMnsgdgR2YFCEdHzWcDTnW1N23m1l/6XLgs2NVS5Vth4A0GfcfCE
LsJUIpzjF7z9ji5zpE4lcNwI3w7jNTne0k6fX+W0d1gvMqDZJu1ywXyZn/cEjuOjaA5uZkjYHrOy
iybKoIcRtzu7zJ6v32hb2z7xA4SKe86Jfs+N5bXWgJjTaVySpx8fbFmMMgigeMpRkvVW14zreJS9
FhgC1ImeaFC2JVO6zsxkvhZUO7+1o/okY70d5HK43sMt5+XoWdDjdKqnC8DsGTTH+ogcpw659H8/
0NfQW2fNA1m8Ybl+RlTbAD9jKgUza7xvXJzqm8HKbVvUAKe0qlHQ1yhmHMO4jJKd+Euc9yk4nH41
OgAELLT/H1zoNsHo/WgUgAiKVPhPKpW0ObJCFFsXzkDeI7TwangekzmKVy5FCpT7VD3qDEqJVldv
3UHWgDVn/t3NQonglQcAjluGu5Rv7g4QUdz5DimYKEJsPyueE/aFYcnoKC/DYjlKX9k9w0vFeCwj
+DXc1fS6FXZYLoGnJ2zNPevdY4ADOsBJi0aXRkArRe4Q3GkbOEOej7ziNgbnvyl5V5RX0V1Ezlor
WEI=
=Yu2+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6936-1
July 31, 2024
libcommons-collections3-java vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Apache Commons Collections could be made to execute arbitrary code if it
received specially crafted input.
Software Description:
- libcommons-collections3-java: Apache Commons Collections - Extended
Collections API for Java
Details:
It was discovered that Apache Commons Collections allowed serialization
support for unsafe classes by default. A remote attacker could possibly
use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libcommons-collections3-java 3.2.1-6ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6936-1
CVE-2015-4852
[USN-6913-2] phpCAS vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGYUCwcBCADePknZsI3jVCSYTZlTCqJ3mqJoaiNyxyz7rRXxhJIfWNnutXI7
IdI8e/9xORO+hC3efLRn1ZMluxQIhcVo5mBsKSeaWRNqmza+8lMaGrNBrBnL/dmP
gQLQJDF/aNEGt5rgr41Ckg28kYknxpXiStN7O+8tZYeEnPRaVd1aiSXvl0xijccZ
cpFm0oSlqMw2SQiujr8iunXHHDrF7yW9pQ5u5aIVxvBikzUakCz3WYdAy592hI3Q
J2+5a7ByR5YG0PxJXePaEKTBEgRLfEi+Q891J4I1L3t+ZWDA1x1l56AQJbzKT5xz
kgzJZ6VECdNwiECkjQ7EA/BJrirqRBnqypqtABEBAAHNM0ZlZGVyaWNvIFF1YXR0
cmluIDxmZWRlcmljby5xdWF0dHJpbkBjYW5vbmljYWwuY29tPsLAjgQTAQoAOBYh
BCscPcjoCqmp+/5PtnA6rZEEbNduBQJmFAsHAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHA6rZEEbNduFY0H/39060yxwRt8ctMAIc20msDGUjOJ23z4QkIC
SpocEnQdJAVNtG63ndlmiuNE+FPkRQniWbkd6nBeK302KuA8rD0C8xOknrtMwwiN
0vO69EtZZ3dUCkM6uB9YV/YZOsjhdL1DOkEGzwGbmNrpSNWQ24RwvjU7a19EtRvO
Ty4AhzouUxaEH6nyJsQ8GzbTva3QhKN6hypWUfeBed5rpdQmq+Rk79oy1YjQlLPo
IbuwXJXEBE94/+vuriGQEA8E4S6QrokrrEQWfdGmYFR6UqXQ1YpffoCCUFlUWyKU
H6bvGgdu8TKbacd8E5mvPKO+UWGIA4p5EwaRkdu/CXjoqsGhcPjOwE0EZhQLBwEI
ANSQiRO2jf6yMhHTTlyHM6z4siVyJ7YAgpc8pPxtzPtijr/K4lUWqr9+mj7FBF5F
YbwG6DPWmm1n6vG5JmhT3+57MxOR9Z4smqD0v+48F1UD+2M7LQjUWNA0Z/QmQapL
qdVn24qKl7ONiw79iykkg1e0Ruzju3Ri6lg6+ehakAYlNFqmTTVIDNcw6rTiVfMi
WcumRDBxg/giTERjzkh0R5lZN6buybitEqKNTKQm3UYkxzT6EDl13wmPU0L+PO2Z
RhgEAy6y2ubhnAnAJAlb+m2If04pjM1d3CILmilEew7t5j2pTzyDKdYpbjiEcz+Y
bVGfFzOinbeYezZUjci4BD0AEQEAAcLAdgQYAQoAIBYhBCscPcjoCqmp+/5PtnA6
rZEEbNduBQJmFAsHAhsMAAoJEHA6rZEEbNduWvMIAI16CZMlL78YVwl/jhV6npfX
0M1YMGJa/D5Fp+df02gXwQAhnAZM0fVDR3T+qNGFEYbLOWsAD6feERXaE9L7fH6G
i2j+GV82b461nXfl5MT22o5UlT9iq2GUM5rGrL8LIcbt6ypdGpcOmasC6W3FM/eg
iHx7O4VZYukGvtx+mdznFUusE3y7PIdFx8cUcCPuTHPTZXkQiFapEsF45BEmhOdx
5nUZEC+cDd3S1WRpYpSoAE7bNGhNiu6YiWUtrNSt7+Ri2qSA499uEJyNxVLzY8DU
d38osSWIfGAFJb8+chdhNOnJOUg0NYacyvcOIDsmzYpxP69fbbLgbonATayFcLk=
=SlBa
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEKxw9yOgKqan7/k+2cDqtkQRs124FAmaqiccFAwAAAAAACgkQcDqtkQRs125o
cQgA1bxOb9fIB08u7hkWdJCzUeu9x3lgIFRpQVrIORcLVtYr92RS/tE9Ng+5STojPOQFzJUEgY8x
vi/dUJAgfkRLQe96Yi+eph7LpshNph0SZePy5NJd55k+4efZTVRMJNQEL5henrtkNMg+K2i70Tte
ov/nXkX9BHluSYP6XrPqXcB2yEsYkWcUP5lfTV1o5hAk8Gfe0BIc8uL3mi1djGrdVMxqJL9Sr+/R
PJES+oqV5h7sHVaABvrMHTW0B+qYA+kWUg5CKxSjXaJyKdnubKeZBZg7/CasuU2xqFKLfElahaJ/
V8Ad2Am4iBMWBMi7RqVsIllmhZHJuqr4kOeTE1v03A==
=EUuC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6913-2
July 31, 2024
php-cas vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
phpCAS was vulnerable to an authentication bypass.
Software Description:
- php-cas: Central Authentication Service client library in php
Details:
USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
This update provides the corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
Filip Hejsek discovered that phpCAS was using HTTP headers to determine
the service URL used to validate tickets. A remote attacker could
possibly use this issue to gain access to a victim's account on a
vulnerable CASified service.
This security update introduces an incompatible API change. After applying
this update, third party applications need to be modified to pass in an
additional service base URL argument when constructing the client class.
For more information please refer to the section
"Upgrading 1.5.0 -> 1.6.0" of the phpCAS upgrading document:
https://github.com/apereo/phpCAS/blob/master/docs/Upgrading
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
php-cas 1.3.3-2ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6913-2
https://ubuntu.com/security/notices/USN-6913-1
CVE-2022-39369
xsBNBGYUCwcBCADePknZsI3jVCSYTZlTCqJ3mqJoaiNyxyz7rRXxhJIfWNnutXI7
IdI8e/9xORO+hC3efLRn1ZMluxQIhcVo5mBsKSeaWRNqmza+8lMaGrNBrBnL/dmP
gQLQJDF/aNEGt5rgr41Ckg28kYknxpXiStN7O+8tZYeEnPRaVd1aiSXvl0xijccZ
cpFm0oSlqMw2SQiujr8iunXHHDrF7yW9pQ5u5aIVxvBikzUakCz3WYdAy592hI3Q
J2+5a7ByR5YG0PxJXePaEKTBEgRLfEi+Q891J4I1L3t+ZWDA1x1l56AQJbzKT5xz
kgzJZ6VECdNwiECkjQ7EA/BJrirqRBnqypqtABEBAAHNM0ZlZGVyaWNvIFF1YXR0
cmluIDxmZWRlcmljby5xdWF0dHJpbkBjYW5vbmljYWwuY29tPsLAjgQTAQoAOBYh
BCscPcjoCqmp+/5PtnA6rZEEbNduBQJmFAsHAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHA6rZEEbNduFY0H/39060yxwRt8ctMAIc20msDGUjOJ23z4QkIC
SpocEnQdJAVNtG63ndlmiuNE+FPkRQniWbkd6nBeK302KuA8rD0C8xOknrtMwwiN
0vO69EtZZ3dUCkM6uB9YV/YZOsjhdL1DOkEGzwGbmNrpSNWQ24RwvjU7a19EtRvO
Ty4AhzouUxaEH6nyJsQ8GzbTva3QhKN6hypWUfeBed5rpdQmq+Rk79oy1YjQlLPo
IbuwXJXEBE94/+vuriGQEA8E4S6QrokrrEQWfdGmYFR6UqXQ1YpffoCCUFlUWyKU
H6bvGgdu8TKbacd8E5mvPKO+UWGIA4p5EwaRkdu/CXjoqsGhcPjOwE0EZhQLBwEI
ANSQiRO2jf6yMhHTTlyHM6z4siVyJ7YAgpc8pPxtzPtijr/K4lUWqr9+mj7FBF5F
YbwG6DPWmm1n6vG5JmhT3+57MxOR9Z4smqD0v+48F1UD+2M7LQjUWNA0Z/QmQapL
qdVn24qKl7ONiw79iykkg1e0Ruzju3Ri6lg6+ehakAYlNFqmTTVIDNcw6rTiVfMi
WcumRDBxg/giTERjzkh0R5lZN6buybitEqKNTKQm3UYkxzT6EDl13wmPU0L+PO2Z
RhgEAy6y2ubhnAnAJAlb+m2If04pjM1d3CILmilEew7t5j2pTzyDKdYpbjiEcz+Y
bVGfFzOinbeYezZUjci4BD0AEQEAAcLAdgQYAQoAIBYhBCscPcjoCqmp+/5PtnA6
rZEEbNduBQJmFAsHAhsMAAoJEHA6rZEEbNduWvMIAI16CZMlL78YVwl/jhV6npfX
0M1YMGJa/D5Fp+df02gXwQAhnAZM0fVDR3T+qNGFEYbLOWsAD6feERXaE9L7fH6G
i2j+GV82b461nXfl5MT22o5UlT9iq2GUM5rGrL8LIcbt6ypdGpcOmasC6W3FM/eg
iHx7O4VZYukGvtx+mdznFUusE3y7PIdFx8cUcCPuTHPTZXkQiFapEsF45BEmhOdx
5nUZEC+cDd3S1WRpYpSoAE7bNGhNiu6YiWUtrNSt7+Ri2qSA499uEJyNxVLzY8DU
d38osSWIfGAFJb8+chdhNOnJOUg0NYacyvcOIDsmzYpxP69fbbLgbonATayFcLk=
=SlBa
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEKxw9yOgKqan7/k+2cDqtkQRs124FAmaqiccFAwAAAAAACgkQcDqtkQRs125o
cQgA1bxOb9fIB08u7hkWdJCzUeu9x3lgIFRpQVrIORcLVtYr92RS/tE9Ng+5STojPOQFzJUEgY8x
vi/dUJAgfkRLQe96Yi+eph7LpshNph0SZePy5NJd55k+4efZTVRMJNQEL5henrtkNMg+K2i70Tte
ov/nXkX9BHluSYP6XrPqXcB2yEsYkWcUP5lfTV1o5hAk8Gfe0BIc8uL3mi1djGrdVMxqJL9Sr+/R
PJES+oqV5h7sHVaABvrMHTW0B+qYA+kWUg5CKxSjXaJyKdnubKeZBZg7/CasuU2xqFKLfElahaJ/
V8Ad2Am4iBMWBMi7RqVsIllmhZHJuqr4kOeTE1v03A==
=EUuC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6913-2
July 31, 2024
php-cas vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
phpCAS was vulnerable to an authentication bypass.
Software Description:
- php-cas: Central Authentication Service client library in php
Details:
USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
This update provides the corresponding fix for Ubuntu 16.04 LTS.
Original advisory details:
Filip Hejsek discovered that phpCAS was using HTTP headers to determine
the service URL used to validate tickets. A remote attacker could
possibly use this issue to gain access to a victim's account on a
vulnerable CASified service.
This security update introduces an incompatible API change. After applying
this update, third party applications need to be modified to pass in an
additional service base URL argument when constructing the client class.
For more information please refer to the section
"Upgrading 1.5.0 -> 1.6.0" of the phpCAS upgrading document:
https://github.com/apereo/phpCAS/blob/master/docs/Upgrading
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
php-cas 1.3.3-2ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6913-2
https://ubuntu.com/security/notices/USN-6913-1
CVE-2022-39369
[USN-6937-1] OpenSSL vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaqcMQACgkQZWnYVadE
vpM6pxAAksY+5dgbfNnbnGoHmwmbEin/Pqmk97nzjRSwEAH01VEwb0v8N6aC65+2
i0TrKMo/hlfg6JVUL3+zjW9X2MXzF2/LjIBnh0mr1IY9sOYc0ziV76lE0xEL+aL4
Xb/HYNJ/EnGP6PJWj9QTTNW1OPJtO527UfdElhIRQjNqcqDfGq7JOO/wMyzMAHN7
V3pAyHu0qZIME1F1NrlHKGh/qR0QRYmByVwVHcBXCTjo3WV/wKabcKPqC7HRnTUA
xgskhuaM6twYVmq2ALEwTbs/oqSODcGVP5YXLMmsRkqcohPTlTERFgGjUcoikv59
RnC99AUywwbBL6nRmx9G6vEfMRe2qlBmfr8Mct0T4uIYZWboG+5IpNr1iScw2USY
NxGOC+LgUIcQ1TxCXIADki6xr3sMymIUcJE9RCTW70TRX/ZaH53/EHLUhaF/dac6
eDzDBj9WhMtjqTbeAmly1YCN4gg2HMWX6EjCOBuCX6JvfnCsB7oeeesAb+Z1uQW7
PckJ6vYkRMP+g8TnSm/NmN3/DvccfHBVfAXNWMpjNd8UeuP7bRHYlHBtnt2tghbi
P2JoY23BKF2jLnCRa4UkhBOP4x010sfHiyvrSMRaBFNZ3b+8GW+q2oU9TECIJs6F
exah6Rclp2E1dSCC3XCXVy/GtUlIFikXi3Mfcy2PND8MAA1CMF8=
=t0is
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6937-1
July 31, 2024
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2024-4741)
Joseph Birr-Pixton discovered that OpenSSL incorrectly handled calling a
certain API with an empty supported client protocols buffer. A remote
attacker could possibly use this issue to obtain sensitive information, or
cause OpenSSL to crash, resulting in a denial of service. (CVE-2024-5535)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.2
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.17
Ubuntu 20.04 LTS
libssl1.1 1.1.1f-1ubuntu2.23
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6937-1
CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.2
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.17
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.23
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaqcMQACgkQZWnYVadE
vpM6pxAAksY+5dgbfNnbnGoHmwmbEin/Pqmk97nzjRSwEAH01VEwb0v8N6aC65+2
i0TrKMo/hlfg6JVUL3+zjW9X2MXzF2/LjIBnh0mr1IY9sOYc0ziV76lE0xEL+aL4
Xb/HYNJ/EnGP6PJWj9QTTNW1OPJtO527UfdElhIRQjNqcqDfGq7JOO/wMyzMAHN7
V3pAyHu0qZIME1F1NrlHKGh/qR0QRYmByVwVHcBXCTjo3WV/wKabcKPqC7HRnTUA
xgskhuaM6twYVmq2ALEwTbs/oqSODcGVP5YXLMmsRkqcohPTlTERFgGjUcoikv59
RnC99AUywwbBL6nRmx9G6vEfMRe2qlBmfr8Mct0T4uIYZWboG+5IpNr1iScw2USY
NxGOC+LgUIcQ1TxCXIADki6xr3sMymIUcJE9RCTW70TRX/ZaH53/EHLUhaF/dac6
eDzDBj9WhMtjqTbeAmly1YCN4gg2HMWX6EjCOBuCX6JvfnCsB7oeeesAb+Z1uQW7
PckJ6vYkRMP+g8TnSm/NmN3/DvccfHBVfAXNWMpjNd8UeuP7bRHYlHBtnt2tghbi
P2JoY23BKF2jLnCRa4UkhBOP4x010sfHiyvrSMRaBFNZ3b+8GW+q2oU9TECIJs6F
exah6Rclp2E1dSCC3XCXVy/GtUlIFikXi3Mfcy2PND8MAA1CMF8=
=t0is
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6937-1
July 31, 2024
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2024-4741)
Joseph Birr-Pixton discovered that OpenSSL incorrectly handled calling a
certain API with an empty supported client protocols buffer. A remote
attacker could possibly use this issue to obtain sensitive information, or
cause OpenSSL to crash, resulting in a denial of service. (CVE-2024-5535)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.2
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.17
Ubuntu 20.04 LTS
libssl1.1 1.1.1f-1ubuntu2.23
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6937-1
CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.2
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.17
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.23
[USN-6938-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6938-1
July 31, 2024
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the device input subsystem in the Linux kernel did
not properly handle the case when an event code falls outside of a bitmap.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2022-48619)
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- Input Device Drivers (Mouse);
- MTD block device drivers;
- Network drivers;
- TTY drivers;
- USB subsystem;
- File systems infrastructure;
- F2FS file system;
- SMB network file system;
- BPF subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Unix domain sockets;
- Wireless networking;
(CVE-2024-26901, CVE-2021-46932, CVE-2024-26857, CVE-2024-26882,
CVE-2024-26934, CVE-2023-52449, CVE-2024-35982, CVE-2021-46933,
CVE-2023-52620, CVE-2023-52444, CVE-2024-26923, CVE-2023-52469,
CVE-2024-26886, CVE-2024-36902, CVE-2023-52436, CVE-2024-36016,
CVE-2024-26884, CVE-2021-46960, CVE-2021-47194, CVE-2023-52752,
CVE-2024-27020, CVE-2024-26840, CVE-2024-35997, CVE-2024-35984,
CVE-2024-35978)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1135-kvm 4.4.0-1135.145
Available with Ubuntu Pro
linux-image-4.4.0-1172-aws 4.4.0-1172.187
Available with Ubuntu Pro
linux-image-4.4.0-257-generic 4.4.0-257.291
Available with Ubuntu Pro
linux-image-4.4.0-257-lowlatency 4.4.0-257.291
Available with Ubuntu Pro
linux-image-aws 4.4.0.1172.176
Available with Ubuntu Pro
linux-image-generic 4.4.0.257.263
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1135.132
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.257.263
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
linux-image-virtual 4.4.0.257.263
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1134-aws 4.4.0-1134.140
Available with Ubuntu Pro
linux-image-4.4.0-257-generic 4.4.0-257.291~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-257-lowlatency 4.4.0-257.291~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1134.131
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6938-1
CVE-2021-46932, CVE-2021-46933, CVE-2021-46960, CVE-2021-47194,
CVE-2022-48619, CVE-2023-46343, CVE-2023-52436, CVE-2023-52444,
CVE-2023-52449, CVE-2023-52469, CVE-2023-52620, CVE-2023-52752,
CVE-2024-24857, CVE-2024-24858, CVE-2024-24859, CVE-2024-25739,
CVE-2024-26840, CVE-2024-26857, CVE-2024-26882, CVE-2024-26884,
CVE-2024-26886, CVE-2024-26901, CVE-2024-26923, CVE-2024-26934,
CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984,
CVE-2024-35997, CVE-2024-36016, CVE-2024-36902
Ubuntu Security Notice USN-6938-1
July 31, 2024
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the device input subsystem in the Linux kernel did
not properly handle the case when an event code falls outside of a bitmap.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2022-48619)
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- Input Device Drivers (Mouse);
- MTD block device drivers;
- Network drivers;
- TTY drivers;
- USB subsystem;
- File systems infrastructure;
- F2FS file system;
- SMB network file system;
- BPF subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Unix domain sockets;
- Wireless networking;
(CVE-2024-26901, CVE-2021-46932, CVE-2024-26857, CVE-2024-26882,
CVE-2024-26934, CVE-2023-52449, CVE-2024-35982, CVE-2021-46933,
CVE-2023-52620, CVE-2023-52444, CVE-2024-26923, CVE-2023-52469,
CVE-2024-26886, CVE-2024-36902, CVE-2023-52436, CVE-2024-36016,
CVE-2024-26884, CVE-2021-46960, CVE-2021-47194, CVE-2023-52752,
CVE-2024-27020, CVE-2024-26840, CVE-2024-35997, CVE-2024-35984,
CVE-2024-35978)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1135-kvm 4.4.0-1135.145
Available with Ubuntu Pro
linux-image-4.4.0-1172-aws 4.4.0-1172.187
Available with Ubuntu Pro
linux-image-4.4.0-257-generic 4.4.0-257.291
Available with Ubuntu Pro
linux-image-4.4.0-257-lowlatency 4.4.0-257.291
Available with Ubuntu Pro
linux-image-aws 4.4.0.1172.176
Available with Ubuntu Pro
linux-image-generic 4.4.0.257.263
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1135.132
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.257.263
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
linux-image-virtual 4.4.0.257.263
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.257.263
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1134-aws 4.4.0-1134.140
Available with Ubuntu Pro
linux-image-4.4.0-257-generic 4.4.0-257.291~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-257-lowlatency 4.4.0-257.291~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1134.131
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.257.291~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6938-1
CVE-2021-46932, CVE-2021-46933, CVE-2021-46960, CVE-2021-47194,
CVE-2022-48619, CVE-2023-46343, CVE-2023-52436, CVE-2023-52444,
CVE-2023-52449, CVE-2023-52469, CVE-2023-52620, CVE-2023-52752,
CVE-2024-24857, CVE-2024-24858, CVE-2024-24859, CVE-2024-25739,
CVE-2024-26840, CVE-2024-26857, CVE-2024-26882, CVE-2024-26884,
CVE-2024-26886, CVE-2024-26901, CVE-2024-26923, CVE-2024-26934,
CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984,
CVE-2024-35997, CVE-2024-36016, CVE-2024-36902
[USN-6935-1] Prometheus Alertmanager vulnerability
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCZqpdcQUDAAAAAAAKCRC7Ba3EKYsoKafn
AP452s2/iMvrWWidUs2sU9s9NjgIdXutwYYQtRq6vGsg1wEAjn/u2PzMBwpYxbek4/pNLA2RotPL
4LG3QbQx/PtDLgU=
=jm3y
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6935-1
July 31, 2024
prometheus-alertmanager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
prometheus-alertmanager could be made to expose sensitive information over
the network.
Software Description:
- prometheus-alertmanager: handle and deliver alerts created by Prometheus
Details:
It was discovered that prometheus-alertmanager didn't properly sanitize
input it received through an API endpoint. An attacker with permission to
send requests to this endpoint could potentially inject arbitrary code.
On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only
present if the UI has been explicitly activated.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
golang-github-prometheus-alertmanager-dev 0.23.0-4ubuntu0.2+esm1
Available with Ubuntu Pro
prometheus-alertmanager 0.23.0-4ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
golang-github-prometheus-alertmanager-dev 0.15.3+ds-3ubuntu1.2
prometheus-alertmanager 0.15.3+ds-3ubuntu1.2
Ubuntu 18.04 LTS
golang-github-prometheus-alertmanager-dev 0.6.2+ds-3ubuntu0.1+esm1
Available with Ubuntu Pro
prometheus-alertmanager 0.6.2+ds-3ubuntu0.1+esm1
Available with Ubuntu Pro
On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, once the updates have been
installed, you need to recompile and reinstall the UI components and
restart the prometheus-alertmanager service afterwards.
On Ubuntu 18.04 LTS, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6935-1
CVE-2023-40577
Package Information:
https://launchpad.net/ubuntu/+source/prometheus-alertmanager/0.15.3+ds-3ubuntu1.2
wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCZqpdcQUDAAAAAAAKCRC7Ba3EKYsoKafn
AP452s2/iMvrWWidUs2sU9s9NjgIdXutwYYQtRq6vGsg1wEAjn/u2PzMBwpYxbek4/pNLA2RotPL
4LG3QbQx/PtDLgU=
=jm3y
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6935-1
July 31, 2024
prometheus-alertmanager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
prometheus-alertmanager could be made to expose sensitive information over
the network.
Software Description:
- prometheus-alertmanager: handle and deliver alerts created by Prometheus
Details:
It was discovered that prometheus-alertmanager didn't properly sanitize
input it received through an API endpoint. An attacker with permission to
send requests to this endpoint could potentially inject arbitrary code.
On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only
present if the UI has been explicitly activated.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
golang-github-prometheus-alertmanager-dev 0.23.0-4ubuntu0.2+esm1
Available with Ubuntu Pro
prometheus-alertmanager 0.23.0-4ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
golang-github-prometheus-alertmanager-dev 0.15.3+ds-3ubuntu1.2
prometheus-alertmanager 0.15.3+ds-3ubuntu1.2
Ubuntu 18.04 LTS
golang-github-prometheus-alertmanager-dev 0.6.2+ds-3ubuntu0.1+esm1
Available with Ubuntu Pro
prometheus-alertmanager 0.6.2+ds-3ubuntu0.1+esm1
Available with Ubuntu Pro
On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, once the updates have been
installed, you need to recompile and reinstall the UI components and
restart the prometheus-alertmanager service afterwards.
On Ubuntu 18.04 LTS, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6935-1
CVE-2023-40577
Package Information:
https://launchpad.net/ubuntu/+source/prometheus-alertmanager/0.15.3+ds-3ubuntu1.2
[USN-6934-1] MySQL vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaqP30ACgkQZWnYVadE
vpNyxRAAlGAGqPIM7ByJHerLMBXaBvuqpbvcWljcLYjAXjvWOkJ4FBLwp0MuGBC8
NpKbl3LpX4Xtvhn05fGYtv/IEIwFAE0REPlF9vXZTc4dqLpvT40pCf1mKEFL/ex9
SL6Og41es270KNYZScEnSfYycUvn75UW+GHZCa76dq4mWLYlOp1W8RKl9CwxKyWh
rberucyBQlFfOBF0Ht0v19oRc1Ky2KbCA1lBP4qEYlI/0WL2GieSZ2LLkaRI2pAf
m8wI1o+u0Yr+7tt9zwRGuwThSoGZdRo6LyWrFU0Im5/YQ1Y9BrIqiWAFvdqZXTeo
VB3gN5SuR3klv9Q+gx7nzB564rRU3SLM/AOuXZ6wPolz7PdD0VK3ZxRAfRg9HGin
7zYAdzcd6sTNPvUeQA0Ge5BYaopygU1qi8D8WF6YB5/L1RM66INM6b98Q/tv+6tm
THVYjFxW7/1JfxSymYH/P81965e3JAy55p3oEyAWAs1GHAi95dX6pe3fkcj52ggr
14TMpahYVIFNQWlqO6P1u9XiIEfa5Lm4XI2mi91gJSVMa/H763KMNdCabzV9g0Mv
SIq+wPpBVT9Z3DkrofowGhcD/YZXXCLtrf9kPIIv1AAHupw//PHWIt+lP8o5/xF/
AntZ+x3uS5VJ+u95ivSgW2fGw/BxE8ieFO2YiBPMr+lGUiOTe5E=
=RZoD
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6934-1
July 31, 2024
mysql-8.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.0: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 24.04 LTS.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html
https://www.oracle.com/security-alerts/cpujul2024.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.22.04.1
Ubuntu 20.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6934-1
CVE-2024-20996, CVE-2024-21125, CVE-2024-21127, CVE-2024-21129,
CVE-2024-21130, CVE-2024-21134, CVE-2024-21142, CVE-2024-21162,
CVE-2024-21163, CVE-2024-21165, CVE-2024-21171, CVE-2024-21173,
CVE-2024-21177, CVE-2024-21179, CVE-2024-21185
Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.20.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaqP30ACgkQZWnYVadE
vpNyxRAAlGAGqPIM7ByJHerLMBXaBvuqpbvcWljcLYjAXjvWOkJ4FBLwp0MuGBC8
NpKbl3LpX4Xtvhn05fGYtv/IEIwFAE0REPlF9vXZTc4dqLpvT40pCf1mKEFL/ex9
SL6Og41es270KNYZScEnSfYycUvn75UW+GHZCa76dq4mWLYlOp1W8RKl9CwxKyWh
rberucyBQlFfOBF0Ht0v19oRc1Ky2KbCA1lBP4qEYlI/0WL2GieSZ2LLkaRI2pAf
m8wI1o+u0Yr+7tt9zwRGuwThSoGZdRo6LyWrFU0Im5/YQ1Y9BrIqiWAFvdqZXTeo
VB3gN5SuR3klv9Q+gx7nzB564rRU3SLM/AOuXZ6wPolz7PdD0VK3ZxRAfRg9HGin
7zYAdzcd6sTNPvUeQA0Ge5BYaopygU1qi8D8WF6YB5/L1RM66INM6b98Q/tv+6tm
THVYjFxW7/1JfxSymYH/P81965e3JAy55p3oEyAWAs1GHAi95dX6pe3fkcj52ggr
14TMpahYVIFNQWlqO6P1u9XiIEfa5Lm4XI2mi91gJSVMa/H763KMNdCabzV9g0Mv
SIq+wPpBVT9Z3DkrofowGhcD/YZXXCLtrf9kPIIv1AAHupw//PHWIt+lP8o5/xF/
AntZ+x3uS5VJ+u95ivSgW2fGw/BxE8ieFO2YiBPMr+lGUiOTe5E=
=RZoD
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6934-1
July 31, 2024
mysql-8.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.0: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 24.04 LTS.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html
https://www.oracle.com/security-alerts/cpujul2024.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.22.04.1
Ubuntu 20.04 LTS
mysql-server-8.0 8.0.39-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6934-1
CVE-2024-20996, CVE-2024-21125, CVE-2024-21127, CVE-2024-21129,
CVE-2024-21130, CVE-2024-21134, CVE-2024-21142, CVE-2024-21162,
CVE-2024-21163, CVE-2024-21165, CVE-2024-21171, CVE-2024-21173,
CVE-2024-21177, CVE-2024-21179, CVE-2024-21185
Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.39-0ubuntu0.20.04.1
[USN-6932-1] OpenJDK 21 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapypUFAwAAAAAACgkQWNrRIKaTkWdD
7BAA4LJULsxFVvlAlWvs4R/nkbtYhu/P6NkopKD5y28RkO3vUMtuVcjtdNVe0ojYDeZYMnE+zSsm
4PEruHkMaDadaNLoT/L5IXJ+Ft2IkCwzflUdL7IQgedp1rdm3yOFVBfwyqiAUb/7AcoMn/5JmlHw
29oVOYQ3xCSzv2QThlEiHVKnmK9UsppzNXxEHRvUobcs93RAcsKhdMZ/vPfiyoFgYTodp6kcjz/5
gAiWtw+qLwITKV0v5TK1h1TAcs75XJ+tJjCMFu5zCHt30lHwv/Ipve0jwIv1ub03Y4w8bIqNV92a
XS0Gnlmz+hnwp8HvDngHhD0oE7Hhjm/UNVWrLbHzXJyQHQ/xg7GYYFK0HP3/CrP6Mj5SSFgkLgEH
OkQULd1PNd/Ca+KPLtasG2peQowBLb7Na7UHypWELFMk4xtOzb/vw1FTufoAQzPFn4f9LTPqzVxh
8AVdusO8q4LLqUEUooptobYcKklGkgugsphryh4jYTYupWQnWyuTbbnB+pHQ8ZVsqSy4rYKyhnrk
pavxEVaUQ2atStpoFI50S4Wr2vJcRcpW6z+i83a1LJg4Tjyq03mjdD5xsO8C6z+xNWZiElBzAKrh
LnAEoM0Tr+6uxGuNXak/ek565TIQpo6B+BM/GMJg9ao8F5Elbt/8t+Fenv47Ggga0re1lEDEtbV+
L80=
=eun1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6932-1
July 31, 2024
openjdk-21 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 21.
Software Description:
- openjdk-21: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 21 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 21 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 21 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Sergey Bylokhov discovered that OpenJDK 21 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 21 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~24.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~24.04
Ubuntu 22.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~22.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~22.04
Ubuntu 20.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~20.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6932-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145,
CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~24.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~22.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~20.04
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapypUFAwAAAAAACgkQWNrRIKaTkWdD
7BAA4LJULsxFVvlAlWvs4R/nkbtYhu/P6NkopKD5y28RkO3vUMtuVcjtdNVe0ojYDeZYMnE+zSsm
4PEruHkMaDadaNLoT/L5IXJ+Ft2IkCwzflUdL7IQgedp1rdm3yOFVBfwyqiAUb/7AcoMn/5JmlHw
29oVOYQ3xCSzv2QThlEiHVKnmK9UsppzNXxEHRvUobcs93RAcsKhdMZ/vPfiyoFgYTodp6kcjz/5
gAiWtw+qLwITKV0v5TK1h1TAcs75XJ+tJjCMFu5zCHt30lHwv/Ipve0jwIv1ub03Y4w8bIqNV92a
XS0Gnlmz+hnwp8HvDngHhD0oE7Hhjm/UNVWrLbHzXJyQHQ/xg7GYYFK0HP3/CrP6Mj5SSFgkLgEH
OkQULd1PNd/Ca+KPLtasG2peQowBLb7Na7UHypWELFMk4xtOzb/vw1FTufoAQzPFn4f9LTPqzVxh
8AVdusO8q4LLqUEUooptobYcKklGkgugsphryh4jYTYupWQnWyuTbbnB+pHQ8ZVsqSy4rYKyhnrk
pavxEVaUQ2atStpoFI50S4Wr2vJcRcpW6z+i83a1LJg4Tjyq03mjdD5xsO8C6z+xNWZiElBzAKrh
LnAEoM0Tr+6uxGuNXak/ek565TIQpo6B+BM/GMJg9ao8F5Elbt/8t+Fenv47Ggga0re1lEDEtbV+
L80=
=eun1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6932-1
July 31, 2024
openjdk-21 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 21.
Software Description:
- openjdk-21: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 21 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 21 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 21 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Sergey Bylokhov discovered that OpenJDK 21 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 21 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~24.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~24.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~24.04
Ubuntu 22.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~22.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~22.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~22.04
Ubuntu 20.04 LTS
openjdk-21-jdk 21.0.4+7-1ubuntu2~20.04
openjdk-21-jdk-headless 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre-headless 21.0.4+7-1ubuntu2~20.04
openjdk-21-jre-zero 21.0.4+7-1ubuntu2~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6932-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145,
CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~24.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~22.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.4+7-1ubuntu2~20.04
[USN-6931-1] OpenJDK 17 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapyl8FAwAAAAAACgkQWNrRIKaTkWcG
vg/+LlT6Whq4Sa6HWdOJSZRbdDVRGy2Au3FtyhGQSROnUtN0YnCQZGCFSMKFc6czs1BBrRcDw3aV
38WsiriLpTksH5Lxn9yZD5ze5S6a9JKELarVsM0v8deyN1Y/4w7COycA1Zp52tFvIPVfdzDyVwPJ
0i765rF9OnzppYuFEnQPuvFXi01pnKMav2iLVh0UOAwlt9kXovBS6FaESxPCQ1dwt2/ntU3AhTnZ
fRLs2NBUw8z66OYBf68KiRwehcH54F8xwC3FllVYnjHUQH8dyhgoJLjMaBvLVoLHyI5QiFItiKw6
VeR5R4hAfox2eAvIevUxDasD5x7zhlJWpmwoYryts4D/8zwcnMCcbLFgQjmNEI3iiqCmn28094u/
ClvH9MpjGtH0dD7XiSHTukrYK5PVazxeZwHvmQCOLRfzWneFT9kRG5aGQI1UOgM7sIVWsU33864u
HJWTuEQx8br07YWXSq7Qs9jkp8e1PdfIFOJkp3nss0nFEKKqjvAIOhWHnZrz6GRnZj9IvFe4fSJn
pKHfxCc0p2gcTjdJs+/DgxH/84fd1Kz2gaCB4EH3tIgzf7OvsuYut9lNvG04vIFGUp3cPFrxemPx
5Bg4kXlutybfmE9zH6Z5uPb0xXe5dhEEr/DGaKhqud5PI2RtKLre5hNL1e2hHpVhayjaY0s6Zs90
TFw=
=PCVH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6931-1
July 31, 2024
openjdk-17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 17.
Software Description:
- openjdk-17: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 17 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 17 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 17 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Sergey Bylokhov discovered that OpenJDK 17 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 17 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~24.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~24.04
Ubuntu 22.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~22.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~22.04
Ubuntu 20.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~20.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6931-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145,
CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~24.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~20.04
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapyl8FAwAAAAAACgkQWNrRIKaTkWcG
vg/+LlT6Whq4Sa6HWdOJSZRbdDVRGy2Au3FtyhGQSROnUtN0YnCQZGCFSMKFc6czs1BBrRcDw3aV
38WsiriLpTksH5Lxn9yZD5ze5S6a9JKELarVsM0v8deyN1Y/4w7COycA1Zp52tFvIPVfdzDyVwPJ
0i765rF9OnzppYuFEnQPuvFXi01pnKMav2iLVh0UOAwlt9kXovBS6FaESxPCQ1dwt2/ntU3AhTnZ
fRLs2NBUw8z66OYBf68KiRwehcH54F8xwC3FllVYnjHUQH8dyhgoJLjMaBvLVoLHyI5QiFItiKw6
VeR5R4hAfox2eAvIevUxDasD5x7zhlJWpmwoYryts4D/8zwcnMCcbLFgQjmNEI3iiqCmn28094u/
ClvH9MpjGtH0dD7XiSHTukrYK5PVazxeZwHvmQCOLRfzWneFT9kRG5aGQI1UOgM7sIVWsU33864u
HJWTuEQx8br07YWXSq7Qs9jkp8e1PdfIFOJkp3nss0nFEKKqjvAIOhWHnZrz6GRnZj9IvFe4fSJn
pKHfxCc0p2gcTjdJs+/DgxH/84fd1Kz2gaCB4EH3tIgzf7OvsuYut9lNvG04vIFGUp3cPFrxemPx
5Bg4kXlutybfmE9zH6Z5uPb0xXe5dhEEr/DGaKhqud5PI2RtKLre5hNL1e2hHpVhayjaY0s6Zs90
TFw=
=PCVH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6931-1
July 31, 2024
openjdk-17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 17.
Software Description:
- openjdk-17: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 17 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 17 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 17 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Sergey Bylokhov discovered that OpenJDK 17 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 17 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~24.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~24.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~24.04
Ubuntu 22.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~22.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~22.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~22.04
Ubuntu 20.04 LTS
openjdk-17-jdk 17.0.12+7-1ubuntu2~20.04
openjdk-17-jdk-headless 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre-headless 17.0.12+7-1ubuntu2~20.04
openjdk-17-jre-zero 17.0.12+7-1ubuntu2~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6931-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21145,
CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~24.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.12+7-1ubuntu2~20.04
[USN-6930-1] OpenJDK 11 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapyjsFAwAAAAAACgkQWNrRIKaTkWdH
nQ//S4rZVLtPVD153XdFqCsAoqCJt2z5kaNWWhVW8PHc/Dn7T2gRWUibDwydvFWO9k5TrDviEpUC
+J6dZv+fjywiIO0QnPT5pu68OMM/s5577YG2Mm1UCotwXMUeIGe5VCl3pM1wXzGivm5BFF2cy5Mq
j+VjjgIUJZxQlEcCfoHWqGGZztaJ/jcu5mLtSM49Mx6tZheyrtKuX+8zi4MaBYNwPhk4IfEvF0QI
137+8ycJmnOUw3r2hRAhIiKkEvgkzzxEkDCURZrnX35MrkpyyFv8rIi5JbB41yzmbGRl/kDPuvjo
cJAzPL3MVFC6hC7o00cah9uI5uoCCL4CNUpHQtktIpTDtpY3/B8gPy0mu0BRAWNYVodq2VWhNey8
0NbZ+Fm+8eobyvRFe71a0Ltdmes2K9r6+lcCVi22uYTC6Po6EaWncgUuPkLvKxKVzQ7Pg/RKs0Gy
BfRLf+llxMgvaRcLa+E2dAgnUqcT+7W+ox+2UnO4QJ9vDw8xrZofivnY616uNz89WKMk3KpU3vSY
Kkp8721PH5/PCCFTH0nlKRv+72G1Dp4Lb10pU+aU9S21mvxg2CLP+A7koUsr+h8SlT1mwmsS2R4r
cF2QiK/hmkFecL4mJHJBkzcCwt6LsJt9refCAH4TwXhn2xSU3cg23DF67AN15Nu1a3fWDN6kq0DR
Z3g=
=gOHr
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6930-1
July 31, 2024
openjdk-lts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 11.
Software Description:
- openjdk-lts: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 11 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 11 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 11 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Yakov Shafranovich discovered that the Concurrency component of OpenJDK 11
incorrectly performed header validation in the Pack200 archive format. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21144)
Sergey Bylokhov discovered that OpenJDK 11 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 11 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~24.04.1
Ubuntu 22.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~22.04
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~22.04
Ubuntu 20.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~20.04
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6930-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~24.04.1
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~20.04
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapyjsFAwAAAAAACgkQWNrRIKaTkWdH
nQ//S4rZVLtPVD153XdFqCsAoqCJt2z5kaNWWhVW8PHc/Dn7T2gRWUibDwydvFWO9k5TrDviEpUC
+J6dZv+fjywiIO0QnPT5pu68OMM/s5577YG2Mm1UCotwXMUeIGe5VCl3pM1wXzGivm5BFF2cy5Mq
j+VjjgIUJZxQlEcCfoHWqGGZztaJ/jcu5mLtSM49Mx6tZheyrtKuX+8zi4MaBYNwPhk4IfEvF0QI
137+8ycJmnOUw3r2hRAhIiKkEvgkzzxEkDCURZrnX35MrkpyyFv8rIi5JbB41yzmbGRl/kDPuvjo
cJAzPL3MVFC6hC7o00cah9uI5uoCCL4CNUpHQtktIpTDtpY3/B8gPy0mu0BRAWNYVodq2VWhNey8
0NbZ+Fm+8eobyvRFe71a0Ltdmes2K9r6+lcCVi22uYTC6Po6EaWncgUuPkLvKxKVzQ7Pg/RKs0Gy
BfRLf+llxMgvaRcLa+E2dAgnUqcT+7W+ox+2UnO4QJ9vDw8xrZofivnY616uNz89WKMk3KpU3vSY
Kkp8721PH5/PCCFTH0nlKRv+72G1Dp4Lb10pU+aU9S21mvxg2CLP+A7koUsr+h8SlT1mwmsS2R4r
cF2QiK/hmkFecL4mJHJBkzcCwt6LsJt9refCAH4TwXhn2xSU3cg23DF67AN15Nu1a3fWDN6kq0DR
Z3g=
=gOHr
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6930-1
July 31, 2024
openjdk-lts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 11.
Software Description:
- openjdk-lts: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 11 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 11 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 11 did not
properly perform range check elimination. An attacker could possibly use
this issue to cause a denial of service, execute arbitrary code or bypass
Java sandbox restrictions. (CVE-2024-21140)
Yakov Shafranovich discovered that the Concurrency component of OpenJDK 11
incorrectly performed header validation in the Pack200 archive format. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21144)
Sergey Bylokhov discovered that OpenJDK 11 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 11 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~24.04.1
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~24.04.1
Ubuntu 22.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~22.04
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~22.04
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~22.04
Ubuntu 20.04 LTS
openjdk-11-jdk 11.0.24+8-1ubuntu3~20.04
openjdk-11-jdk-headless 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre-headless 11.0.24+8-1ubuntu3~20.04
openjdk-11-jre-zero 11.0.24+8-1ubuntu3~20.04
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6930-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~24.04.1
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3~20.04
[USN-6929-1] OpenJDK 8 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapygUFAwAAAAAACgkQWNrRIKaTkWd5
LQ//eVd3abLi3XG6L7dHu6f5Zodq7h+z+cPdlEm7223/4yGkEokBvUiX5tOTX5JVSAYOk0hg36Zk
CZQN16jxkgUrKtMdKYPL3MS8nTSENgdhrFO/mCnoIblSGh5B+t8vdJ+8waADvJ4pfwGLTyXW6Wzr
0vlVgSYpvmkhXhcyFZ6zC2vbfGiraRmA5hgV7pm7LRTrSP7pwEHN/f0Stqk+M8p9QrQre5FPG1da
LuoQ+MmmLViPlrnyhB2WcFbgYWuygwdlZ58oUwyhkc4Jmp2HEdTD77KnaRWGaDoSBs86nasWmnHy
skvdMV490N1lhQwaTzU9aVlhjraGacChHKfRgBWV+D/vKAxBon4+P2vyB0BkflNVv4kvJuQPnZhA
oFEnBgvwUEMrWOsqOCWCQBxzRxAcfHVR0zUXuNtPh+hbzjnU8GJUh1EFDSnP/A8ONUhG2zSGHgOV
r4QrINdKjqpqpTSwCpZFk+WuYDXLfSXId43KP2IXjllwN+wQtanra2Dz0cExMSx7WBOrOaT96SHl
BEb2SP5BPfB0OUbW/wfsJrXjowXOkpoUFieR3qU6Wkfqx8wqE75NYNw+MrwKyH3cuLioqBAu6SIF
0zUtFnjC/iarv2o0ouddPUuk/2kv1LLgjGLUXlSPbGtJkAKHG0vmOIY0uokXBFk4+HKFaSaBKSwC
hhU=
=eRxp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6929-1
July 31, 2024
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 8 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 8 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 8 did not properly
perform range check elimination. An attacker could possibly use this issue
to cause a denial of service, execute arbitrary code or bypass Java
sandbox restrictions. (CVE-2024-21140)
Yakov Shafranovich discovered that the Concurrency component of OpenJDK 8
incorrectly performed header validation in the Pack200 archive format. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21144)
Sergey Bylokhov discovered that OpenJDK 8 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 8 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-8-jdk 8u422-b05-1~24.04
openjdk-8-jdk-headless 8u422-b05-1~24.04
openjdk-8-jre 8u422-b05-1~24.04
openjdk-8-jre-headless 8u422-b05-1~24.04
openjdk-8-jre-zero 8u422-b05-1~24.04
Ubuntu 22.04 LTS
openjdk-8-jdk 8u422-b05-1~22.04
openjdk-8-jdk-headless 8u422-b05-1~22.04
openjdk-8-jre 8u422-b05-1~22.04
openjdk-8-jre-headless 8u422-b05-1~22.04
openjdk-8-jre-zero 8u422-b05-1~22.04
Ubuntu 20.04 LTS
openjdk-8-jdk 8u422-b05-1~20.04
openjdk-8-jdk-headless 8u422-b05-1~20.04
openjdk-8-jre 8u422-b05-1~20.04
openjdk-8-jre-headless 8u422-b05-1~20.04
openjdk-8-jre-zero 8u422-b05-1~20.04
Ubuntu 18.04 LTS
openjdk-8-jdk 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u422-b05-1~18.04
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6929-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~22.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~20.04
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmapygUFAwAAAAAACgkQWNrRIKaTkWd5
LQ//eVd3abLi3XG6L7dHu6f5Zodq7h+z+cPdlEm7223/4yGkEokBvUiX5tOTX5JVSAYOk0hg36Zk
CZQN16jxkgUrKtMdKYPL3MS8nTSENgdhrFO/mCnoIblSGh5B+t8vdJ+8waADvJ4pfwGLTyXW6Wzr
0vlVgSYpvmkhXhcyFZ6zC2vbfGiraRmA5hgV7pm7LRTrSP7pwEHN/f0Stqk+M8p9QrQre5FPG1da
LuoQ+MmmLViPlrnyhB2WcFbgYWuygwdlZ58oUwyhkc4Jmp2HEdTD77KnaRWGaDoSBs86nasWmnHy
skvdMV490N1lhQwaTzU9aVlhjraGacChHKfRgBWV+D/vKAxBon4+P2vyB0BkflNVv4kvJuQPnZhA
oFEnBgvwUEMrWOsqOCWCQBxzRxAcfHVR0zUXuNtPh+hbzjnU8GJUh1EFDSnP/A8ONUhG2zSGHgOV
r4QrINdKjqpqpTSwCpZFk+WuYDXLfSXId43KP2IXjllwN+wQtanra2Dz0cExMSx7WBOrOaT96SHl
BEb2SP5BPfB0OUbW/wfsJrXjowXOkpoUFieR3qU6Wkfqx8wqE75NYNw+MrwKyH3cuLioqBAu6SIF
0zUtFnjC/iarv2o0ouddPUuk/2kv1LLgjGLUXlSPbGtJkAKHG0vmOIY0uokXBFk4+HKFaSaBKSwC
hhU=
=eRxp
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6929-1
July 31, 2024
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the Hotspot component of OpenJDK 8 was not properly
performing bounds when handling certain UTF-8 strings, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 8 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 8 did not properly
perform range check elimination. An attacker could possibly use this issue
to cause a denial of service, execute arbitrary code or bypass Java
sandbox restrictions. (CVE-2024-21140)
Yakov Shafranovich discovered that the Concurrency component of OpenJDK 8
incorrectly performed header validation in the Pack200 archive format. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21144)
Sergey Bylokhov discovered that OpenJDK 8 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 8 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. (CVE-2024-21147)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
openjdk-8-jdk 8u422-b05-1~24.04
openjdk-8-jdk-headless 8u422-b05-1~24.04
openjdk-8-jre 8u422-b05-1~24.04
openjdk-8-jre-headless 8u422-b05-1~24.04
openjdk-8-jre-zero 8u422-b05-1~24.04
Ubuntu 22.04 LTS
openjdk-8-jdk 8u422-b05-1~22.04
openjdk-8-jdk-headless 8u422-b05-1~22.04
openjdk-8-jre 8u422-b05-1~22.04
openjdk-8-jre-headless 8u422-b05-1~22.04
openjdk-8-jre-zero 8u422-b05-1~22.04
Ubuntu 20.04 LTS
openjdk-8-jdk 8u422-b05-1~20.04
openjdk-8-jdk-headless 8u422-b05-1~20.04
openjdk-8-jre 8u422-b05-1~20.04
openjdk-8-jre-headless 8u422-b05-1~20.04
openjdk-8-jre-zero 8u422-b05-1~20.04
Ubuntu 18.04 LTS
openjdk-8-jdk 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u422-b05-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u422-b05-1~18.04
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6929-1
CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144,
CVE-2024-21145, CVE-2024-21147
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~22.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u422-b05-1~20.04
Tuesday, July 30, 2024
[announce] Aug 7: Brian Callahan "Once again, I've done something no one asked for"
"Once again, I've done something no one asked for": New (and old!)
C/C++ compilers for your next *BSD adventure: a tale of advocacy: and a
sub-sub-subtitle to drum up intrigue, Brian Callahan
2024-08-07 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn
RSVP: Those ethier considering or wishing to attend, a guest list is
required by the venue. Please RVSP to rsvp at lists dot nycbug dot org
no later than noon localtime, day-of; an acknowledgement will be sent
and the email address will be used solely for the purpose of attendance
to this meeting's venue.
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
At NYCBSDCon 2007, a talk titled "BSD is Dying" took the world by storm.
Two years later at DCBSDCon 2009, we got the follow-up "BSD is (Still)
Dying." A year later, "BSD Needs Books" was presented at NYCBSDCon 2010,
followed up with "BSD Breaking Barriers" at NYCBSDCon 2014.
These excellent presentations fall into what I call "BSD advocacy for
everyone" talks. That is, talks that can get anyone excited about
joining the *BSD community and fully bringing themselves and their
skills and gifts to our little piece of human history. But the most
recent of the talks above is a decade old at this point. What should a
"BSD advocacy for everyone" talk look like in 2024? How ought we
communicate the value of the software and ourselves to the broader world
today?
Come with me on an exciting journey on how I wrangled the proprietary
Oracle Developer Studio and Intel oneAPI DPC++/C++ compilers to run on
FreeBSD and NetBSD and output native binaries for those operating
systems. This journey is interesting to our question of "*BSD advocacy
for everyone" by highlighting the power of the BSDs, the flexibility to
undertake and excel at any task you might throw at them, and how many of
the perceived problems those on the outside might feel "hold us back"
are social, not technical, in nature, and how we can lead in turning the
tide on outsiders' thinking in myriads of easy and small, large, and
in-between ways.
This talk will leave you with more than a few laughs, insights on
"porting" proprietary software to the BSDs, and energized to be a *BSD
advocate in your communities.
Brian has been around the BSD community since 2005, NYCBUG since 2010,
and got his OpenBSD account in 2013; he primarily works on OpenBSD
ports. In 2014, he moved to Troy, NY, where he has lived ever since. He
still does not appreciate the harsh upstate NY winters. Brian is the
Graduate Program Director for and a Senior Lecturer in the Information
Technology & Web Science program at Rensselaer Polytechnic Institute,
and the Founder and Director of the Rensselaer Cybersecurity
Collaboratory, the cybersecurity research lab and nationally leading CTF
team at RPI.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
C/C++ compilers for your next *BSD adventure: a tale of advocacy: and a
sub-sub-subtitle to drum up intrigue, Brian Callahan
2024-08-07 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn
RSVP: Those ethier considering or wishing to attend, a guest list is
required by the venue. Please RVSP to rsvp at lists dot nycbug dot org
no later than noon localtime, day-of; an acknowledgement will be sent
and the email address will be used solely for the purpose of attendance
to this meeting's venue.
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
At NYCBSDCon 2007, a talk titled "BSD is Dying" took the world by storm.
Two years later at DCBSDCon 2009, we got the follow-up "BSD is (Still)
Dying." A year later, "BSD Needs Books" was presented at NYCBSDCon 2010,
followed up with "BSD Breaking Barriers" at NYCBSDCon 2014.
These excellent presentations fall into what I call "BSD advocacy for
everyone" talks. That is, talks that can get anyone excited about
joining the *BSD community and fully bringing themselves and their
skills and gifts to our little piece of human history. But the most
recent of the talks above is a decade old at this point. What should a
"BSD advocacy for everyone" talk look like in 2024? How ought we
communicate the value of the software and ourselves to the broader world
today?
Come with me on an exciting journey on how I wrangled the proprietary
Oracle Developer Studio and Intel oneAPI DPC++/C++ compilers to run on
FreeBSD and NetBSD and output native binaries for those operating
systems. This journey is interesting to our question of "*BSD advocacy
for everyone" by highlighting the power of the BSDs, the flexibility to
undertake and excel at any task you might throw at them, and how many of
the perceived problems those on the outside might feel "hold us back"
are social, not technical, in nature, and how we can lead in turning the
tide on outsiders' thinking in myriads of easy and small, large, and
in-between ways.
This talk will leave you with more than a few laughs, insights on
"porting" proprietary software to the BSDs, and energized to be a *BSD
advocate in your communities.
Brian has been around the BSD community since 2005, NYCBUG since 2010,
and got his OpenBSD account in 2013; he primarily works on OpenBSD
ports. In 2014, he moved to Troy, NY, where he has lived ever since. He
still does not appreciate the harsh upstate NY winters. Brian is the
Graduate Program Director for and a Senior Lecturer in the Information
Technology & Web Science program at Rensselaer Polytechnic Institute,
and the Founder and Director of the Rensselaer Cybersecurity
Collaboratory, the cybersecurity research lab and nationally leading CTF
team at RPI.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
[USN-6928-1] Python vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmapFewACgkQZWnYVadE
vpPi9BAAuKqXMgqok+MqVbSmikX2McuaOADYx/8NFTHZXfoMrj3dNarqNGbAo9e5
x0OK5g7oMIQY39fojrGNEnq0PlmW9z8aldc9/ijOE9DATHjapaYuvqEorUgqvNzh
FENskxyJuAQIWyN00fuv94YGqK+LF7yyIBHio7nXG96daybhPD84NdDouOMcxkAr
NpP3O/jy7aaW7ADa0T7dLd70r77SlJrrM4D2tHh91UTt0Q6265WKPxf/Cu92QO0k
xOu/K/vg84cOsj46vnyp1mNQ+s25mRCqG89O8a4vAcTwi5BVUJ3hvm5gKEk6tDFj
D8gBQGYx2/mlsz9F0y0Hg9o7ymL4UldMrCtbNJm2W2CbIXPRBFsMpnfc0mvbvu6K
WZNvCKM6ttBun+y2MZekDA2HzNZ2tnpUUhsUMheY5YAq9FyUz4u4hgbGQ1zCdUv7
+gH5Is8+p8xDoy0C4MaObuMvwG2JxW7aBI3tJ4R/j5d68Zsx52qzjCNJW/cTZpMZ
0f4jksfiU4I2tO0Me62XnUWLYhWXlJmj/pa2PZJEnVL7CcT+szxP7nW8utrdBCeU
EcHsG6s6EGh8n6OwN9FTvaC4UTkOCRClSc+v7HGqddBAgDL7lDNflhSmMs35Em9p
IzBmkBhjJuTyL9DEzmTKo/2wkFxa5jMM5J0sBXgI90GW8NNBjWU=
=0bZF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6928-1
July 30, 2024
python3.10, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
Details:
It was discovered that the Python ssl module contained a memory race
condition when handling the APIs to obtain the CA certificates and
certificate store statistics. This could possibly result in applications
obtaining wrong results, leading to various SSL issues. (CVE-2024-0397)
It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered "private" or
"globally reachable". This could possibly result in applications applying
incorrect security policies. (CVE-2024-4032)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3.10 3.10.12-1~22.04.5
python3.10-minimal 3.10.12-1~22.04.5
Ubuntu 20.04 LTS
python3.8 3.8.10-0ubuntu1~20.04.11
python3.8-minimal 3.8.10-0ubuntu1~20.04.11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6928-1
CVE-2024-0397, CVE-2024-4032
Package Information:
https://launchpad.net/ubuntu/+source/python3.10/3.10.12-1~22.04.5
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.11
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmapFewACgkQZWnYVadE
vpPi9BAAuKqXMgqok+MqVbSmikX2McuaOADYx/8NFTHZXfoMrj3dNarqNGbAo9e5
x0OK5g7oMIQY39fojrGNEnq0PlmW9z8aldc9/ijOE9DATHjapaYuvqEorUgqvNzh
FENskxyJuAQIWyN00fuv94YGqK+LF7yyIBHio7nXG96daybhPD84NdDouOMcxkAr
NpP3O/jy7aaW7ADa0T7dLd70r77SlJrrM4D2tHh91UTt0Q6265WKPxf/Cu92QO0k
xOu/K/vg84cOsj46vnyp1mNQ+s25mRCqG89O8a4vAcTwi5BVUJ3hvm5gKEk6tDFj
D8gBQGYx2/mlsz9F0y0Hg9o7ymL4UldMrCtbNJm2W2CbIXPRBFsMpnfc0mvbvu6K
WZNvCKM6ttBun+y2MZekDA2HzNZ2tnpUUhsUMheY5YAq9FyUz4u4hgbGQ1zCdUv7
+gH5Is8+p8xDoy0C4MaObuMvwG2JxW7aBI3tJ4R/j5d68Zsx52qzjCNJW/cTZpMZ
0f4jksfiU4I2tO0Me62XnUWLYhWXlJmj/pa2PZJEnVL7CcT+szxP7nW8utrdBCeU
EcHsG6s6EGh8n6OwN9FTvaC4UTkOCRClSc+v7HGqddBAgDL7lDNflhSmMs35Em9p
IzBmkBhjJuTyL9DEzmTKo/2wkFxa5jMM5J0sBXgI90GW8NNBjWU=
=0bZF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6928-1
July 30, 2024
python3.10, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.10: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
Details:
It was discovered that the Python ssl module contained a memory race
condition when handling the APIs to obtain the CA certificates and
certificate store statistics. This could possibly result in applications
obtaining wrong results, leading to various SSL issues. (CVE-2024-0397)
It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered "private" or
"globally reachable". This could possibly result in applications applying
incorrect security policies. (CVE-2024-4032)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3.10 3.10.12-1~22.04.5
python3.10-minimal 3.10.12-1~22.04.5
Ubuntu 20.04 LTS
python3.8 3.8.10-0ubuntu1~20.04.11
python3.8-minimal 3.8.10-0ubuntu1~20.04.11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6928-1
CVE-2024-0397, CVE-2024-4032
Package Information:
https://launchpad.net/ubuntu/+source/python3.10/3.10.12-1~22.04.5
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.11
[USN-6924-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6924-2
July 30, 2024
linux-aws, linux-aws-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2022-48655, CVE-2024-36016, CVE-2024-26584, CVE-2021-47131,
CVE-2024-26907, CVE-2024-26585, CVE-2024-26583)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1129-aws 5.4.0-1129.139
linux-image-aws-lts-20.04 5.4.0.1129.126
Ubuntu 18.04 LTS
linux-image-5.4.0-1129-aws 5.4.0-1129.139~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1129.139~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6924-2
https://ubuntu.com/security/notices/USN-6924-1
CVE-2021-47131, CVE-2022-48655, CVE-2024-26583, CVE-2024-26584,
CVE-2024-26585, CVE-2024-26907, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1129.139
Ubuntu Security Notice USN-6924-2
July 30, 2024
linux-aws, linux-aws-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2022-48655, CVE-2024-36016, CVE-2024-26584, CVE-2021-47131,
CVE-2024-26907, CVE-2024-26585, CVE-2024-26583)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1129-aws 5.4.0-1129.139
linux-image-aws-lts-20.04 5.4.0.1129.126
Ubuntu 18.04 LTS
linux-image-5.4.0-1129-aws 5.4.0-1129.139~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1129.139~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6924-2
https://ubuntu.com/security/notices/USN-6924-1
CVE-2021-47131, CVE-2022-48655, CVE-2024-26583, CVE-2024-26584,
CVE-2024-26585, CVE-2024-26907, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1129.139
[USN-6927-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6927-1
July 30, 2024
linux-gcp-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Accessibility subsystem;
- Android drivers;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cryptographic API;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- Device tree and open firmware driver;
- PCI subsystem;
- S/390 drivers;
- SCSI drivers;
- Freescale SoC drivers;
- Trusted Execution Environment drivers;
- TTY drivers;
- USB subsystem;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- FAT file system;
- Network file system client;
- Network file system server daemon;
- NILFS2 file system;
- Pstore file system;
- SMB network file system;
- UBI file system;
- Netfilter;
- BPF subsystem;
- Core kernel;
- PCI iomap interfaces;
- Memory management;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- Distributed Switch Architecture;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- IEEE 802.15.4 subsystem;
- NFC subsystem;
- Open vSwitch;
- RDS protocol;
- Network traffic control;
- SMC sockets;
- Unix domain sockets;
- eXpress Data Path;
- ALSA SH drivers;
- KVM core;
(CVE-2024-35902, CVE-2024-35958, CVE-2024-35978, CVE-2024-35886,
CVE-2024-35807, CVE-2024-26994, CVE-2024-36004, CVE-2024-35955,
CVE-2024-26925, CVE-2024-27059, CVE-2024-35989, CVE-2024-35940,
CVE-2024-26952, CVE-2024-35907, CVE-2024-35819, CVE-2024-35872,
CVE-2024-36016, CVE-2023-52488, CVE-2024-35884, CVE-2024-26886,
CVE-2024-27018, CVE-2024-35905, CVE-2024-35897, CVE-2024-26929,
CVE-2024-36007, CVE-2024-35855, CVE-2024-35885, CVE-2024-26965,
CVE-2024-35896, CVE-2024-36029, CVE-2024-35813, CVE-2024-26811,
CVE-2024-26923, CVE-2024-26961, CVE-2024-26958, CVE-2024-35997,
CVE-2024-35809, CVE-2024-27396, CVE-2023-52880, CVE-2024-26966,
CVE-2024-27017, CVE-2024-26812, CVE-2024-35960, CVE-2024-35805,
CVE-2024-35982, CVE-2024-35976, CVE-2024-35888, CVE-2024-26955,
CVE-2024-27019, CVE-2024-35970, CVE-2024-35984, CVE-2024-27393,
CVE-2024-26977, CVE-2024-27000, CVE-2024-35918, CVE-2024-26937,
CVE-2024-35785, CVE-2024-35933, CVE-2024-26973, CVE-2022-48808,
CVE-2024-35922, CVE-2024-35915, CVE-2024-35806, CVE-2024-26976,
CVE-2024-26934, CVE-2024-26981, CVE-2024-36005, CVE-2024-26935,
CVE-2024-26960, CVE-2024-26642, CVE-2024-27395, CVE-2024-35900,
CVE-2024-26814, CVE-2024-26922, CVE-2024-35804, CVE-2024-26957,
CVE-2024-35930, CVE-2023-52699, CVE-2024-36020, CVE-2024-35796,
CVE-2024-35934, CVE-2024-26931, CVE-2024-35899, CVE-2024-27004,
CVE-2024-35853, CVE-2024-35871, CVE-2024-26984, CVE-2024-35925,
CVE-2024-35969, CVE-2024-35789, CVE-2024-35879, CVE-2024-36006,
CVE-2024-26813, CVE-2024-35988, CVE-2024-36008, CVE-2024-35910,
CVE-2024-35791, CVE-2024-26974, CVE-2024-26993, CVE-2024-35849,
CVE-2024-26926, CVE-2024-35877, CVE-2024-26989, CVE-2024-35935,
CVE-2024-26817, CVE-2024-35912, CVE-2024-27013, CVE-2024-35973,
CVE-2024-35890, CVE-2024-35823, CVE-2024-35822, CVE-2024-27015,
CVE-2024-35944, CVE-2024-35821, CVE-2024-26687, CVE-2024-27009,
CVE-2024-35895, CVE-2024-35852, CVE-2024-35893, CVE-2024-26810,
CVE-2024-26950, CVE-2024-35817, CVE-2024-26996, CVE-2024-27020,
CVE-2024-35990, CVE-2024-26956, CVE-2024-27001, CVE-2024-26988,
CVE-2024-26629, CVE-2024-26654, CVE-2024-35851, CVE-2024-27437,
CVE-2024-35854, CVE-2024-35857, CVE-2024-26964, CVE-2024-35847,
CVE-2024-35936, CVE-2023-52752, CVE-2024-36025, CVE-2024-26924,
CVE-2024-26643, CVE-2024-26969, CVE-2024-35950, CVE-2024-35825,
CVE-2024-27016, CVE-2024-35938, CVE-2024-26999, CVE-2024-35898,
CVE-2024-26828, CVE-2024-35815, CVE-2024-26970, CVE-2024-26951,
CVE-2024-27008)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1065-gcp 5.15.0-1065.73~20.04.1
linux-image-gcp 5.15.0.1065.73~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6927-1
CVE-2022-38096, CVE-2022-48808, CVE-2023-52488, CVE-2023-52699,
CVE-2023-52752, CVE-2023-52880, CVE-2024-23307, CVE-2024-24857,
CVE-2024-24858, CVE-2024-24859, CVE-2024-24861, CVE-2024-25739,
CVE-2024-25742, CVE-2024-26629, CVE-2024-26642, CVE-2024-26643,
CVE-2024-26654, CVE-2024-26687, CVE-2024-26810, CVE-2024-26811,
CVE-2024-26812, CVE-2024-26813, CVE-2024-26814, CVE-2024-26817,
CVE-2024-26828, CVE-2024-26886, CVE-2024-26922, CVE-2024-26923,
CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26929,
CVE-2024-26931, CVE-2024-26934, CVE-2024-26935, CVE-2024-26937,
CVE-2024-26950, CVE-2024-26951, CVE-2024-26952, CVE-2024-26955,
CVE-2024-26956, CVE-2024-26957, CVE-2024-26958, CVE-2024-26960,
CVE-2024-26961, CVE-2024-26964, CVE-2024-26965, CVE-2024-26966,
CVE-2024-26969, CVE-2024-26970, CVE-2024-26973, CVE-2024-26974,
CVE-2024-26976, CVE-2024-26977, CVE-2024-26981, CVE-2024-26984,
CVE-2024-26988, CVE-2024-26989, CVE-2024-26993, CVE-2024-26994,
CVE-2024-26996, CVE-2024-26999, CVE-2024-27000, CVE-2024-27001,
CVE-2024-27004, CVE-2024-27008, CVE-2024-27009, CVE-2024-27013,
CVE-2024-27015, CVE-2024-27016, CVE-2024-27017, CVE-2024-27018,
CVE-2024-27019, CVE-2024-27020, CVE-2024-27059, CVE-2024-27393,
CVE-2024-27395, CVE-2024-27396, CVE-2024-27437, CVE-2024-35785,
CVE-2024-35789, CVE-2024-35791, CVE-2024-35796, CVE-2024-35804,
CVE-2024-35805, CVE-2024-35806, CVE-2024-35807, CVE-2024-35809,
CVE-2024-35813, CVE-2024-35815, CVE-2024-35817, CVE-2024-35819,
CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35825,
CVE-2024-35847, CVE-2024-35849, CVE-2024-35851, CVE-2024-35852,
CVE-2024-35853, CVE-2024-35854, CVE-2024-35855, CVE-2024-35857,
CVE-2024-35871, CVE-2024-35872, CVE-2024-35877, CVE-2024-35879,
CVE-2024-35884, CVE-2024-35885, CVE-2024-35886, CVE-2024-35888,
CVE-2024-35890, CVE-2024-35893, CVE-2024-35895, CVE-2024-35896,
CVE-2024-35897, CVE-2024-35898, CVE-2024-35899, CVE-2024-35900,
CVE-2024-35902, CVE-2024-35905, CVE-2024-35907, CVE-2024-35910,
CVE-2024-35912, CVE-2024-35915, CVE-2024-35918, CVE-2024-35922,
CVE-2024-35925, CVE-2024-35930, CVE-2024-35933, CVE-2024-35934,
CVE-2024-35935, CVE-2024-35936, CVE-2024-35938, CVE-2024-35940,
CVE-2024-35944, CVE-2024-35950, CVE-2024-35955, CVE-2024-35958,
CVE-2024-35960, CVE-2024-35969, CVE-2024-35970, CVE-2024-35973,
CVE-2024-35976, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984,
CVE-2024-35988, CVE-2024-35989, CVE-2024-35990, CVE-2024-35997,
CVE-2024-36004, CVE-2024-36005, CVE-2024-36006, CVE-2024-36007,
CVE-2024-36008, CVE-2024-36016, CVE-2024-36020, CVE-2024-36025,
CVE-2024-36029
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1065.73~20.04.1
Ubuntu Security Notice USN-6927-1
July 30, 2024
linux-gcp-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Accessibility subsystem;
- Android drivers;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cryptographic API;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- Device tree and open firmware driver;
- PCI subsystem;
- S/390 drivers;
- SCSI drivers;
- Freescale SoC drivers;
- Trusted Execution Environment drivers;
- TTY drivers;
- USB subsystem;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- FAT file system;
- Network file system client;
- Network file system server daemon;
- NILFS2 file system;
- Pstore file system;
- SMB network file system;
- UBI file system;
- Netfilter;
- BPF subsystem;
- Core kernel;
- PCI iomap interfaces;
- Memory management;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- Distributed Switch Architecture;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- IEEE 802.15.4 subsystem;
- NFC subsystem;
- Open vSwitch;
- RDS protocol;
- Network traffic control;
- SMC sockets;
- Unix domain sockets;
- eXpress Data Path;
- ALSA SH drivers;
- KVM core;
(CVE-2024-35902, CVE-2024-35958, CVE-2024-35978, CVE-2024-35886,
CVE-2024-35807, CVE-2024-26994, CVE-2024-36004, CVE-2024-35955,
CVE-2024-26925, CVE-2024-27059, CVE-2024-35989, CVE-2024-35940,
CVE-2024-26952, CVE-2024-35907, CVE-2024-35819, CVE-2024-35872,
CVE-2024-36016, CVE-2023-52488, CVE-2024-35884, CVE-2024-26886,
CVE-2024-27018, CVE-2024-35905, CVE-2024-35897, CVE-2024-26929,
CVE-2024-36007, CVE-2024-35855, CVE-2024-35885, CVE-2024-26965,
CVE-2024-35896, CVE-2024-36029, CVE-2024-35813, CVE-2024-26811,
CVE-2024-26923, CVE-2024-26961, CVE-2024-26958, CVE-2024-35997,
CVE-2024-35809, CVE-2024-27396, CVE-2023-52880, CVE-2024-26966,
CVE-2024-27017, CVE-2024-26812, CVE-2024-35960, CVE-2024-35805,
CVE-2024-35982, CVE-2024-35976, CVE-2024-35888, CVE-2024-26955,
CVE-2024-27019, CVE-2024-35970, CVE-2024-35984, CVE-2024-27393,
CVE-2024-26977, CVE-2024-27000, CVE-2024-35918, CVE-2024-26937,
CVE-2024-35785, CVE-2024-35933, CVE-2024-26973, CVE-2022-48808,
CVE-2024-35922, CVE-2024-35915, CVE-2024-35806, CVE-2024-26976,
CVE-2024-26934, CVE-2024-26981, CVE-2024-36005, CVE-2024-26935,
CVE-2024-26960, CVE-2024-26642, CVE-2024-27395, CVE-2024-35900,
CVE-2024-26814, CVE-2024-26922, CVE-2024-35804, CVE-2024-26957,
CVE-2024-35930, CVE-2023-52699, CVE-2024-36020, CVE-2024-35796,
CVE-2024-35934, CVE-2024-26931, CVE-2024-35899, CVE-2024-27004,
CVE-2024-35853, CVE-2024-35871, CVE-2024-26984, CVE-2024-35925,
CVE-2024-35969, CVE-2024-35789, CVE-2024-35879, CVE-2024-36006,
CVE-2024-26813, CVE-2024-35988, CVE-2024-36008, CVE-2024-35910,
CVE-2024-35791, CVE-2024-26974, CVE-2024-26993, CVE-2024-35849,
CVE-2024-26926, CVE-2024-35877, CVE-2024-26989, CVE-2024-35935,
CVE-2024-26817, CVE-2024-35912, CVE-2024-27013, CVE-2024-35973,
CVE-2024-35890, CVE-2024-35823, CVE-2024-35822, CVE-2024-27015,
CVE-2024-35944, CVE-2024-35821, CVE-2024-26687, CVE-2024-27009,
CVE-2024-35895, CVE-2024-35852, CVE-2024-35893, CVE-2024-26810,
CVE-2024-26950, CVE-2024-35817, CVE-2024-26996, CVE-2024-27020,
CVE-2024-35990, CVE-2024-26956, CVE-2024-27001, CVE-2024-26988,
CVE-2024-26629, CVE-2024-26654, CVE-2024-35851, CVE-2024-27437,
CVE-2024-35854, CVE-2024-35857, CVE-2024-26964, CVE-2024-35847,
CVE-2024-35936, CVE-2023-52752, CVE-2024-36025, CVE-2024-26924,
CVE-2024-26643, CVE-2024-26969, CVE-2024-35950, CVE-2024-35825,
CVE-2024-27016, CVE-2024-35938, CVE-2024-26999, CVE-2024-35898,
CVE-2024-26828, CVE-2024-35815, CVE-2024-26970, CVE-2024-26951,
CVE-2024-27008)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1065-gcp 5.15.0-1065.73~20.04.1
linux-image-gcp 5.15.0.1065.73~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6927-1
CVE-2022-38096, CVE-2022-48808, CVE-2023-52488, CVE-2023-52699,
CVE-2023-52752, CVE-2023-52880, CVE-2024-23307, CVE-2024-24857,
CVE-2024-24858, CVE-2024-24859, CVE-2024-24861, CVE-2024-25739,
CVE-2024-25742, CVE-2024-26629, CVE-2024-26642, CVE-2024-26643,
CVE-2024-26654, CVE-2024-26687, CVE-2024-26810, CVE-2024-26811,
CVE-2024-26812, CVE-2024-26813, CVE-2024-26814, CVE-2024-26817,
CVE-2024-26828, CVE-2024-26886, CVE-2024-26922, CVE-2024-26923,
CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26929,
CVE-2024-26931, CVE-2024-26934, CVE-2024-26935, CVE-2024-26937,
CVE-2024-26950, CVE-2024-26951, CVE-2024-26952, CVE-2024-26955,
CVE-2024-26956, CVE-2024-26957, CVE-2024-26958, CVE-2024-26960,
CVE-2024-26961, CVE-2024-26964, CVE-2024-26965, CVE-2024-26966,
CVE-2024-26969, CVE-2024-26970, CVE-2024-26973, CVE-2024-26974,
CVE-2024-26976, CVE-2024-26977, CVE-2024-26981, CVE-2024-26984,
CVE-2024-26988, CVE-2024-26989, CVE-2024-26993, CVE-2024-26994,
CVE-2024-26996, CVE-2024-26999, CVE-2024-27000, CVE-2024-27001,
CVE-2024-27004, CVE-2024-27008, CVE-2024-27009, CVE-2024-27013,
CVE-2024-27015, CVE-2024-27016, CVE-2024-27017, CVE-2024-27018,
CVE-2024-27019, CVE-2024-27020, CVE-2024-27059, CVE-2024-27393,
CVE-2024-27395, CVE-2024-27396, CVE-2024-27437, CVE-2024-35785,
CVE-2024-35789, CVE-2024-35791, CVE-2024-35796, CVE-2024-35804,
CVE-2024-35805, CVE-2024-35806, CVE-2024-35807, CVE-2024-35809,
CVE-2024-35813, CVE-2024-35815, CVE-2024-35817, CVE-2024-35819,
CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35825,
CVE-2024-35847, CVE-2024-35849, CVE-2024-35851, CVE-2024-35852,
CVE-2024-35853, CVE-2024-35854, CVE-2024-35855, CVE-2024-35857,
CVE-2024-35871, CVE-2024-35872, CVE-2024-35877, CVE-2024-35879,
CVE-2024-35884, CVE-2024-35885, CVE-2024-35886, CVE-2024-35888,
CVE-2024-35890, CVE-2024-35893, CVE-2024-35895, CVE-2024-35896,
CVE-2024-35897, CVE-2024-35898, CVE-2024-35899, CVE-2024-35900,
CVE-2024-35902, CVE-2024-35905, CVE-2024-35907, CVE-2024-35910,
CVE-2024-35912, CVE-2024-35915, CVE-2024-35918, CVE-2024-35922,
CVE-2024-35925, CVE-2024-35930, CVE-2024-35933, CVE-2024-35934,
CVE-2024-35935, CVE-2024-35936, CVE-2024-35938, CVE-2024-35940,
CVE-2024-35944, CVE-2024-35950, CVE-2024-35955, CVE-2024-35958,
CVE-2024-35960, CVE-2024-35969, CVE-2024-35970, CVE-2024-35973,
CVE-2024-35976, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984,
CVE-2024-35988, CVE-2024-35989, CVE-2024-35990, CVE-2024-35997,
CVE-2024-36004, CVE-2024-36005, CVE-2024-36006, CVE-2024-36007,
CVE-2024-36008, CVE-2024-36016, CVE-2024-36020, CVE-2024-36025,
CVE-2024-36029
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1065.73~20.04.1
[USN-6923-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6923-2
July 30, 2024
linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-ibm: Linux kernel for IBM cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm-5.15: Linux kernel for IBM cloud systems
Details:
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- TTY drivers;
- SMB network file system;
- Netfilter;
- Bluetooth subsystem;
(CVE-2024-26886, CVE-2023-52752, CVE-2024-36016, CVE-2024-26952,
CVE-2024-27017)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1059-ibm 5.15.0-1059.62
linux-image-5.15.0-1059-raspi 5.15.0-1059.62
linux-image-ibm 5.15.0.1059.55
linux-image-raspi 5.15.0.1059.57
linux-image-raspi-nolpae 5.15.0.1059.57
Ubuntu 20.04 LTS
linux-image-5.15.0-1059-ibm 5.15.0-1059.62~20.04.1
linux-image-5.15.0-1066-aws 5.15.0-1066.72~20.04.1
linux-image-aws 5.15.0.1066.72~20.04.1
linux-image-ibm 5.15.0.1059.62~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6923-2
https://ubuntu.com/security/notices/USN-6923-1
CVE-2023-52752, CVE-2024-25742, CVE-2024-26886, CVE-2024-26952,
CVE-2024-27017, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1059.62
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1059.62
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1066.72~20.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1059.62~20.04.1
Ubuntu Security Notice USN-6923-2
July 30, 2024
linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-ibm: Linux kernel for IBM cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm-5.15: Linux kernel for IBM cloud systems
Details:
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- TTY drivers;
- SMB network file system;
- Netfilter;
- Bluetooth subsystem;
(CVE-2024-26886, CVE-2023-52752, CVE-2024-36016, CVE-2024-26952,
CVE-2024-27017)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1059-ibm 5.15.0-1059.62
linux-image-5.15.0-1059-raspi 5.15.0-1059.62
linux-image-ibm 5.15.0.1059.55
linux-image-raspi 5.15.0.1059.57
linux-image-raspi-nolpae 5.15.0.1059.57
Ubuntu 20.04 LTS
linux-image-5.15.0-1059-ibm 5.15.0-1059.62~20.04.1
linux-image-5.15.0-1066-aws 5.15.0-1066.72~20.04.1
linux-image-aws 5.15.0.1066.72~20.04.1
linux-image-ibm 5.15.0.1059.62~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6923-2
https://ubuntu.com/security/notices/USN-6923-1
CVE-2023-52752, CVE-2024-25742, CVE-2024-26886, CVE-2024-26952,
CVE-2024-27017, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1059.62
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1059.62
https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1066.72~20.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1059.62~20.04.1
[USN-6921-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6921-2
July 30, 2024
linux-lowlatency vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
Details:
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- HID subsystem;
- I2C subsystem;
- PHY drivers;
- TTY drivers;
- IPv4 networking;
(CVE-2024-35997, CVE-2024-36016, CVE-2024-35990, CVE-2024-35984,
CVE-2024-35992, CVE-2024-36008)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-39-lowlatency 6.8.0-39.39.1
linux-image-6.8.0-39-lowlatency-64k 6.8.0-39.39.1
linux-image-lowlatency 6.8.0-39.39.1
linux-image-lowlatency-64k 6.8.0-39.39.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6921-2
https://ubuntu.com/security/notices/USN-6921-1
CVE-2024-25742, CVE-2024-35984, CVE-2024-35990, CVE-2024-35992,
CVE-2024-35997, CVE-2024-36008, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-39.39.1
Ubuntu Security Notice USN-6921-2
July 30, 2024
linux-lowlatency vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
Details:
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- HID subsystem;
- I2C subsystem;
- PHY drivers;
- TTY drivers;
- IPv4 networking;
(CVE-2024-35997, CVE-2024-36016, CVE-2024-35990, CVE-2024-35984,
CVE-2024-35992, CVE-2024-36008)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-39-lowlatency 6.8.0-39.39.1
linux-image-6.8.0-39-lowlatency-64k 6.8.0-39.39.1
linux-image-lowlatency 6.8.0-39.39.1
linux-image-lowlatency-64k 6.8.0-39.39.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6921-2
https://ubuntu.com/security/notices/USN-6921-1
CVE-2024-25742, CVE-2024-35984, CVE-2024-35990, CVE-2024-35992,
CVE-2024-35997, CVE-2024-36008, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-39.39.1
Monday, July 29, 2024
[USN-6926-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6926-1
July 29, 2024
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- MTD block device drivers;
- Network drivers;
- TTY drivers;
- USB subsystem;
- File systems infrastructure;
- F2FS file system;
- SMB network file system;
- BPF subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Unix domain sockets;
- AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1133-oracle 4.15.0-1133.144
Available with Ubuntu Pro
linux-image-4.15.0-1154-kvm 4.15.0-1154.159
Available with Ubuntu Pro
linux-image-4.15.0-1164-gcp 4.15.0-1164.181
Available with Ubuntu Pro
linux-image-4.15.0-1170-aws 4.15.0-1170.183
Available with Ubuntu Pro
linux-image-4.15.0-227-generic 4.15.0-227.239
Available with Ubuntu Pro
linux-image-4.15.0-227-lowlatency 4.15.0-227.239
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1170.168
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1164.177
Available with Ubuntu Pro
linux-image-generic 4.15.0.227.211
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1154.145
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.227.211
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1133.138
Available with Ubuntu Pro
linux-image-virtual 4.15.0.227.211
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1133-oracle 4.15.0-1133.144~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1164-gcp 4.15.0-1164.181~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1170-aws 4.15.0-1170.183~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-227-generic 4.15.0-227.239~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-227-lowlatency 4.15.0-227.239~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1170.183~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1164.181~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1164.181~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1133.144~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6926-1
CVE-2023-46343, CVE-2023-52435, CVE-2023-52436, CVE-2023-52443,
CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52620,
CVE-2023-52752, CVE-2024-24857, CVE-2024-24858, CVE-2024-24859,
CVE-2024-25739, CVE-2024-25744, CVE-2024-26840, CVE-2024-26857,
CVE-2024-26882, CVE-2024-26884, CVE-2024-26886, CVE-2024-26901,
CVE-2024-26923, CVE-2024-26934, CVE-2024-27013, CVE-2024-27020,
CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997,
CVE-2024-36016, CVE-2024-36902
Ubuntu Security Notice USN-6926-1
July 29, 2024
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- MTD block device drivers;
- Network drivers;
- TTY drivers;
- USB subsystem;
- File systems infrastructure;
- F2FS file system;
- SMB network file system;
- BPF subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Unix domain sockets;
- AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1133-oracle 4.15.0-1133.144
Available with Ubuntu Pro
linux-image-4.15.0-1154-kvm 4.15.0-1154.159
Available with Ubuntu Pro
linux-image-4.15.0-1164-gcp 4.15.0-1164.181
Available with Ubuntu Pro
linux-image-4.15.0-1170-aws 4.15.0-1170.183
Available with Ubuntu Pro
linux-image-4.15.0-227-generic 4.15.0-227.239
Available with Ubuntu Pro
linux-image-4.15.0-227-lowlatency 4.15.0-227.239
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1170.168
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1164.177
Available with Ubuntu Pro
linux-image-generic 4.15.0.227.211
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1154.145
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.227.211
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1133.138
Available with Ubuntu Pro
linux-image-virtual 4.15.0.227.211
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1133-oracle 4.15.0-1133.144~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1164-gcp 4.15.0-1164.181~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1170-aws 4.15.0-1170.183~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-227-generic 4.15.0-227.239~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-227-lowlatency 4.15.0-227.239~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1170.183~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1164.181~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1164.181~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1133.144~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.227.239~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6926-1
CVE-2023-46343, CVE-2023-52435, CVE-2023-52436, CVE-2023-52443,
CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52620,
CVE-2023-52752, CVE-2024-24857, CVE-2024-24858, CVE-2024-24859,
CVE-2024-25739, CVE-2024-25744, CVE-2024-26840, CVE-2024-26857,
CVE-2024-26882, CVE-2024-26884, CVE-2024-26886, CVE-2024-26901,
CVE-2024-26923, CVE-2024-26934, CVE-2024-27013, CVE-2024-27020,
CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997,
CVE-2024-36016, CVE-2024-36902
[USN-6925-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-6925-1
July 29, 2024
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- IPv4 networking;
(CVE-2024-26882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-3.13.0-198-generic 3.13.0-198.249
Available with Ubuntu Pro
linux-image-3.13.0-198-lowlatency 3.13.0-198.249
Available with Ubuntu Pro
linux-image-generic 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-quantal 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-raring 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-saucy 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.198.208
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.198.208
Available with Ubuntu Pro
linux-image-server 3.13.0.198.208
Available with Ubuntu Pro
linux-image-virtual 3.13.0.198.208
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6925-1
CVE-2024-26882
Ubuntu Security Notice USN-6925-1
July 29, 2024
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- IPv4 networking;
(CVE-2024-26882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-3.13.0-198-generic 3.13.0-198.249
Available with Ubuntu Pro
linux-image-3.13.0-198-lowlatency 3.13.0-198.249
Available with Ubuntu Pro
linux-image-generic 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-quantal 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-raring 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-saucy 3.13.0.198.208
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.198.208
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.198.208
Available with Ubuntu Pro
linux-image-server 3.13.0.198.208
Available with Ubuntu Pro
linux-image-virtual 3.13.0.198.208
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6925-1
CVE-2024-26882
[USN-6924-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6924-1
July 29, 2024
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp,
linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-iot: Linux kernel for IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,
CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1041-iot 5.4.0-1041.42
linux-image-5.4.0-1048-xilinx-zynqmp 5.4.0-1048.52
linux-image-5.4.0-1076-ibm 5.4.0-1076.81
linux-image-5.4.0-1089-bluefield 5.4.0-1089.96
linux-image-5.4.0-1096-gkeop 5.4.0-1096.100
linux-image-5.4.0-1113-raspi 5.4.0-1113.125
linux-image-5.4.0-1117-kvm 5.4.0-1117.124
linux-image-5.4.0-1133-gcp 5.4.0-1133.142
linux-image-5.4.0-1134-azure 5.4.0-1134.141
linux-image-5.4.0-190-generic 5.4.0-190.210
linux-image-5.4.0-190-generic-lpae 5.4.0-190.210
linux-image-5.4.0-190-lowlatency 5.4.0-190.210
linux-image-azure-lts-20.04 5.4.0.1134.128
linux-image-bluefield 5.4.0.1089.85
linux-image-gcp-lts-20.04 5.4.0.1133.135
linux-image-generic 5.4.0.190.188
linux-image-generic-lpae 5.4.0.190.188
linux-image-gkeop 5.4.0.1096.94
linux-image-gkeop-5.4 5.4.0.1096.94
linux-image-ibm-lts-20.04 5.4.0.1076.105
linux-image-kvm 5.4.0.1117.113
linux-image-lowlatency 5.4.0.190.188
linux-image-oem 5.4.0.190.188
linux-image-oem-osp1 5.4.0.190.188
linux-image-raspi 5.4.0.1113.143
linux-image-raspi2 5.4.0.1113.143
linux-image-virtual 5.4.0.190.188
linux-image-xilinx-zynqmp 5.4.0.1048.48
Ubuntu 18.04 LTS
linux-image-5.4.0-1076-ibm 5.4.0-1076.81~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1133-gcp 5.4.0-1133.142~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1134-azure 5.4.0-1134.141~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-190-generic 5.4.0-190.210~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-190-lowlatency 5.4.0-190.210~18.04.1
Available with Ubuntu Pro
linux-image-azure 5.4.0.1134.141~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1133.142~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1076.81~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6924-1
CVE-2021-47131, CVE-2022-48655, CVE-2024-26583, CVE-2024-26584,
CVE-2024-26585, CVE-2024-26907, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-190.210
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1134.141
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1089.96
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1133.142
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1096.100
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1076.81
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1041.42
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1117.124
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1113.125
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1048.52
Ubuntu Security Notice USN-6924-1
July 29, 2024
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp,
linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-iot: Linux kernel for IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,
CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1041-iot 5.4.0-1041.42
linux-image-5.4.0-1048-xilinx-zynqmp 5.4.0-1048.52
linux-image-5.4.0-1076-ibm 5.4.0-1076.81
linux-image-5.4.0-1089-bluefield 5.4.0-1089.96
linux-image-5.4.0-1096-gkeop 5.4.0-1096.100
linux-image-5.4.0-1113-raspi 5.4.0-1113.125
linux-image-5.4.0-1117-kvm 5.4.0-1117.124
linux-image-5.4.0-1133-gcp 5.4.0-1133.142
linux-image-5.4.0-1134-azure 5.4.0-1134.141
linux-image-5.4.0-190-generic 5.4.0-190.210
linux-image-5.4.0-190-generic-lpae 5.4.0-190.210
linux-image-5.4.0-190-lowlatency 5.4.0-190.210
linux-image-azure-lts-20.04 5.4.0.1134.128
linux-image-bluefield 5.4.0.1089.85
linux-image-gcp-lts-20.04 5.4.0.1133.135
linux-image-generic 5.4.0.190.188
linux-image-generic-lpae 5.4.0.190.188
linux-image-gkeop 5.4.0.1096.94
linux-image-gkeop-5.4 5.4.0.1096.94
linux-image-ibm-lts-20.04 5.4.0.1076.105
linux-image-kvm 5.4.0.1117.113
linux-image-lowlatency 5.4.0.190.188
linux-image-oem 5.4.0.190.188
linux-image-oem-osp1 5.4.0.190.188
linux-image-raspi 5.4.0.1113.143
linux-image-raspi2 5.4.0.1113.143
linux-image-virtual 5.4.0.190.188
linux-image-xilinx-zynqmp 5.4.0.1048.48
Ubuntu 18.04 LTS
linux-image-5.4.0-1076-ibm 5.4.0-1076.81~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1133-gcp 5.4.0-1133.142~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1134-azure 5.4.0-1134.141~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-190-generic 5.4.0-190.210~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-190-lowlatency 5.4.0-190.210~18.04.1
Available with Ubuntu Pro
linux-image-azure 5.4.0.1134.141~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1133.142~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1076.81~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.190.210~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6924-1
CVE-2021-47131, CVE-2022-48655, CVE-2024-26583, CVE-2024-26584,
CVE-2024-26585, CVE-2024-26907, CVE-2024-36016
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-190.210
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1134.141
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1089.96
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1133.142
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1096.100
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1076.81
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1041.42
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1117.124
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1113.125
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1048.52
Subscribe to:
Posts (Atom)