==========================================================================
Ubuntu Security Notice USN-7046-1
September 30, 2024
bubblewrap, flatpak vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Flatpak could be made to read and write files in locations it
would not normally have access to.
Software Description:
- bubblewrap: utility for unprivileged chroot and namespace manipulation
- flatpak: Application deployment framework for desktop apps
Details:
It was discovered that Flatpak incorrectly handled certain persisted
directories. An attacker could possibly use this issue to read
and write files in locations it would not normally have access to.
A patch was also needed to Bubblewrap in order to avoid race
conditions caused by this fix.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
bubblewrap 0.9.0-1ubuntu0.1
flatpak 1.14.6-1ubuntu0.1
libflatpak0 1.14.6-1ubuntu0.1
Ubuntu 22.04 LTS
bubblewrap 0.6.1-1ubuntu0.1
flatpak 1.12.7-1ubuntu0.1
libflatpak0 1.12.7-1ubuntu0.1
Ubuntu 20.04 LTS
bubblewrap 0.4.0-1ubuntu4.1
flatpak 1.6.5-0ubuntu0.5
libflatpak0 1.6.5-0ubuntu0.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7046-1
CVE-2024-42472, https://launchpad.net/bugs/2077087
Package Information:
https://launchpad.net/ubuntu/+source/bubblewrap/0.9.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/flatpak/1.14.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/bubblewrap/0.6.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/flatpak/1.12.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/bubblewrap/0.4.0-1ubuntu4.1
https://launchpad.net/ubuntu/+source/flatpak/1.6.5-0ubuntu0.5
Monday, September 30, 2024
Sunday, September 29, 2024
[announce] NYC*BUG Oct 2: EuroBSDCon Recap/BSD Fund
EuroBSDCon Recap/*BSD Fund info session, Patrick McEvoy
2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay
St from National Grid office). Closest subway exits in order are Jay St
- MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains).
RSVP: Those ethier considering or wishing to attend, a guest list is
required by the venue.
Please RVSP to rsvp at lists dot nycbug dot org no later than noon
localtime, day-of; an acknowledgement will be sent and the email address
will be used solely for the purpose of attendance to this meeting's venue.
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
EuroBSDCon Recap/*BSD Fund info session
During this talk, I will cover: - hardware we saw at EuroBSDCon, - the
hallway track - general community involvement post-pandemic growth. -
The NYC*BUG cabinet at NYI video repository
Because the community has been donating funds for hardware, I also
thought this would be a good time to cover how these funds are being
spent. We are shooting for the best bang for our Buck/Euro while growing
a reliable suite of hardware to use for community benefit and reduced
training time for volunteers.
Patrick McEvoy (BSDTV) has been streaming NYC*BSDCons since 2010 and
BSDCan since they lost their entire videoteam in a last minute staffing
emergency. He has been active with NYC*BUG for a number of years and
streams other tech / *BUG events when the schedule allows and releases
these videos on conference YouTube and Peertube under a number of
different umbrellas.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
2024-10-02 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn (directly across Jay
St from National Grid office). Closest subway exits in order are Jay St
- MetroTech Station (A, C, R, & F Trains) Borough Hall (4 & 5 Trains).
RSVP: Those ethier considering or wishing to attend, a guest list is
required by the venue.
Please RVSP to rsvp at lists dot nycbug dot org no later than noon
localtime, day-of; an acknowledgement will be sent and the email address
will be used solely for the purpose of attendance to this meeting's venue.
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
EuroBSDCon Recap/*BSD Fund info session
During this talk, I will cover: - hardware we saw at EuroBSDCon, - the
hallway track - general community involvement post-pandemic growth. -
The NYC*BUG cabinet at NYI video repository
Because the community has been donating funds for hardware, I also
thought this would be a good time to cover how these funds are being
spent. We are shooting for the best bang for our Buck/Euro while growing
a reliable suite of hardware to use for community benefit and reduced
training time for volunteers.
Patrick McEvoy (BSDTV) has been streaming NYC*BSDCons since 2010 and
BSDCan since they lost their entire videoteam in a last minute staffing
emergency. He has been active with NYC*BUG for a number of years and
streams other tech / *BUG events when the schedule allows and releases
these videos on conference YouTube and Peertube under a number of
different umbrellas.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
Planned Outage - server mass updates/reboots - 2024-10-01 20:00 UTC
Planned Outage - server mass updates/reboots - 2024-10-01 20:00 UTC
There will be an outage starting at 2024-10-01 21:00UTC,
which will last approximately 5 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2024-10-01 20:00UTC'
Reason for outage:
We will be applying updates to all servers and rebooting them.
Additionally, we will be reinstalling a few servers as time permits to move them to rhel9.
Affected Services:
Many services will be affected as servers are updated and rebooted.
Most servers will only be down a short time in the outage window,
but some longer outages may occur for hosts that are being reinstalled.
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/12205
Please join #fedora-admin or #fedora-noc on irc.libera.chat
or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix.
Please add comments to the ticket for this outage above.
Updated status for this outage may be available at
https://www.fedorastatus.org/
There will be an outage starting at 2024-10-01 21:00UTC,
which will last approximately 5 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2024-10-01 20:00UTC'
Reason for outage:
We will be applying updates to all servers and rebooting them.
Additionally, we will be reinstalling a few servers as time permits to move them to rhel9.
Affected Services:
Many services will be affected as servers are updated and rebooted.
Most servers will only be down a short time in the outage window,
but some longer outages may occur for hosts that are being reinstalled.
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/12205
Please join #fedora-admin or #fedora-noc on irc.libera.chat
or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix.
Please add comments to the ticket for this outage above.
Updated status for this outage may be available at
https://www.fedorastatus.org/
Thursday, September 26, 2024
[USN-7045-1] libppd vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12PMACgkQZWnYVadE
vpP8ow/+OrUKiJa2F0h6j3puIMWyWJy9tzXTqetHsdY0xDur9WuusV6S9f8czZ+U
sZEY8T57JUBTRPB+AcTpLdmC/EeEqgSq2RhZO26objRs7axqD9MbCAoX2JHRW7Sc
K5Fv2xrFW8TjM89T1Pl9UoZls8RsBKE8HzABG2MMZsXSZIFIvOGZlDtMiOB5KIbo
1xanyg5tNpPam1NUWc22GXC2QtuZFthca2EWIS1h08TQk7VAXLGK90qjx064rBKK
7mvCCwmcv9+v98jN/Te46uTJzi9GqBOPhKoKqOR2anEq16Wp9e/LlJuknRV7Ec2l
frFH1j8OfarE6IJbz9OF0AJcVoO9edkmDZNQvzovLPPNwHgBMUv/Che8SvlPKRjZ
XPUu69MKJzyA+EFHHBzx5uKhhc9TDeimrwNpL01TKwfkb4OK+LOdeTXkjjgWl7fe
NLyV0G6prxGznRuso2TxZHmxwBC7kG/cZ0CKnUK58Atwj1uTf3XN/Ac8OK9GkSoA
PPxdxWDaZiFPsaDVPOgd5oX1GE7od7egRvYvi4B3W5xzFV8d78zRrJv7bhWUFgh3
r2YGH6cKI1ErSOAhx08ORn7vPEMVnGcuzowBvzVUtVI6tyY/XWLTsryxKb2+zzKX
xg2lXMuvHQf1YqBr1tbIyVuLFg6XzW3Ec8BPrbdwCNwaGNKwUps=
=YsXf
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7045-1
September 26, 2024
libppd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
libppd could be made to run programs if it received specially crafted
network traffic.
Software Description:
- libppd: OpenPrinting libppd
Details:
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data
when creating PPD files. A remote attacker could possibly use this issue to
manipulate PPD files and execute arbitrary code when a printer is used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libppd-utils 2:2.0.0-0ubuntu4.1
libppd2 2:2.0.0-0ubuntu4.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7045-1
CVE-2024-47175
Package Information:
https://launchpad.net/ubuntu/+source/libppd/2:2.0.0-0ubuntu4.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12PMACgkQZWnYVadE
vpP8ow/+OrUKiJa2F0h6j3puIMWyWJy9tzXTqetHsdY0xDur9WuusV6S9f8czZ+U
sZEY8T57JUBTRPB+AcTpLdmC/EeEqgSq2RhZO26objRs7axqD9MbCAoX2JHRW7Sc
K5Fv2xrFW8TjM89T1Pl9UoZls8RsBKE8HzABG2MMZsXSZIFIvOGZlDtMiOB5KIbo
1xanyg5tNpPam1NUWc22GXC2QtuZFthca2EWIS1h08TQk7VAXLGK90qjx064rBKK
7mvCCwmcv9+v98jN/Te46uTJzi9GqBOPhKoKqOR2anEq16Wp9e/LlJuknRV7Ec2l
frFH1j8OfarE6IJbz9OF0AJcVoO9edkmDZNQvzovLPPNwHgBMUv/Che8SvlPKRjZ
XPUu69MKJzyA+EFHHBzx5uKhhc9TDeimrwNpL01TKwfkb4OK+LOdeTXkjjgWl7fe
NLyV0G6prxGznRuso2TxZHmxwBC7kG/cZ0CKnUK58Atwj1uTf3XN/Ac8OK9GkSoA
PPxdxWDaZiFPsaDVPOgd5oX1GE7od7egRvYvi4B3W5xzFV8d78zRrJv7bhWUFgh3
r2YGH6cKI1ErSOAhx08ORn7vPEMVnGcuzowBvzVUtVI6tyY/XWLTsryxKb2+zzKX
xg2lXMuvHQf1YqBr1tbIyVuLFg6XzW3Ec8BPrbdwCNwaGNKwUps=
=YsXf
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7045-1
September 26, 2024
libppd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
libppd could be made to run programs if it received specially crafted
network traffic.
Software Description:
- libppd: OpenPrinting libppd
Details:
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data
when creating PPD files. A remote attacker could possibly use this issue to
manipulate PPD files and execute arbitrary code when a printer is used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libppd-utils 2:2.0.0-0ubuntu4.1
libppd2 2:2.0.0-0ubuntu4.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7045-1
CVE-2024-47175
Package Information:
https://launchpad.net/ubuntu/+source/libppd/2:2.0.0-0ubuntu4.1
[USN-7043-1] cups-filters vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12L8ACgkQZWnYVadE
vpMPphAAlKAJloyBjbi1R0NKJEv0MWeRzXzV4NKOsPqKo183fJGIPbgbYw9lx3PL
cuTmjCcahmmy5YGDsXxhX6gMMlMh2Eo9zelCkcIKJSbizAI6u9iT3V3c39hDXVeV
+Qh7/QYF0/9EAtqEv8b5ey8VEdNI7jUrwTJnWKRaOGZK4R9zi4wzy/QYjO0wbE6f
cM8dNhvtgV8P6mOLD90MLEk4Je8Qta0csDfc2CVypZxJ6Bc1H30Dg/lYErv6dagC
asDQTxBKZqbKt/3xF2JKN2Pcxnj7nlYyeTQ6mgVHczvV4P9tY3je85z9aHW41x83
6rtqApUFUd2lg8n6gdFWuwJSAk/iJiGR1RLcxQiwjwX0nTT4BhI6D6usjGhlyuB3
Y39kF8a2KAps1G1RRBp/ANGR8jV7AqU741+iIUCx3KfLPxmmfnedkfbs75wG3BFC
hMOa84SdXq5HiSiHINS/EB2TftWjAzLVs1afCsqbwun2JvCFkDuFSdwq1d1YjyS3
j1+AAuUuT3QGrt7szNvLu+FD8xSVKHq3jCXHJn0tDBEuL8uVZxBetWR11UccGkNR
g3EFCsWWFxPrnkiIyqv7sHz128LAgysTld9KcohMEgzNwQGwxc8wR0pSVFZ3PFwH
mAJf+jEEoAvJMYTMCSxo3EkwxUm3ekuqiE/qChaJgnm820Csm2w=
=QHZK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7043-1
September 26, 2024
cups-filters vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
cups-filters could be made to run programs if it received specially crafted
network traffic.
Software Description:
- cups-filters: OpenPrinting CUPS Filters
Details:
Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
cups-browsed 1.28.15-0ubuntu1.3
cups-filters 1.28.15-0ubuntu1.3
Ubuntu 20.04 LTS
cups-browsed 1.27.4-1ubuntu0.3
cups-filters 1.27.4-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7043-1
CVE-2024-47076, CVE-2024-47176
Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.28.15-0ubuntu1.3
https://launchpad.net/ubuntu/+source/cups-filters/1.27.4-1ubuntu0.3
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12L8ACgkQZWnYVadE
vpMPphAAlKAJloyBjbi1R0NKJEv0MWeRzXzV4NKOsPqKo183fJGIPbgbYw9lx3PL
cuTmjCcahmmy5YGDsXxhX6gMMlMh2Eo9zelCkcIKJSbizAI6u9iT3V3c39hDXVeV
+Qh7/QYF0/9EAtqEv8b5ey8VEdNI7jUrwTJnWKRaOGZK4R9zi4wzy/QYjO0wbE6f
cM8dNhvtgV8P6mOLD90MLEk4Je8Qta0csDfc2CVypZxJ6Bc1H30Dg/lYErv6dagC
asDQTxBKZqbKt/3xF2JKN2Pcxnj7nlYyeTQ6mgVHczvV4P9tY3je85z9aHW41x83
6rtqApUFUd2lg8n6gdFWuwJSAk/iJiGR1RLcxQiwjwX0nTT4BhI6D6usjGhlyuB3
Y39kF8a2KAps1G1RRBp/ANGR8jV7AqU741+iIUCx3KfLPxmmfnedkfbs75wG3BFC
hMOa84SdXq5HiSiHINS/EB2TftWjAzLVs1afCsqbwun2JvCFkDuFSdwq1d1YjyS3
j1+AAuUuT3QGrt7szNvLu+FD8xSVKHq3jCXHJn0tDBEuL8uVZxBetWR11UccGkNR
g3EFCsWWFxPrnkiIyqv7sHz128LAgysTld9KcohMEgzNwQGwxc8wR0pSVFZ3PFwH
mAJf+jEEoAvJMYTMCSxo3EkwxUm3ekuqiE/qChaJgnm820Csm2w=
=QHZK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7043-1
September 26, 2024
cups-filters vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
cups-filters could be made to run programs if it received specially crafted
network traffic.
Software Description:
- cups-filters: OpenPrinting CUPS Filters
Details:
Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
cups-browsed 1.28.15-0ubuntu1.3
cups-filters 1.28.15-0ubuntu1.3
Ubuntu 20.04 LTS
cups-browsed 1.27.4-1ubuntu0.3
cups-filters 1.27.4-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7043-1
CVE-2024-47076, CVE-2024-47176
Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.28.15-0ubuntu1.3
https://launchpad.net/ubuntu/+source/cups-filters/1.27.4-1ubuntu0.3
[USN-7044-1] libcupsfilters vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12NsACgkQZWnYVadE
vpNtTBAAh5igk4n/9ouikW16Ae4YTVrpVnCgC6yR9DzG323KqfgtMI73EQ3+duos
QRWqcZ9CGYZi5aMHfR0lyvpmP3bik55tusiFABt8wAre0PpXE1+Mm5mz/x5MBmEK
NRL3SBT+T7j7JFAxklpy/3Wrpfn/2+DroHOrs7tM5Dol47RZ/B0/eErGKVy9Iz5R
B7XkI+rZriiMC1gwsdQfT5enNaInSx5/vGKwYdRBGWI8rGvHRNihIJ6x+hhVN3Ba
ngXWS3OcdDiws6qFtM/ycYCx2zyi6wdNqbTYAQ5EOf8S+A5/ntq2bf9sXf4mpdw8
c//Uh2OW5rpxGVzR5uJd7FscxERv2ifw6ktUJcG3Y3cJ18+SD/jgE5XOQ9SFXfIs
iD0X05+OkCtpWk9iZkdK1ksg7u9r3J1GJDVuK8tioAfV6hXsH8E3EnUPhERafzQz
GfTcJ2yQ/ptKacw5JJBfmBMwiAP4w1Y8ud2v8UFp+ekU389rysQfr1rDckrHzzPe
eZ4Ec3XZ6wlkoTw1AYJ6jfQ1LPy2alHzIxqVgNTdhGSlOIb/pPL46x0D/PSYv39l
TydlRkmBXgkWPAnqxf4Cl/YE46DS2B63FOgzxS5krcLFs+5vmMD7CCC8Tj5ZeiBH
Rnl2GJEc9ZMKMmPdtXjaiLtfApLkSJgDyy4fSoFwEeUon1n2o+g=
=60LF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7044-1
September 26, 2024
libcupsfilters vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
libcupsfilters could be made to run programs if it received specially
crafted network traffic.
Software Description:
- libcupsfilters: OpenPrinting libcupsfilters
Details:
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized
IPP data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libcupsfilters2-common 2.0.0-0ubuntu7.1
libcupsfilters2t64 2.0.0-0ubuntu7.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7044-1
CVE-2024-47076
Package Information:
https://launchpad.net/ubuntu/+source/libcupsfilters/2.0.0-0ubuntu7.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12NsACgkQZWnYVadE
vpNtTBAAh5igk4n/9ouikW16Ae4YTVrpVnCgC6yR9DzG323KqfgtMI73EQ3+duos
QRWqcZ9CGYZi5aMHfR0lyvpmP3bik55tusiFABt8wAre0PpXE1+Mm5mz/x5MBmEK
NRL3SBT+T7j7JFAxklpy/3Wrpfn/2+DroHOrs7tM5Dol47RZ/B0/eErGKVy9Iz5R
B7XkI+rZriiMC1gwsdQfT5enNaInSx5/vGKwYdRBGWI8rGvHRNihIJ6x+hhVN3Ba
ngXWS3OcdDiws6qFtM/ycYCx2zyi6wdNqbTYAQ5EOf8S+A5/ntq2bf9sXf4mpdw8
c//Uh2OW5rpxGVzR5uJd7FscxERv2ifw6ktUJcG3Y3cJ18+SD/jgE5XOQ9SFXfIs
iD0X05+OkCtpWk9iZkdK1ksg7u9r3J1GJDVuK8tioAfV6hXsH8E3EnUPhERafzQz
GfTcJ2yQ/ptKacw5JJBfmBMwiAP4w1Y8ud2v8UFp+ekU389rysQfr1rDckrHzzPe
eZ4Ec3XZ6wlkoTw1AYJ6jfQ1LPy2alHzIxqVgNTdhGSlOIb/pPL46x0D/PSYv39l
TydlRkmBXgkWPAnqxf4Cl/YE46DS2B63FOgzxS5krcLFs+5vmMD7CCC8Tj5ZeiBH
Rnl2GJEc9ZMKMmPdtXjaiLtfApLkSJgDyy4fSoFwEeUon1n2o+g=
=60LF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7044-1
September 26, 2024
libcupsfilters vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
libcupsfilters could be made to run programs if it received specially
crafted network traffic.
Software Description:
- libcupsfilters: OpenPrinting libcupsfilters
Details:
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized
IPP data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libcupsfilters2-common 2.0.0-0ubuntu7.1
libcupsfilters2t64 2.0.0-0ubuntu7.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7044-1
CVE-2024-47076
Package Information:
https://launchpad.net/ubuntu/+source/libcupsfilters/2.0.0-0ubuntu7.1
[USN-7042-1] cups-browsed vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12JkACgkQZWnYVadE
vpPNhhAAhCjXXNEh6uNaHQ3nqemxr6dD/iOnf0+LUaJe+95Ippo6ebzUJ4F2tbrV
XJMvuBHxxmuuIj3RtlDogzLr/FrjazqR5YZOvuDRBU9PdudYeQa4mPkeoDodLmbi
DUXnbiNTwyKMXAM1Q0xa5rjNCqlqkH8L7sBQleWw7UNuySF2JmGQwtVtpRSAqGis
4K3f3OyLtQNPwvpx3NSLGwb5AdaKAtDV5N26VAv4Chu5QwbTIbPKRxNT/2KVAc6y
GLfB+t+nl+E1RPOuAjpUqb/1r4gGz4Oj8gT1SCfHYT5NzRVov92L6jClPnG9zivo
aLQyoIww/wyyOHvAidR1KrGVymr8NmXUQxC0939z/Av5zQr8YIPE5SpMk05b7zmJ
blElx4VzNHvxdYUuuVhXxENPy+9vpgEu8trlnb6vYmXwvFwIplSiwGWp5GXj0UR+
y0v1hxzemkHcBypdAKYrhU3lTvWFYsiflv46rgLW00PduH+yC7phOJ+w4joTVxEf
6zZkSUKu6WM0P7ydHdfFdTj7EPbsbXNmbEnkMbLjM2VjUOHGxxF8P75pjD80U5v5
0BbW4wjIu26fAVZHvKkV00zArf0MVWcz06RcN4/H0eiX0vsdVzeO92icWhLCdqj5
uBl62QsgaimlM00CSunmMD+biSwwwCHaeoB8qyxpLhCmkLa67bE=
=UD91
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7042-1
September 26, 2024
cups-browsed vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
cups-browsed could be made to run programs if it received specially crafted
network traffic.
Software Description:
- cups-browsed: OpenPrinting cups-browsed
Details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cups-browsed 2.0.0-0ubuntu10.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7042-1
CVE-2024-47176
Package Information:
https://launchpad.net/ubuntu/+source/cups-browsed/2.0.0-0ubuntu10.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12JkACgkQZWnYVadE
vpPNhhAAhCjXXNEh6uNaHQ3nqemxr6dD/iOnf0+LUaJe+95Ippo6ebzUJ4F2tbrV
XJMvuBHxxmuuIj3RtlDogzLr/FrjazqR5YZOvuDRBU9PdudYeQa4mPkeoDodLmbi
DUXnbiNTwyKMXAM1Q0xa5rjNCqlqkH8L7sBQleWw7UNuySF2JmGQwtVtpRSAqGis
4K3f3OyLtQNPwvpx3NSLGwb5AdaKAtDV5N26VAv4Chu5QwbTIbPKRxNT/2KVAc6y
GLfB+t+nl+E1RPOuAjpUqb/1r4gGz4Oj8gT1SCfHYT5NzRVov92L6jClPnG9zivo
aLQyoIww/wyyOHvAidR1KrGVymr8NmXUQxC0939z/Av5zQr8YIPE5SpMk05b7zmJ
blElx4VzNHvxdYUuuVhXxENPy+9vpgEu8trlnb6vYmXwvFwIplSiwGWp5GXj0UR+
y0v1hxzemkHcBypdAKYrhU3lTvWFYsiflv46rgLW00PduH+yC7phOJ+w4joTVxEf
6zZkSUKu6WM0P7ydHdfFdTj7EPbsbXNmbEnkMbLjM2VjUOHGxxF8P75pjD80U5v5
0BbW4wjIu26fAVZHvKkV00zArf0MVWcz06RcN4/H0eiX0vsdVzeO92icWhLCdqj5
uBl62QsgaimlM00CSunmMD+biSwwwCHaeoB8qyxpLhCmkLa67bE=
=UD91
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7042-1
September 26, 2024
cups-browsed vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
cups-browsed could be made to run programs if it received specially crafted
network traffic.
Software Description:
- cups-browsed: OpenPrinting cups-browsed
Details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cups-browsed 2.0.0-0ubuntu10.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7042-1
CVE-2024-47176
Package Information:
https://launchpad.net/ubuntu/+source/cups-browsed/2.0.0-0ubuntu10.1
[USN-7041-1] CUPS vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12IEACgkQZWnYVadE
vpMNWBAArjVVG8LlBIp+fi748Gh0dNi6jsmHM/HjyuX58RH9aY4fUoMCWLGWIK9l
7cLmijXRXr0ulmdnDnFaNepcpdEkpZbbX0h++eak9S3aIhjIfrOk+sy5h2XkhhUS
I6KcWt3c+lPTjy4fxjZuil+cF500XQN6Y3lbxbIwBRyjHYb1pRnsoO9ePCuPksg+
t3IS7SGK7liBDuSY6MHljnSRwWOeWKKlw8ZnwPLH6yGOuJgjeDG5871Z+q8vsTk3
n32wuV023iZDNw0WYSOazhDVELu7+i6x729DRtVhixduEyF/3wu3j8KdxyPjLFnw
Fv4TWFW0UlTGIiC2TEGhlzMZqaLd+JEP16Dfug89NmrXU+HjZFkvCbnJNeHWQtSw
dGet+b+Hf88S2SIhMmK/9MEGQZbZkYRaUE7CqWPhfqinxsVqKBliyD7emndwvFJm
UM3/4NU+fsOXXBOF68vcLF24JxKrN9hDxPXuOPJEVJiWPdhw6HxOXmeKwF8HzmhW
vQCkx/IxnW2wDVWYLbJ8iKXE0oA8PDONyST82AjLCgnki1p56MWLG36p6pxF6QMg
+jR9U4F4ynCzEU07QtCg3TEscY+6zETlydtq6ejypQIjOlOgTrvRf7tT6NFI+46c
4461ZHVdRhj2yfYpzTAqoKrXpa8OkpzEP8ocGV9YoTERkTnKAGg=
=+2XM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7041-1
September 26, 2024
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
CUPS could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.3
Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.11
Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7041-1
CVE-2024-47175
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.3
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.11
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.9
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb12IEACgkQZWnYVadE
vpMNWBAArjVVG8LlBIp+fi748Gh0dNi6jsmHM/HjyuX58RH9aY4fUoMCWLGWIK9l
7cLmijXRXr0ulmdnDnFaNepcpdEkpZbbX0h++eak9S3aIhjIfrOk+sy5h2XkhhUS
I6KcWt3c+lPTjy4fxjZuil+cF500XQN6Y3lbxbIwBRyjHYb1pRnsoO9ePCuPksg+
t3IS7SGK7liBDuSY6MHljnSRwWOeWKKlw8ZnwPLH6yGOuJgjeDG5871Z+q8vsTk3
n32wuV023iZDNw0WYSOazhDVELu7+i6x729DRtVhixduEyF/3wu3j8KdxyPjLFnw
Fv4TWFW0UlTGIiC2TEGhlzMZqaLd+JEP16Dfug89NmrXU+HjZFkvCbnJNeHWQtSw
dGet+b+Hf88S2SIhMmK/9MEGQZbZkYRaUE7CqWPhfqinxsVqKBliyD7emndwvFJm
UM3/4NU+fsOXXBOF68vcLF24JxKrN9hDxPXuOPJEVJiWPdhw6HxOXmeKwF8HzmhW
vQCkx/IxnW2wDVWYLbJ8iKXE0oA8PDONyST82AjLCgnki1p56MWLG36p6pxF6QMg
+jR9U4F4ynCzEU07QtCg3TEscY+6zETlydtq6ejypQIjOlOgTrvRf7tT6NFI+46c
4461ZHVdRhj2yfYpzTAqoKrXpa8OkpzEP8ocGV9YoTERkTnKAGg=
=+2XM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7041-1
September 26, 2024
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
CUPS could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.3
Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.11
Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7041-1
CVE-2024-47175
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.3
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.11
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.9
[USN-7040-1] ConfigObj vulnerability
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmb1rQoFAwAAAAAACgkQa1+PL+d1/EhQ
5wwAjLp0r/su7ZZ1MkKKT5XAOE+BqzIAtBYQFD80aZ6VCWeoYsgxooi0R4sANYnj05FWkYzDFEz0
u9Peu895CrildrB1b+9pJ/8fxtWcXz0YhwBomclyO9Wtb1w5PFTWeQJCvK8F3Gk3SpanRxJceBmK
Gg1uO5OnY2Yuzp50jrPnDNglqpiPXEnDB578u/zdtjDUkVtHxIMU2fciHoNkqStuBuINmsc/bbi9
YD6+xdDwszUmhf+J3wTJw88w5Uby+3Jv6LMcXv907fERUqgptahMVsKtttWusMtbig6HnMoNIWhW
wW/On0c9afA65VtF5QGQlClyDCsCrlEsIJ7DpBJPZxdpAgj3ARflNwLTAm9N45yz8yppwptS5LrB
WYYIdfuBdn5HPvflcRqyZjUl9y15f9k+FCEN412ZuK8RS95h6MJl3newWAh9BDhgemBuVngESk8H
2ycywhcDklm/XTY4OTqtijhb6y0rLErHCxWIZfUH7nAwpPXbDcGi7x8B0uXr
=14yw
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7040-1
September 26, 2024
configobj vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ConfigObj could be made to crash if it received specially crafted input.
Software Description:
- configobj: simple but powerful config file reader and writer for Python
Details:
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-configobj 5.0.6-5ubuntu0.1
Ubuntu 20.04 LTS
python3-configobj 5.0.6-4ubuntu0.1
Ubuntu 18.04 LTS
python-configobj 5.0.6-2ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
python3-configobj 5.0.6-2ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-configobj 5.0.6-2ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
python3-configobj 5.0.6-2ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7040-1
CVE-2023-26112
Package Information:
https://launchpad.net/ubuntu/+source/configobj/5.0.6-5ubuntu0.1
https://launchpad.net/ubuntu/+source/configobj/5.0.6-4ubuntu0.1
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmb1rQoFAwAAAAAACgkQa1+PL+d1/EhQ
5wwAjLp0r/su7ZZ1MkKKT5XAOE+BqzIAtBYQFD80aZ6VCWeoYsgxooi0R4sANYnj05FWkYzDFEz0
u9Peu895CrildrB1b+9pJ/8fxtWcXz0YhwBomclyO9Wtb1w5PFTWeQJCvK8F3Gk3SpanRxJceBmK
Gg1uO5OnY2Yuzp50jrPnDNglqpiPXEnDB578u/zdtjDUkVtHxIMU2fciHoNkqStuBuINmsc/bbi9
YD6+xdDwszUmhf+J3wTJw88w5Uby+3Jv6LMcXv907fERUqgptahMVsKtttWusMtbig6HnMoNIWhW
wW/On0c9afA65VtF5QGQlClyDCsCrlEsIJ7DpBJPZxdpAgj3ARflNwLTAm9N45yz8yppwptS5LrB
WYYIdfuBdn5HPvflcRqyZjUl9y15f9k+FCEN412ZuK8RS95h6MJl3newWAh9BDhgemBuVngESk8H
2ycywhcDklm/XTY4OTqtijhb6y0rLErHCxWIZfUH7nAwpPXbDcGi7x8B0uXr
=14yw
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7040-1
September 26, 2024
configobj vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ConfigObj could be made to crash if it received specially crafted input.
Software Description:
- configobj: simple but powerful config file reader and writer for Python
Details:
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-configobj 5.0.6-5ubuntu0.1
Ubuntu 20.04 LTS
python3-configobj 5.0.6-4ubuntu0.1
Ubuntu 18.04 LTS
python-configobj 5.0.6-2ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
python3-configobj 5.0.6-2ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-configobj 5.0.6-2ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
python3-configobj 5.0.6-2ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7040-1
CVE-2023-26112
Package Information:
https://launchpad.net/ubuntu/+source/configobj/5.0.6-5ubuntu0.1
https://launchpad.net/ubuntu/+source/configobj/5.0.6-4ubuntu0.1
[USN-7039-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7039-1
September 26, 2024
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1137-kvm 4.4.0-1137.147
Available with Ubuntu Pro
linux-image-4.4.0-1174-aws 4.4.0-1174.189
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293
Available with Ubuntu Pro
linux-image-aws 4.4.0.1174.178
Available with Ubuntu Pro
linux-image-generic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1137.134
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1136-aws 4.4.0-1136.142
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1136.133
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7039-1
CVE-2021-47181, CVE-2021-47188, CVE-2022-48791, CVE-2022-48836,
CVE-2022-48838, CVE-2022-48850, CVE-2022-48851, CVE-2022-48857,
CVE-2022-48863, CVE-2023-52527, CVE-2023-52809, CVE-2024-26651,
CVE-2024-26677, CVE-2024-26733, CVE-2024-26851, CVE-2024-26880,
CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-40902,
CVE-2024-42154, CVE-2024-42228
Ubuntu Security Notice USN-7039-1
September 26, 2024
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1137-kvm 4.4.0-1137.147
Available with Ubuntu Pro
linux-image-4.4.0-1174-aws 4.4.0-1174.189
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293
Available with Ubuntu Pro
linux-image-aws 4.4.0.1174.178
Available with Ubuntu Pro
linux-image-generic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1137.134
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
Ubuntu 14.04 LTS
linux-image-4.4.0-1136-aws 4.4.0-1136.142
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1136.133
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7039-1
CVE-2021-47181, CVE-2021-47188, CVE-2022-48791, CVE-2022-48836,
CVE-2022-48838, CVE-2022-48850, CVE-2022-48851, CVE-2022-48857,
CVE-2022-48863, CVE-2023-52527, CVE-2023-52809, CVE-2024-26651,
CVE-2024-26677, CVE-2024-26733, CVE-2024-26851, CVE-2024-26880,
CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-40902,
CVE-2024-42154, CVE-2024-42228
[USN-7021-3] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7021-3
September 26, 2024
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-5.15: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132
linux-image-lowlatency 5.15.0.122.111
linux-image-lowlatency-64k 5.15.0.122.111
Ubuntu 20.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132~20.04.1
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.122.132~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.122.132~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7021-3
https://ubuntu.com/security/notices/USN-7021-2
https://ubuntu.com/security/notices/USN-7021-1
CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,
CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-122.132
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-122.132~20.04.1
Ubuntu Security Notice USN-7021-3
September 26, 2024
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-5.15: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132
linux-image-lowlatency 5.15.0.122.111
linux-image-lowlatency-64k 5.15.0.122.111
Ubuntu 20.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132~20.04.1
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.122.132~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.122.132~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7021-3
https://ubuntu.com/security/notices/USN-7021-2
https://ubuntu.com/security/notices/USN-7021-1
CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,
CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-122.132
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-122.132~20.04.1
[USN-7020-3] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7020-3
September 26, 2024
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI drivers;
- F2FS file system;
- BPF subsystem;
- IPv4 networking;
(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,
CVE-2024-42154, CVE-2024-42228)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1012-raspi 6.8.0-1012.13
linux-image-raspi 6.8.0-1012.13
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7020-3
https://ubuntu.com/security/notices/USN-7020-2
https://ubuntu.com/security/notices/USN-7020-1
CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,
CVE-2024-42224, CVE-2024-42228
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1012.13
Ubuntu Security Notice USN-7020-3
September 26, 2024
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI drivers;
- F2FS file system;
- BPF subsystem;
- IPv4 networking;
(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,
CVE-2024-42154, CVE-2024-42228)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1012-raspi 6.8.0-1012.13
linux-image-raspi 6.8.0-1012.13
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7020-3
https://ubuntu.com/security/notices/USN-7020-2
https://ubuntu.com/security/notices/USN-7020-1
CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,
CVE-2024-42224, CVE-2024-42228
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1012.13
[USN-7034-2] ca-certificates update
==========================================================================
Ubuntu Security Notice USN-7034-2
September 26, 2024
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The CA certificates in the ca-certificates package were updated.
Software Description:
- ca-certificates: Common CA certificates
Details:
USN-7034-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
The ca-certificates package contained outdated CA certificates.
This update refreshes the included certificates to those contained
in the 2.64 version of the Mozilla certificate authority bundle.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
ca-certificates 202402031ubuntu0.18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ca-certificates 202402031~16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7034-2
https://ubuntu.com/security/notices/USN-7034-1
https://launchpad.net/bugs/2081875
Ubuntu Security Notice USN-7034-2
September 26, 2024
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The CA certificates in the ca-certificates package were updated.
Software Description:
- ca-certificates: Common CA certificates
Details:
USN-7034-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
The ca-certificates package contained outdated CA certificates.
This update refreshes the included certificates to those contained
in the 2.64 version of the Mozilla certificate authority bundle.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
ca-certificates 202402031ubuntu0.18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ca-certificates 202402031~16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7034-2
https://ubuntu.com/security/notices/USN-7034-1
https://launchpad.net/bugs/2081875
[USN-7003-4] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7003-4
September 26, 2024
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- MIPS architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Pin controllers subsystem;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- NILFS2 file system;
- IOMMU subsystem;
- Sun RPC protocol;
- Netfilter;
- Memory management;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- NET/ROM layer;
- Network traffic control;
- SoC Audio for Freescale CPUs drivers;
(CVE-2024-41034, CVE-2024-40984, CVE-2024-40987, CVE-2024-42119,
CVE-2024-42224, CVE-2024-42101, CVE-2024-42096, CVE-2024-41095,
CVE-2024-42087, CVE-2024-42104, CVE-2024-42148, CVE-2024-39495,
CVE-2024-40980, CVE-2024-42223, CVE-2024-40961, CVE-2024-40988,
CVE-2024-42127, CVE-2024-42090, CVE-2024-42236, CVE-2024-40995,
CVE-2024-41007, CVE-2024-40968, CVE-2024-40901, CVE-2024-42097,
CVE-2024-41041, CVE-2024-36974, CVE-2024-42115, CVE-2024-40978,
CVE-2024-38619, CVE-2024-41049, CVE-2024-41035, CVE-2024-41044,
CVE-2024-42154, CVE-2024-39499, CVE-2024-42070, CVE-2024-40959,
CVE-2024-39487, CVE-2024-42157, CVE-2024-40916, CVE-2024-42076,
CVE-2024-41087, CVE-2024-42094, CVE-2024-42124, CVE-2024-40905,
CVE-2024-42145, CVE-2024-40963, CVE-2024-36894, CVE-2024-40942,
CVE-2024-42092, CVE-2024-42153, CVE-2024-41089, CVE-2024-40912,
CVE-2023-52887, CVE-2024-40934, CVE-2024-41006, CVE-2024-39501,
CVE-2024-42084, CVE-2024-39506, CVE-2024-39509, CVE-2024-40943,
CVE-2024-42106, CVE-2024-42093, CVE-2024-40902, CVE-2024-42086,
CVE-2024-40958, CVE-2024-39502, CVE-2024-42232, CVE-2024-42089,
CVE-2024-37078, CVE-2024-39469, CVE-2024-41046, CVE-2024-42102,
CVE-2024-40974, CVE-2024-39505, CVE-2024-40960, CVE-2024-42105,
CVE-2024-40932, CVE-2024-40904, CVE-2024-40981, CVE-2024-39503,
CVE-2024-41097, CVE-2024-40941, CVE-2024-36978, CVE-2023-52803,
CVE-2024-40945)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1116-raspi 5.4.0-1116.128
linux-image-raspi 5.4.0.1116.146
linux-image-raspi-hwe-18.04 5.4.0.1116.146
linux-image-raspi2 5.4.0.1116.146
linux-image-raspi2-hwe-18.04 5.4.0.1116.146
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7003-4
https://ubuntu.com/security/notices/USN-7003-3
https://ubuntu.com/security/notices/USN-7003-2
https://ubuntu.com/security/notices/USN-7003-1
CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,
CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,
CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,
CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,
CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,
CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,
CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,
CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,
CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,
CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,
CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,
CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,
CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,
CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,
CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,
CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,
CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,
CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,
CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,
CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,
CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,
CVE-2024-42236
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1116.128
Ubuntu Security Notice USN-7003-4
September 26, 2024
linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- MIPS architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Pin controllers subsystem;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- NILFS2 file system;
- IOMMU subsystem;
- Sun RPC protocol;
- Netfilter;
- Memory management;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- NET/ROM layer;
- Network traffic control;
- SoC Audio for Freescale CPUs drivers;
(CVE-2024-41034, CVE-2024-40984, CVE-2024-40987, CVE-2024-42119,
CVE-2024-42224, CVE-2024-42101, CVE-2024-42096, CVE-2024-41095,
CVE-2024-42087, CVE-2024-42104, CVE-2024-42148, CVE-2024-39495,
CVE-2024-40980, CVE-2024-42223, CVE-2024-40961, CVE-2024-40988,
CVE-2024-42127, CVE-2024-42090, CVE-2024-42236, CVE-2024-40995,
CVE-2024-41007, CVE-2024-40968, CVE-2024-40901, CVE-2024-42097,
CVE-2024-41041, CVE-2024-36974, CVE-2024-42115, CVE-2024-40978,
CVE-2024-38619, CVE-2024-41049, CVE-2024-41035, CVE-2024-41044,
CVE-2024-42154, CVE-2024-39499, CVE-2024-42070, CVE-2024-40959,
CVE-2024-39487, CVE-2024-42157, CVE-2024-40916, CVE-2024-42076,
CVE-2024-41087, CVE-2024-42094, CVE-2024-42124, CVE-2024-40905,
CVE-2024-42145, CVE-2024-40963, CVE-2024-36894, CVE-2024-40942,
CVE-2024-42092, CVE-2024-42153, CVE-2024-41089, CVE-2024-40912,
CVE-2023-52887, CVE-2024-40934, CVE-2024-41006, CVE-2024-39501,
CVE-2024-42084, CVE-2024-39506, CVE-2024-39509, CVE-2024-40943,
CVE-2024-42106, CVE-2024-42093, CVE-2024-40902, CVE-2024-42086,
CVE-2024-40958, CVE-2024-39502, CVE-2024-42232, CVE-2024-42089,
CVE-2024-37078, CVE-2024-39469, CVE-2024-41046, CVE-2024-42102,
CVE-2024-40974, CVE-2024-39505, CVE-2024-40960, CVE-2024-42105,
CVE-2024-40932, CVE-2024-40904, CVE-2024-40981, CVE-2024-39503,
CVE-2024-41097, CVE-2024-40941, CVE-2024-36978, CVE-2023-52803,
CVE-2024-40945)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1116-raspi 5.4.0-1116.128
linux-image-raspi 5.4.0.1116.146
linux-image-raspi-hwe-18.04 5.4.0.1116.146
linux-image-raspi2 5.4.0.1116.146
linux-image-raspi2-hwe-18.04 5.4.0.1116.146
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7003-4
https://ubuntu.com/security/notices/USN-7003-3
https://ubuntu.com/security/notices/USN-7003-2
https://ubuntu.com/security/notices/USN-7003-1
CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,
CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,
CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,
CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,
CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,
CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,
CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,
CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,
CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,
CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,
CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,
CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,
CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,
CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,
CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,
CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,
CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,
CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,
CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,
CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,
CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,
CVE-2024-42236
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1116.128
[USN-7037-1] OpenJPEG vulnerability
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmb1LM0FAwAAAAAACgkQuGrtzot7pOfY
cAwAtN1i+g9J1J8iUYKCz27HraZxEBamwt67xc5+bO6NNqaNyJolHgHlvEW7uth17fEL+LmlTVAw
V98UcfRKBfdjLEOWd3z6y3nkTUp6RYKlmmYMWNagVjUeX6Y3MHsmgm9vHTjEIWBbmOqPSXzbZ2Jo
jvZrWfO2mRP8FQg2S6QqHe36wWPNBjbNi4Hf2fbdvCSt1ur3XPaI0w7fn91KVH2gORvdDf4HCog/
1VRciDt3FYIcBQhRrzf7EYkEqk8iQuIYsw3io3vUin0dCpCqYyFx8xnzTdVjI1HYGfQTTvi5XoIK
vYTEEdFAgBWVOMw5Eaz3gDxsiNOqc/SboctKeDJlwqvmKl2nWosqW6Ea+Lw4EoZutcaUZrYjj+x9
B8193o7j9ddbDtLajOD7sOZw39xHUeMwPwsiB9iqqBdqryh9FtlL4ItldAFB0DImk9krQSB8n9U/
L/pQutxJAXcLk5VE12+T7mv5GccjpK4Un89VUbE3TuvNl/wMigWYTqDuJCG/
=rTsr
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7037-1
September 26, 2024
openjpeg2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
OpenJPEG could be made to crash if it opened a specially crafted file.
Software Description:
- openjpeg2: JPEG 2000 image compression/decompression library
Details:
It was discovered that OpenJPEG could enter a large loop and continuously
print warning messages when given specially crafted input. An attacker
could potentially use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libopenjp2-7 2.5.0-2ubuntu0.1
libopenjpip7 2.5.0-2ubuntu0.1
Ubuntu 22.04 LTS
libopenjp2-7 2.4.0-6ubuntu0.1
libopenjp3d7 2.4.0-6ubuntu0.1
libopenjpip7 2.4.0-6ubuntu0.1
Ubuntu 20.04 LTS
libopenjp2-7 2.3.1-1ubuntu4.20.04.2
libopenjp3d7 2.3.1-1ubuntu4.20.04.2
libopenjpip7 2.3.1-1ubuntu4.20.04.2
Ubuntu 18.04 LTS
libopenjp2-7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
libopenjp3d7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
libopenjpip7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libopenjp2-7 2.1.2-1.1+deb9u6ubuntu0.1esm4
Available with Ubuntu Pro
libopenjp3d7 2.1.2-1.1+deb9u6ubuntu0.1~esm4
Available with Ubuntu Pro
libopenjpip7 2.1.2-1.1+deb9u6ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7037-1
CVE-2023-39327
Package Information:
https://launchpad.net/ubuntu/+source/openjpeg2/2.5.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.4.0-6ubuntu0.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4.20.04.2
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmb1LM0FAwAAAAAACgkQuGrtzot7pOfY
cAwAtN1i+g9J1J8iUYKCz27HraZxEBamwt67xc5+bO6NNqaNyJolHgHlvEW7uth17fEL+LmlTVAw
V98UcfRKBfdjLEOWd3z6y3nkTUp6RYKlmmYMWNagVjUeX6Y3MHsmgm9vHTjEIWBbmOqPSXzbZ2Jo
jvZrWfO2mRP8FQg2S6QqHe36wWPNBjbNi4Hf2fbdvCSt1ur3XPaI0w7fn91KVH2gORvdDf4HCog/
1VRciDt3FYIcBQhRrzf7EYkEqk8iQuIYsw3io3vUin0dCpCqYyFx8xnzTdVjI1HYGfQTTvi5XoIK
vYTEEdFAgBWVOMw5Eaz3gDxsiNOqc/SboctKeDJlwqvmKl2nWosqW6Ea+Lw4EoZutcaUZrYjj+x9
B8193o7j9ddbDtLajOD7sOZw39xHUeMwPwsiB9iqqBdqryh9FtlL4ItldAFB0DImk9krQSB8n9U/
L/pQutxJAXcLk5VE12+T7mv5GccjpK4Un89VUbE3TuvNl/wMigWYTqDuJCG/
=rTsr
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7037-1
September 26, 2024
openjpeg2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
OpenJPEG could be made to crash if it opened a specially crafted file.
Software Description:
- openjpeg2: JPEG 2000 image compression/decompression library
Details:
It was discovered that OpenJPEG could enter a large loop and continuously
print warning messages when given specially crafted input. An attacker
could potentially use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libopenjp2-7 2.5.0-2ubuntu0.1
libopenjpip7 2.5.0-2ubuntu0.1
Ubuntu 22.04 LTS
libopenjp2-7 2.4.0-6ubuntu0.1
libopenjp3d7 2.4.0-6ubuntu0.1
libopenjpip7 2.4.0-6ubuntu0.1
Ubuntu 20.04 LTS
libopenjp2-7 2.3.1-1ubuntu4.20.04.2
libopenjp3d7 2.3.1-1ubuntu4.20.04.2
libopenjpip7 2.3.1-1ubuntu4.20.04.2
Ubuntu 18.04 LTS
libopenjp2-7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
libopenjp3d7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
libopenjpip7 2.3.0-2+deb10u2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libopenjp2-7 2.1.2-1.1+deb9u6ubuntu0.1esm4
Available with Ubuntu Pro
libopenjp3d7 2.1.2-1.1+deb9u6ubuntu0.1~esm4
Available with Ubuntu Pro
libopenjpip7 2.1.2-1.1+deb9u6ubuntu0.1~esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7037-1
CVE-2023-39327
Package Information:
https://launchpad.net/ubuntu/+source/openjpeg2/2.5.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.4.0-6ubuntu0.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4.20.04.2
[USN-7038-1] APR vulnerability
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCZvUpXwUDAAAAAAAKCRC7Ba3EKYsoKegK
AP9jxDQi0OsWWk5ki7dY9gATY8FXqOWALUe47HkcUJbp0QEA8xlg/rchOXawmAbZP4L6E7/upiQE
m5GKZr0RXbjf9Ak=
=BAEn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7038-1
September 26, 2024
apr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- apr: Apache Portable Runtime Library
Details:
Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libapr1-dev 1.7.2-3.1ubuntu0.1
libapr1t64 1.7.2-3.1ubuntu0.1
Ubuntu 22.04 LTS
libapr1 1.7.0-8ubuntu0.22.04.2
libapr1-dev 1.7.0-8ubuntu0.22.04.2
Ubuntu 20.04 LTS
libapr1 1.6.5-1ubuntu1.1
libapr1-dev 1.6.5-1ubuntu1.1
Ubuntu 18.04 LTS
libapr1 1.6.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
libapr1-dev 1.6.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapr1 1.5.2-3ubuntu0.1~esm2
Available with Ubuntu Pro
libapr1-dev 1.5.2-3ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7038-1
CVE-2023-49582
Package Information:
https://launchpad.net/ubuntu/+source/apr/1.7.2-3.1ubuntu0.1
https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/apr/1.6.5-1ubuntu1.1
wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCZvUpXwUDAAAAAAAKCRC7Ba3EKYsoKegK
AP9jxDQi0OsWWk5ki7dY9gATY8FXqOWALUe47HkcUJbp0QEA8xlg/rchOXawmAbZP4L6E7/upiQE
m5GKZr0RXbjf9Ak=
=BAEn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7038-1
September 26, 2024
apr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- apr: Apache Portable Runtime Library
Details:
Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libapr1-dev 1.7.2-3.1ubuntu0.1
libapr1t64 1.7.2-3.1ubuntu0.1
Ubuntu 22.04 LTS
libapr1 1.7.0-8ubuntu0.22.04.2
libapr1-dev 1.7.0-8ubuntu0.22.04.2
Ubuntu 20.04 LTS
libapr1 1.6.5-1ubuntu1.1
libapr1-dev 1.6.5-1ubuntu1.1
Ubuntu 18.04 LTS
libapr1 1.6.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
libapr1-dev 1.6.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapr1 1.5.2-3ubuntu0.1~esm2
Available with Ubuntu Pro
libapr1-dev 1.5.2-3ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7038-1
CVE-2023-49582
Package Information:
https://launchpad.net/ubuntu/+source/apr/1.7.2-3.1ubuntu0.1
https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/apr/1.6.5-1ubuntu1.1
[USN-7036-1] Rack vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmb1BL0FAwAAAAAACgkQuGrtzot7pOfB
lwv/VsJ+SjTpPzp4sMKwycJTQGuf8kF/LNisGXxg43caJUcW5OxaoaasNKd8HSyXwNgSS1+45owd
b/O4HqjJ49fnasNCuKT5SIM5eNcv7MpOBXVJpZGPe6G800vvF/mnIjWlkNGNp5VqeQs8vJQM9/A5
QRadXjcIJf8i3jatFsfX0UIDdm0rrkPvlPoW4VWfl5wtxPHxbTfv1xGpuMuNgRNDIji1CIXXCgDj
NR2V2+9lgstjpIxlxggM3mQRbBzSAD/wrwlldC+RXhVmSF+NGYujlTCQR9nzrS+Jqm10OT5m/gVC
aWTAjB6h8Hs30PUUxK1ICbK3GXtxuOd16eqjQUWIL+xl39Rx7RpUIqfzXDKxiHVWMmupR4XYsQQ4
/hEdfxBpa7Az+dr4L3ggjn0fJg9HgGa4tc2ODitcNiYeaJmcjWQ+MQRCSpLyd3GA47nD0v+uW2pd
DJ3kJ3jn3HbfataSD+QT8xFzPUWzkEqyOzhLU0g/aME+g4/uV9pfMucffzDe
=9ekc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7036-1
September 26, 2024
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)
It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)
It was discovered that Rack did not properly structure regular expressions
in some of its parsing components, which could result in uncontrolled
resource consumption if an application using Rack received specially
crafted input. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-44570, CVE-2022-44571)
It was discovered that Rack did not properly structure regular expressions
in its multipart parsing component, which could result in uncontrolled
resource consumption if an application using Rack to parse multipart posts
received specially crafted input. A remote attacker could possibly use
this issue to cause a denial of service. (CVE-2022-44572)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2023-27530)
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.1
After a standard system update you need to restart any applications using
Rack to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7036-1
CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,
CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,
CVE-2024-26141, CVE-2024-26146,
https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.1
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmb1BL0FAwAAAAAACgkQuGrtzot7pOfB
lwv/VsJ+SjTpPzp4sMKwycJTQGuf8kF/LNisGXxg43caJUcW5OxaoaasNKd8HSyXwNgSS1+45owd
b/O4HqjJ49fnasNCuKT5SIM5eNcv7MpOBXVJpZGPe6G800vvF/mnIjWlkNGNp5VqeQs8vJQM9/A5
QRadXjcIJf8i3jatFsfX0UIDdm0rrkPvlPoW4VWfl5wtxPHxbTfv1xGpuMuNgRNDIji1CIXXCgDj
NR2V2+9lgstjpIxlxggM3mQRbBzSAD/wrwlldC+RXhVmSF+NGYujlTCQR9nzrS+Jqm10OT5m/gVC
aWTAjB6h8Hs30PUUxK1ICbK3GXtxuOd16eqjQUWIL+xl39Rx7RpUIqfzXDKxiHVWMmupR4XYsQQ4
/hEdfxBpa7Az+dr4L3ggjn0fJg9HgGa4tc2ODitcNiYeaJmcjWQ+MQRCSpLyd3GA47nD0v+uW2pd
DJ3kJ3jn3HbfataSD+QT8xFzPUWzkEqyOzhLU0g/aME+g4/uV9pfMucffzDe
=9ekc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7036-1
September 26, 2024
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)
It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)
It was discovered that Rack did not properly structure regular expressions
in some of its parsing components, which could result in uncontrolled
resource consumption if an application using Rack received specially
crafted input. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-44570, CVE-2022-44571)
It was discovered that Rack did not properly structure regular expressions
in its multipart parsing component, which could result in uncontrolled
resource consumption if an application using Rack to parse multipart posts
received specially crafted input. A remote attacker could possibly use
this issue to cause a denial of service. (CVE-2022-44572)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2023-27530)
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.1
After a standard system update you need to restart any applications using
Rack to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7036-1
CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,
CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,
CVE-2024-26141, CVE-2024-26146,
https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.1
Wednesday, September 25, 2024
[USN-7035-1] AppArmor vulnerability
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmb0jjIFAwAAAAAACgkQZ0GeRcM5nt0H
XAf/UQk4K0A/cRtqM2Ta3AAEq6CsHbPYaCt+5b0DF4S6b7ETba1Z6+e0md7U1gtS/ISPkSlphbmA
HO3qGj1/rXTSknjVi7S2Zy1sZHlh1nBInixCyfr9N37uRmeHe2EYNM2Xgynh32ZUMeUtm8xUqg3V
4+MpmKT6i67Z+4tZcI4YNwvGP/0BpDXBmbzhojpywHUms7d0KC+aZtgQ9R7y/UqoysVtFuUhg32I
JHzVeEGVKuQ10RS878l/EjxIw3pOfsLKO38nA69kBzh9kkDI8Hj+ybhFTieQLQN5WGldjTHbUT8o
whyhpPUB3ymj6vP0i1t6XKF/hMkBMf0mO1XLwlgz/g==
=kiV3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7035-1
September 25, 2024
apparmor vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
AppArmor restrictions could be bypassed for rules allowing mount
operations
Software Description:
- apparmor: Linux security system
Details:
It was discovered that the AppArmor policy compiler incorrectly generated
looser restrictions than expected for rules allowing mount operations. A
local attacker could possibly use this to bypass AppArmor restrictions in
applications where some mount operations were permitted.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
apparmor 3.0.4-2ubuntu2.4
Ubuntu 20.04 LTS
apparmor 2.13.3-7ubuntu5.4
In general, a standard system update will make all the necessary changes.
After this update, applications confined by policies with mount operations
restrictions may need to have the rules updated.
References:
https://ubuntu.com/security/notices/USN-7035-1
https://bugs.launchpad.net/apparmor/+bug/1597017
CVE-2016-1585
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.4
https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu5.4
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmb0jjIFAwAAAAAACgkQZ0GeRcM5nt0H
XAf/UQk4K0A/cRtqM2Ta3AAEq6CsHbPYaCt+5b0DF4S6b7ETba1Z6+e0md7U1gtS/ISPkSlphbmA
HO3qGj1/rXTSknjVi7S2Zy1sZHlh1nBInixCyfr9N37uRmeHe2EYNM2Xgynh32ZUMeUtm8xUqg3V
4+MpmKT6i67Z+4tZcI4YNwvGP/0BpDXBmbzhojpywHUms7d0KC+aZtgQ9R7y/UqoysVtFuUhg32I
JHzVeEGVKuQ10RS878l/EjxIw3pOfsLKO38nA69kBzh9kkDI8Hj+ybhFTieQLQN5WGldjTHbUT8o
whyhpPUB3ymj6vP0i1t6XKF/hMkBMf0mO1XLwlgz/g==
=kiV3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7035-1
September 25, 2024
apparmor vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
AppArmor restrictions could be bypassed for rules allowing mount
operations
Software Description:
- apparmor: Linux security system
Details:
It was discovered that the AppArmor policy compiler incorrectly generated
looser restrictions than expected for rules allowing mount operations. A
local attacker could possibly use this to bypass AppArmor restrictions in
applications where some mount operations were permitted.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
apparmor 3.0.4-2ubuntu2.4
Ubuntu 20.04 LTS
apparmor 2.13.3-7ubuntu5.4
In general, a standard system update will make all the necessary changes.
After this update, applications confined by policies with mount operations
restrictions may need to have the rules updated.
References:
https://ubuntu.com/security/notices/USN-7035-1
https://bugs.launchpad.net/apparmor/+bug/1597017
CVE-2016-1585
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.4
https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu5.4
[USN-7034-1] ca-certificates update
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb0UV0ACgkQZWnYVadE
vpMXbw//TpNRXpvt6Thd5RT8ucrsdnWLjgytocH3IU2CJzgTuCnXSwLzNXbtREV1
3DjgLGZCwh/dY6NH+04PPIqziwDT4y10OG7zZ6iXJwDNQvfxUuF6hcSx/idUpwhx
bTN6P19hxM/o9nM9oLuRVbfg3+yeD7wF+V1NRVxXnYQ5TParzKLQJUHoXUzAXV+D
Bezw0a9wKC8ylguHV+aDajm104+3NT6qS1C0v5j4+SF3a8XBkBiTkLYHPV1zNd+K
ESY36P2bC34AJY2Ex3hR5jBc/Ob+84cPc6DPUaLTqz+3t+8Bh1NzxWoShKSJyL7b
hVunu5dyvFD+q1Mb0WmzsOIMrHYlpdnpvSIZraoy55jOQGsLO0kPCKMvteOcsQRS
KAvt9jOFUW/p3gloKruF0kB+leaa6FQdDWaFi8nPrlE0u4aqqdqI64D3midQz9vU
gvm7ez1LdciVcaLK6Vwg6X2qIhc6WwWrGLjaHpr0Joeokbe8mzTe35V8K1+LqM4W
OVmHNx7GwTFMiMmAYaTMovJ1lHe7ishLEtOarB6bPyvMFaVsrHz43FmzfJcIMrFr
U/omDnybXJX2R8KBbxyG000nzI/Jg2DgvJnuDyQ/TcAh64RfNfVh3a75a/sBh+y2
g+Nm8hfKjK9DRY5dEqE8t3lx+d8cx1T1VV7534ULB30zSQE4RJg=
=nPiu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7034-1
September 25, 2024
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
The CA certificates in the ca-certificates package were updated.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 2.64 version
of the Mozilla certificate authority bundle.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ca-certificates 20240203~22.04.1
Ubuntu 20.04 LTS
ca-certificates 20240203~20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7034-1
https://launchpad.net/bugs/2081875
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20240203~22.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20240203~20.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmb0UV0ACgkQZWnYVadE
vpMXbw//TpNRXpvt6Thd5RT8ucrsdnWLjgytocH3IU2CJzgTuCnXSwLzNXbtREV1
3DjgLGZCwh/dY6NH+04PPIqziwDT4y10OG7zZ6iXJwDNQvfxUuF6hcSx/idUpwhx
bTN6P19hxM/o9nM9oLuRVbfg3+yeD7wF+V1NRVxXnYQ5TParzKLQJUHoXUzAXV+D
Bezw0a9wKC8ylguHV+aDajm104+3NT6qS1C0v5j4+SF3a8XBkBiTkLYHPV1zNd+K
ESY36P2bC34AJY2Ex3hR5jBc/Ob+84cPc6DPUaLTqz+3t+8Bh1NzxWoShKSJyL7b
hVunu5dyvFD+q1Mb0WmzsOIMrHYlpdnpvSIZraoy55jOQGsLO0kPCKMvteOcsQRS
KAvt9jOFUW/p3gloKruF0kB+leaa6FQdDWaFi8nPrlE0u4aqqdqI64D3midQz9vU
gvm7ez1LdciVcaLK6Vwg6X2qIhc6WwWrGLjaHpr0Joeokbe8mzTe35V8K1+LqM4W
OVmHNx7GwTFMiMmAYaTMovJ1lHe7ishLEtOarB6bPyvMFaVsrHz43FmzfJcIMrFr
U/omDnybXJX2R8KBbxyG000nzI/Jg2DgvJnuDyQ/TcAh64RfNfVh3a75a/sBh+y2
g+Nm8hfKjK9DRY5dEqE8t3lx+d8cx1T1VV7534ULB30zSQE4RJg=
=nPiu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7034-1
September 25, 2024
ca-certificates update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
The CA certificates in the ca-certificates package were updated.
Software Description:
- ca-certificates: Common CA certificates
Details:
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 2.64 version
of the Mozilla certificate authority bundle.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ca-certificates 20240203~22.04.1
Ubuntu 20.04 LTS
ca-certificates 20240203~20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7034-1
https://launchpad.net/bugs/2081875
Package Information:
https://launchpad.net/ubuntu/+source/ca-certificates/20240203~22.04.1
https://launchpad.net/ubuntu/+source/ca-certificates/20240203~20.04.1
[USN-7032-1] Tomcat vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh
X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU
6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ
vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9
o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U
VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z
yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T
7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3
JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C
OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN
i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB
zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ
823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh
IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX
UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA
e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2
znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w
/+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb
GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo
DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv
vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i
s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi
UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo
N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7
EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ
faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E
O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg
hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz
NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok
w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5
V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX
2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh
4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9
HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR
civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/
Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ
X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n
4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB
N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH
8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO
GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB
UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv
vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa
ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA
ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ
QGrNPtvSWtSzFkAmdaSP92Yi2kr2
=ZpuF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmb0ILsFAwAAAAAACgkQ9uFA9ts1nliO
ehAApEEBDzhXiNPdcpcFOqsHdSlSJ76mZPuiJy6vcnFKakHi1kTVmUUACojcRIV1ap3jYoSy7ueo
51lrCQmVG6vUudCCL9tMleS7sdwlRte7DhbfvOyoj+YM0DRjEbYZs3pGh2KGXI4G8clELNf5ZuGV
OX7aqd9kzVNQLQHsGvzPNbTW4pDszvZZIq5s5jkjH5cH+fdXjHpNDmjH9UR95rmjgWqKl9eYX98I
4p1gPDGxd3FEzGH/klHSrv6IadBopKo2orREuYHLJosk3IQKVHunFKeAeO7DjlEgKMVOB5nMYNsr
gSe63zYOITC/wZSk1ZOKcN3E/4ZPSMeSaPtO3XIhdhweTjchATKKIClYFwNtQonAUAJ2MTciEJhF
yrmaQCFwMb89CGxfK0xUFm2uDMElMQXiJGhfqVC9Uol7COqIcmJ1i9Nho32Z7lgCm5+5nGDOEPNO
7g7jN0UUsJ5Nd8WGaFYk/9iemaHgsEAVA6jYy8hsrzdrxKKMZ0wbNzkN4VI+/5wuH+/+QMFEREk4
TIBdd8Vaj0IpmY7wMbvHi3Dc6qruvlpsY2yElPbD1DujwLcZgt2R0cdEqf0YsHN3KRDVgFJ5azhi
okBLX4dpbW6mFmsA7qn36nF0J75WVJkmMXZkjJ2kWB2XtIzFfojot2vHaBsfa/dmNpZaG65w0FVN
pK0=
=D3of
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7032-1
September 24, 2024
tomcat8, tomcat9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Tomcat could allow unintended access to network services.
Software Description:
- tomcat9: Servlet and JSP engine
- tomcat8: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled HTTP trailer headers. A
remote attacker could possibly use this issue to perform HTTP request
smuggling.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libtomcat9-java 9.0.70-2ubuntu0.1
Ubuntu 22.04 LTS
libtomcat9-embed-java 9.0.58-1ubuntu0.1+esm3
Available with Ubuntu Pro
libtomcat9-java 9.0.58-1ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libtomcat9-embed-java 9.0.31-1ubuntu0.7
libtomcat9-java 9.0.31-1ubuntu0.7
Ubuntu 18.04 LTS
libtomcat8-embed-java 8.5.39-1ubuntu1~18.04.3+esm3
Available with Ubuntu Pro
libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm3
Available with Ubuntu Pro
libtomcat9-embed-java 9.0.16-3ubuntu0.18.04.2+esm3
Available with Ubuntu Pro
libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7032-1
CVE-2023-46589
Package Information:
https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu0.1
https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.7
xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh
X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU
6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ
vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9
o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U
VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z
yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T
7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3
JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C
OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN
i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB
zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ
823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh
IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX
UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA
e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2
znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w
/+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb
GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo
DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv
vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i
s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi
UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo
N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7
EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ
faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E
O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg
hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz
NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok
w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5
V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX
2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh
4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9
HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR
civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/
Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ
X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n
4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB
N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH
8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO
GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB
UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv
vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa
ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA
ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ
QGrNPtvSWtSzFkAmdaSP92Yi2kr2
=ZpuF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmb0ILsFAwAAAAAACgkQ9uFA9ts1nliO
ehAApEEBDzhXiNPdcpcFOqsHdSlSJ76mZPuiJy6vcnFKakHi1kTVmUUACojcRIV1ap3jYoSy7ueo
51lrCQmVG6vUudCCL9tMleS7sdwlRte7DhbfvOyoj+YM0DRjEbYZs3pGh2KGXI4G8clELNf5ZuGV
OX7aqd9kzVNQLQHsGvzPNbTW4pDszvZZIq5s5jkjH5cH+fdXjHpNDmjH9UR95rmjgWqKl9eYX98I
4p1gPDGxd3FEzGH/klHSrv6IadBopKo2orREuYHLJosk3IQKVHunFKeAeO7DjlEgKMVOB5nMYNsr
gSe63zYOITC/wZSk1ZOKcN3E/4ZPSMeSaPtO3XIhdhweTjchATKKIClYFwNtQonAUAJ2MTciEJhF
yrmaQCFwMb89CGxfK0xUFm2uDMElMQXiJGhfqVC9Uol7COqIcmJ1i9Nho32Z7lgCm5+5nGDOEPNO
7g7jN0UUsJ5Nd8WGaFYk/9iemaHgsEAVA6jYy8hsrzdrxKKMZ0wbNzkN4VI+/5wuH+/+QMFEREk4
TIBdd8Vaj0IpmY7wMbvHi3Dc6qruvlpsY2yElPbD1DujwLcZgt2R0cdEqf0YsHN3KRDVgFJ5azhi
okBLX4dpbW6mFmsA7qn36nF0J75WVJkmMXZkjJ2kWB2XtIzFfojot2vHaBsfa/dmNpZaG65w0FVN
pK0=
=D3of
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7032-1
September 24, 2024
tomcat8, tomcat9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Tomcat could allow unintended access to network services.
Software Description:
- tomcat9: Servlet and JSP engine
- tomcat8: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled HTTP trailer headers. A
remote attacker could possibly use this issue to perform HTTP request
smuggling.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libtomcat9-java 9.0.70-2ubuntu0.1
Ubuntu 22.04 LTS
libtomcat9-embed-java 9.0.58-1ubuntu0.1+esm3
Available with Ubuntu Pro
libtomcat9-java 9.0.58-1ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libtomcat9-embed-java 9.0.31-1ubuntu0.7
libtomcat9-java 9.0.31-1ubuntu0.7
Ubuntu 18.04 LTS
libtomcat8-embed-java 8.5.39-1ubuntu1~18.04.3+esm3
Available with Ubuntu Pro
libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm3
Available with Ubuntu Pro
libtomcat9-embed-java 9.0.16-3ubuntu0.18.04.2+esm3
Available with Ubuntu Pro
libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7032-1
CVE-2023-46589
Package Information:
https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu0.1
https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.7
[USN-7009-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7009-2
September 25, 2024
linux-azure-fde-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
Details:
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel
did not properly check for the device to be enabled before writing. A local
attacker could possibly use this to cause a denial of service.
(CVE-2024-25741)
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- M68K architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Accessibility subsystem;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Bluetooth drivers;
- Character device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Macintosh device drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Pin controllers subsystem;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Greybus lights staging drivers;
- Media staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- DesignWare USB3 driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- eCrypt file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- IOMMU subsystem;
- Memory management;
- Netfilter;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Tracing infrastructure;
- 9P file system network protocol;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- NET/ROM layer;
- NFC subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
- Kirkwood ASoC drivers;
(CVE-2024-42076, CVE-2024-40994, CVE-2024-40932, CVE-2024-41000,
CVE-2024-42224, CVE-2024-38633, CVE-2024-40954, CVE-2024-36270,
CVE-2024-38623, CVE-2024-38549, CVE-2024-42225, CVE-2024-42085,
CVE-2024-42157, CVE-2024-42229, CVE-2024-42109, CVE-2024-41040,
CVE-2024-38607, CVE-2024-39493, CVE-2024-38546, CVE-2024-41046,
CVE-2024-38567, CVE-2024-42092, CVE-2024-39501, CVE-2024-41005,
CVE-2024-42223, CVE-2024-39480, CVE-2024-38571, CVE-2024-41048,
CVE-2024-38605, CVE-2024-42094, CVE-2024-38598, CVE-2024-38559,
CVE-2024-38558, CVE-2024-40931, CVE-2024-40942, CVE-2024-39495,
CVE-2024-40981, CVE-2024-40911, CVE-2024-42148, CVE-2024-33621,
CVE-2024-39502, CVE-2024-41095, CVE-2024-40960, CVE-2024-36286,
CVE-2024-42232, CVE-2024-42130, CVE-2024-42154, CVE-2024-41087,
CVE-2024-41004, CVE-2024-39277, CVE-2024-38560, CVE-2024-36978,
CVE-2024-42089, CVE-2024-37356, CVE-2024-38547, CVE-2024-38381,
CVE-2024-36015, CVE-2024-38548, CVE-2024-42120, CVE-2024-41092,
CVE-2024-40978, CVE-2024-38619, CVE-2024-40914, CVE-2024-41089,
CVE-2024-40988, CVE-2024-41047, CVE-2024-38565, CVE-2024-38550,
CVE-2023-52887, CVE-2024-38552, CVE-2024-38583, CVE-2024-38613,
CVE-2024-40967, CVE-2024-40927, CVE-2024-42124, CVE-2024-42244,
CVE-2024-42152, CVE-2024-39509, CVE-2024-38662, CVE-2024-38618,
CVE-2024-42140, CVE-2024-38579, CVE-2024-40945, CVE-2024-42101,
CVE-2024-42104, CVE-2024-41044, CVE-2024-42161, CVE-2024-42093,
CVE-2024-42270, CVE-2024-42097, CVE-2024-40970, CVE-2024-40908,
CVE-2024-38582, CVE-2024-42247, CVE-2024-38661, CVE-2024-40941,
CVE-2024-42084, CVE-2024-42090, CVE-2024-42131, CVE-2024-42077,
CVE-2024-40995, CVE-2024-42105, CVE-2024-41035, CVE-2024-41097,
CVE-2024-38780, CVE-2024-35247, CVE-2024-36974, CVE-2024-42070,
CVE-2024-40902, CVE-2024-36972, CVE-2024-38586, CVE-2024-38573,
CVE-2024-38612, CVE-2024-42121, CVE-2023-52884, CVE-2024-39276,
CVE-2024-38615, CVE-2024-42095, CVE-2024-42086, CVE-2024-39507,
CVE-2024-40983, CVE-2024-40943, CVE-2024-41002, CVE-2024-40958,
CVE-2024-41049, CVE-2024-38596, CVE-2024-37078, CVE-2024-38637,
CVE-2024-38621, CVE-2024-42153, CVE-2024-38659, CVE-2024-39468,
CVE-2024-38589, CVE-2024-38587, CVE-2024-36971, CVE-2024-38599,
CVE-2024-31076, CVE-2024-39490, CVE-2024-40959, CVE-2024-38634,
CVE-2024-38624, CVE-2024-42240, CVE-2024-42127, CVE-2024-42102,
CVE-2024-38578, CVE-2024-34027, CVE-2024-38601, CVE-2024-42087,
CVE-2024-38597, CVE-2024-38591, CVE-2024-39503, CVE-2024-42236,
CVE-2024-42082, CVE-2024-40956, CVE-2024-41041, CVE-2024-38580,
CVE-2024-39506, CVE-2024-36894, CVE-2024-40987, CVE-2024-39475,
CVE-2024-38635, CVE-2024-41007, CVE-2024-39471, CVE-2024-39467,
CVE-2022-48772, CVE-2024-40934, CVE-2024-42106, CVE-2024-39469,
CVE-2024-40963, CVE-2024-39482, CVE-2024-39505, CVE-2024-36014,
CVE-2024-39500, CVE-2024-42096, CVE-2024-41055, CVE-2024-40937,
CVE-2024-38590, CVE-2024-38610, CVE-2024-41034, CVE-2024-42115,
CVE-2024-40974, CVE-2024-40968, CVE-2024-42080, CVE-2024-40957,
CVE-2024-40971, CVE-2024-36032, CVE-2024-39499, CVE-2024-42137,
CVE-2024-39489, CVE-2024-40976, CVE-2024-39466, CVE-2024-42145,
CVE-2024-36489, CVE-2024-40980, CVE-2024-39301, CVE-2024-40905,
CVE-2024-41093, CVE-2024-40912, CVE-2024-42119, CVE-2024-38588,
CVE-2024-40916, CVE-2024-39488, CVE-2024-41027, CVE-2024-42068,
CVE-2024-40904, CVE-2024-40961, CVE-2024-33847, CVE-2024-38555,
CVE-2024-41006, CVE-2024-40929, CVE-2024-34777, CVE-2024-38627,
CVE-2024-40984, CVE-2024-40990, CVE-2024-39487, CVE-2024-42098,
CVE-2024-40901)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1072-azure-fde 5.15.0-1072.81~20.04.1.1
linux-image-azure-fde 5.15.0.1072.81~20.04.1.49
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7009-2
https://ubuntu.com/security/notices/USN-7009-1
CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,
CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,
CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-36014,
CVE-2024-36015, CVE-2024-36032, CVE-2024-36270, CVE-2024-36286,
CVE-2024-36489, CVE-2024-36894, CVE-2024-36971, CVE-2024-36972,
CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-37356,
CVE-2024-38381, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,
CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38555,
CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565,
CVE-2024-38567, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578,
CVE-2024-38579, CVE-2024-38580, CVE-2024-38582, CVE-2024-38583,
CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,
CVE-2024-38590, CVE-2024-38591, CVE-2024-38596, CVE-2024-38597,
CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38605,
CVE-2024-38607, CVE-2024-38610, CVE-2024-38612, CVE-2024-38613,
CVE-2024-38615, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621,
CVE-2024-38623, CVE-2024-38624, CVE-2024-38627, CVE-2024-38633,
CVE-2024-38634, CVE-2024-38635, CVE-2024-38637, CVE-2024-38659,
CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39276,
CVE-2024-39277, CVE-2024-39301, CVE-2024-39466, CVE-2024-39467,
CVE-2024-39468, CVE-2024-39469, CVE-2024-39471, CVE-2024-39475,
CVE-2024-39480, CVE-2024-39482, CVE-2024-39487, CVE-2024-39488,
CVE-2024-39489, CVE-2024-39490, CVE-2024-39493, CVE-2024-39495,
CVE-2024-39499, CVE-2024-39500, CVE-2024-39501, CVE-2024-39502,
CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39507,
CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,
CVE-2024-40905, CVE-2024-40908, CVE-2024-40911, CVE-2024-40912,
CVE-2024-40914, CVE-2024-40916, CVE-2024-40927, CVE-2024-40929,
CVE-2024-40931, CVE-2024-40932, CVE-2024-40934, CVE-2024-40937,
CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945,
CVE-2024-40954, CVE-2024-40956, CVE-2024-40957, CVE-2024-40958,
CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963,
CVE-2024-40967, CVE-2024-40968, CVE-2024-40970, CVE-2024-40971,
CVE-2024-40974, CVE-2024-40976, CVE-2024-40978, CVE-2024-40980,
CVE-2024-40981, CVE-2024-40983, CVE-2024-40984, CVE-2024-40987,
CVE-2024-40988, CVE-2024-40990, CVE-2024-40994, CVE-2024-40995,
CVE-2024-41000, CVE-2024-41002, CVE-2024-41004, CVE-2024-41005,
CVE-2024-41006, CVE-2024-41007, CVE-2024-41027, CVE-2024-41034,
CVE-2024-41035, CVE-2024-41040, CVE-2024-41041, CVE-2024-41044,
CVE-2024-41046, CVE-2024-41047, CVE-2024-41048, CVE-2024-41049,
CVE-2024-41055, CVE-2024-41087, CVE-2024-41089, CVE-2024-41092,
CVE-2024-41093, CVE-2024-41095, CVE-2024-41097, CVE-2024-42068,
CVE-2024-42070, CVE-2024-42076, CVE-2024-42077, CVE-2024-42080,
CVE-2024-42082, CVE-2024-42084, CVE-2024-42085, CVE-2024-42086,
CVE-2024-42087, CVE-2024-42089, CVE-2024-42090, CVE-2024-42092,
CVE-2024-42093, CVE-2024-42094, CVE-2024-42095, CVE-2024-42096,
CVE-2024-42097, CVE-2024-42098, CVE-2024-42101, CVE-2024-42102,
CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42109,
CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121,
CVE-2024-42124, CVE-2024-42127, CVE-2024-42130, CVE-2024-42131,
CVE-2024-42137, CVE-2024-42140, CVE-2024-42145, CVE-2024-42148,
CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157,
CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225,
CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42240,
CVE-2024-42244, CVE-2024-42247, CVE-2024-42270
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1072.81~20.04.1.1
Ubuntu Security Notice USN-7009-2
September 25, 2024
linux-azure-fde-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
Details:
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel
did not properly check for the device to be enabled before writing. A local
attacker could possibly use this to cause a denial of service.
(CVE-2024-25741)
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- M68K architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Accessibility subsystem;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Bluetooth drivers;
- Character device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Macintosh device drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Pin controllers subsystem;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Greybus lights staging drivers;
- Media staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- DesignWare USB3 driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- eCrypt file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- IOMMU subsystem;
- Memory management;
- Netfilter;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Tracing infrastructure;
- 9P file system network protocol;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- NET/ROM layer;
- NFC subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
- Kirkwood ASoC drivers;
(CVE-2024-42076, CVE-2024-40994, CVE-2024-40932, CVE-2024-41000,
CVE-2024-42224, CVE-2024-38633, CVE-2024-40954, CVE-2024-36270,
CVE-2024-38623, CVE-2024-38549, CVE-2024-42225, CVE-2024-42085,
CVE-2024-42157, CVE-2024-42229, CVE-2024-42109, CVE-2024-41040,
CVE-2024-38607, CVE-2024-39493, CVE-2024-38546, CVE-2024-41046,
CVE-2024-38567, CVE-2024-42092, CVE-2024-39501, CVE-2024-41005,
CVE-2024-42223, CVE-2024-39480, CVE-2024-38571, CVE-2024-41048,
CVE-2024-38605, CVE-2024-42094, CVE-2024-38598, CVE-2024-38559,
CVE-2024-38558, CVE-2024-40931, CVE-2024-40942, CVE-2024-39495,
CVE-2024-40981, CVE-2024-40911, CVE-2024-42148, CVE-2024-33621,
CVE-2024-39502, CVE-2024-41095, CVE-2024-40960, CVE-2024-36286,
CVE-2024-42232, CVE-2024-42130, CVE-2024-42154, CVE-2024-41087,
CVE-2024-41004, CVE-2024-39277, CVE-2024-38560, CVE-2024-36978,
CVE-2024-42089, CVE-2024-37356, CVE-2024-38547, CVE-2024-38381,
CVE-2024-36015, CVE-2024-38548, CVE-2024-42120, CVE-2024-41092,
CVE-2024-40978, CVE-2024-38619, CVE-2024-40914, CVE-2024-41089,
CVE-2024-40988, CVE-2024-41047, CVE-2024-38565, CVE-2024-38550,
CVE-2023-52887, CVE-2024-38552, CVE-2024-38583, CVE-2024-38613,
CVE-2024-40967, CVE-2024-40927, CVE-2024-42124, CVE-2024-42244,
CVE-2024-42152, CVE-2024-39509, CVE-2024-38662, CVE-2024-38618,
CVE-2024-42140, CVE-2024-38579, CVE-2024-40945, CVE-2024-42101,
CVE-2024-42104, CVE-2024-41044, CVE-2024-42161, CVE-2024-42093,
CVE-2024-42270, CVE-2024-42097, CVE-2024-40970, CVE-2024-40908,
CVE-2024-38582, CVE-2024-42247, CVE-2024-38661, CVE-2024-40941,
CVE-2024-42084, CVE-2024-42090, CVE-2024-42131, CVE-2024-42077,
CVE-2024-40995, CVE-2024-42105, CVE-2024-41035, CVE-2024-41097,
CVE-2024-38780, CVE-2024-35247, CVE-2024-36974, CVE-2024-42070,
CVE-2024-40902, CVE-2024-36972, CVE-2024-38586, CVE-2024-38573,
CVE-2024-38612, CVE-2024-42121, CVE-2023-52884, CVE-2024-39276,
CVE-2024-38615, CVE-2024-42095, CVE-2024-42086, CVE-2024-39507,
CVE-2024-40983, CVE-2024-40943, CVE-2024-41002, CVE-2024-40958,
CVE-2024-41049, CVE-2024-38596, CVE-2024-37078, CVE-2024-38637,
CVE-2024-38621, CVE-2024-42153, CVE-2024-38659, CVE-2024-39468,
CVE-2024-38589, CVE-2024-38587, CVE-2024-36971, CVE-2024-38599,
CVE-2024-31076, CVE-2024-39490, CVE-2024-40959, CVE-2024-38634,
CVE-2024-38624, CVE-2024-42240, CVE-2024-42127, CVE-2024-42102,
CVE-2024-38578, CVE-2024-34027, CVE-2024-38601, CVE-2024-42087,
CVE-2024-38597, CVE-2024-38591, CVE-2024-39503, CVE-2024-42236,
CVE-2024-42082, CVE-2024-40956, CVE-2024-41041, CVE-2024-38580,
CVE-2024-39506, CVE-2024-36894, CVE-2024-40987, CVE-2024-39475,
CVE-2024-38635, CVE-2024-41007, CVE-2024-39471, CVE-2024-39467,
CVE-2022-48772, CVE-2024-40934, CVE-2024-42106, CVE-2024-39469,
CVE-2024-40963, CVE-2024-39482, CVE-2024-39505, CVE-2024-36014,
CVE-2024-39500, CVE-2024-42096, CVE-2024-41055, CVE-2024-40937,
CVE-2024-38590, CVE-2024-38610, CVE-2024-41034, CVE-2024-42115,
CVE-2024-40974, CVE-2024-40968, CVE-2024-42080, CVE-2024-40957,
CVE-2024-40971, CVE-2024-36032, CVE-2024-39499, CVE-2024-42137,
CVE-2024-39489, CVE-2024-40976, CVE-2024-39466, CVE-2024-42145,
CVE-2024-36489, CVE-2024-40980, CVE-2024-39301, CVE-2024-40905,
CVE-2024-41093, CVE-2024-40912, CVE-2024-42119, CVE-2024-38588,
CVE-2024-40916, CVE-2024-39488, CVE-2024-41027, CVE-2024-42068,
CVE-2024-40904, CVE-2024-40961, CVE-2024-33847, CVE-2024-38555,
CVE-2024-41006, CVE-2024-40929, CVE-2024-34777, CVE-2024-38627,
CVE-2024-40984, CVE-2024-40990, CVE-2024-39487, CVE-2024-42098,
CVE-2024-40901)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1072-azure-fde 5.15.0-1072.81~20.04.1.1
linux-image-azure-fde 5.15.0.1072.81~20.04.1.49
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7009-2
https://ubuntu.com/security/notices/USN-7009-1
CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,
CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,
CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-36014,
CVE-2024-36015, CVE-2024-36032, CVE-2024-36270, CVE-2024-36286,
CVE-2024-36489, CVE-2024-36894, CVE-2024-36971, CVE-2024-36972,
CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-37356,
CVE-2024-38381, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,
CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38555,
CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565,
CVE-2024-38567, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578,
CVE-2024-38579, CVE-2024-38580, CVE-2024-38582, CVE-2024-38583,
CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,
CVE-2024-38590, CVE-2024-38591, CVE-2024-38596, CVE-2024-38597,
CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38605,
CVE-2024-38607, CVE-2024-38610, CVE-2024-38612, CVE-2024-38613,
CVE-2024-38615, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621,
CVE-2024-38623, CVE-2024-38624, CVE-2024-38627, CVE-2024-38633,
CVE-2024-38634, CVE-2024-38635, CVE-2024-38637, CVE-2024-38659,
CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39276,
CVE-2024-39277, CVE-2024-39301, CVE-2024-39466, CVE-2024-39467,
CVE-2024-39468, CVE-2024-39469, CVE-2024-39471, CVE-2024-39475,
CVE-2024-39480, CVE-2024-39482, CVE-2024-39487, CVE-2024-39488,
CVE-2024-39489, CVE-2024-39490, CVE-2024-39493, CVE-2024-39495,
CVE-2024-39499, CVE-2024-39500, CVE-2024-39501, CVE-2024-39502,
CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39507,
CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,
CVE-2024-40905, CVE-2024-40908, CVE-2024-40911, CVE-2024-40912,
CVE-2024-40914, CVE-2024-40916, CVE-2024-40927, CVE-2024-40929,
CVE-2024-40931, CVE-2024-40932, CVE-2024-40934, CVE-2024-40937,
CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945,
CVE-2024-40954, CVE-2024-40956, CVE-2024-40957, CVE-2024-40958,
CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963,
CVE-2024-40967, CVE-2024-40968, CVE-2024-40970, CVE-2024-40971,
CVE-2024-40974, CVE-2024-40976, CVE-2024-40978, CVE-2024-40980,
CVE-2024-40981, CVE-2024-40983, CVE-2024-40984, CVE-2024-40987,
CVE-2024-40988, CVE-2024-40990, CVE-2024-40994, CVE-2024-40995,
CVE-2024-41000, CVE-2024-41002, CVE-2024-41004, CVE-2024-41005,
CVE-2024-41006, CVE-2024-41007, CVE-2024-41027, CVE-2024-41034,
CVE-2024-41035, CVE-2024-41040, CVE-2024-41041, CVE-2024-41044,
CVE-2024-41046, CVE-2024-41047, CVE-2024-41048, CVE-2024-41049,
CVE-2024-41055, CVE-2024-41087, CVE-2024-41089, CVE-2024-41092,
CVE-2024-41093, CVE-2024-41095, CVE-2024-41097, CVE-2024-42068,
CVE-2024-42070, CVE-2024-42076, CVE-2024-42077, CVE-2024-42080,
CVE-2024-42082, CVE-2024-42084, CVE-2024-42085, CVE-2024-42086,
CVE-2024-42087, CVE-2024-42089, CVE-2024-42090, CVE-2024-42092,
CVE-2024-42093, CVE-2024-42094, CVE-2024-42095, CVE-2024-42096,
CVE-2024-42097, CVE-2024-42098, CVE-2024-42101, CVE-2024-42102,
CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42109,
CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121,
CVE-2024-42124, CVE-2024-42127, CVE-2024-42130, CVE-2024-42131,
CVE-2024-42137, CVE-2024-42140, CVE-2024-42145, CVE-2024-42148,
CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157,
CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225,
CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42240,
CVE-2024-42244, CVE-2024-42247, CVE-2024-42270
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1072.81~20.04.1.1
Tuesday, September 24, 2024
[USN-7033-1] Intel Microcode vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7033-1
September 25, 2024
intel-microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Intel Microcode.
Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
It was discovered that some Intel(R) Processors did not properly restrict
access to the Running Average Power Limit (RAPL) interface. This may allow
a local privileged attacker to obtain sensitive information.
(CVE-2024-23984)
It was discovered that some Intel(R) Processors did not properly implement
finite state machines (FSMs) in hardware logic. This may allow a local
privileged attacker to cause a denial of service (system crash).
(CVE-2024-24968)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
intel-microcode 3.20240910.0ubuntu0.24.04.1
Ubuntu 22.04 LTS
intel-microcode 3.20240910.0ubuntu0.22.04.1
Ubuntu 20.04 LTS
intel-microcode 3.20240910.0ubuntu0.20.04.1
Ubuntu 18.04 LTS
intel-microcode 3.20240910.0ubuntu0.18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
intel-microcode 3.20240910.0ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7033-1
CVE-2024-23984, CVE-2024-24968
Package Information:
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.20.04.1
Ubuntu Security Notice USN-7033-1
September 25, 2024
intel-microcode vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Intel Microcode.
Software Description:
- intel-microcode: Processor microcode for Intel CPUs
Details:
It was discovered that some Intel(R) Processors did not properly restrict
access to the Running Average Power Limit (RAPL) interface. This may allow
a local privileged attacker to obtain sensitive information.
(CVE-2024-23984)
It was discovered that some Intel(R) Processors did not properly implement
finite state machines (FSMs) in hardware logic. This may allow a local
privileged attacker to cause a denial of service (system crash).
(CVE-2024-24968)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
intel-microcode 3.20240910.0ubuntu0.24.04.1
Ubuntu 22.04 LTS
intel-microcode 3.20240910.0ubuntu0.22.04.1
Ubuntu 20.04 LTS
intel-microcode 3.20240910.0ubuntu0.20.04.1
Ubuntu 18.04 LTS
intel-microcode 3.20240910.0ubuntu0.18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
intel-microcode 3.20240910.0ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7033-1
CVE-2024-23984, CVE-2024-24968
Package Information:
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.20.04.1
[USN-7031-2] Puma vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGYUCwcBCADePknZsI3jVCSYTZlTCqJ3mqJoaiNyxyz7rRXxhJIfWNnutXI7
IdI8e/9xORO+hC3efLRn1ZMluxQIhcVo5mBsKSeaWRNqmza+8lMaGrNBrBnL/dmP
gQLQJDF/aNEGt5rgr41Ckg28kYknxpXiStN7O+8tZYeEnPRaVd1aiSXvl0xijccZ
cpFm0oSlqMw2SQiujr8iunXHHDrF7yW9pQ5u5aIVxvBikzUakCz3WYdAy592hI3Q
J2+5a7ByR5YG0PxJXePaEKTBEgRLfEi+Q891J4I1L3t+ZWDA1x1l56AQJbzKT5xz
kgzJZ6VECdNwiECkjQ7EA/BJrirqRBnqypqtABEBAAHNM0ZlZGVyaWNvIFF1YXR0
cmluIDxmZWRlcmljby5xdWF0dHJpbkBjYW5vbmljYWwuY29tPsLAjgQTAQoAOBYh
BCscPcjoCqmp+/5PtnA6rZEEbNduBQJmFAsHAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHA6rZEEbNduFY0H/39060yxwRt8ctMAIc20msDGUjOJ23z4QkIC
SpocEnQdJAVNtG63ndlmiuNE+FPkRQniWbkd6nBeK302KuA8rD0C8xOknrtMwwiN
0vO69EtZZ3dUCkM6uB9YV/YZOsjhdL1DOkEGzwGbmNrpSNWQ24RwvjU7a19EtRvO
Ty4AhzouUxaEH6nyJsQ8GzbTva3QhKN6hypWUfeBed5rpdQmq+Rk79oy1YjQlLPo
IbuwXJXEBE94/+vuriGQEA8E4S6QrokrrEQWfdGmYFR6UqXQ1YpffoCCUFlUWyKU
H6bvGgdu8TKbacd8E5mvPKO+UWGIA4p5EwaRkdu/CXjoqsGhcPjOwE0EZhQLBwEI
ANSQiRO2jf6yMhHTTlyHM6z4siVyJ7YAgpc8pPxtzPtijr/K4lUWqr9+mj7FBF5F
YbwG6DPWmm1n6vG5JmhT3+57MxOR9Z4smqD0v+48F1UD+2M7LQjUWNA0Z/QmQapL
qdVn24qKl7ONiw79iykkg1e0Ruzju3Ri6lg6+ehakAYlNFqmTTVIDNcw6rTiVfMi
WcumRDBxg/giTERjzkh0R5lZN6buybitEqKNTKQm3UYkxzT6EDl13wmPU0L+PO2Z
RhgEAy6y2ubhnAnAJAlb+m2If04pjM1d3CILmilEew7t5j2pTzyDKdYpbjiEcz+Y
bVGfFzOinbeYezZUjci4BD0AEQEAAcLAdgQYAQoAIBYhBCscPcjoCqmp+/5PtnA6
rZEEbNduBQJmFAsHAhsMAAoJEHA6rZEEbNduWvMIAI16CZMlL78YVwl/jhV6npfX
0M1YMGJa/D5Fp+df02gXwQAhnAZM0fVDR3T+qNGFEYbLOWsAD6feERXaE9L7fH6G
i2j+GV82b461nXfl5MT22o5UlT9iq2GUM5rGrL8LIcbt6ypdGpcOmasC6W3FM/eg
iHx7O4VZYukGvtx+mdznFUusE3y7PIdFx8cUcCPuTHPTZXkQiFapEsF45BEmhOdx
5nUZEC+cDd3S1WRpYpSoAE7bNGhNiu6YiWUtrNSt7+Ri2qSA499uEJyNxVLzY8DU
d38osSWIfGAFJb8+chdhNOnJOUg0NYacyvcOIDsmzYpxP69fbbLgbonATayFcLk=
=SlBa
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEKxw9yOgKqan7/k+2cDqtkQRs124FAmbzGzgFAwAAAAAACgkQcDqtkQRs1269
Ugf9GW5EoUus5h8d36RRvNUvbmQvqnmxFx2PhKjYB3rRjVx7wk8l8gkAbX2irbr+fFT6nCoLGzlK
Q775bInhZs23xb8pfunhPbwV9lZnd6DENqMI58k1JsZMVehW+/8Uuj7kNs+ScydqhZwp8CNs7hus
s6JjuwYCEJQq1m7lWKpf/ScdDgArYNYSsGW0bqy8rb1C605bLtfMBPg6fzWW5Vjdfe7YdOBm8vqJ
ywpsQnA7djmffBiUL6giSYpXPJ1UQQ/MU+O40NmcwrL2vWqomyI+Hlh8jF7iGblcrsEKHjnLnnch
TZslKRSAcZ/iJAuHVe9s+yatdBA8uJiXLI2dzXz99Q==
=9zSY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7031-2
September 24, 2024
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Puma could be made to overwrite headers if it received specially crafted
network traffic.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
puma 5.5.2-2ubuntu2+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
puma 3.12.4-1ubuntu2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7031-2
https://ubuntu.com/security/notices/USN-7031-1
CVE-2024-45614
xsBNBGYUCwcBCADePknZsI3jVCSYTZlTCqJ3mqJoaiNyxyz7rRXxhJIfWNnutXI7
IdI8e/9xORO+hC3efLRn1ZMluxQIhcVo5mBsKSeaWRNqmza+8lMaGrNBrBnL/dmP
gQLQJDF/aNEGt5rgr41Ckg28kYknxpXiStN7O+8tZYeEnPRaVd1aiSXvl0xijccZ
cpFm0oSlqMw2SQiujr8iunXHHDrF7yW9pQ5u5aIVxvBikzUakCz3WYdAy592hI3Q
J2+5a7ByR5YG0PxJXePaEKTBEgRLfEi+Q891J4I1L3t+ZWDA1x1l56AQJbzKT5xz
kgzJZ6VECdNwiECkjQ7EA/BJrirqRBnqypqtABEBAAHNM0ZlZGVyaWNvIFF1YXR0
cmluIDxmZWRlcmljby5xdWF0dHJpbkBjYW5vbmljYWwuY29tPsLAjgQTAQoAOBYh
BCscPcjoCqmp+/5PtnA6rZEEbNduBQJmFAsHAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHA6rZEEbNduFY0H/39060yxwRt8ctMAIc20msDGUjOJ23z4QkIC
SpocEnQdJAVNtG63ndlmiuNE+FPkRQniWbkd6nBeK302KuA8rD0C8xOknrtMwwiN
0vO69EtZZ3dUCkM6uB9YV/YZOsjhdL1DOkEGzwGbmNrpSNWQ24RwvjU7a19EtRvO
Ty4AhzouUxaEH6nyJsQ8GzbTva3QhKN6hypWUfeBed5rpdQmq+Rk79oy1YjQlLPo
IbuwXJXEBE94/+vuriGQEA8E4S6QrokrrEQWfdGmYFR6UqXQ1YpffoCCUFlUWyKU
H6bvGgdu8TKbacd8E5mvPKO+UWGIA4p5EwaRkdu/CXjoqsGhcPjOwE0EZhQLBwEI
ANSQiRO2jf6yMhHTTlyHM6z4siVyJ7YAgpc8pPxtzPtijr/K4lUWqr9+mj7FBF5F
YbwG6DPWmm1n6vG5JmhT3+57MxOR9Z4smqD0v+48F1UD+2M7LQjUWNA0Z/QmQapL
qdVn24qKl7ONiw79iykkg1e0Ruzju3Ri6lg6+ehakAYlNFqmTTVIDNcw6rTiVfMi
WcumRDBxg/giTERjzkh0R5lZN6buybitEqKNTKQm3UYkxzT6EDl13wmPU0L+PO2Z
RhgEAy6y2ubhnAnAJAlb+m2If04pjM1d3CILmilEew7t5j2pTzyDKdYpbjiEcz+Y
bVGfFzOinbeYezZUjci4BD0AEQEAAcLAdgQYAQoAIBYhBCscPcjoCqmp+/5PtnA6
rZEEbNduBQJmFAsHAhsMAAoJEHA6rZEEbNduWvMIAI16CZMlL78YVwl/jhV6npfX
0M1YMGJa/D5Fp+df02gXwQAhnAZM0fVDR3T+qNGFEYbLOWsAD6feERXaE9L7fH6G
i2j+GV82b461nXfl5MT22o5UlT9iq2GUM5rGrL8LIcbt6ypdGpcOmasC6W3FM/eg
iHx7O4VZYukGvtx+mdznFUusE3y7PIdFx8cUcCPuTHPTZXkQiFapEsF45BEmhOdx
5nUZEC+cDd3S1WRpYpSoAE7bNGhNiu6YiWUtrNSt7+Ri2qSA499uEJyNxVLzY8DU
d38osSWIfGAFJb8+chdhNOnJOUg0NYacyvcOIDsmzYpxP69fbbLgbonATayFcLk=
=SlBa
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEKxw9yOgKqan7/k+2cDqtkQRs124FAmbzGzgFAwAAAAAACgkQcDqtkQRs1269
Ugf9GW5EoUus5h8d36RRvNUvbmQvqnmxFx2PhKjYB3rRjVx7wk8l8gkAbX2irbr+fFT6nCoLGzlK
Q775bInhZs23xb8pfunhPbwV9lZnd6DENqMI58k1JsZMVehW+/8Uuj7kNs+ScydqhZwp8CNs7hus
s6JjuwYCEJQq1m7lWKpf/ScdDgArYNYSsGW0bqy8rb1C605bLtfMBPg6fzWW5Vjdfe7YdOBm8vqJ
ywpsQnA7djmffBiUL6giSYpXPJ1UQQ/MU+O40NmcwrL2vWqomyI+Hlh8jF7iGblcrsEKHjnLnnch
TZslKRSAcZ/iJAuHVe9s+yatdBA8uJiXLI2dzXz99Q==
=9zSY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7031-2
September 24, 2024
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Puma could be made to overwrite headers if it received specially crafted
network traffic.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
puma 5.5.2-2ubuntu2+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
puma 3.12.4-1ubuntu2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7031-2
https://ubuntu.com/security/notices/USN-7031-1
CVE-2024-45614
[USN-7031-1] Puma vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmby0TgACgkQZWnYVadE
vpNr7g/+LjmQWFYM2Eeh5shUz0MOLfB7owZbiNT0BH4wc4YHKfIJ4reE42Nt8io9
a3YGSHAMBEpyZAKgWD7S4AEwlMvF5iW1d+FMxkRO1xd6Bg0UOp3OYOi0vFMlfo8X
QkyEbY2wg2Bfl3M4QjNP4HGjqBD6HXTij45t5FtqJoUuurJSO1VKGQs4JXurGiak
ufzBsLqBIyNnKdt9MXnKBUBcsP7yYjzWUt+cWKTix1TLKTPHu+nfhKYKbrGFhRcX
d5xAuL+tbBSgLB7pX7spVspjCGv10XRMjrNVAIc06GLYikk/oaDyiq9AWgemDPJm
gVdLbsBjTE2FHsHBCplQeXIPQXw6O/viA7Yox8W5A7wcpbg0DqCwmfQhKazuRsJd
lg0S2HHa0F39czVrP6O2hkXExfd14aEejNvCKx9C4pAwE6UaQEuOAow0LLVLwRch
IdKrBzlO+30WZFPyBMx8xn92KGpfsQ08XzKrn5lMiBdO11psDdami/diL+ge5gt9
VfUxHQv301av+mnWJ21Aad0kr8ugyIOTrXor6k+pmU+HsTDg6uLFSv65Eo20qJNB
YYyDoGhvApV90yhRxn3Xmje8qDcqXKnPg5IQi7V4b+69kqBligMXdFMHyNT2lTxH
8xP35jBofjZ1u7Y1R05jbMErLg1C0wZK20aSEl2haN0PFXdI4Ts=
=cSzb
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7031-1
September 24, 2024
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Puma could be made to overwrite headers if it received specially crafted
network traffic.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
puma 6.4.2-4ubuntu4.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7031-1
CVE-2024-45614
Package Information:
https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmby0TgACgkQZWnYVadE
vpNr7g/+LjmQWFYM2Eeh5shUz0MOLfB7owZbiNT0BH4wc4YHKfIJ4reE42Nt8io9
a3YGSHAMBEpyZAKgWD7S4AEwlMvF5iW1d+FMxkRO1xd6Bg0UOp3OYOi0vFMlfo8X
QkyEbY2wg2Bfl3M4QjNP4HGjqBD6HXTij45t5FtqJoUuurJSO1VKGQs4JXurGiak
ufzBsLqBIyNnKdt9MXnKBUBcsP7yYjzWUt+cWKTix1TLKTPHu+nfhKYKbrGFhRcX
d5xAuL+tbBSgLB7pX7spVspjCGv10XRMjrNVAIc06GLYikk/oaDyiq9AWgemDPJm
gVdLbsBjTE2FHsHBCplQeXIPQXw6O/viA7Yox8W5A7wcpbg0DqCwmfQhKazuRsJd
lg0S2HHa0F39czVrP6O2hkXExfd14aEejNvCKx9C4pAwE6UaQEuOAow0LLVLwRch
IdKrBzlO+30WZFPyBMx8xn92KGpfsQ08XzKrn5lMiBdO11psDdami/diL+ge5gt9
VfUxHQv301av+mnWJ21Aad0kr8ugyIOTrXor6k+pmU+HsTDg6uLFSv65Eo20qJNB
YYyDoGhvApV90yhRxn3Xmje8qDcqXKnPg5IQi7V4b+69kqBligMXdFMHyNT2lTxH
8xP35jBofjZ1u7Y1R05jbMErLg1C0wZK20aSEl2haN0PFXdI4Ts=
=cSzb
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7031-1
September 24, 2024
puma vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Puma could be made to overwrite headers if it received specially crafted
network traffic.
Software Description:
- puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
puma 6.4.2-4ubuntu4.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7031-1
CVE-2024-45614
Package Information:
https://launchpad.net/ubuntu/+source/puma/6.4.2-4ubuntu4.3
F42 Change Proposal: Ansible 11 (Self-Contained)
Wiki - https://fedoraproject.org/wiki/Changes/Ansible11
Discussion Thread -
https://discussion.fedoraproject.org/t/f42-change-proposal-ansible-11-self-contained/132053
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Update to Ansible 11 and Ansible Core 2.18, which no longer supports
Python 2.7 and Python 3.6 target nodes, including EL 7 and EL 8 hosts.
== Owner ==
* Name: [[User:gotmax23| Maxwell G]]; [[User:nirik| Kevin Fenzi]]
* Email: maxwell@gtmx.me; kevin@scrye.com
== Detailed Description ==
The premise of the change proposal is simple — a major version update
from Ansible 9 ({{package|ansible}}) / Ansible Core 2.16
({{package|ansible-core}}) to Ansible 11 / Ansible Core 2.18. This is
being filed as a Change proposal instead of a standard update due to
major breaking changes.
Ansible Core 2.18's minimum supported Python version on target nodes
is Python 3.8 - 3.13. This means that Ansible will no longer be able
to interact with RHEL 8 hosts (system Python is Python 3.6) or RHEL 7
hosts (system Python is Python 2.7). Ansible Core upstream plans to be
more aggressive with dropping support for older Python versions on
target nodes in the feature.
Ansible 9, the last release that supports Python 2.7 and Python 3.6
target nodes, will go EOL upstream in November 2024, so we must update
to the latest Ansible to continue receiving upstream support.
The collections included in the Ansible 11 package will also receive
the usual updates to their latest respective major versions. See the
upstream roadmaps linked in the Documentation section for more details
about other more minor Ansible Core changes and the release schedules
for both Ansible and Ansible Core.
== Feedback ==
(FAQ)
* What about alternative Python interpreters on RHEL 8? Can Ansible
Core 2.18 use those and keep support for RHEL 8?
Kind of. The appstream repository does indeed provide
[https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/installing-and-using-dynamic-programming-languages_configuring-basic-system-settings#con_python-versions_assembly_introduction-to-python
alternative, newer Python interpreter versions], in addition to the
default system Python version. Ansible ''can'' execute modules on
target nodes using an alternative Python interpreter if the
<code>ansible_python_interpreter</code> var is set appropriately, but
core functionality such as the <code>ansible.builtin.package</code> /
<code>ansible.builtin.dnf</code> module require access to system
libraries that are only available for the default system Python
interpreter. Users are therefore not recommended to update to Ansible
Core 2.18 if they still require compatibility with RHEL 8 hosts.
* Can a compat package with an older Ansible Core version be provided?
Maybe. Ansible Core only adds support for new Python versions in new
major releases, not the minor releases in between, even though
multiple major release trains receive bugfix/security support at a
time. The Ansible Core 2.16 controller in Fedora 41 only works with
python3.13 thanks to a downstream patch. Additionally, even with our
patches, certain parts of the codebase — including the
<code>ansible-test sanity</code> tooling used by Ansible Collection
developers to lint their code — do not work properly with Python
versions not officially supported by upstream or its test
infrastructure.
If other users are interested in an Ansible Core 2.16 compat package
and willing to take primary responsibility for maintenance and forward
Python compatibility, please reach out to the Change owners.
== Benefit to Fedora ==
Fedora will have the latest version of Ansible and continue receiving
upstream support.
== Scope ==
* Proposal owners:
** Update the ansible and ansible-core packages
** Ensure Ansible Collections packages in Fedora are up to date and
compatible with the latest Ansible Core version.
* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
** Ensure Ansible Collections packages in Fedora that are maintained
by packagers other than the Change owners are up to date and
compatible with the latest Ansible Core version.
== Upgrade/compatibility impact ==
Ansible Core 2.18's minimum supported Python version on target nodes
is Python 3.8 - 3.13. This means that Ansible will no longer be able
to interact with RHEL 8 hosts (Python 3.6) or RHEL 7 hosts (Python
2.7).
== How To Test ==
Install the latest ansible/ansible-core packages once they arrive in
the Fedora repos and ensure that your existing playbooks and installed
collections and roles continue to function.
== User Experience ==
Users will have the latest version of Ansible and Ansible Core.
== Dependencies ==
Ansible Collection packages in Fedora should be tested against the new
ansible-core release.
== Contingency Plan ==
* Contingency mechanism: Revert ansible-core and ansible updates
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
* [https://docs.ansible.com/ansible/devel/roadmap/ROADMAP_2_18.html
Ansible Core 2.18 Roadmap]
* [https://docs.ansible.com/ansible/devel/roadmap/COLLECTIONS_11.html
Ansible 11 Roadmap]
== Release Notes ==
Update to Ansible 11 and Ansible Core 2.18, which no longer supports
Python 2.7 and Python 3.6 target nodes, including EL 7 and EL 8 hosts.
--
Aoife Moloney
Fedora Operations Architect
Fedora Project
Matrix: @amoloney:fedora.im
IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Discussion Thread -
https://discussion.fedoraproject.org/t/f42-change-proposal-ansible-11-self-contained/132053
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
== Summary ==
Update to Ansible 11 and Ansible Core 2.18, which no longer supports
Python 2.7 and Python 3.6 target nodes, including EL 7 and EL 8 hosts.
== Owner ==
* Name: [[User:gotmax23| Maxwell G]]; [[User:nirik| Kevin Fenzi]]
* Email: maxwell@gtmx.me; kevin@scrye.com
== Detailed Description ==
The premise of the change proposal is simple — a major version update
from Ansible 9 ({{package|ansible}}) / Ansible Core 2.16
({{package|ansible-core}}) to Ansible 11 / Ansible Core 2.18. This is
being filed as a Change proposal instead of a standard update due to
major breaking changes.
Ansible Core 2.18's minimum supported Python version on target nodes
is Python 3.8 - 3.13. This means that Ansible will no longer be able
to interact with RHEL 8 hosts (system Python is Python 3.6) or RHEL 7
hosts (system Python is Python 2.7). Ansible Core upstream plans to be
more aggressive with dropping support for older Python versions on
target nodes in the feature.
Ansible 9, the last release that supports Python 2.7 and Python 3.6
target nodes, will go EOL upstream in November 2024, so we must update
to the latest Ansible to continue receiving upstream support.
The collections included in the Ansible 11 package will also receive
the usual updates to their latest respective major versions. See the
upstream roadmaps linked in the Documentation section for more details
about other more minor Ansible Core changes and the release schedules
for both Ansible and Ansible Core.
== Feedback ==
(FAQ)
* What about alternative Python interpreters on RHEL 8? Can Ansible
Core 2.18 use those and keep support for RHEL 8?
Kind of. The appstream repository does indeed provide
[https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/installing-and-using-dynamic-programming-languages_configuring-basic-system-settings#con_python-versions_assembly_introduction-to-python
alternative, newer Python interpreter versions], in addition to the
default system Python version. Ansible ''can'' execute modules on
target nodes using an alternative Python interpreter if the
<code>ansible_python_interpreter</code> var is set appropriately, but
core functionality such as the <code>ansible.builtin.package</code> /
<code>ansible.builtin.dnf</code> module require access to system
libraries that are only available for the default system Python
interpreter. Users are therefore not recommended to update to Ansible
Core 2.18 if they still require compatibility with RHEL 8 hosts.
* Can a compat package with an older Ansible Core version be provided?
Maybe. Ansible Core only adds support for new Python versions in new
major releases, not the minor releases in between, even though
multiple major release trains receive bugfix/security support at a
time. The Ansible Core 2.16 controller in Fedora 41 only works with
python3.13 thanks to a downstream patch. Additionally, even with our
patches, certain parts of the codebase — including the
<code>ansible-test sanity</code> tooling used by Ansible Collection
developers to lint their code — do not work properly with Python
versions not officially supported by upstream or its test
infrastructure.
If other users are interested in an Ansible Core 2.16 compat package
and willing to take primary responsibility for maintenance and forward
Python compatibility, please reach out to the Change owners.
== Benefit to Fedora ==
Fedora will have the latest version of Ansible and continue receiving
upstream support.
== Scope ==
* Proposal owners:
** Update the ansible and ansible-core packages
** Ensure Ansible Collections packages in Fedora are up to date and
compatible with the latest Ansible Core version.
* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
** Ensure Ansible Collections packages in Fedora that are maintained
by packagers other than the Change owners are up to date and
compatible with the latest Ansible Core version.
== Upgrade/compatibility impact ==
Ansible Core 2.18's minimum supported Python version on target nodes
is Python 3.8 - 3.13. This means that Ansible will no longer be able
to interact with RHEL 8 hosts (Python 3.6) or RHEL 7 hosts (Python
2.7).
== How To Test ==
Install the latest ansible/ansible-core packages once they arrive in
the Fedora repos and ensure that your existing playbooks and installed
collections and roles continue to function.
== User Experience ==
Users will have the latest version of Ansible and Ansible Core.
== Dependencies ==
Ansible Collection packages in Fedora should be tested against the new
ansible-core release.
== Contingency Plan ==
* Contingency mechanism: Revert ansible-core and ansible updates
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
* [https://docs.ansible.com/ansible/devel/roadmap/ROADMAP_2_18.html
Ansible Core 2.18 Roadmap]
* [https://docs.ansible.com/ansible/devel/roadmap/COLLECTIONS_11.html
Ansible 11 Roadmap]
== Release Notes ==
Update to Ansible 11 and Ansible Core 2.18, which no longer supports
Python 2.7 and Python 3.6 target nodes, including EL 7 and EL 8 hosts.
--
Aoife Moloney
Fedora Operations Architect
Fedora Project
Matrix: @amoloney:fedora.im
IRC: amoloney
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Subscribe to:
Posts (Atom)