Thursday, October 31, 2024
[USN-7088-1] Linux kernel vulnerabilities
Ubuntu Security Notice USN-7088-1
October 31, 2024
linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm,
linux-ibm-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
Details:
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an integer overflow vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36402)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Android drivers;
- Serial ATA and Parallel ATA drivers;
- ATM drivers;
- Drivers core;
- CPU frequency scaling framework;
- Device frequency scaling framework;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- ISDN/mISDN subsystem;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- EEPROM drivers;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Device tree and open firmware driver;
- Parport drivers;
- PCI subsystem;
- Pin controllers subsystem;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI drivers;
- QCOM SoC drivers;
- Direct Digital Synthesis drivers;
- TTY drivers;
- Userspace I/O drivers;
- DesignWare USB3 driver;
- USB subsystem;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- BPF subsystem;
- Core kernel;
- DMA mapping infrastructure;
- Tracing infrastructure;
- Radix Tree data structure library;
- Kernel userspace event delivery library;
- Objagg library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- CAN network layer;
- Networking core;
- Ethtool driver;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- KCM (Kernel Connection Multiplexor) sockets driver;
- MAC80211 subsystem;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Wireless networking;
- AppArmor security module;
- Simplified Mandatory Access Control Kernel framework;
- SoC audio core drivers;
- USB sound devices;
(CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244,
CVE-2024-46723, CVE-2024-41073, CVE-2024-46756, CVE-2024-42288,
CVE-2024-46840, CVE-2024-46771, CVE-2024-46757, CVE-2024-43860,
CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988,
CVE-2024-42281, CVE-2024-36484, CVE-2024-43856, CVE-2024-47668,
CVE-2024-46759, CVE-2024-46744, CVE-2024-42289, CVE-2024-42131,
CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858,
CVE-2024-44960, CVE-2024-45028, CVE-2024-26885, CVE-2024-46676,
CVE-2024-46780, CVE-2024-42310, CVE-2024-44987, CVE-2024-41090,
CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614,
CVE-2024-27051, CVE-2024-43880, CVE-2024-43839, CVE-2024-43884,
CVE-2024-42311, CVE-2024-43893, CVE-2024-41072, CVE-2024-41091,
CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305,
CVE-2024-46673, CVE-2024-42284, CVE-2024-46844, CVE-2024-46677,
CVE-2024-45025, CVE-2024-43861, CVE-2024-43914, CVE-2024-46783,
CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276,
CVE-2024-46740, CVE-2024-42295, CVE-2024-44947, CVE-2024-41059,
CVE-2024-26669, CVE-2024-38602, CVE-2024-42306, CVE-2023-52918,
CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006,
CVE-2024-44998, CVE-2024-42283, CVE-2024-44952, CVE-2024-46761,
CVE-2024-43841, CVE-2024-44944, CVE-2024-42313, CVE-2024-45008,
CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867,
CVE-2024-42286, CVE-2024-43879, CVE-2024-43846, CVE-2024-42280,
CVE-2024-43854, CVE-2021-47212, CVE-2024-35848, CVE-2024-41020,
CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965,
CVE-2024-43890, CVE-2024-45003, CVE-2024-44969, CVE-2024-41011,
CVE-2024-46738, CVE-2024-41071, CVE-2024-26800, CVE-2024-46721,
CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531,
CVE-2024-26891, CVE-2024-26641, CVE-2024-42287, CVE-2024-46722,
CVE-2024-41042, CVE-2024-46675, CVE-2024-46743, CVE-2024-42259,
CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871,
CVE-2024-46739, CVE-2024-42301, CVE-2024-47659, CVE-2024-42271,
CVE-2024-26668, CVE-2024-43835, CVE-2024-46829, CVE-2024-47667,
CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929,
CVE-2024-46815, CVE-2024-43830, CVE-2024-42309, CVE-2024-41063,
CVE-2024-46782, CVE-2024-46777, CVE-2024-42265, CVE-2024-46781,
CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882,
CVE-2024-44935, CVE-2024-46800, CVE-2024-46822, CVE-2024-46755,
CVE-2024-46817, CVE-2024-43829, CVE-2024-46798, CVE-2024-46689,
CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663,
CVE-2024-41070)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1082-ibm 5.4.0-1082.87
linux-image-5.4.0-1102-gkeop 5.4.0-1102.106
linux-image-5.4.0-1139-gcp 5.4.0-1139.148
linux-image-5.4.0-200-generic 5.4.0-200.220
linux-image-5.4.0-200-generic-lpae 5.4.0-200.220
linux-image-5.4.0-200-lowlatency 5.4.0-200.220
linux-image-gcp-lts-20.04 5.4.0.1139.141
linux-image-generic 5.4.0.200.196
linux-image-generic-lpae 5.4.0.200.196
linux-image-gkeop 5.4.0.1102.100
linux-image-gkeop-5.4 5.4.0.1102.100
linux-image-ibm-lts-20.04 5.4.0.1082.111
linux-image-lowlatency 5.4.0.200.196
linux-image-oem 5.4.0.200.196
linux-image-oem-osp1 5.4.0.200.196
linux-image-virtual 5.4.0.200.196
Ubuntu 18.04 LTS
linux-image-5.4.0-1082-ibm 5.4.0-1082.87~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1139-gcp 5.4.0-1139.148~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-200-generic 5.4.0-200.220~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-200-lowlatency 5.4.0-200.220~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1139.148~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1082.87~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.200.220~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7088-1
CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52614,
CVE-2023-52918, CVE-2024-26607, CVE-2024-26640, CVE-2024-26641,
CVE-2024-26668, CVE-2024-26669, CVE-2024-26800, CVE-2024-26885,
CVE-2024-26891, CVE-2024-27051, CVE-2024-35848, CVE-2024-36484,
CVE-2024-38602, CVE-2024-38611, CVE-2024-40929, CVE-2024-41011,
CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020,
CVE-2024-41022, CVE-2024-41042, CVE-2024-41059, CVE-2024-41063,
CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070,
CVE-2024-41071, CVE-2024-41072, CVE-2024-41073, CVE-2024-41081,
CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42131,
CVE-2024-42229, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259,
CVE-2024-42265, CVE-2024-42271, CVE-2024-42276, CVE-2024-42280,
CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285,
CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289,
CVE-2024-42290, CVE-2024-42292, CVE-2024-42295, CVE-2024-42297,
CVE-2024-42301, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,
CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42313,
CVE-2024-43829, CVE-2024-43830, CVE-2024-43835, CVE-2024-43839,
CVE-2024-43841, CVE-2024-43846, CVE-2024-43853, CVE-2024-43854,
CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861,
CVE-2024-43867, CVE-2024-43871, CVE-2024-43879, CVE-2024-43880,
CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43890,
CVE-2024-43893, CVE-2024-43894, CVE-2024-43908, CVE-2024-43914,
CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947,
CVE-2024-44948, CVE-2024-44952, CVE-2024-44954, CVE-2024-44960,
CVE-2024-44965, CVE-2024-44969, CVE-2024-44987, CVE-2024-44988,
CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,
CVE-2024-45006, CVE-2024-45008, CVE-2024-45021, CVE-2024-45025,
CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675,
CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685,
CVE-2024-46689, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46737, CVE-2024-46738,
CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744,
CVE-2024-46745, CVE-2024-46747, CVE-2024-46750, CVE-2024-46755,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46761, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780,
CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46798,
CVE-2024-46800, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,
CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46840,
CVE-2024-46844, CVE-2024-47659, CVE-2024-47663, CVE-2024-47667,
CVE-2024-47668, CVE-2024-47669
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-200.220
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1139.148
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1102.106
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1082.87
[USN-7076-2] Linux kernel vulnerabilities
Ubuntu Security Notice USN-7076-2
October 31, 2024
linux-azure-fde-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Microsoft Azure Network Adapter (MANA) driver;
- Watchdog drivers;
- Netfilter;
- Network traffic control;
(CVE-2024-45016, CVE-2024-38630, CVE-2024-45001, CVE-2024-27397)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1074-azure-fde 5.15.0-1074.83~20.04.1.1
linux-image-azure-fde 5.15.0.1074.83~20.04.1.51
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7076-2
https://ubuntu.com/security/notices/USN-7076-1
CVE-2024-27397, CVE-2024-38630, CVE-2024-45001, CVE-2024-45016
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1074.83~20.04.1.1
[USN-7021-5] Linux kernel vulnerabilities
Ubuntu Security Notice USN-7021-5
October 31, 2024
linux-azure-fde vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,
CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1073-azure-fde 5.15.0-1073.82.1
linux-image-azure-fde-lts-22.04 5.15.0.1073.82.50
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7021-5
https://ubuntu.com/security/notices/USN-7021-4
https://ubuntu.com/security/notices/USN-7021-3
https://ubuntu.com/security/notices/USN-7021-2
https://ubuntu.com/security/notices/USN-7021-1
CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,
CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1073.82.1
[USN-7086-1] Firefox vulnerabilities
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmcjZ1UFAwAAAAAACgkQWNrRIKaTkWfZ
AxAAg1PNtGTbMg+kxdvtPlcRyFLJr5PsQakbY5xRtWlJTZywqsoH0EPHHzZY05gaUhuO0Qyoo5P4
y+9HhMjT12yJUvGqGgTR3mAYt6mCdLJfUQKI8cYeZMxg+3QI4teO50p+aApeR6+u28Q1I0N3zrAg
sxgJow8HGWdsGqhfIHhOT1nWlxTIscSyw5kEOE1c7zewrGl61xeC4PtqPWXB8kSW9Df8+NIZjOK+
k86jWgZU8xQs6FiRWupCezNtRLrcS1YjNolaxjNqRshwaBS0AD9D6RkuklX6rfS7nAGt60VtpSmb
TSD0HxhDH0R/kDBYwZ1cLkwJx4x/sAPr2QKXeHuHGRRqoh70xNY9VmdQw7Kpl6Z7WDX+6jgbM9h9
DRvqpVDS0BqPQqd3+GfgHBgJUrgDUB0Y6rDuE/KG1xT90RFFVniDExku7abzKb79UDv4x9mb/6RM
8cY8P1rm1S2zMS2luxfYTu2s7+rgjPVBdNhgVeJCoYRE1nJhPo1E5nvUb/zqr4zvE4xo/I1/VK4A
hRv2w7565Qrf0oLY9Zj4t17CJE2eFmZxhGfeWgeZaFu9gAPQWSl8O98KH/+S1qX6Y41jodshweZv
QfrT1i3wpJt8Rjw52LEbBvoYJU82onT2Ov1KP3YW5hq0EVzUIJLWy1xd1JuJIoEBlUqkMssUTn15
fT0=
=olv1
-----END PGP SIGNATURE-----
========================================================================== Ubuntu Security Notice USN-7086-1 October 31, 2024 firefox vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-10458 CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS firefox 132.0+build1-0ubuntu0.20.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7086-1 CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468 Package Information: https://launchpad.net/ubuntu/+source/firefox/132.0+build1-0ubuntu0.20.04.1
[USN-7087-1] libarchive vulnerability
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmcjZhsACgkQZWnYVadE
vpOT+BAAj2B9Uth5HN05yCmkZUTWjI0NFBBpDwwukEKE9my85QVr92dP/fpV2HHb
aavpsyHjzKxZy+vepWlCpdYmrDP9OzmZ5cnhzUQNjnyQccjzzatti98MuD9Y2w44
2zm0EejPXuwFzbr7b64/wA+gf1aZEb8YqdqdAWQSTnjWX351bBW+Y4Wn+B8cHQBU
Mkoe+GWTlox6arOIvSRcOAiNf4YBFlYw3OXjjU375HknAsoz1FG4/CCX3CSN2eC3
MrlSkuf8IAj6flF4lkYK/kCBjKf7U8LKrZq/awTwPQnMUcFCEiFcy3SSE9yHMpHT
LOfSU89jiUGohRKrMO90uXNkMkUy53Lh/M4X9M4tcTNAtKvB+/zP4H5CmyRVGJkG
9Nq89lqq4LWkt9T/+M38YUV1oUNITwMj2Sy4saENodJmL96yn13fpcpMTeV7tJjG
+/wCSAhW3Q2Hie0pBdbVhYlGhvTwAsDG5EkTMJMjkrMbWn5vLxb2Q2wKndEAUqzz
C8baZbFOkfuMgMOPNe+Kgtd6301Fgfd05OM5obyvomh4HuHlksoDVoSPQFIjXuWj
FJXqq+hN4xSShqW98pit7UUCqBNAYkvF7/vqNfqoQnFz8n5nz8MNWYgFCfzVraJU
l9RNL2Irc5PMmy2pnt3iW2XUX3BdlN5ns3r6qtwXU5BzlfQ2wAE=
=vcPv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7087-1
October 31, 2024
libarchive vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
libarchive could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libarchive: Library to read/write archive files
Details:
It was discovered that libarchive incorrectly handled certain RAR archive
files. If a user or automated system were tricked into processing a
specially crafted RAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libarchive13t64 3.7.4-1ubuntu0.1
Ubuntu 24.04 LTS
libarchive13t64 3.7.2-2ubuntu0.3
Ubuntu 22.04 LTS
libarchive13 3.6.0-1ubuntu1.3
Ubuntu 20.04 LTS
libarchive13 3.4.0-2ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7087-1
CVE-2024-20696
Package Information:
https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.3
https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.4
Wednesday, October 30, 2024
OpenBSD Errata: October 31, 2024 (aplsmc)
released for OpenBSD 7.6 and 7.5.
Binary updates for the arm64 platform are available via the syspatch
utility. Source code patches can be found on the respective errata
page:
https://www.openbsd.org/errata75.html
https://www.openbsd.org/errata76.html
[USN-7085-2] X.Org X Server vulnerability
Ubuntu Security Notice USN-7085-2
October 30, 2024
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
X.Org X Server could be made to crash or run programs if it received
specially crafted data.
Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server
Details:
USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm9
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm1
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm9
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm14
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm6
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm14
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm6
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7085-2
https://ubuntu.com/security/notices/USN-7085-1
CVE-2024-9632
[USN-7084-2] pip vulnerability
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmciS58FAwAAAAAACgkQyfW2m9Ldu6u3
bxAAyyxp/pHrbbGIabWFwQLFpYnHV7j3ya958hInpWQAifRv5JgSs4Q0K/Fi1hNBeZN7vy2fLIre
JoNBRq6n9YakwptVuvv936PQo/J/YNCX2ZW9GEnH+A6EP44JW3ZtVHTZp3lNFXGUb/Nzno2lLIzX
UDGTDf1F44IedjkdyXoVWy3RmFeXlLNPjZx3yvKzAHekTrqvWd8uEs82aI7IQbw3u+uXix1Q+Lwa
8nzSakzkIRUgfDAR8oDuwvPA1OWdFShOk+zEf41DHu2pBh7n2EGlX1XiOlOT4KINwXjaN1W0Z9Zi
NmTV0Tai4n7dheSJYRnDVTp6XyXs2yny4j0pFFzr02bLI8ZMl3jzlFXczWutawX56WiOvgg56Qre
QlWbaelexAFnR2Jh2LYuSP/aU/re3lGGn1lyu55I3pw3iYPKwBtZBYeOwycaRaQULpiyGqla4loY
zYw9VLxnzK0aSzTDJjtLUIJEwBAz8rDZ1mRKRSSTlsGPib7yREwN2Im9nFS8gwR0E910Fhv+opzK
P4H+AidiwPKci/r+kb5/VSwBFjU3/SoKHj93efpbB7ZOor2dy2swt/nn/+MR/4+6bO3D0OpzaXCX
dGt0Fsbddr1NJOxUsFnH3nLupusV1kgLocFoWkmJco2tVcVuPQuuc0AZXxLblkHGH4qQIVoPqK4S
afg=
=EOi0
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7084-2
October 30, 2024
python-pip vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
urllib3 could leak sensitive information.
Software Description:
- python-pip: Python package installer
Details:
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3-pip 24.2+dfsg-1ubuntu0.1
python3-pip-whl 24.2+dfsg-1ubuntu0.1
Ubuntu 24.04 LTS
python3-pip 24.0+dfsg-1ubuntu1.1
python3-pip-whl 24.0+dfsg-1ubuntu1.1
Ubuntu 22.04 LTS
python3-pip 22.0.2+dfsg-1ubuntu0.5
python3-pip-whl 22.0.2+dfsg-1ubuntu0.5
Ubuntu 20.04 LTS
python-pip-whl 20.0.2-5ubuntu1.11
python3-pip 20.0.2-5ubuntu1.11
Ubuntu 18.04 LTS
python-pip 9.0.1-2.3~ubuntu1.18.04.8+esm6
Available with Ubuntu Pro
python-pip-whl 9.0.1-2.3~ubuntu1.18.04.8+esm6
Available with Ubuntu Pro
python3-pip 9.0.1-2.3~ubuntu1.18.04.8+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-pip 8.1.1-2ubuntu0.6+esm10
Available with Ubuntu Pro
python-pip-whl 8.1.1-2ubuntu0.6+esm10
Available with Ubuntu Pro
python3-pip 8.1.1-2ubuntu0.6+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7084-2
https://ubuntu.com/security/notices/USN-7084-1
CVE-2024-37891
Package Information:
https://launchpad.net/ubuntu/+source/python-pip/24.2+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-pip/24.0+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.5
https://launchpad.net/ubuntu/+source/python-pip/20.0.2-5ubuntu1.11
[USN-7085-1] X.Org X Server vulnerability
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmciEB4ACgkQZWnYVadE
vpM0xQ//QZodxT1iIt8sx58lWxqcemoJtgXERfvb6jvks2eFDpgOo/CrnDt9NAI8
4MkgfG0AkJ2ueBPxN6q6AR33JXKEoFKne90S4+GHkYmPUDbLbVGHIM7QKpRDZWlu
ijhaPst2RAkaCo/RLBKo/UjQ42aaRPOCUFOX4sivH7kNXWyGOzjKgEXkaTf+I32S
g9/OrztOta2SOqVZ5+ShBnLO0zph9lGufTbcs7UYf6UXljq5Bp4Ns8aBRSkiuQ+r
zEqlNIkWsLyodw9XOBShTCE25IpStVM+6VEKiYcH9JoIhimsxSxynCYVLrpvRemv
TOBUEz19rLmDYWFmcNT88GlXWnVYgcvlRUPeofhL/V/ErChBSE6xbfDnxW2ffpe+
pju8m+KK1b0+YXf/fZY3XF67YXEnNn7SwbEmn0Q2h68llNPIGpY5ZsthutMZlRCe
sUhS4olgO/ZoDjTJHQj/jhguxCTZKYbeq8RcjyYuWXacDLRUFsAQN1Kj8VekUEZl
3c3ROIz3vgxv59noIAy1uMMynH+sOXKax7dj+X0Xrpbm/k2KtGzCrtxZbO94hVkH
Ifi53sulTuk7jYwIM9qmaQtNxujqLHM0X10Lkt/Ksy7Dyp5M1ZzM6vlajU+y3iVk
ev6LxEvw7RLCTZYKVZF/DZnWZnpxsWPwcwwkZIn9ULXBZr092Q4=
=yvVJ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7085-1
October 30, 2024
xorg-server, xwayland vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
X.Org X Server could be made to crash or run programs if it received
specially crafted data.
Software Description:
- xorg-server: X.Org X11 server
- xwayland: X server for running X clients under Wayland
Details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
xserver-xorg-core 2:21.1.13-2ubuntu1.1
xwayland 2:24.1.2-1ubuntu0.1
Ubuntu 24.04 LTS
xserver-xorg-core 2:21.1.12-1ubuntu1.1
xwayland 2:23.2.6-1ubuntu0.1
Ubuntu 22.04 LTS
xserver-xorg-core 2:21.1.4-2ubuntu1.7~22.04.12
xwayland 2:22.1.1-1ubuntu0.14
Ubuntu 20.04 LTS
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.18
xwayland 2:1.20.13-1ubuntu1~20.04.18
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7085-1
CVE-2024-9632
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.13-2ubuntu1.1
https://launchpad.net/ubuntu/+source/xwayland/2:24.1.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.1
https://launchpad.net/ubuntu/+source/xwayland/2:23.2.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.12
https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.14
https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.18
Tuesday, October 29, 2024
FreeBSD Security Advisory FreeBSD-SA-24:19.fetch
Hash: SHA512
=============================================================================
FreeBSD-SA-24:19.fetch Security Advisory
The FreeBSD Project
Topic: Certificate revocation list fetch(1) option fails
Category: core
Module: fetch
Announced: 2024-10-29
Credits: Franco Fichtner
Affects: All supported versions of FreeBSD.
Corrected: 2024-10-09 11:49:32 UTC (stable/14, 14.1-STABLE)
2024-10-29 18:57:00 UTC (releng/14.1, 14.1-RELEASE-p6)
2024-10-09 11:50:06 UTC (stable/13, 13.4-STABLE)
2024-10-29 18:57:13 UTC (releng/13.4, 13.4-RELEASE-p2)
2024-10-29 18:57:30 UTC (releng/13.3, 13.3-RELEASE-p8)
CVE Name: CVE-2024-45289
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Fetch is utility used to retrieve file(s) from URL(s) specified on the command
line. It supports a --crl option to specify a certificate revocation list
which contains peer certificates which have been revoked.
II. Problem Description
The fetch(3) library uses environment variables for passing certain
information, including the revocation file pathname. The environment variable
name used by fetch(1) to pass the filename to the library was incorrect, in
effect ignoring the option.
III. Impact
Fetch would still connect to a host presenting a certificate included in the
revocation file passed to the --crl option.
IV. Workaround
The certificate revocation list file can be specified by the SSL_CRL_FILE
fetch(3) environment variable rather than using the --crl option to fetch(1).
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-24:19/fetch.patch
# fetch https://security.FreeBSD.org/patches/SA-24:19/fetch.patch.asc
# gpg --verify fetch.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 51676e0a3bd3 stable/14-n269041
releng/14.1/ 0e8bf366e6c5 releng/14.1-n267725
stable/13/ 484724578422 stable/13-n258502
releng/13.4/ 51f6c450d991 releng/13.4-n258267
releng/13.3/ 9f1314a30b4a releng/13.3-n257477
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45289>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:19.fetch.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmchUCkACgkQbljekB8A
Gu/0RQ//fm2B2XPZPiGADBhuNeC8NsVwFqzNh/Nrxj2bUCel44kU4yGRZ0jADOD+
URW+0LDs+rOhIV2cw6fZDUwN+/dblFjZiKpQHJF42A1M90hNRfPArbCh6X2h8EAq
C4Kr6M6tUByfMX2Hf0aj/QNVrar/hirNhM8ZwDXVMxDj+aBSHSUqZCzfgeTy4/nn
9DJKOaxJ6WKE9OmAEUhSNoPF6AP+ZzU0aOQCs9tUn+OqKDTxLwn0vXSTPaPw4FcR
YYYIeiIKpqLhZxPhDnLh/Z/J4AleXPLZeL8VFKemopYk5Fi6HOG/f8UjC/GYoFp/
eHlEY7H1/aRUYJ6FWm4p/cGfxdJOWmkcJax6VQwBNKX23bEzQh9+4RlnE5cPbAio
w4XeQybgitic/NeKhI8Jt/aFnVQah2i+O/PQRFCsDDVJGqRnjVw7+6Zvl4zEDoTP
Xx96PXGCW3UZyNgqDo2jgZman1P5GLKtZg6FmGKlc/IrqijVnWfh06fI5nZ7Bo1z
b8DiCGSQ/W2cL+d2ILj0illAU9g7JO3MDJOl/lchSUTg4XLUI+G201HaR9wRxSo0
SXYq23CG4Nll6b8tdC6EEnOoc4RgyQIJv+N/oML8enJ15x7teXG+JlWIf0rM2qkf
Bxn8hBawdfshzuIkLf2X0J6rm8MBj/s9O3j87oD1C37dqp+E4Uo=
=CEwj
-----END PGP SIGNATURE-----
FreeBSD Security Advisory FreeBSD-SA-24:18.ctl
Hash: SHA512
=============================================================================
FreeBSD-SA-24:18.ctl Security Advisory
The FreeBSD Project
Topic: Unbounded allocation in ctl(4) CAM Target Layer
Category: core
Module: ctl
Announced: 2024-10-29
Credits: Synacktiv
Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project
Affects: All supported versions of FreeBSD.
Corrected: 2024-10-11 15:53:17 UTC (stable/14, 14.1-STABLE)
2024-10-29 18:45:37 UTC (releng/14.1, 14.1-RELEASE-p6)
2024-10-11 15:53:53 UTC (stable/13, 13.4-STABLE)
2024-10-29 18:49:56 UTC (releng/13.4, 13.4-RELEASE-p2)
2024-10-29 18:53:42 UTC (releng/13.3, 13.3-RELEASE-p8)
CVE Name: CVE-2024-39281
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The ctl subsystem provides SCSI target devices emulation. The bhyve(8)
hypervisor and ctld(8) iSCSI target daemon make use of ctl.
II. Problem Description
The command ctl_persistent_reserve_out allows the caller to specify an
arbitrary size which will be passed to the kernel's memory allocator.
III. Impact
A malicious guest could cause a Denial of Service (DoS) on the host.
IV. Workaround
No workaround is available. Systems not using virtio_scsi(4) or ctld(8)
are not affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date, and reboot
the system.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-24:18/ctl.patch
# fetch https://security.FreeBSD.org/patches/SA-24:18/ctl.patch.asc
# gpg --verify ctl.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 2e7f4728fa73 stable/14-n269070
releng/14.1/ a8df23541444 releng/14.1-n267724
stable/13/ 367d8c86a182 stable/13-n258514
releng/13.4/ e389eb99fb63 releng/13.4-n258266
releng/13.3/ 9867aebc1d04 releng/13.3-n257476
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39281>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:18.ctl.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmchUCcACgkQbljekB8A
Gu86VhAArJMRQcCCLdF1dflUMBKXROmUUZRHZg/fDS6QvGgZXQ0vKaGsHYjdNS2Z
oM+RgfsE98CU5FoiqBNdJNlAMX9+/JSN1h2wPD3UJfk/j6TLbj78RMcNnfG9OGSb
/J626CnpcIz/9ORSVb5FRSe3Ac+aS19Gh7g4wY9RY/sRA2tR9+8A96JdD3nQCkAQ
+oEiB3sNfo9rTxVNtPV7J47HwLcHecfqmUNp1fJ4eWs2utebyG0IoLWI6SlFrx81
peBImJvVZviZVesEeibTT/nBcbuugq9pGUp5EqVcoZM5VHqN/DIm3uI1jpNzAyvR
NBoFBBI6+DxUfw3D1MFP6s341Ixmz1UBhqlGewhAryKTGT1Pm0ong69vH96hAEDT
Q8OnigHESE94O76u61NsaQydjcqnC1gRw0NkRl7FNja4tLDKxKQ72P0tPSYyFSNp
h7V2F+1g6EbMxWpb19KEjYIF6AAv4ijUc1DseW0NITteofufcm+yytvksOQGKbDm
Vx8m+6ONqVSs09Bi7bIG0n5yF1qjFyLkWfKs/FiJF5tfu9bdXpm6VG32KSBsaF/2
O/0h6OKIyHHqOaKr9NgBt78gAknwPdi083ir7HIihzkaGfoMLhkyyss3G+cOa45I
G3bfpjyQSpqwVgypP9KEogFU0Cb51GkKK3Hed4GyZ88c6C+QcAA=
=ew5T
-----END PGP SIGNATURE-----
FreeBSD Security Advisory FreeBSD-SA-24:17.bhyve
Hash: SHA512
=============================================================================
FreeBSD-SA-24:17.bhyve Security Advisory
The FreeBSD Project
Topic: Multiple issues in the bhyve hypervisor
Category: core
Module: bhyve
Announced: 2024-10-29
Credits: Synacktiv
Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project
Affects: All supported versions of FreeBSD.
Corrected: 2024-10-19 15:42:15 UTC (stable/14, 14.1-STABLE)
2024-10-29 18:45:36 UTC (releng/14.1, 14.1-RELEASE-p6)
2024-10-19 15:43:46 UTC (stable/13, 13.4-STABLE)
2024-10-29 18:49:55 UTC (releng/13.4, 13.4-RELEASE-p2)
2024-10-29 18:53:41 UTC (releng/13.3, 13.3-RELEASE-p8)
CVE Name: CVE-2024-51562, CVE-2024-51563, CVE-2024-51564,
CVE-2024-51565, CVE-2024-51565
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
bhyve(8) is a hypervisor that runs guest operating systems inside a virtual
machine.
II. Problem Description
Several vulnerabilities were found in the bhyve hypervisor's device models.
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-
read from a guest-controlled value. (CVE-2024-51562)
The virtio_vq_recordon function is subject to a time-of-check to time-of-use
(TOCTOU) race condition. (CVE-2024-51563)
A guest can trigger an infinite loop in the hda audio driver.
(CVE-2024-51564)
The hda driver is vulnerable to a buffer over-read from a guest-controlled
value. (CVE-2024-51565)
The NVMe driver queue processing is vulernable to guest-induced infinite
loops. (CVE-2024-51565)
III. Impact
Malicious guest virtual machines may be able to perform a denial of service
(DoS) of the bhyve host, and may read memory within the bhyve process that
they should not be able to access.
IV. Workaround
No workaround is available. Virtual machines that provide none of the NVMe,
virtio, and hda devices to the guest are not vulnerable.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Restart bhyve processes, or reboot the system.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-24:17/bhyve.patch
# fetch https://security.FreeBSD.org/patches/SA-24:17/bhyve.patch.asc
# gpg --verify bhyve.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable bhyve processes, or reboot the system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 86ba5941b132 stable/14-n269162
releng/14.1/ fcd9a2d8a5bd releng/14.1-n267723
stable/13/ df1a36fdfae6 stable/13-n258536
releng/13.4/ 5d07a7e902fa releng/13.4-n258265
releng/13.3/ adb7b541aea1 releng/13.3-n257475
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51562>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51563>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51564>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51565>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51565>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:17.bhyve.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmchUCUACgkQbljekB8A
Gu/RJhAA5oWfn9F1Tdmwwl5CFbvIjSmHcWdDsTbQ66DrL8HcinrNoBSdhr2xuAQK
mxsWuUI1V4Wb9Yp0EXjpNB2ZIpjDbEionVK7BEZJ2D09TCi1CFS84CiTdqBlkJ/A
2K+eQD6BAG+wKu0yRlqu2wA8RgUWob8ORZ9PFyT4XH23OT4F60WUhPJ+917cqCru
Ye7hKcSy/xaL0J95ZOG+qeuTf9RbBeQ4f+Sq2ERbtPXVRcBs3x2PEjg1ptuKNmst
Hbvg+fIsfGWf99r50EhBP2yPJ/jNZBhYJ5gX+zdJsyuXRnJwnv2P6WNxFKoh2I2n
RI4L3rJ7hJVPURhXZ3fkmiQ8qW/VxrR+2H4YxjuD2U7KQg22ZxCCFNFfN7gYI63U
8/shw6Ez5OQqVyXl/+uD0/P6pnscKsQz9zNix7kI+G9meBZLnyA1/eGB0iFQVjYg
NxepUWheMsraLX1ytURtI2lY8pr26Fd4xtY0mKpV13ohL59nQZ79fIeot50m8WMP
++zqqErJa/9mk6MSZ/xXHWUbPLmQmuNyHere4kqvd4dTLLMOe17WB7NrPJch2S23
BCcnfZNGwP9iPY27CHRStAYI2OIj2iL7oe2Z7jnh+afpcX3r5isxqZf3R6pw7C2a
fDPHVTfKJ951yBloejhXJcPXdwgYMZ+8nd2MVafrIYD7dTZfCrU=
=BYuX
-----END PGP SIGNATURE-----
FreeBSD Errata Notice FreeBSD-EN-24:17.pam_xdg
Hash: SHA512
=============================================================================
FreeBSD-EN-24:17.pam_xdg Errata Notice
The FreeBSD Project
Topic: XDG runtime directory's file descriptor leak at login
Category: core
Module: pam_xdg
Announced: 2024-10-29
Credits: Olivier Certner
Affects: FreeBSD 14.1
Corrected: 2024-09-03 13:28:58 UTC (stable/14, 14.1-STABLE)
2024-10-29 18:57:01 UTC (releng/14.1, 14.1-RELEASE-p6)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
pam_xdg(8) is a PAM module which sets up directories and environment
variables per the XDG Base Directory Specification[1]. In particular, it
creates a per-user directory to contain non-essential runtime files and sets
the environment variable XDG_RUNTIME_DIR to point to it.
II. Problem Description
As a user logs in, if the per user XDG_RUNTIME_DIR directory already exists,
a file descriptor to that directory is leaked in the calling process.
III. Impact
This leaked directory file descriptor is inherited by all descendant processes
that do not explicitly close it. In particular, it prevents an administrator
from using jexec(8) or launching a new jail via jail(8), as both commands use
the jail_attach(2) system call which fails with EPERM if the calling process has
an open directory in its file descriptor table, as a security measure to prevent
jail escape.
This file descriptor leak is normally harmless from a security standpoint as the
XDG_RUNTIME_DIR directory's content is usually readable and modifiable only by
its owner and its group.
IV. Workaround
Shell primitives can close the leaking file descriptor before running
jexec(8) or jail(8). For sh-like shells, use 'exec X>&-', where X is the
number of the leaked file descriptor obtained with 'fstat -p $$'
Alternatively, use a login program or shell that closes all inherited file
descriptors for root such as sudo(8) or csh(1).
Lastly, on machines not running a Freedesktop-based GUI desktop or some
that can set XDG_RUNTIME_DIR by itself (e.g., KDE), disable pam_xdg(8)
completely by commenting the corresponding lines in '/etc/pam.d/system' and
'/etc/pam.d/xdm'.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security branch
(releng) dated after the correction date. A reboot is advised following the
upgrade, or a logout/re-login of your jail working sessions if practical.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
A reboot is advised following the upgrade, or a logout/re-login of your jail
working sessions if practical.
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-24:17/pam_xdg.patch
# fetch https://security.FreeBSD.org/patches/EN-24:17/pam_xdg.patch.asc
# gpg --verify pam_xdg.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
A reboot is advised following the upgrade, or a logout/re-login of your jail
working sessions if practical.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 9e8d504bb5a1 stable/14-n268630
releng/14.1/ accf8cee6dd0 releng/14.1-n267726
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
[1] <URL:https://specifications.freedesktop.org/basedir-spec/latest/>
[2] <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281751>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:17.pam_xdg.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmchUCMACgkQbljekB8A
Gu8//xAAtTW3AJdvvbA58EUdBkz1mb60dhJ0DCBRiE+4kTApym8+PNvzRAib4i5R
RiZGx/axXvUmP1qVKCgpYjaf3D/vrbBEk4bqrCcgZlPVEWbSm1jrLzFjZNr7vYUn
AxCaF4RpzkAAku6qV8BuQal2cVpCRt0Ad5CkFArdp8KqeVyZIIf3yM2UQn4nzrxf
ycZF1GWzvh/izIK2zmaxFVNzYToz4l6qj0Y5t0Mi4OhSq3J63gHv4UhH+/Fn0mnT
fkd90lCrAQIgu6BZbg9FBJn76y7itSuyIu2MeZdklXnnqTBgFWh+7Wd+79Fq7iHT
dAuQo4znIJAw5Z5J4rAAm8aqP4joozJoI3xJhP8U4qpj5FYOEn/yJiZmnETUwyh5
AcNuiRrjJKieskmr0yruGbwVS+dtkNWQcVSgfUWVL77vv/t9ui7c8Ezjkn5amicP
17m4NmO+HYW/X5ST7FqBx7nrT8c5wMzsiHCtCEpz53oeWUvnPLGz9TKCXUTAbMUU
IG99B+1pvA4IFOjZ1xO2xKowueekqQLOTavby/tV0aatgkAFlWZKXIDYMV/XEVdL
/eHij8kT2hoooQdhxuj8jvpKKFIcPqiLF5RTDkhNyXOKZvXSXiC2bgAWLa+pQi8/
PpKIeWH29fJpQ2hF/b+fKzF7NjYgCs1ZzGrLWC+ziMnthNzzR9s=
=yn4N
-----END PGP SIGNATURE-----
OpenBSD Errata: October 29, 2024 (xserver ssh)
and 7.5. Errata patch for OpenSSH has been released for OpenBSD
7.6.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. OpenSSH update only affects big-endian
architectures, syspatch is not provided for such platforms. Source
code patches can be found on the respective errata page:
https://www.openbsd.org/errata75.html
https://www.openbsd.org/errata76.html
[USN-7084-1] urllib3 vulnerability
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmchFo0FAwAAAAAACgkQyfW2m9Ldu6vy
JQ/9FbVZ0z4fIXbX7aGLKa+yBC3aqPuH19oofiRarlcPumvORXk3uXxfWZ36bqQHHLf4Ek5DmlGe
oLagc9q/L1TCHXEnVdUdmNm3lfW0qW5McRnxWWumDSmJASND18WRkurvXpLGT55kcFzU+u7SYCX8
Lahs+3cQAtXwW+ZsTZsTQ5t1UJ7I0RqlBnqzbIDVoCtSDKbSEnjjndDPZld7Pq4gqztbwyzMi2Fe
r3y6IlFxvD29VJoMxNmbfCoZGAWcVQTLGPMnYo62xtirpQnz7D1BffBLrxWeeTAus09m1ZfdXqCL
3da3a/HAufSUJ+rmKBvY267x+dJ+2aJ95c+XepZjetS+flsVbyoXtv720JxQeM+9hZAtdVxiJfAN
mYd5vQWsRI+xZZK55Njozyq/HGNq9X7KXlKdibmfDOi81rd+lxYdp2+Nr5txG1fOF5HiB7K9njXB
x5xuUVAdKT+YZHrcfi8f12OpOvOKvkql9dOHlWkbYAnYwHNKYZ18iHA5AeM4lLkaynUuukYiBTxb
qLWIOWjNjmnpCc4JiOGCHEGuWE6GTXryxcZNfIKo8pP4jBQm+tBUYeZ/nlBoyO/euOo04fFZooOj
LEPxwMKL9l9ljmOIFYn7HJkBC5OSanYNc+yvLlI6SI72vJ6b7X6bIt8LHILn5b3cu0x15t8Ug2Z+
D9U=
=wQL2
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7084-1
October 29, 2024
python-urllib3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
urllib3 could leak sensitive information.
Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling
Details:
It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header
on cross-origin redirects. A remote attacker could possibly use this issue
to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3-urllib3 2.0.7-2ubuntu0.1
Ubuntu 24.04 LTS
python3-urllib3 2.0.7-1ubuntu0.1
Ubuntu 22.04 LTS
python3-urllib3 1.26.5-1~exp1ubuntu0.2
Ubuntu 20.04 LTS
python3-urllib3 1.25.8-2ubuntu0.4
Ubuntu 18.04 LTS
python-urllib3 1.22-1ubuntu0.18.04.2+esm2
Available with Ubuntu Pro
python3-urllib3 1.22-1ubuntu0.18.04.2+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-urllib3 1.13.1-2ubuntu0.16.04.4+esm2
Available with Ubuntu Pro
python3-urllib3 1.13.1-2ubuntu0.16.04.4+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7084-1
CVE-2024-37891
Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.2
https://launchpad.net/ubuntu/+source/python-urllib3/1.25.8-2ubuntu0.4
Announcing Fedora Linux 41
Read the details in our Fedora Magazine article at:
* https://fedoramagazine.org/announcing-fedora-linux-41
or download installer images from:
* https://fedoraproject.org/
or, of course, simply upgrade your already-installed systems, which
shouldn't take much longer than ordering and consuming your favorite
pumpkin-spiced beverage. If you run into any trouble, or just have
questions, you can find help at:
* https://ask.fedoraproject.org/
There are several important release-day bugfix and security updates
available today as well. If you upgrade from an earlier Fedora Linux
release, you'll get them as part of the normal process. For new systems,
please make sure to check for and apply updates as soon as possible.
--
Matthew Miller
<mattdm@fedoraproject.org>
Fedora Project Leader
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-7064-2] nano vulnerability
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmcg4d8FAwAAAAAACgkQyfW2m9Ldu6u0
hg/8CU7ZGjdCoc0XJY7xXZe1pkiSCcaIsSJnx4bzVvqNAavNeS5Iru5FrUVMtEYKey7bfyQR7PzP
BPM0ELSKQR//8CYuak0qfAnf1dUOVXc8rilhVoKsd3SHspB0wNfg0ycvHo7f+aIZFbbWoc9a7Bjz
OPPUG3987MQXTnThgfaGhK5EAGoMLgYIjWPYLlFrR/2AihgeT3uoiSkPKO/oG0MDeLuDEhdrdxR3
e7zjWRQDxsV7Jh0E9xpxLMU6wlniCkPkrPUWBJT6vb1v6IfwofEMKuVepAvpiZXxk2o68bxL2g4+
rivdBbIh92mZescpP5/cWMLoTdBl8StAxTdGt8hUGoTWCn5++MMb+KhFktlCGX07mTxaqNufdJoj
fNcBDp+1PaNSgAqS1HsmXL5/y9fBSsU1xkm9ELkip/M13KckzB1UTyomfm9KmxF0Ta/glmGEeRGh
AAIvYvOFhi4xQ79D2oa6gdSmIhoLDA7AlXE75TISgPcusukC3L0L5F70W/Bf8d+S218wVnWbEM2X
LgYXgGQYaE6XArR/wvg+RtSm81HVSQiEwerJ9HaukbeXJAPv48QLa70f/OLybTjjCU0VLbqu8NIq
WPJc2LNzusyq1COrxx2uNqjMiCzJIxniVbLThitCbYD97NnRMD8rcJi+HY0X8WE7Z5MKz+LPdy6d
UbA=
=TM0m
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7064-2
October 29, 2024
nano vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nano could be made to give users administrator privileges.
Software Description:
- nano: small, friendly text editor inspired by Pico
Details:
USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
nano 2.2.6-1ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7064-2
https://ubuntu.com/security/notices/USN-7064-1
CVE-2024-5742
Friday, October 25, 2024
[announce] Next NYC*BUG: 2024-11-06
2024-11-06 @ 17:45 EST (22:45 UTC)
"Life with a FreeBSD Laptop" by Brian Reynolds
Details to follow:
https://www.nycbug.org/index?action=view&id=10702
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Request package ownership via the *Take* button in the left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://a.gtmx.me/orphans/orphans.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
RediSearch agerstmayr, orphan 4 weeks ago
ansible-collection-netbox- @infra-sig, ignatenkobrain, 5 weeks ago
netbox orphan
echolinux orphan 7 weeks ago
enchant orphan 0 weeks ago
gimp-lqr-plugin ignatenkobrain, orphan 0 weeks ago
golang-github-emersion-milter @go-sig, orphan 4 weeks ago
golang-github-emersion-msgauth @go-sig, orphan 4 weeks ago
goocanvas hguemar, orphan 2 weeks ago
gpsman orphan 7 weeks ago
harvey orphan 7 weeks ago
maxima jamatos, orphan 1 weeks ago
nodejs-diagnostic-language- orphan 3 weeks ago
server
pcc orphan 5 weeks ago
perl-Alien-CFITSIO orphan 0 weeks ago
perl-MooX-Role-Parameterized orphan 3 weeks ago
php-aws-sdk3 orphan 5 weeks ago
php-guzzlehttp-guzzle6 orphan 5 weeks ago
php-psr-http-client orphan 4 weeks ago
php-ralouphie-getallheaders orphan 5 weeks ago
prelude-lml orphan 0 weeks ago
prelude-manager orphan 0 weeks ago
prewikka orphan 0 weeks ago
proguard orphan 2 weeks ago
python-gear orphan, tdecacqu, zuul 7 weeks ago
python-genty @python-packagers-sig, orphan 0 weeks ago
python-nose-timer orphan 3 weeks ago
python-nss orphan 6 weeks ago
python-psycogreen orphan 0 weeks ago
python-pytz-deprecation-shim orphan 1 weeks ago
python-simplegeneric @python-packagers-sig, 0 weeks ago
ignatenkobrain, jcaratzas,
orphan, tomspur
python-sphinxcontrib-blockdiag @openstack-sig, orphan, zuul 3 weeks ago
python-sphinxcontrib-seqdiag @openstack-sig, apevec, orphan 3 weeks ago
python-sshpubkeys orphan 1 weeks ago
python-ws4py orphan, sbluhm, zuul 7 weeks ago
rebloom lberk, orphan 4 weeks ago
rejson lberk, orphan 4 weeks ago
rubygem-acts_as_list @ruby-packagers-sig, jaruga, 1 weeks ago
orphan
rubygem-awesome_print @ruby-packagers-sig, orphan 1 weeks ago
rubygem-clockwork orphan 1 weeks ago
rubygem-factory_bot @ruby-packagers-sig, orphan 1 weeks ago
rubygem-goocanvas1 orphan 1 weeks ago
rubygem-hashr orphan 1 weeks ago
rubygem-http-accept orphan 1 weeks ago
rubygem-middleware orphan 1 weeks ago
rubygem-mimemagic @ruby-packagers-sig, orphan 1 weeks ago
rubygem-nesty orphan 1 weeks ago
rubygem-pundit orphan 1 weeks ago
rubygem-rainbow orphan 1 weeks ago
rubygem-sd_notify orphan 1 weeks ago
workrave nonamedotc, orphan 2 weeks ago
xonsh @python-packagers-sig, orphan 0 weeks ago
The following packages require above mentioned packages:
Depending on: enchant (31), status change: 2024-10-18 (0 weeks ago)
abiword (maintained by: chimosky, huzaifas, limb)
abiword-1:3.0.5-17.fc42.src requires enchant-devel = 1:1.6.0-36.fc41
libabiword-1:3.0.5-17.fc42.x86_64 requires libenchant.so.1()(64bit)
libabiword-devel-1:3.0.5-17.fc42.x86_64 requires pkgconfig(enchant) = 1.6.0
fcitx (maintained by: cheeselee, cicku, pwu, yanqiyu)
fcitx-4.2.9.9-8.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
gtkhtml3 (maintained by: alexl, caolanm, rhughes, rstrode, trawets)
gtkhtml3-4.10.0-18.fc39.i686 requires libenchant.so.1
gtkhtml3-4.10.0-18.fc39.src requires pkgconfig(enchant) = 1.6.0
gtkhtml3-4.10.0-18.fc39.x86_64 requires libenchant.so.1()(64bit)
gtkhtml3-devel-4.10.0-18.fc39.i686 requires pkgconfig(enchant) = 1.6.0
gtkhtml3-devel-4.10.0-18.fc39.x86_64 requires pkgconfig(enchant) = 1.6.0
gtkspell (maintained by: @gnome-sig, alexl, caolanm, rhughes, rstrode, smani)
gtkspell-2.0.16-31.fc41.i686 requires libenchant.so.1
gtkspell-2.0.16-31.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
gtkspell-2.0.16-31.fc41.x86_64 requires libenchant.so.1()(64bit)
hexchat (maintained by: tingping)
hexchat-2.16.2-5.fc41.i686 requires enchant = 1:1.6.0-36.fc41
hexchat-2.16.2-5.fc41.x86_64 requires enchant = 1:1.6.0-36.fc41
kdelibs (maintained by: @kde-sig, jgrulich, kkofler, rdieter, than)
kdelibs-6:4.14.38-46.fc41.i686 requires libenchant.so.1
kdelibs-6:4.14.38-46.fc41.src requires pkgconfig(enchant) = 1.6.0
kdelibs-6:4.14.38-46.fc41.x86_64 requires libenchant.so.1()(64bit)
kdelibs3 (maintained by: kkofler, rdieter, than)
kdelibs3-3.5.10-130.fc41.i686 requires libenchant.so.1
kdelibs3-3.5.10-130.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
kdelibs3-3.5.10-130.fc41.x86_64 requires libenchant.so.1()(64bit)
libsexy (maintained by: spot)
libsexy-0.1.11-44.fc41.i686 requires enchant = 1:1.6.0-36.fc41
libsexy-0.1.11-44.fc41.x86_64 requires enchant = 1:1.6.0-36.fc41
mcabber (maintained by: fale, vascom)
mcabber-1.1.3-0.6.20211025git87964c3.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
mcabber-1.1.3-0.6.20211025git87964c3.fc41.x86_64 requires libenchant.so.1()(64bit)
pluma (maintained by: raveit65, robert)
pluma-1.28.0-2.fc41.i686 requires libenchant.so.1
pluma-1.28.0-2.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
pluma-1.28.0-2.fc41.x86_64 requires libenchant.so.1()(64bit)
sylpheed (maintained by: cicku, sharkcz)
sylpheed-3.7.0-17.fc41.src requires enchant-devel = 1:1.6.0-36.fc41
sylpheed-3.7.0-17.fc41.x86_64 requires libenchant.so.1()(64bit)
sylpheed-libs-3.7.0-17.fc41.i686 requires libenchant.so.1
sylpheed-libs-3.7.0-17.fc41.x86_64 requires libenchant.so.1()(64bit)
weechat (maintained by: hguemar, luk1337, salimma, stingray)
weechat-4.4.2-1.fc42.i686 requires libenchant.so.1
weechat-4.4.2-1.fc42.src requires enchant-devel = 1:1.6.0-36.fc41
weechat-4.4.2-1.fc42.x86_64 requires libenchant.so.1()(64bit)
xed (maintained by: @epel-packagers-sig, jcpunk, leigh123linux)
xed-3.6.6-2.fc42.src requires pkgconfig(enchant) = 1.6.0
xfce4-dict (maintained by: nonamedotc)
xfce4-dict-0.8.8-2.fc42.x86_64 requires enchant = 1:1.6.0-36.fc41
sugar-write (maintained by: chimosky)
sugar-write-101-13.fc42.noarch requires python3-abiword = 1:3.0.5-17.fc42
sugar-write-101-13.fc42.src requires libabiword-devel = 1:3.0.5-17.fc42, python3-abiword = 1:3.0.5-17.fc42
fcitx-anthy (maintained by: cheeselee, yanqiyu)
fcitx-anthy-0.2.3-10.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-anthy-0.2.3-10.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41
fcitx-chewing (maintained by: cheeselee, yanqiyu)
fcitx-chewing-0.2.3-20.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-chewing-0.2.3-20.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, fcitx-data = 4.2.9.9-8.fc41
fcitx-cloudpinyin (maintained by: cheeselee, yanqiyu)
fcitx-cloudpinyin-0.3.7-14.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-cloudpinyin-0.3.7-14.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, fcitx-pinyin = 4.2.9.9-8.fc41
fcitx-configtool (maintained by: cheeselee, yanqiyu)
fcitx-configtool-0.4.10-20.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-configtool-0.4.10-20.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-config.so.4()(64bit), libfcitx-core.so.0()(64bit), libfcitx-gclient.so.1()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-fbterm (maintained by: cheeselee, yanqiyu)
fcitx-fbterm-0.2.0-29.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-fbterm-0.2.0-29.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-gclient.so.1()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-hangul (maintained by: cheeselee, yanqiyu)
fcitx-hangul-0.3.1-20.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-hangul-0.3.1-20.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41
fcitx-kkc (maintained by: ueno)
fcitx-kkc-0.1.4-10.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-kkc-0.1.4-10.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-config.so.4()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-libpinyin (maintained by: cheeselee, pwu, yanqiyu)
fcitx-libpinyin-0.5.4-11.fc41.src requires fcitx = 4.2.9.9-8.fc41, fcitx-devel = 4.2.9.9-8.fc41
fcitx-libpinyin-0.5.4-11.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-config.so.4()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-m17n (maintained by: cheeselee, yanqiyu)
fcitx-m17n-0.2.4-19.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-m17n-0.2.4-19.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41
fcitx-qt5 (maintained by: cheeselee, yanqiyu)
fcitx-qt5-1.2.6-24.fc42.i686 requires libfcitx-config.so.4, libfcitx-utils.so.0
fcitx-qt5-1.2.6-24.fc42.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-qt5-1.2.6-24.fc42.x86_64 requires libfcitx-config.so.4()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-skk (maintained by: ueno)
fcitx-skk-0.1.4-10.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-skk-0.1.4-10.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-config.so.4()(64bit), libfcitx-utils.so.0()(64bit)
fcitx-sunpinyin (maintained by: cheeselee, yanqiyu)
fcitx-sunpinyin-0.4.2-20.fc41.src requires fcitx = 4.2.9.9-8.fc41, fcitx-devel = 4.2.9.9-8.fc41
fcitx-sunpinyin-0.4.2-20.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, fcitx-data = 4.2.9.9-8.fc41
fcitx-table-extra (maintained by: cheeselee, yanqiyu)
fcitx-table-extra-0.3.8-19.fc41.noarch requires fcitx = 4.2.9.9-8.fc41
fcitx-table-extra-0.3.8-19.fc41.src requires fcitx = 4.2.9.9-8.fc41, fcitx-devel = 4.2.9.9-8.fc41
fcitx-table-other (maintained by: cheeselee, yanqiyu)
fcitx-table-other-0.2.4-19.fc41.noarch requires fcitx = 4.2.9.9-8.fc41
fcitx-table-other-0.2.4-19.fc41.src requires fcitx = 4.2.9.9-8.fc41, fcitx-devel = 4.2.9.9-8.fc41
fcitx-ui-light (maintained by: cheeselee, yanqiyu)
fcitx-ui-light-0.1.3-30.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-ui-light-0.1.3-30.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41
fcitx-unikey (maintained by: cheeselee, yanqiyu)
fcitx-unikey-0.2.7-19.fc41.src requires fcitx-devel = 4.2.9.9-8.fc41
fcitx-unikey-0.2.7-19.fc41.x86_64 requires fcitx = 4.2.9.9-8.fc41, libfcitx-config.so.4()(64bit)
Too many dependencies for enchant, not all listed here
Depending on: golang-github-emersion-milter (1), status change: 2024-09-23 (4 weeks ago)
golang-github-emersion-msgauth (maintained by: @go-sig, orphan)
golang-github-emersion-msgauth-0.6.6-8.fc41.src requires golang(github.com/emersion/go-milter) = 0.3.3-8.fc41
golang-github-emersion-msgauth-devel-0.6.6-8.fc41.noarch requires golang(github.com/emersion/go-milter) = 0.3.3-8.fc41
Depending on: goocanvas (3), status change: 2024-10-07 (2 weeks ago)
perl-Goo-Canvas (maintained by: martinkg)
perl-Goo-Canvas-0.06-56.fc41.src requires goocanvas-devel = 1.0.0-26.fc39
perl-Goo-Canvas-0.06-56.fc41.x86_64 requires libgoocanvas.so.3()(64bit)
rubygem-goocanvas1 (maintained by: orphan)
rubygem-goocanvas1-1.2.6-39.fc41.i686 requires libgoocanvas.so.3
rubygem-goocanvas1-1.2.6-39.fc41.src requires goocanvas-devel = 1.0.0-26.fc39
rubygem-goocanvas1-1.2.6-39.fc41.x86_64 requires libgoocanvas.so.3()(64bit)
shutter (maintained by: martinkg)
shutter-0.99.5-2.fc41.noarch requires perl(Goo::Canvas) = 0.06
Depending on: gpsman (1), status change: 2024-09-01 (7 weeks ago)
xastir (maintained by: lucilanga)
xastir-1:2.2.0-4.fc41.src requires gpsman = 6.4.1-26.fc41
Depending on: maxima (1), status change: 2024-10-12 (1 weeks ago)
wxMaxima (maintained by: jamatos, rdieter)
wxMaxima-24.02.1-2.fc41.x86_64 requires maxima = 5.47.0-3.fc41
Depending on: perl-Alien-CFITSIO (1), status change: 2024-10-23 (0 weeks ago)
perl-Astro-FITS-CFITSIO (maintained by: @scitech_sig, orion)
perl-Astro-FITS-CFITSIO-1.18-5.fc41.src requires perl(Alien::CFITSIO) = 4.4.0.1
Depending on: php-guzzlehttp-guzzle6 (1), status change: 2024-09-16 (5 weeks ago)
php-aws-sdk3 (maintained by: orphan)
php-aws-sdk3-3.191.10-7.fc41.noarch requires php-composer(guzzlehttp/guzzle) = 6.5.8
php-aws-sdk3-3.191.10-7.fc41.src requires php-composer(guzzlehttp/guzzle) = 6.5.8
Depending on: php-ralouphie-getallheaders (4), status change: 2024-09-16 (5 weeks ago)
php-guzzlehttp-psr7 (maintained by: remi)
php-guzzlehttp-psr7-1.9.0-7.fc41.noarch requires php-composer(ralouphie/getallheaders) = 3.0.3
php-guzzlehttp-psr7-1.9.0-7.fc41.src requires php-composer(ralouphie/getallheaders) = 3.0.3
php-aws-php-sns-message-validator (maintained by: siwinski)
php-aws-php-sns-message-validator-1.6.0-8.fc39.src requires php-composer(guzzlehttp/psr7) = 1.9.0
php-aws-sdk3 (maintained by: orphan)
php-aws-sdk3-3.191.10-7.fc41.noarch requires php-composer(guzzlehttp/guzzle) = 6.5.8, php-composer(guzzlehttp/psr7) = 1.9.0
php-aws-sdk3-3.191.10-7.fc41.src requires php-composer(guzzlehttp/guzzle) = 6.5.8, php-composer(guzzlehttp/psr7) = 1.9.0
php-guzzlehttp-guzzle6 (maintained by: orphan)
php-guzzlehttp-guzzle6-6.5.8-7.fc41.noarch requires php-composer(guzzlehttp/psr7) = 1.9.0
php-guzzlehttp-guzzle6-6.5.8-7.fc41.src requires php-composer(guzzlehttp/psr7) = 1.9.0
Depending on: prelude-lml (1), status change: 2024-10-23 (0 weeks ago)
prelude-lml-rules (maintained by: totol)
prelude-lml-rules-5.2.0-9.fc40.x86_64 requires prelude-lml = 5.2.0-21.fc41
Depending on: prewikka (1), status change: 2024-10-23 (0 weeks ago)
prewikka-updatedb (maintained by: totol)
python3-prewikka-updatedb-5.2.0-14.fc41.noarch requires python3-prewikka = 5.2.0-18.fc41
Depending on: python-nss (1), status change: 2024-09-10 (6 weeks ago)
sigul (maintained by: kevin, mitr)
sigul-1.2-4.fc41.src requires python3-nss = 1.0.1^20210803hg9de14a6f77e2-12.fc41
sigul-1.2-4.fc41.x86_64 requires python3-nss = 1.0.1^20210803hg9de14a6f77e2-12.fc41
Affected (co)maintainers
@epel-packagers-sig: enchant
@gnome-sig: enchant
@go-sig: golang-github-emersion-msgauth, golang-github-emersion-milter
@infra-sig: ansible-collection-netbox-netbox
@kde-sig: enchant
@openstack-sig: python-sphinxcontrib-seqdiag, python-sphinxcontrib-blockdiag
@python-packagers-sig: python-genty, xonsh, python-simplegeneric
@ruby-packagers-sig: rubygem-mimemagic, rubygem-awesome_print, rubygem-acts_as_list, rubygem-factory_bot
@scitech_sig: perl-Alien-CFITSIO
agerstmayr: RediSearch
alexl: enchant
apevec: python-sphinxcontrib-seqdiag
caolanm: enchant
cheeselee: enchant
chimosky: enchant
cicku: enchant
fale: enchant
hguemar: goocanvas, enchant
huzaifas: enchant
ignatenkobrain: ansible-collection-netbox-netbox, gimp-lqr-plugin, python-simplegeneric
jamatos: maxima
jaruga: rubygem-acts_as_list
jcaratzas: python-simplegeneric
jcpunk: enchant
jgrulich: enchant
kevin: python-nss
kkofler: enchant
lberk: rebloom, rejson
leigh123linux: enchant
limb: enchant
lucilanga: gpsman
luk1337: enchant
martinkg: goocanvas
mitr: python-nss
nonamedotc: enchant, workrave
orion: perl-Alien-CFITSIO
pwu: enchant
raveit65: enchant
rdieter: maxima, enchant
remi: php-ralouphie-getallheaders
rhughes: enchant
robert: enchant
rstrode: enchant
salimma: enchant
sbluhm: python-ws4py
sharkcz: enchant
siwinski: php-ralouphie-getallheaders
smani: enchant
spot: enchant
stingray: enchant
tdecacqu: python-gear
than: enchant
tingping: enchant
tomspur: python-simplegeneric
totol: prelude-lml, prewikka
trawets: enchant
ueno: enchant
vascom: enchant
yanqiyu: enchant
zuul: python-sphinxcontrib-blockdiag, python-gear, python-ws4py
Orphans (51): RediSearch ansible-collection-netbox-netbox echolinux
enchant gimp-lqr-plugin golang-github-emersion-milter
golang-github-emersion-msgauth goocanvas gpsman harvey maxima
nodejs-diagnostic-language-server pcc perl-Alien-CFITSIO
perl-MooX-Role-Parameterized php-aws-sdk3 php-guzzlehttp-guzzle6
php-psr-http-client php-ralouphie-getallheaders prelude-lml
prelude-manager prewikka proguard python-gear python-genty
python-nose-timer python-nss python-psycogreen
python-pytz-deprecation-shim python-simplegeneric
python-sphinxcontrib-blockdiag python-sphinxcontrib-seqdiag
python-sshpubkeys python-ws4py rebloom rejson rubygem-acts_as_list
rubygem-awesome_print rubygem-clockwork rubygem-factory_bot
rubygem-goocanvas1 rubygem-hashr rubygem-http-accept
rubygem-middleware rubygem-mimemagic rubygem-nesty rubygem-pundit
rubygem-rainbow rubygem-sd_notify workrave xonsh
Orphans (dependend on) (11): enchant golang-github-emersion-milter
goocanvas gpsman maxima perl-Alien-CFITSIO php-guzzlehttp-guzzle6
php-ralouphie-getallheaders prelude-lml prewikka python-nss
Orphans (rawhide) for at least 6 weeks (dependend on) (2): gpsman
python-nss
Orphans (rawhide) (not depended on) (40): RediSearch
ansible-collection-netbox-netbox echolinux gimp-lqr-plugin
golang-github-emersion-msgauth harvey
nodejs-diagnostic-language-server pcc perl-MooX-Role-Parameterized
php-aws-sdk3 php-psr-http-client prelude-manager proguard
python-gear python-genty python-nose-timer python-psycogreen
python-pytz-deprecation-shim python-simplegeneric
python-sphinxcontrib-blockdiag python-sphinxcontrib-seqdiag
python-sshpubkeys python-ws4py rebloom rejson rubygem-acts_as_list
rubygem-awesome_print rubygem-clockwork rubygem-factory_bot
rubygem-goocanvas1 rubygem-hashr rubygem-http-accept
rubygem-middleware rubygem-mimemagic rubygem-nesty rubygem-pundit
rubygem-rainbow rubygem-sd_notify workrave xonsh
Orphans (rawhide) for at least 6 weeks (not dependend on) (4):
echolinux harvey python-gear python-ws4py
Depending packages (rawhide) (45): abiword fcitx fcitx-anthy
fcitx-chewing fcitx-cloudpinyin fcitx-configtool fcitx-fbterm
fcitx-hangul fcitx-kkc fcitx-libpinyin fcitx-m17n fcitx-qt5
fcitx-skk fcitx-sunpinyin fcitx-table-extra fcitx-table-other
fcitx-ui-light fcitx-unikey golang-github-emersion-msgauth
gtkhtml3 gtkspell hexchat kdelibs kdelibs3 libsexy mcabber
perl-Astro-FITS-CFITSIO perl-Goo-Canvas
php-aws-php-sns-message-validator php-aws-sdk3
php-guzzlehttp-guzzle6 php-guzzlehttp-psr7 pluma prelude-lml-rules
prewikka-updatedb rubygem-goocanvas1 shutter sigul sugar-write
sylpheed weechat wxMaxima xastir xed xfce4-dict
Packages depending on packages orphaned (rawhide) for more than 6
weeks (2): sigul xastir
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
Report finished at 2024-10-25 06:05:49 UTC