-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdHbrkFAwAAAAAACgkQyfW2m9Ldu6tz
VBAAgaTZng9vqiqd00Nmc1Ptp36ZizdIjrdH2WDZDHltwk+OlplMMrtxRo6GvxASeoluj8mUza41
iNhUTGfuraT3ni5dNYp7Q7qaXKPpUMjvdwES39aU/gABJLTV5b0QrtWn/cQdH6PC5sXd1cfpPa1g
2TYSw8POSYwGIlE+7KMV3XeqqdReXrKbie6X0vyExFT0he//SZUEJBDL/6uF5D+/4StglcSnFCaU
FkfufF3r5a6pSfPYEK5F+k+jb29uNkikS6K+cP/k38y6ucAGYwPVicDTLEH5RvqUEj2MEC/iXJBH
JNpn35e9UFutewjL98SLX34VH70mKqQGm703odZJ4bLEUDwQXQIhw+p4EVeZHD8a4w2ct0psqZVl
/CcZflDoikz9dIwYlTz/74tctjJsT7otJoXyqYEiUxsK7ZiQim0UTGoOy1+0OXdmUGdp8FWnWRr2
TAoNPYmG8xKHxB0H4S/DNzaHW+v9MxF4rb97GDjW6Z96K4nTsR+HmhPUkPYVAnMW0iviFQiRV5lP
oPiQCmQ/EW5syrrb2rTClZC/0NRKsVMXzfva3LOjY6XLu+8WbGOTFQrcFCD9pLcgH8XK4aUXgkp+
biLVjRZ6a320bx/4CAwRt9CCPCNGJTuhQHbgoIlwxWp+FyJFIPm1mQuTxZAnpUAUtMrk8tbAs43e
Ljw=
=BEaE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7131-1
November 27, 2024
vim vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Vim could be made to crash if it received specially crafted input.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when closing a
buffer, leading to use-after-free. If a user was tricked into opening a
specially crafted file, an attacker could crash the application, leading to
a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
vim 2:9.1.0496-1ubuntu6.2
Ubuntu 24.04 LTS
vim 2:9.1.0016-1ubuntu7.5
Ubuntu 22.04 LTS
vim 2:8.2.3995-1ubuntu2.21
Ubuntu 20.04 LTS
vim 2:8.1.2269-1ubuntu5.29
Ubuntu 18.04 LTS
vim 2:8.0.1453-1ubuntu1.13+esm11
Available with Ubuntu Pro
Ubuntu 16.04 LTS
vim 2:7.4.1689-3ubuntu1.5+esm26
Available with Ubuntu Pro
Ubuntu 14.04 LTS
vim 2:7.4.052-1ubuntu3.1+esm20
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7131-1
CVE-2024-47814
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.1.0496-1ubuntu6.2
https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.5
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.21
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.29
Wednesday, November 27, 2024
[USN-7092-2] mpg123 vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmdHOkoACgkQZWnYVadE
vpM4LA//ZJ34aBAAcgc95GI4U+zY/DN/e+uqlcByQy5MwUB8V5JR4cSPa+XN2shy
MUGid8l2UTbLj+VI+AvC1rFq/APCg+eE5H9ODts+o0aoBA2IB7P/c53jIXaH7v/1
hBdIDB1T0VwH3kPVD466/vZcs3g8Ic9lsUzpOehGSWnEjc1soJeq08OCakyzk+ba
Ng1BnXdTyUahi+JAFT5yJ/yABBzig/9U9Mbb9mdzqKi31JgT2nyfipcUjLcABEy0
/h77kyxtG60XXtsQWNgZYt5/iIHZ8wZLJ8SOP3Q2DXrWnvVQZ9Q/E4nyHPnf9Gaf
eAl13V0EsFg40nuYXn1BWzqMNgE4CcjqX7KsIvtEsfEC6mUx65f86BMLe1TsH7pK
8+YkELWCMVdx7VNHWExopP0Z+Lg2GvvxIwVxkDcNktk2YC7KpINcPNnM1JaQHtrl
er6Iz56Y7FpOmzOI9JJuizl0zU7qSjo0Oyvyhxt/NbQCqjLar8Ge4IILs5p1dBi7
2ZUEeTRmWnKORjt6aLkwX2XR7QrkswfVJ3NF5PPhsI5Z8Vy9p/HMivPulk9BaxNh
F/SJIWfUsBVcAmlqnyD9Ew8Pv3q4til3M6KhvL/BtHEKwZwwgHtn8rhXd//uGv7X
nUBwAhy9t7lImFKttiIj1PnnyP0Ghhf976CVJhNh2rsD//ObvVc=
=Kn4P
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7092-2
November 27, 2024
mpg123 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
mpg123 could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- mpg123: MPEG layer 1/2/3 audio player
Details:
USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered
that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that mpg123 incorrectly handled certain mp3 files. If a
user or automated system were tricked into opening a specially crafted mp3
file, a remote attacker could use this issue to cause mpg123 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libmpg123-0 1.25.13-1ubuntu0.2
mpg123 1.25.13-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7092-2
https://ubuntu.com/security/notices/USN-7092-1
CVE-2024-10573, https://launchpad.net/bugs/2089680
Package Information:
https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmdHOkoACgkQZWnYVadE
vpM4LA//ZJ34aBAAcgc95GI4U+zY/DN/e+uqlcByQy5MwUB8V5JR4cSPa+XN2shy
MUGid8l2UTbLj+VI+AvC1rFq/APCg+eE5H9ODts+o0aoBA2IB7P/c53jIXaH7v/1
hBdIDB1T0VwH3kPVD466/vZcs3g8Ic9lsUzpOehGSWnEjc1soJeq08OCakyzk+ba
Ng1BnXdTyUahi+JAFT5yJ/yABBzig/9U9Mbb9mdzqKi31JgT2nyfipcUjLcABEy0
/h77kyxtG60XXtsQWNgZYt5/iIHZ8wZLJ8SOP3Q2DXrWnvVQZ9Q/E4nyHPnf9Gaf
eAl13V0EsFg40nuYXn1BWzqMNgE4CcjqX7KsIvtEsfEC6mUx65f86BMLe1TsH7pK
8+YkELWCMVdx7VNHWExopP0Z+Lg2GvvxIwVxkDcNktk2YC7KpINcPNnM1JaQHtrl
er6Iz56Y7FpOmzOI9JJuizl0zU7qSjo0Oyvyhxt/NbQCqjLar8Ge4IILs5p1dBi7
2ZUEeTRmWnKORjt6aLkwX2XR7QrkswfVJ3NF5PPhsI5Z8Vy9p/HMivPulk9BaxNh
F/SJIWfUsBVcAmlqnyD9Ew8Pv3q4til3M6KhvL/BtHEKwZwwgHtn8rhXd//uGv7X
nUBwAhy9t7lImFKttiIj1PnnyP0Ghhf976CVJhNh2rsD//ObvVc=
=Kn4P
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7092-2
November 27, 2024
mpg123 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
mpg123 could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- mpg123: MPEG layer 1/2/3 audio player
Details:
USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered
that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that mpg123 incorrectly handled certain mp3 files. If a
user or automated system were tricked into opening a specially crafted mp3
file, a remote attacker could use this issue to cause mpg123 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libmpg123-0 1.25.13-1ubuntu0.2
mpg123 1.25.13-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7092-2
https://ubuntu.com/security/notices/USN-7092-1
CVE-2024-10573, https://launchpad.net/bugs/2089680
Package Information:
https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2
Tuesday, November 26, 2024
[USN-7126-1] libsoup vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmdGioUFAwAAAAAACgkQuGrtzot7pOev
Pgv/c23gAdi12VyqQWfgO+E3SbN2iUv20EYMKEx6vXfUFe0OtCPAMgeebUPiCO5ivCOHJUZX15vA
ENTvYZBhKzRQq2usgsYEU+DdelNXMI2rjUO1u6ann+mYy8R+qkYWWgVdUkKPa0F/ezk65tOGY1i/
SYKlhIOVZk13MTDsELA16ghRhBbMwzQFaYiNOfMJGyt5Q+eMgn6YXylo5SP8eDitc6IBTdWgYf3L
vWGFuHlcm4Htw5BS0LMOlM6/1goNvMUhb/mq6YZZkJW7ySXDN8Enlu6fJBc66wnTsNSLQVBjVK4U
K96siefu8sEG0ezpY1tpiGlr29d6FUGRTVruddHepRyxW8t+mjy0rK90ZhBcZyHwkuIl4XuLgyAO
FsvnP4hweHt1j+YY8TICiY+Ko6awI3i9/qnHfHsSL+Aj258pm5ls7erOaSCCjdQjkFEFMOmArsDS
m1DO+JdcdGtp+ZSC8PBgGUWBsfQNrsncuzYBK5YTETJj26oElMA8UjO4usAz
=yic6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7126-1
November 27, 2024
libsoup2.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libsoup.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsoup-2.4-1 2.74.3-7ubuntu0.1
Ubuntu 24.04 LTS
libsoup-2.4-1 2.74.3-6ubuntu1.1
Ubuntu 22.04 LTS
libsoup2.4-1 2.74.2-3ubuntu0.1
Ubuntu 20.04 LTS
libsoup2.4-1 2.70.0-1ubuntu0.1
Ubuntu 18.04 LTS
libsoup2.4-1 2.62.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7126-1
CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-7ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-6ubuntu1.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.70.0-1ubuntu0.1
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmdGioUFAwAAAAAACgkQuGrtzot7pOev
Pgv/c23gAdi12VyqQWfgO+E3SbN2iUv20EYMKEx6vXfUFe0OtCPAMgeebUPiCO5ivCOHJUZX15vA
ENTvYZBhKzRQq2usgsYEU+DdelNXMI2rjUO1u6ann+mYy8R+qkYWWgVdUkKPa0F/ezk65tOGY1i/
SYKlhIOVZk13MTDsELA16ghRhBbMwzQFaYiNOfMJGyt5Q+eMgn6YXylo5SP8eDitc6IBTdWgYf3L
vWGFuHlcm4Htw5BS0LMOlM6/1goNvMUhb/mq6YZZkJW7ySXDN8Enlu6fJBc66wnTsNSLQVBjVK4U
K96siefu8sEG0ezpY1tpiGlr29d6FUGRTVruddHepRyxW8t+mjy0rK90ZhBcZyHwkuIl4XuLgyAO
FsvnP4hweHt1j+YY8TICiY+Ko6awI3i9/qnHfHsSL+Aj258pm5ls7erOaSCCjdQjkFEFMOmArsDS
m1DO+JdcdGtp+ZSC8PBgGUWBsfQNrsncuzYBK5YTETJj26oElMA8UjO4usAz
=yic6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7126-1
November 27, 2024
libsoup2.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libsoup.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsoup-2.4-1 2.74.3-7ubuntu0.1
Ubuntu 24.04 LTS
libsoup-2.4-1 2.74.3-6ubuntu1.1
Ubuntu 22.04 LTS
libsoup2.4-1 2.74.2-3ubuntu0.1
Ubuntu 20.04 LTS
libsoup2.4-1 2.70.0-1ubuntu0.1
Ubuntu 18.04 LTS
libsoup2.4-1 2.62.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7126-1
CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-7ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-6ubuntu1.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.70.0-1ubuntu0.1
[USN-7127-1] libsoup3 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmdGigYFAwAAAAAACgkQuGrtzot7pOf6
bgwAydUnpbv2kl1MyhEXSnfoY6AFM0xTSCF3W2RwjTHkHPZd3A+wulbApuKL/t+eL50ZlHI3E621
rDmLpMqMYgLbgVRspFEbdXiQvbu3F15oUq1cS1TL4746G6mSyiGA96LFbu5+tpWUt1gUgPiuVQ/W
NoGmApReklFWLP9qQJHjdCzPibUDAXPfgnB5/WZ9J0PJA8Tbr0fdwTqDN4MKJMj3dLW8j/bBLo4w
OQYtu5NOWCmN0CzfedtCRaxmtQXeqLSNzFVA+kQjx/n5fDtdc4DA88TgKtgkJ34JBdeZ72x58x1n
xEXxzmxkJeXgpX4U/lBAUpVH3miP9Geb6Xzv93Pe/FboKfwb5OuR42MNjRyDET2g/Duku/8D54Sx
p9F7Jt1V36ci/T0RoE/nEgNR0mfjyYRhydRmkWGi1HkryTot/kFbzK7AN8F9nlelO8ReRF3LaAqN
dTYySXASOIEJYCmoyTZFXxNqILXYxMdPTmHryU79qIunJ6nyVijT51tUBQty
=xZC5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7127-1
November 27, 2024
libsoup3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in libsoup3.
Software Description:
- libsoup3: GObject introspection data for the libsoup HTTP library
Details:
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsoup-3.0-0 3.6.0-2ubuntu0.1
Ubuntu 24.04 LTS
libsoup-3.0-0 3.4.4-5ubuntu0.1
Ubuntu 22.04 LTS
libsoup-3.0-0 3.0.7-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7127-1
CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Package Information:
https://launchpad.net/ubuntu/+source/libsoup3/3.6.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.1
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmdGigYFAwAAAAAACgkQuGrtzot7pOf6
bgwAydUnpbv2kl1MyhEXSnfoY6AFM0xTSCF3W2RwjTHkHPZd3A+wulbApuKL/t+eL50ZlHI3E621
rDmLpMqMYgLbgVRspFEbdXiQvbu3F15oUq1cS1TL4746G6mSyiGA96LFbu5+tpWUt1gUgPiuVQ/W
NoGmApReklFWLP9qQJHjdCzPibUDAXPfgnB5/WZ9J0PJA8Tbr0fdwTqDN4MKJMj3dLW8j/bBLo4w
OQYtu5NOWCmN0CzfedtCRaxmtQXeqLSNzFVA+kQjx/n5fDtdc4DA88TgKtgkJ34JBdeZ72x58x1n
xEXxzmxkJeXgpX4U/lBAUpVH3miP9Geb6Xzv93Pe/FboKfwb5OuR42MNjRyDET2g/Duku/8D54Sx
p9F7Jt1V36ci/T0RoE/nEgNR0mfjyYRhydRmkWGi1HkryTot/kFbzK7AN8F9nlelO8ReRF3LaAqN
dTYySXASOIEJYCmoyTZFXxNqILXYxMdPTmHryU79qIunJ6nyVijT51tUBQty
=xZC5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7127-1
November 27, 2024
libsoup3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in libsoup3.
Software Description:
- libsoup3: GObject introspection data for the libsoup HTTP library
Details:
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsoup-3.0-0 3.6.0-2ubuntu0.1
Ubuntu 24.04 LTS
libsoup-3.0-0 3.4.4-5ubuntu0.1
Ubuntu 22.04 LTS
libsoup-3.0-0 3.0.7-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7127-1
CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Package Information:
https://launchpad.net/ubuntu/+source/libsoup3/3.6.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.1
[USN-7130-1] GitHub CLI vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA==
=Qkbp
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmdGNbgFAwAAAAAACgkQQB78vNoP8b2K
Ywf+IrOBQuyKPbI6FlZzAM8lxDXxa5dm3W6qjbAGlYM09VQTkTAso3CfYAGatX6bupc3zTTSJZMu
Hv+FEReO9xfL+KuTnnFElKacqz+JEyXiPZsjlso2XkBmjqsPHU6AQsOoI5cHRJg6xnLmD505emZv
ONRj7lz4RJv5zUbSs6iWX6EIvnI06XuiCsBBZKkeVreIEtq7Q0o8VM4Mz/sXFCVjrfvGxVWEEVm0
SBm8647iGJ8157HxgNvrRzcvuh1TvhO7NT+l2NBtSiIIMD44zI64fDHnKbRvNz3wV1XhIk/l6zLA
cgnzldVWKYQXSAGQETeVcgWmloYqAbvc1a08uYo/Xw==
=X/U/
-----END PGP SIGNATURE-----
xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA==
=Qkbp
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmdGNbgFAwAAAAAACgkQQB78vNoP8b2K
Ywf+IrOBQuyKPbI6FlZzAM8lxDXxa5dm3W6qjbAGlYM09VQTkTAso3CfYAGatX6bupc3zTTSJZMu
Hv+FEReO9xfL+KuTnnFElKacqz+JEyXiPZsjlso2XkBmjqsPHU6AQsOoI5cHRJg6xnLmD505emZv
ONRj7lz4RJv5zUbSs6iWX6EIvnI06XuiCsBBZKkeVreIEtq7Q0o8VM4Mz/sXFCVjrfvGxVWEEVm0
SBm8647iGJ8157HxgNvrRzcvuh1TvhO7NT+l2NBtSiIIMD44zI64fDHnKbRvNz3wV1XhIk/l6zLA
cgnzldVWKYQXSAGQETeVcgWmloYqAbvc1a08uYo/Xw==
=X/U/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7130-1
November 26, 2024
gh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
GitHub CLI could be made to run programs as your login if it
connected to a malicious server.
Software Description:
- gh: GitHub CLI, GitHub's official command line tool
Details:
It was discovered that GitHub CLI incorrectly handled username
validation. An attacker could possibly use this issue to perform
remote code execution if the user connected to a malicious server.
(CVE-2024-52308)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
gh 2.46.0-1ubuntu0.2
Ubuntu 24.04 LTS
gh 2.45.0-1ubuntu0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7130-1
CVE-2024-52308
Package Information:
https://launchpad.net/ubuntu/+source/gh/2.46.0-1ubuntu0.2
November 26, 2024
gh vulnerability
==============================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
GitHub CLI could be made to run programs as your login if it
connected to a malicious server.
Software Description:
- gh: GitHub CLI, GitHub's official command line tool
Details:
It was discovered that GitHub CLI incorrectly handled username
validation. An attacker could possibly use this issue to perform
remote code execution if the user connected to a malicious server.
(CVE-2024-52308)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
gh 2.46.0-1ubuntu0.2
Ubuntu 24.04 LTS
gh 2.45.0-1ubuntu0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/no
CVE-2024-52308
Package Information:
https://launchpad.net/ubuntu/+
[USN-6988-2] Twisted vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdGM80FAwAAAAAACgkQyfW2m9Ldu6vy
SRAAu0aDmkzrSPo1qe0F+LYxuZZ9hYsnOcW+bCECgJz+5rWoeyDGTcShDCCsCEaraiN3A3pgi0Ll
XvD9CAreTowbkw1yvxxuJ54RiG2oS4UiCWZGI6gxY7VTz5P6LUSw/RzTjnHwgJ6Ta5ObVv09p7Wv
FdSb4JMnttvyOnunbdl3BVm7RL1vdsaEHNSccQPsuRwE7PULxquDyK1rQLRcBhCTaKsgwlsgeut6
9A6Rpe+7k1dut2Ehn8Xb6BkrEhv1lGMXSOg/drqxnTYT956p5aKdJPboFCdkmvOdUHoJohGs0aA0
bgOAMwEucDsvXIMHnJ1ndiGhG/hEYmxbgllLDEZH9zVktL4N8kGx4jMzIeblxr1mMdpr7L0SADWQ
MZJz2EgOMSxC2SCqe9GfrWeDHfwD36/9X1kBpBUgTLibRiQ0xkBvIqLf54slTyKGhvMzmckHmY/Y
rYYm/a78ixHv1NklTh23KumS1DdIlDmGyKTH+5R3pQpfEauw/699cFCTDgu+UfzQcCcUUwBOU3lU
lkOLidEY4aQIwmHjyE+qHb5ajP4BBq/S5mLOG1IuhIcTEr2Mkk0i8hgADe84o0t3J4bcrY8MW1Jf
rilKdJaRd71mgaTfT/Z3QyL8PbFnC9h6YqaFaaFHkQEgx+S2UG8NoNq5HvG1RHvVXTs/cccK7Q1V
gno=
=i+zH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6988-2
November 26, 2024
twisted vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Twisted could allow unintended access to information over the network.
Software Description:
- twisted: Event-based framework for internet applications
Details:
USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-twisted 22.1.0-2ubuntu2.6
Ubuntu 20.04 LTS
python3-twisted 18.9.0-11ubuntu0.20.04.5
Ubuntu 18.04 LTS
python-twisted 17.9.0-2ubuntu0.3+esm2
Available with Ubuntu Pro
python3-twisted 17.9.0-2ubuntu0.3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6988-2
https://ubuntu.com/security/notices/USN-6988-1
CVE-2024-41671
Package Information:
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.6
https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.5
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdGM80FAwAAAAAACgkQyfW2m9Ldu6vy
SRAAu0aDmkzrSPo1qe0F+LYxuZZ9hYsnOcW+bCECgJz+5rWoeyDGTcShDCCsCEaraiN3A3pgi0Ll
XvD9CAreTowbkw1yvxxuJ54RiG2oS4UiCWZGI6gxY7VTz5P6LUSw/RzTjnHwgJ6Ta5ObVv09p7Wv
FdSb4JMnttvyOnunbdl3BVm7RL1vdsaEHNSccQPsuRwE7PULxquDyK1rQLRcBhCTaKsgwlsgeut6
9A6Rpe+7k1dut2Ehn8Xb6BkrEhv1lGMXSOg/drqxnTYT956p5aKdJPboFCdkmvOdUHoJohGs0aA0
bgOAMwEucDsvXIMHnJ1ndiGhG/hEYmxbgllLDEZH9zVktL4N8kGx4jMzIeblxr1mMdpr7L0SADWQ
MZJz2EgOMSxC2SCqe9GfrWeDHfwD36/9X1kBpBUgTLibRiQ0xkBvIqLf54slTyKGhvMzmckHmY/Y
rYYm/a78ixHv1NklTh23KumS1DdIlDmGyKTH+5R3pQpfEauw/699cFCTDgu+UfzQcCcUUwBOU3lU
lkOLidEY4aQIwmHjyE+qHb5ajP4BBq/S5mLOG1IuhIcTEr2Mkk0i8hgADe84o0t3J4bcrY8MW1Jf
rilKdJaRd71mgaTfT/Z3QyL8PbFnC9h6YqaFaaFHkQEgx+S2UG8NoNq5HvG1RHvVXTs/cccK7Q1V
gno=
=i+zH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6988-2
November 26, 2024
twisted vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Twisted could allow unintended access to information over the network.
Software Description:
- twisted: Event-based framework for internet applications
Details:
USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-twisted 22.1.0-2ubuntu2.6
Ubuntu 20.04 LTS
python3-twisted 18.9.0-11ubuntu0.20.04.5
Ubuntu 18.04 LTS
python-twisted 17.9.0-2ubuntu0.3+esm2
Available with Ubuntu Pro
python3-twisted 17.9.0-2ubuntu0.3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6988-2
https://ubuntu.com/security/notices/USN-6988-1
CVE-2024-41671
Package Information:
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.6
https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.5
Fedora 39 end of life today (2024-11-26)
Hello all,
Fedora Linux 39 is going end of life for updates and support today,
2024-11-26.
No more updates of any kind, including security updates or security
announcements, will be available for Fedora Linux 39 after today. No
more pending updates for Fedora Linux 39 will be pushed to stable.
Fedora Linux 40 will continue to receive updates until approximately
one month after the release of Fedora Linux 42. The maintenance
schedule of Fedora Linux releases is documented on the Fedora Project
docs[1]. The docs also contain instructions[2] on how to upgrade from a
previous release of Fedora Linux to a version receiving updates.
Regards,
Fedora Release Engineering
[1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule
[2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/
--
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org
https://www.happyassassin.net
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora Linux 39 is going end of life for updates and support today,
2024-11-26.
No more updates of any kind, including security updates or security
announcements, will be available for Fedora Linux 39 after today. No
more pending updates for Fedora Linux 39 will be pushed to stable.
Fedora Linux 40 will continue to receive updates until approximately
one month after the release of Fedora Linux 42. The maintenance
schedule of Fedora Linux releases is documented on the Fedora Project
docs[1]. The docs also contain instructions[2] on how to upgrade from a
previous release of Fedora Linux to a version receiving updates.
Regards,
Fedora Release Engineering
[1] https://docs.fedoraproject.org/en-US/releases/lifecycle/#_maintenance_schedule
[2] https://docs.fedoraproject.org/en-US/quick-docs/upgrading-fedora-new-release/
--
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@fosstodon.org
https://www.happyassassin.net
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-7129-1] TinyGLTF vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmdF8RYFAwAAAAAACgkQNfzInf03kcEh
kQ/+KyNZXQ6AdFuMQVcziJHWxLRzjVwt/YqyK/rM3BdZ2g9c1ofP5/UNTh5Kl7g+yXFtg0nK9XFW
+xr83Pj3txFgfwtA6od/2WvkM3kWdwd7s5H24xAxDBnrdT7pGBfaiccd5mUU3asqUNzGjuuKEZPt
QSIae0mUzY3vDo3C3omCKJn0IuEHjpsEJCRnteGMVrz1rMsU4efu5awXjEcguDCYAAADluetsG5u
t+/SG0ASKWXaGcjxbUtILIuGx+6xJCY4MjjFSxWI0UIfiXZ59lmz0ZeuPZ9bkUptrT3oGqS19vGm
0FyDfsDaxtEN4uy48ELiya4BxzMwSPyr/q0r0bEI2lEBvHyi3LgfleTy2R+veeKhXIkaj3BZM2y7
mEbVw7CYEHvteSDuQR1+9WzxjucmJeHjq5fPBKQnbqocM34w+rMxX1dC7Qas/zxN3QBWvm5tdmSZ
7VO8ZffHg7wpatWvWlDuW7QhGOsC81dB6ozs2yhXEcazYHzQmSeEsCK7Pg4RMR0yCAGGd6Yje9/G
jWmL2IesKpSCDOh4zzNn9+7cHbqwztFa5gdA3ipwn2Tq3PvVr66d+6iJ1MSBbY3revzOxhDvAYg1
9XwfQoyW25tmZrua9roMt4yJyQZe66SdK8TyYBcSvyZngd/ZNzSHaOGb7LXdBu2f4V3bOb/YY/e4
bak=
=j/fO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7129-1
November 26, 2024
TinyGLTF vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
TinyGLTF could be made to crash or run programs as your login if it
received specially crafted input.
Software Description:
- tinygltf: glTF loader and saver library
Details:
It was discovered that TinyGLTF performed file path expansion in an
insecure way on certain inputs. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libtinygltf-dev 2.5.0+dfsg-4ubuntu0.1
libtinygltf1d 2.5.0+dfsg-4ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7129-1
CVE-2022-3008
Package Information:
https://launchpad.net/ubuntu/+source/tinygltf/2.5.0+dfsg-4ubuntu0.1
wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmdF8RYFAwAAAAAACgkQNfzInf03kcEh
kQ/+KyNZXQ6AdFuMQVcziJHWxLRzjVwt/YqyK/rM3BdZ2g9c1ofP5/UNTh5Kl7g+yXFtg0nK9XFW
+xr83Pj3txFgfwtA6od/2WvkM3kWdwd7s5H24xAxDBnrdT7pGBfaiccd5mUU3asqUNzGjuuKEZPt
QSIae0mUzY3vDo3C3omCKJn0IuEHjpsEJCRnteGMVrz1rMsU4efu5awXjEcguDCYAAADluetsG5u
t+/SG0ASKWXaGcjxbUtILIuGx+6xJCY4MjjFSxWI0UIfiXZ59lmz0ZeuPZ9bkUptrT3oGqS19vGm
0FyDfsDaxtEN4uy48ELiya4BxzMwSPyr/q0r0bEI2lEBvHyi3LgfleTy2R+veeKhXIkaj3BZM2y7
mEbVw7CYEHvteSDuQR1+9WzxjucmJeHjq5fPBKQnbqocM34w+rMxX1dC7Qas/zxN3QBWvm5tdmSZ
7VO8ZffHg7wpatWvWlDuW7QhGOsC81dB6ozs2yhXEcazYHzQmSeEsCK7Pg4RMR0yCAGGd6Yje9/G
jWmL2IesKpSCDOh4zzNn9+7cHbqwztFa5gdA3ipwn2Tq3PvVr66d+6iJ1MSBbY3revzOxhDvAYg1
9XwfQoyW25tmZrua9roMt4yJyQZe66SdK8TyYBcSvyZngd/ZNzSHaOGb7LXdBu2f4V3bOb/YY/e4
bak=
=j/fO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7129-1
November 26, 2024
TinyGLTF vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
TinyGLTF could be made to crash or run programs as your login if it
received specially crafted input.
Software Description:
- tinygltf: glTF loader and saver library
Details:
It was discovered that TinyGLTF performed file path expansion in an
insecure way on certain inputs. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libtinygltf-dev 2.5.0+dfsg-4ubuntu0.1
libtinygltf1d 2.5.0+dfsg-4ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7129-1
CVE-2022-3008
Package Information:
https://launchpad.net/ubuntu/+source/tinygltf/2.5.0+dfsg-4ubuntu0.1
[USN-7128-1] Pygments vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdF8BYFAwAAAAAACgkQyfW2m9Ldu6vi
zQ//R5MPHwEFXws3odA9q/x3M+oHXZY7bQoghlcYv2hNm4Yuv/ocVT4XhlxPIvKnHuD6h4urn0QL
m1XMNF5ZYSAiayD1ra9lXWk6jB2CAqPWOkHxSFXMqzVhznCv9wpTSSSY/WHTtuieLNezBKVe2z8C
UYPCibXF1LrxRrcQQ7cgsbEpLXpr2S8HgdmBwJ6Umj3oVUE8bzNqgVs7Rbr9lduk/s/9OCNiYC79
5cAnQgyQHyugcJELbGR4gtzCsKYLGihgCndz0X1+TDDgrjQKNKVjnmxiJ3qD6+vuzdN0nsRONVEh
O+6wPnMgxnsc23xUhauZyiNUwqJRQXnXc+N4Y3RFUEsT5LAIeC6AnQNBjZYt/h7Fh3dGdlfXmNse
buXjNm/ZAyBP92A3OrXJik+DQiiP00wOapcdrGhMu9Ih5udTQF+nxU/s5DvmK3IyMeAdTt+k9QJN
NFJiUt3WPeKt5nrQOfTrpBYhIUDyEWk7S6zZAI3pk4mlrimlmMCsZkLRl2pUvBl40uuPlgA/PlnE
sRbFx9ntE494zQoBnAsALyx8vo+MzwJceBheu3eSojoRzQAKotxCQ2if7ENOsdsDq+Aq7NZHUaM5
addV/kJUzEfIsCGuF6voKgCqrPiWUzlVbkKbcL5CVx6uMhFEKLWabu6lNZmGP3WPmzTPhDtmFrBu
1NU=
=EhIE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7128-1
November 26, 2024
pygments vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Pygments could be made to crash if it received specially crafted input.
Software Description:
- pygments: Generic syntax highlighter
Details:
Sebastian Chnelik discovered that Pygments had an inefficient regex query
for analyzing certain inputs. An attacker could possibly use this issue to
cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-pygments 2.11.2+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7128-1
CVE-2022-40896
Package Information:
https://launchpad.net/ubuntu/+source/pygments/2.11.2+dfsg-2ubuntu0.1
wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdF8BYFAwAAAAAACgkQyfW2m9Ldu6vi
zQ//R5MPHwEFXws3odA9q/x3M+oHXZY7bQoghlcYv2hNm4Yuv/ocVT4XhlxPIvKnHuD6h4urn0QL
m1XMNF5ZYSAiayD1ra9lXWk6jB2CAqPWOkHxSFXMqzVhznCv9wpTSSSY/WHTtuieLNezBKVe2z8C
UYPCibXF1LrxRrcQQ7cgsbEpLXpr2S8HgdmBwJ6Umj3oVUE8bzNqgVs7Rbr9lduk/s/9OCNiYC79
5cAnQgyQHyugcJELbGR4gtzCsKYLGihgCndz0X1+TDDgrjQKNKVjnmxiJ3qD6+vuzdN0nsRONVEh
O+6wPnMgxnsc23xUhauZyiNUwqJRQXnXc+N4Y3RFUEsT5LAIeC6AnQNBjZYt/h7Fh3dGdlfXmNse
buXjNm/ZAyBP92A3OrXJik+DQiiP00wOapcdrGhMu9Ih5udTQF+nxU/s5DvmK3IyMeAdTt+k9QJN
NFJiUt3WPeKt5nrQOfTrpBYhIUDyEWk7S6zZAI3pk4mlrimlmMCsZkLRl2pUvBl40uuPlgA/PlnE
sRbFx9ntE494zQoBnAsALyx8vo+MzwJceBheu3eSojoRzQAKotxCQ2if7ENOsdsDq+Aq7NZHUaM5
addV/kJUzEfIsCGuF6voKgCqrPiWUzlVbkKbcL5CVx6uMhFEKLWabu6lNZmGP3WPmzTPhDtmFrBu
1NU=
=EhIE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7128-1
November 26, 2024
pygments vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Pygments could be made to crash if it received specially crafted input.
Software Description:
- pygments: Generic syntax highlighter
Details:
Sebastian Chnelik discovered that Pygments had an inefficient regex query
for analyzing certain inputs. An attacker could possibly use this issue to
cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-pygments 2.11.2+dfsg-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7128-1
CVE-2022-40896
Package Information:
https://launchpad.net/ubuntu/+source/pygments/2.11.2+dfsg-2ubuntu0.1
[USN-7117-2] needrestart regression
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEcfvxe+flLQwqLJFE8LYUYLBMS1YFAmdFq+wFAwAAAAAACgkQ8LYUYLBMS1ZB
HRAAyRz+/+IL6QvAroZ0XRsZwRPyxafhWnv/Vc9aWhJuaMGeA4ecyUqFYTFL0BAvmWzkTzxd9F5P
WpbQWk1X7d06GIjIrhkpYWm/79fNTQaG8VaoNfLdxhzZckM62f41tRFZ/yh55kDtpANcJn+p/eNO
4CnHG08JAKi+QUHCOFy9Fuqy9DgCMlbRxFivaj9T0Kk5UJb2N77qYE3SrZLT7BnsCnA1pUOkzB0W
lu5GFSqU0yUGS771Bt2QLI3afKaMtOsk4rLEwwJ1wGwrnKSfzqicfmFb26mJM3cGNgCjjHHBSavG
ah7i0A/aIf/xuqX+McciLdMtclUqtBPoa0kVnXcq45VSn+RJ/XWS0fXS4IFK9JuIpitWZjXIUJLN
cHGGw7uG3haTAVdLO+YHVXXnDLC3P4PApc9KvhaIe0Fkb4dnA1ffD32a/jWjMTpO7SetHNORE21b
wrt7S9BtrHYrz4Cp8QY6nX2lCi0AOi/y701XqAUDwe3MrRPc847Na0yR1im3I7u1fUoRY+56ckbs
GcTA7Xs4wCKs1Rr98PZaQn5xjId24k5Wk7Rcit/1kCs/Yb2x1+eBzM5yGL8cgUHNJNVqoa1mefw9
Ko6/D2c3vrJ0UM14DnjqIFW4t9JFJyUrzZL//pyHzZ2u3YKaj0O72pEVykFtLexrVQxDzlp9b04j
Xe4=
=lzls
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7117-2
November 26, 2024
needrestart regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7117-1 caused some regression in needrestart.
Software Description:
- needrestart: check which daemons need to be restarted after library
upgrades
Details:
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48990)
Qualys discovered that needrestart incorrectly checked the path to the
Python interpreter. A local attacker could possibly use this issue to win
a race condition and execute arbitrary code as root. (CVE-2024-48991)
Qualys discovered that needrestart incorrectly used the RUBYLIB
environment variable to spawn a new Ruby interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48992)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
needrestart 3.6-8ubuntu4.3
Ubuntu 24.04 LTS
needrestart 3.6-7ubuntu4.4
Ubuntu 22.04 LTS
needrestart 3.5-5ubuntu2.3
Ubuntu 20.04 LTS
needrestart 3.4-6ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
needrestart 3.1-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
needrestart 2.6-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7117-2
https://ubuntu.com/security/notices/USN-7117-1
https://launchpad.net/bugs/2089193
Package Information:
https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu4.3
https://launchpad.net/ubuntu/+source/needrestart/3.6-7ubuntu4.4
https://launchpad.net/ubuntu/+source/needrestart/3.5-5ubuntu2.3
wsF5BAABCAAjFiEEcfvxe+flLQwqLJFE8LYUYLBMS1YFAmdFq+wFAwAAAAAACgkQ8LYUYLBMS1ZB
HRAAyRz+/+IL6QvAroZ0XRsZwRPyxafhWnv/Vc9aWhJuaMGeA4ecyUqFYTFL0BAvmWzkTzxd9F5P
WpbQWk1X7d06GIjIrhkpYWm/79fNTQaG8VaoNfLdxhzZckM62f41tRFZ/yh55kDtpANcJn+p/eNO
4CnHG08JAKi+QUHCOFy9Fuqy9DgCMlbRxFivaj9T0Kk5UJb2N77qYE3SrZLT7BnsCnA1pUOkzB0W
lu5GFSqU0yUGS771Bt2QLI3afKaMtOsk4rLEwwJ1wGwrnKSfzqicfmFb26mJM3cGNgCjjHHBSavG
ah7i0A/aIf/xuqX+McciLdMtclUqtBPoa0kVnXcq45VSn+RJ/XWS0fXS4IFK9JuIpitWZjXIUJLN
cHGGw7uG3haTAVdLO+YHVXXnDLC3P4PApc9KvhaIe0Fkb4dnA1ffD32a/jWjMTpO7SetHNORE21b
wrt7S9BtrHYrz4Cp8QY6nX2lCi0AOi/y701XqAUDwe3MrRPc847Na0yR1im3I7u1fUoRY+56ckbs
GcTA7Xs4wCKs1Rr98PZaQn5xjId24k5Wk7Rcit/1kCs/Yb2x1+eBzM5yGL8cgUHNJNVqoa1mefw9
Ko6/D2c3vrJ0UM14DnjqIFW4t9JFJyUrzZL//pyHzZ2u3YKaj0O72pEVykFtLexrVQxDzlp9b04j
Xe4=
=lzls
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7117-2
November 26, 2024
needrestart regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7117-1 caused some regression in needrestart.
Software Description:
- needrestart: check which daemons need to be restarted after library
upgrades
Details:
USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a
regression in needrestart. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that needrestart passed unsanitized data to a library
(libmodule-scandeps-perl) which expects safe input. A local attacker could
possibly use this issue to execute arbitrary code as root.
(CVE-2024-11003)
Qualys discovered that the library libmodule-scandeps-perl incorrectly
parsed perl code. This could allow a local attacker to execute arbitrary
shell commands. (CVE-2024-10224)
Qualys discovered that needrestart incorrectly used the PYTHONPATH
environment variable to spawn a new Python interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48990)
Qualys discovered that needrestart incorrectly checked the path to the
Python interpreter. A local attacker could possibly use this issue to win
a race condition and execute arbitrary code as root. (CVE-2024-48991)
Qualys discovered that needrestart incorrectly used the RUBYLIB
environment variable to spawn a new Ruby interpreter. A local attacker
could possibly use this issue to execute arbitrary code as root.
(CVE-2024-48992)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
needrestart 3.6-8ubuntu4.3
Ubuntu 24.04 LTS
needrestart 3.6-7ubuntu4.4
Ubuntu 22.04 LTS
needrestart 3.5-5ubuntu2.3
Ubuntu 20.04 LTS
needrestart 3.4-6ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
needrestart 3.1-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
needrestart 2.6-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7117-2
https://ubuntu.com/security/notices/USN-7117-1
https://launchpad.net/bugs/2089193
Package Information:
https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu4.3
https://launchpad.net/ubuntu/+source/needrestart/3.6-7ubuntu4.4
https://launchpad.net/ubuntu/+source/needrestart/3.5-5ubuntu2.3
Monday, November 25, 2024
RapidJSON vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh
X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU
6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ
vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9
o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U
VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z
yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T
7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3
JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C
OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN
i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB
zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ
823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh
IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX
UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA
e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2
znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w
/+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb
GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo
DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv
vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i
s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi
UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo
N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7
EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ
faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E
O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg
hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz
NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok
w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5
V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX
2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh
4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9
HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR
civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/
Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ
X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n
4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB
N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH
8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO
GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB
UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv
vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa
ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA
ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ
QGrNPtvSWtSzFkAmdaSP92Yi2kr2
=ZpuF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmdEyRMFAwAAAAAACgkQ9uFA9ts1nlgh
rg/9HT3yWgHtUDSVWXjY0D2PHYESFflIL1lZj5k3YcpFUCEXMNIVNay+MX8F7+Y0oMVcDqjWH5Jk
Uzp/B1aO4Vbftqr6UTmDVWj46J+iEmapCzqDvBJvZZS6LzdkZAkifjfCd+nuvF0LVGyIxihfWy/N
3ozwKoTdZeldinPctgYXaznnvfcn38dkHu1SvwJwKKdAehHi8/tMHttCv/IdZGKiIkijhKdSVoLO
oukLR98mQlrYjwSGQW7QdLF8/Bo7GszH+bbrbg8G8aIq2SCPnBEumJV9Vq/jQAk0wwDv404uoUbp
+RtRfct/4sRJX0mKhBCCyr3O5jLlcbUStIDqU4I6fnB7QsIWvBon1BIz9MUbDhaxvz6WBaWchMl7
anFjr0yl94bSTIGHMI+vsKRnzomxBLCMBp7xMYOUxUWllD+ezNULZiUqNuhpI9Uc/FARIGU7JpXs
EUkY22A643dJUJxMB53qkKgySLDC8WmDKF44Df73186kw1/O+ZwS39cGPM7vwQGPADAUNI7AJaXD
n025Z9LidXc2SRdsHECBSkxxX6RMvey3NGvTbSt2cOzhNR6mQTP1nFZano0lyXKARnK2hnNzb2vu
0PH7L1Y1Ca4Z1HZk+I6dBs2Z7D8ek/F+cObN+tMPOWJSa6NmzyBsy/2tOKSwzHTPPHgGR5oAgV42
rB4=
=ycrY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7125-1
November 25, 2024
rapidjson vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
RapidJSON could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- rapidjson: A fast JSON parser/generator for C++
Details:
It was discovered that RapidJSON incorrectly parsed numbers written in
scientific notation, leading to an integer underflow. An attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
rapidjson-dev 1.1.0+dfsg2-7.3ubuntu0.1
Ubuntu 24.04 LTS
rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7125-1
CVE-2024-38517
Package Information:
https://launchpad.net/ubuntu/+source/rapidjson/1.1.0+dfsg2-7.3ubuntu0.1
xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh
X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU
6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ
vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9
o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U
VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z
yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T
7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3
JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C
OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN
i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB
zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ
823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh
IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX
UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA
e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2
znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w
/+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb
GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo
DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv
vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i
s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi
UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo
N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7
EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ
faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E
O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg
hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz
NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok
w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5
V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX
2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh
4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9
HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR
civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/
Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ
X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n
4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB
N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH
8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO
GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB
UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv
vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa
ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA
ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ
QGrNPtvSWtSzFkAmdaSP92Yi2kr2
=ZpuF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmdEyRMFAwAAAAAACgkQ9uFA9ts1nlgh
rg/9HT3yWgHtUDSVWXjY0D2PHYESFflIL1lZj5k3YcpFUCEXMNIVNay+MX8F7+Y0oMVcDqjWH5Jk
Uzp/B1aO4Vbftqr6UTmDVWj46J+iEmapCzqDvBJvZZS6LzdkZAkifjfCd+nuvF0LVGyIxihfWy/N
3ozwKoTdZeldinPctgYXaznnvfcn38dkHu1SvwJwKKdAehHi8/tMHttCv/IdZGKiIkijhKdSVoLO
oukLR98mQlrYjwSGQW7QdLF8/Bo7GszH+bbrbg8G8aIq2SCPnBEumJV9Vq/jQAk0wwDv404uoUbp
+RtRfct/4sRJX0mKhBCCyr3O5jLlcbUStIDqU4I6fnB7QsIWvBon1BIz9MUbDhaxvz6WBaWchMl7
anFjr0yl94bSTIGHMI+vsKRnzomxBLCMBp7xMYOUxUWllD+ezNULZiUqNuhpI9Uc/FARIGU7JpXs
EUkY22A643dJUJxMB53qkKgySLDC8WmDKF44Df73186kw1/O+ZwS39cGPM7vwQGPADAUNI7AJaXD
n025Z9LidXc2SRdsHECBSkxxX6RMvey3NGvTbSt2cOzhNR6mQTP1nFZano0lyXKARnK2hnNzb2vu
0PH7L1Y1Ca4Z1HZk+I6dBs2Z7D8ek/F+cObN+tMPOWJSa6NmzyBsy/2tOKSwzHTPPHgGR5oAgV42
rB4=
=ycrY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7125-1
November 25, 2024
rapidjson vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
RapidJSON could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- rapidjson: A fast JSON parser/generator for C++
Details:
It was discovered that RapidJSON incorrectly parsed numbers written in
scientific notation, leading to an integer underflow. An attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
rapidjson-dev 1.1.0+dfsg2-7.3ubuntu0.1
Ubuntu 24.04 LTS
rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7125-1
CVE-2024-38517
Package Information:
https://launchpad.net/ubuntu/+source/rapidjson/1.1.0+dfsg2-7.3ubuntu0.1
[USN-7121-3] Linux kernel (Oracle) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmdEgHYFAwAAAAAACgkQZ0GeRcM5nt09
awf+K4ceILXutKllTJVDSro2K3ndmsBM4KebHdsdGGr2+IbuQevK9y12GoLnNYxykVWvfJ6dTlJR
KYs/yXdko7AIagXmqvA5PyrzKx/ugQbrzp2nbcq6VKOkONkTdqWnXOYHsKAyBx6GNDU+CfK/ECSr
ft7LDrDzu/N/VAx5j1+Z9mzCGVD2UZqxwB8NArowxIrfFJ7PzN9c37NFXXKNKnhl6ahqOfieqrrg
8osaShUlLIvEwyQL9GO9LZHVSA3qp30iNd+UusbV/VmbA/r3LJwqzkoRr6nPOy9+USVcRXFz3i/q
JcOsp19mZbwfySWXN7kVN+QQqVNS2Dv0UJ61MJto7g==
=a2ej
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-3
November 25, 2024
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.15.0-1137-oracle 4.15.0-1137.148~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1137.148~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-3
https://ubuntu.com/security/notices/USN-7121-2
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmdEgHYFAwAAAAAACgkQZ0GeRcM5nt09
awf+K4ceILXutKllTJVDSro2K3ndmsBM4KebHdsdGGr2+IbuQevK9y12GoLnNYxykVWvfJ6dTlJR
KYs/yXdko7AIagXmqvA5PyrzKx/ugQbrzp2nbcq6VKOkONkTdqWnXOYHsKAyBx6GNDU+CfK/ECSr
ft7LDrDzu/N/VAx5j1+Z9mzCGVD2UZqxwB8NArowxIrfFJ7PzN9c37NFXXKNKnhl6ahqOfieqrrg
8osaShUlLIvEwyQL9GO9LZHVSA3qp30iNd+UusbV/VmbA/r3LJwqzkoRr6nPOy9+USVcRXFz3i/q
JcOsp19mZbwfySWXN7kVN+QQqVNS2Dv0UJ61MJto7g==
=a2ej
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-3
November 25, 2024
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.15.0-1137-oracle 4.15.0-1137.148~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1137.148~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-3
https://ubuntu.com/security/notices/USN-7121-2
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
Sunday, November 24, 2024
[USN-7124-1] OpenJDK 23 vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmdDwiEFAwAAAAAACgkQWNrRIKaTkWdr
1hAAwwMah6UrLsudgNzPgsajCr9rSne3BjQ8vclwZ2YHhxRcUX7O8j1YDFEM9EgnN3PgsBY0ALNB
sKckn7k9Qj0xeh8rP2rv21TzmnbbpdrNGHQtdDZqXZ/K+TSAaYcHkEUT8tDQQiNaWU4Jp2JutM50
tExI5/2Ye07/h0gIxPa9R3tEt2fRH0OSmKhP/hPjWQ1F2ihGFvqJ5uOR0mTp6mVbaGMNBrtF1iAT
80g7Cnuk9js+ZLeIwECv14QrNxV3cGh7gl2nqwiYtTdUh/uTw6hcJpVx25vGvDVI4YYSvnG/YLua
CXMEwAithVS9zwecje7IogYoltHaaq0Q5O4uySn0dxDisKHfwFE5wL4mWbfXAbfl0ksvlgBOPYE8
Y1HSTcDoXM7KfsbsesjvC40jBpkX2Qx0O2cJThfynm8f/LGdZszSwhWUMZzmO0BAfwm6b7cJZRfp
O/zRSmsrlijjU5dIX8w13dWVbnIGPZ9TCHk7UzX1G8V3GA4qi6s4hMrIMx5p6wanmj9T6wYrOTeh
r7GlvYhfHWPoS6lPUQm76rzWqsx0w+ZVCPztg9Pk29mrI182zoR67VcwIxx5LdlmZfR48U22jjq7
dpqx4Tb6KKazGD3vIqKBLoZZNkdS2JPP1U0u51PNfrLTAPTZWIUpZWktwvTwk3jWhglGLU1cWOiX
qg0=
=Ic93
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7124-1
November 24, 2024
openjdk-23 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
Summary:
Several security issues were fixed in OpenJDK 23.
Software Description:
- openjdk-23: Open Source Java implementation
Details:
Andy Boothe discovered that the Networking component of OpenJDK 23 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 23 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 23 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
openjdk-23-jdk 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jdk-headless 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre-headless 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre-zero 23.0.1+11-1ubuntu1~24.10.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7124-1
CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-23/23.0.1+11-1ubuntu1~24.10.1
wsF5BAABCAAjFiEEAPYWTpwtIbr7xH4OWNrRIKaTkWcFAmdDwiEFAwAAAAAACgkQWNrRIKaTkWdr
1hAAwwMah6UrLsudgNzPgsajCr9rSne3BjQ8vclwZ2YHhxRcUX7O8j1YDFEM9EgnN3PgsBY0ALNB
sKckn7k9Qj0xeh8rP2rv21TzmnbbpdrNGHQtdDZqXZ/K+TSAaYcHkEUT8tDQQiNaWU4Jp2JutM50
tExI5/2Ye07/h0gIxPa9R3tEt2fRH0OSmKhP/hPjWQ1F2ihGFvqJ5uOR0mTp6mVbaGMNBrtF1iAT
80g7Cnuk9js+ZLeIwECv14QrNxV3cGh7gl2nqwiYtTdUh/uTw6hcJpVx25vGvDVI4YYSvnG/YLua
CXMEwAithVS9zwecje7IogYoltHaaq0Q5O4uySn0dxDisKHfwFE5wL4mWbfXAbfl0ksvlgBOPYE8
Y1HSTcDoXM7KfsbsesjvC40jBpkX2Qx0O2cJThfynm8f/LGdZszSwhWUMZzmO0BAfwm6b7cJZRfp
O/zRSmsrlijjU5dIX8w13dWVbnIGPZ9TCHk7UzX1G8V3GA4qi6s4hMrIMx5p6wanmj9T6wYrOTeh
r7GlvYhfHWPoS6lPUQm76rzWqsx0w+ZVCPztg9Pk29mrI182zoR67VcwIxx5LdlmZfR48U22jjq7
dpqx4Tb6KKazGD3vIqKBLoZZNkdS2JPP1U0u51PNfrLTAPTZWIUpZWktwvTwk3jWhglGLU1cWOiX
qg0=
=Ic93
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7124-1
November 24, 2024
openjdk-23 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
Summary:
Several security issues were fixed in OpenJDK 23.
Software Description:
- openjdk-23: Open Source Java implementation
Details:
Andy Boothe discovered that the Networking component of OpenJDK 23 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 23 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 23 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
openjdk-23-jdk 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jdk-headless 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre-headless 23.0.1+11-1ubuntu1~24.10.1
openjdk-23-jre-zero 23.0.1+11-1ubuntu1~24.10.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7124-1
CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-23/23.0.1+11-1ubuntu1~24.10.1
Thursday, November 21, 2024
[USN-7015-6] Python regressions
==========================================================================
Ubuntu Security Notice USN-7015-6
November 22, 2024
python2.7 regresssions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-7015-5 caused some regressions in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7015-5 fixed vulnerabilities in python2.7. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python2.7 2.7.18-13ubuntu1.4
python2.7-minimal 2.7.18-13ubuntu1.4
Ubuntu 20.04 LTS
python2.7 2.7.18-1~20.04.6
python2.7-minimal 2.7.18-1~20.04.6
Ubuntu 18.04 LTS
python2.7 2.7.17-1~18.04ubuntu1.13+esm8
Available with Ubuntu Pro
python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm8
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python2.7 2.7.12-1ubuntu0~16.04.18+esm13
Available with Ubuntu Pro
python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm13
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python2.7 2.7.6-8ubuntu0.6+esm22
Available with Ubuntu Pro
python2.7-minimal 2.7.6-8ubuntu0.6+esm22
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7015-6
https://ubuntu.com/security/notices/USN-7015-5
https://ubuntu.com/security/notices/USN-7015-4
https://ubuntu.com/security/notices/USN-7015-3
https://ubuntu.com/security/notices/USN-7015-2
https://ubuntu.com/security/notices/USN-7015-1
https://launchpad.net/bugs/2089071
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.18-13ubuntu1.4
https://launchpad.net/ubuntu/+source/python2.7/2.7.18-1~20.04.6
Ubuntu Security Notice USN-7015-6
November 22, 2024
python2.7 regresssions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
USN-7015-5 caused some regressions in Python.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7015-5 fixed vulnerabilities in python2.7. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python2.7 2.7.18-13ubuntu1.4
python2.7-minimal 2.7.18-13ubuntu1.4
Ubuntu 20.04 LTS
python2.7 2.7.18-1~20.04.6
python2.7-minimal 2.7.18-1~20.04.6
Ubuntu 18.04 LTS
python2.7 2.7.17-1~18.04ubuntu1.13+esm8
Available with Ubuntu Pro
python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm8
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python2.7 2.7.12-1ubuntu0~16.04.18+esm13
Available with Ubuntu Pro
python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm13
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python2.7 2.7.6-8ubuntu0.6+esm22
Available with Ubuntu Pro
python2.7-minimal 2.7.6-8ubuntu0.6+esm22
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7015-6
https://ubuntu.com/security/notices/USN-7015-5
https://ubuntu.com/security/notices/USN-7015-4
https://ubuntu.com/security/notices/USN-7015-3
https://ubuntu.com/security/notices/USN-7015-2
https://ubuntu.com/security/notices/USN-7015-1
https://launchpad.net/bugs/2089071
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.18-13ubuntu1.4
https://launchpad.net/ubuntu/+source/python2.7/2.7.18-1~20.04.6
[USN-7120-3] Linux kernel (Low Latency) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc/u8kFAwAAAAAACgkQZ0GeRcM5nt1b
+gf8DvTWkoo7roQGvLp3mkaEVGG8XMm+v9FJ3LKlqRE5BICcfHsktBXKjHpZzYyVtn20VK5zz+mj
dDXGglpg3jx1V1eqxCYF3ND1YaLrCLM2Iynf7VXMrrS+6ZR26vUMjxiTE1ap/uyWSLLfHtGnW+bQ
TFZy1EcZ+OqTwv4uoWa8D1m8Hkw9hlByOPhMD637CGGZuIN+/ZljGc6oKNrYUwyHQ81i23OUbTET
J2Ut32dKhgLeo5DYHR2r9K2EOuHWWcmWatpDep0HQTUSltjC/eMbFphvMz/TXFJflgx/2etVpMGD
X2YHsBG+JA1pSaQxuSkDtKfxO/w54Ia0Ao9nMBWzyA==
=c3Zs
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7120-3
November 21, 2024
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-6.8: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- File systems infrastructure;
- Network traffic control;
(CVE-2024-46800, CVE-2024-43882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-49-lowlatency 6.8.0-49.49.1
linux-image-6.8.0-49-lowlatency-64k 6.8.0-49.49.1
linux-image-lowlatency 6.8.0-49.49.1
linux-image-lowlatency-64k 6.8.0-49.49.1
linux-image-lowlatency-64k-hwe-24.04 6.8.0-49.49.1
linux-image-lowlatency-hwe-24.04 6.8.0-49.49.1
Ubuntu 22.04 LTS
linux-image-6.8.0-49-lowlatency 6.8.0-49.49.1~22.04.1
linux-image-6.8.0-49-lowlatency-64k 6.8.0-49.49.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-49.49.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-49.49.1~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7120-3
https://ubuntu.com/security/notices/USN-7120-2
https://ubuntu.com/security/notices/USN-7120-1
CVE-2024-43882, CVE-2024-46800
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-49.49.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-49.49.1~22.04.1
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc/u8kFAwAAAAAACgkQZ0GeRcM5nt1b
+gf8DvTWkoo7roQGvLp3mkaEVGG8XMm+v9FJ3LKlqRE5BICcfHsktBXKjHpZzYyVtn20VK5zz+mj
dDXGglpg3jx1V1eqxCYF3ND1YaLrCLM2Iynf7VXMrrS+6ZR26vUMjxiTE1ap/uyWSLLfHtGnW+bQ
TFZy1EcZ+OqTwv4uoWa8D1m8Hkw9hlByOPhMD637CGGZuIN+/ZljGc6oKNrYUwyHQ81i23OUbTET
J2Ut32dKhgLeo5DYHR2r9K2EOuHWWcmWatpDep0HQTUSltjC/eMbFphvMz/TXFJflgx/2etVpMGD
X2YHsBG+JA1pSaQxuSkDtKfxO/w54Ia0Ao9nMBWzyA==
=c3Zs
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7120-3
November 21, 2024
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-6.8: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- File systems infrastructure;
- Network traffic control;
(CVE-2024-46800, CVE-2024-43882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-49-lowlatency 6.8.0-49.49.1
linux-image-6.8.0-49-lowlatency-64k 6.8.0-49.49.1
linux-image-lowlatency 6.8.0-49.49.1
linux-image-lowlatency-64k 6.8.0-49.49.1
linux-image-lowlatency-64k-hwe-24.04 6.8.0-49.49.1
linux-image-lowlatency-hwe-24.04 6.8.0-49.49.1
Ubuntu 22.04 LTS
linux-image-6.8.0-49-lowlatency 6.8.0-49.49.1~22.04.1
linux-image-6.8.0-49-lowlatency-64k 6.8.0-49.49.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-49.49.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-49.49.1~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7120-3
https://ubuntu.com/security/notices/USN-7120-2
https://ubuntu.com/security/notices/USN-7120-1
CVE-2024-43882, CVE-2024-46800
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-49.49.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-49.49.1~22.04.1
ImageFactory retirement
Hey folks,
Now that Fedora Linux 41 is out the door and Fedora Linux 39 will be
EOL next Tuesday, it's now time to continue down the path that was
outlined[1] when the Fedora Linux 40 Change to use KIWI for images[2]
was approved.
The Fedora Cloud Working Group is not interested in continuing to prop
up ImageFactory and as part of the agreement with Release Engineering,
the intent is to discontinue ImageFactory in Fedora infrastructure
during the Fedora Linux 42 development cycle.
Prior to Fedora Linux 40, ImageFactory was used to build Fedora Cloud
images, Fedora container images, and Fedora Cloud Vagrant images.
These have migrated to being built with KIWI under the aegis of the
Fedora Cloud WG. With Fedora Linux 41, two new spins were introduced
that use KIWI to build their images: Fedora MiracleWM[3] and Fedora
KDE Mobile[4] (both ARM disk images and live media ISOs). At this
point, we have confidence that every artifact currently being produced
by ImageFactory right now can be moved over to something we can
support.
Now, with ImageFactory being retired, you as image maintainers have two choices:
* Switch over to KIWI (using fedora-kiwi-descriptions[5]) for building
your images. This is what the Fedora Server WG[6][7] and Fedora KDE
SIG[8] have done. If you need help with doing this, the Cloud WG and
the KDE SIG are happy to assist in porting efforts. Upstream
developers of KIWI are also very responsive and able to assist if you
encounter issues in their Matrix room[9]. Efforts are also ongoing to
make it possible for the Respins SIG to continue to produce respins
using KIWI.
* Retire the ImageFactory-based artifacts. If you find you no longer
wish to produce the images that are built with ImageFactory anymore,
we can simply discontinue their production.
I and other members of the Fedora Cloud WG are identifying the
remaining users of ImageFactory and will be reaching out to each
stakeholder individually to help them make a choice for this
transition.
[1]: https://discussion.fedoraproject.org/t/f40-change-proposal-build-fedora-cloud-edition-images-using-kiwi-in-koji-system-wide/100078/30
[2]: https://fedoraproject.org/wiki/Changes/KiwiBuiltCloudImages
[3]: https://fedoraproject.org/spins/miraclewm
[4]: https://fedoraproject.org/spins/kde-mobile
[5]: https://pagure.io/fedora-kiwi-descriptions
[6]: https://pagure.io/fedora-kiwi-descriptions/pull-request/97
[7]: https://pagure.io/pungi-fedora/pull-request/1404
[8]: https://pagure.io/pungi-fedora/pull-request/1412
[9]: https://matrix.to/#/#kiwi:matrix.org
--
Neal Gompa (FAS: ngompa)
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Now that Fedora Linux 41 is out the door and Fedora Linux 39 will be
EOL next Tuesday, it's now time to continue down the path that was
outlined[1] when the Fedora Linux 40 Change to use KIWI for images[2]
was approved.
The Fedora Cloud Working Group is not interested in continuing to prop
up ImageFactory and as part of the agreement with Release Engineering,
the intent is to discontinue ImageFactory in Fedora infrastructure
during the Fedora Linux 42 development cycle.
Prior to Fedora Linux 40, ImageFactory was used to build Fedora Cloud
images, Fedora container images, and Fedora Cloud Vagrant images.
These have migrated to being built with KIWI under the aegis of the
Fedora Cloud WG. With Fedora Linux 41, two new spins were introduced
that use KIWI to build their images: Fedora MiracleWM[3] and Fedora
KDE Mobile[4] (both ARM disk images and live media ISOs). At this
point, we have confidence that every artifact currently being produced
by ImageFactory right now can be moved over to something we can
support.
Now, with ImageFactory being retired, you as image maintainers have two choices:
* Switch over to KIWI (using fedora-kiwi-descriptions[5]) for building
your images. This is what the Fedora Server WG[6][7] and Fedora KDE
SIG[8] have done. If you need help with doing this, the Cloud WG and
the KDE SIG are happy to assist in porting efforts. Upstream
developers of KIWI are also very responsive and able to assist if you
encounter issues in their Matrix room[9]. Efforts are also ongoing to
make it possible for the Respins SIG to continue to produce respins
using KIWI.
* Retire the ImageFactory-based artifacts. If you find you no longer
wish to produce the images that are built with ImageFactory anymore,
we can simply discontinue their production.
I and other members of the Fedora Cloud WG are identifying the
remaining users of ImageFactory and will be reaching out to each
stakeholder individually to help them make a choice for this
transition.
[1]: https://discussion.fedoraproject.org/t/f40-change-proposal-build-fedora-cloud-edition-images-using-kiwi-in-koji-system-wide/100078/30
[2]: https://fedoraproject.org/wiki/Changes/KiwiBuiltCloudImages
[3]: https://fedoraproject.org/spins/miraclewm
[4]: https://fedoraproject.org/spins/kde-mobile
[5]: https://pagure.io/fedora-kiwi-descriptions
[6]: https://pagure.io/fedora-kiwi-descriptions/pull-request/97
[7]: https://pagure.io/pungi-fedora/pull-request/1404
[8]: https://pagure.io/pungi-fedora/pull-request/1412
[9]: https://matrix.to/#/#kiwi:matrix.org
--
Neal Gompa (FAS: ngompa)
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[USN-7118-1] ZBar vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7118-1
November 21, 2024
zbar vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ZBar could expose sensitive data if it opened a specially crafted file
Software Description:
- zbar: QR code / bar code scanner and decoder (Perl bindings)
Details:
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. (CVE-2023-40889)
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2023-40890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libzbar0 0.23.92-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libzbar0 0.23-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libzbar0 0.10+doc-10.1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libzbar0 0.10+doc-10ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7118-1
CVE-2023-40889, CVE-2023-40890
Ubuntu Security Notice USN-7118-1
November 21, 2024
zbar vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
ZBar could expose sensitive data if it opened a specially crafted file
Software Description:
- zbar: QR code / bar code scanner and decoder (Perl bindings)
Details:
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. (CVE-2023-40889)
It was discovered that ZBar did not properly handle certain QR codes. If a
user or automated system using ZBar were tricked into opening a specially
crafted file, an attacker could possibly use this to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2023-40890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libzbar0 0.23.92-4ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libzbar0 0.23-1.3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libzbar0 0.10+doc-10.1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libzbar0 0.10+doc-10ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7118-1
CVE-2023-40889, CVE-2023-40890
Wednesday, November 20, 2024
[USN-7091-2] Ruby vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7091-2
November 21, 2024
ruby2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.7: Object-oriented scripting language
Details:
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the
corresponding update for ruby2.7 in Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-41946)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many digits in a hex numeric character reference. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-49761)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libruby2.7 2.7.0-5ubuntu1.15
ruby2.7 2.7.0-5ubuntu1.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7091-2
https://ubuntu.com/security/notices/USN-7091-1
CVE-2024-35176, CVE-2024-39908, CVE-2024-41123, CVE-2024-41946,
CVE-2024-49761, https://launchpad.net/bugs/2086615
Package Information:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.15
Ubuntu Security Notice USN-7091-2
November 21, 2024
ruby2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ruby.
Software Description:
- ruby2.7: Object-oriented scripting language
Details:
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the
corresponding update for ruby2.7 in Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-41946)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many digits in a hex numeric character reference. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-49761)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libruby2.7 2.7.0-5ubuntu1.15
ruby2.7 2.7.0-5ubuntu1.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7091-2
https://ubuntu.com/security/notices/USN-7091-1
CVE-2024-35176, CVE-2024-39908, CVE-2024-41123, CVE-2024-41946,
CVE-2024-49761, https://launchpad.net/bugs/2086615
Package Information:
https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.15
[USN-7123-1] Linux kernel (Azure) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc9624FAwAAAAAACgkQZ0GeRcM5nt1l
NAf/V+ofzhEgVxKdaGrQrxeDENde+XdOU7JUmxKvZpySIEnSChoYoHwz55gKHkV5rizhz5TLeeFa
LOPQ8uQsr/dw5JQ0u8nna15TSEOahmZVCDkXZ+xCAeFiFOmWsG6YZRfvZpvIYiJovHT4zZhLC+sz
BDgAq1jH+Nco77yAxMuvlxj7YUBoVegct72XJD2HPueQCm3XpqLRi5J9NqBwhiyL/3R/idP1R8Dh
WfT3gKHHwqxvo7sHSk2oy72Wt7s6my4WsTkFf1oKRDVNOFdzHrB2cz+zJ4vKccIKG/S5703Tk3tH
mK71q74PGkYsDlxY39cRcsIPeftM8KcSr9xIlPohgw==
=VmR3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7123-1
November 20, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-6610)
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Android drivers;
- Serial ATA and Parallel ATA drivers;
- ATM drivers;
- Drivers core;
- Null block device driver;
- Character device driver;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I3C subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- Input Device (Miscellaneous) drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- ISDN/mISDN subsystem;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Device tree and open firmware driver;
- Parport drivers;
- PCI subsystem;
- Pin controllers subsystem;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI drivers;
- QCOM SoC drivers;
- Direct Digital Synthesis drivers;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- Userspace I/O drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- USB Host Controller drivers;
- USB Type-C Connector System Software Interface driver;
- USB over IP driver;
- VHOST drivers;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- Proc file system;
- SMB network file system;
- Core kernel;
- DMA mapping infrastructure;
- RCU subsystem;
- Tracing infrastructure;
- Radix Tree data structure library;
- Kernel userspace event delivery library;
- Objagg library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- Ethernet bridge;
- CAN network layer;
- Networking core;
- Ethtool driver;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- KCM (Kernel Connection Multiplexor) sockets driver;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Wireless networking;
- AppArmor security module;
- Landlock security;
- Simplified Mandatory Access Control Kernel framework;
- FireWire sound drivers;
- SoC audio core drivers;
- USB sound devices;
(CVE-2023-52751, CVE-2024-43902, CVE-2024-46791, CVE-2024-45018,
CVE-2024-44987, CVE-2024-46763, CVE-2024-46724, CVE-2024-26893,
CVE-2024-42283, CVE-2024-46738, CVE-2024-46819, CVE-2024-44982,
CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800,
CVE-2024-46756, CVE-2024-46719, CVE-2024-39472, CVE-2024-42292,
CVE-2024-45006, CVE-2024-46675, CVE-2024-44971, CVE-2024-46731,
CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746,
CVE-2024-42276, CVE-2024-43869, CVE-2024-43830, CVE-2024-42288,
CVE-2024-41042, CVE-2024-42126, CVE-2024-43870, CVE-2024-46805,
CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795,
CVE-2024-44988, CVE-2024-38577, CVE-2024-43839, CVE-2024-43909,
CVE-2024-46745, CVE-2024-42285, CVE-2024-43871, CVE-2024-41081,
CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284,
CVE-2024-45009, CVE-2024-41068, CVE-2024-44958, CVE-2024-46759,
CVE-2024-42304, CVE-2024-43890, CVE-2024-41019, CVE-2024-43846,
CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702,
CVE-2024-26800, CVE-2024-42302, CVE-2023-52572, CVE-2024-46783,
CVE-2024-43892, CVE-2024-45028, CVE-2024-44999, CVE-2024-46814,
CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290,
CVE-2024-44960, CVE-2024-41071, CVE-2024-41091, CVE-2024-44990,
CVE-2024-46757, CVE-2024-38611, CVE-2024-47668, CVE-2024-45008,
CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771,
CVE-2024-42265, CVE-2024-43883, CVE-2024-46673, CVE-2024-46747,
CVE-2024-43875, CVE-2024-44985, CVE-2024-42311, CVE-2024-46798,
CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873,
CVE-2024-42296, CVE-2024-43907, CVE-2024-43834, CVE-2024-46721,
CVE-2024-47659, CVE-2024-45026, CVE-2024-47667, CVE-2024-44986,
CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946,
CVE-2024-43861, CVE-2024-42269, CVE-2024-46822, CVE-2024-46739,
CVE-2024-44948, CVE-2024-46804, CVE-2024-41064, CVE-2024-44995,
CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246,
CVE-2024-46780, CVE-2024-46743, CVE-2024-44947, CVE-2024-47663,
CVE-2024-46752, CVE-2024-43893, CVE-2024-45021, CVE-2024-43856,
CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832,
CVE-2024-46737, CVE-2024-43867, CVE-2024-42277, CVE-2024-44934,
CVE-2024-46723, CVE-2024-43880, CVE-2024-43860, CVE-2024-42297,
CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287,
CVE-2024-43854, CVE-2024-42313, CVE-2024-42305, CVE-2024-41077,
CVE-2024-38602, CVE-2024-46758, CVE-2024-46807, CVE-2024-43853,
CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844,
CVE-2024-45011, CVE-2024-47660, CVE-2024-47665, CVE-2024-46829,
CVE-2024-44944, CVE-2024-41015, CVE-2024-42259, CVE-2024-43914,
CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755,
CVE-2024-43858, CVE-2024-46740, CVE-2024-46689, CVE-2024-42309,
CVE-2024-42295, CVE-2024-41098, CVE-2023-52757, CVE-2024-46782,
CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669,
CVE-2024-43882, CVE-2024-42310, CVE-2024-43905, CVE-2024-44998,
CVE-2024-42306, CVE-2024-40915, CVE-2024-46713, CVE-2024-41059,
CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312,
CVE-2024-43908, CVE-2024-46750, CVE-2024-46722, CVE-2024-42267,
CVE-2024-46818, CVE-2024-26661, CVE-2024-43817, CVE-2024-42272,
CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676,
CVE-2024-43841, CVE-2024-46815, CVE-2024-26607, CVE-2023-52434,
CVE-2024-46761, CVE-2024-42114, CVE-2024-41073, CVE-2024-43894,
CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484,
CVE-2024-42301, CVE-2024-44974, CVE-2024-43863, CVE-2024-41063)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1075-azure 5.15.0-1075.84
linux-image-azure-lts-22.04 5.15.0.1075.73
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7123-1
CVE-2022-48666, CVE-2023-52434, CVE-2023-52572, CVE-2023-52751,
CVE-2023-52757, CVE-2023-52889, CVE-2023-52918, CVE-2023-6610,
CVE-2024-25744, CVE-2024-26607, CVE-2024-26661, CVE-2024-26669,
CVE-2024-26800, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577,
CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915,
CVE-2024-41011, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017,
CVE-2024-41019, CVE-2024-41020, CVE-2024-41022, CVE-2024-41042,
CVE-2024-41059, CVE-2024-41060, CVE-2024-41063, CVE-2024-41064,
CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41071,
CVE-2024-41072, CVE-2024-41073, CVE-2024-41077, CVE-2024-41078,
CVE-2024-41081, CVE-2024-41090, CVE-2024-41091, CVE-2024-41098,
CVE-2024-42114, CVE-2024-42126, CVE-2024-42246, CVE-2024-42259,
CVE-2024-42265, CVE-2024-42267, CVE-2024-42269, CVE-2024-42271,
CVE-2024-42272, CVE-2024-42274, CVE-2024-42276, CVE-2024-42277,
CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284,
CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288,
CVE-2024-42289, CVE-2024-42290, CVE-2024-42292, CVE-2024-42295,
CVE-2024-42296, CVE-2024-42297, CVE-2024-42299, CVE-2024-42301,
CVE-2024-42302, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,
CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42312,
CVE-2024-42313, CVE-2024-42318, CVE-2024-43817, CVE-2024-43828,
CVE-2024-43829, CVE-2024-43830, CVE-2024-43834, CVE-2024-43835,
CVE-2024-43839, CVE-2024-43841, CVE-2024-43846, CVE-2024-43849,
CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858,
CVE-2024-43860, CVE-2024-43861, CVE-2024-43863, CVE-2024-43867,
CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873,
CVE-2024-43875, CVE-2024-43879, CVE-2024-43880, CVE-2024-43882,
CVE-2024-43883, CVE-2024-43884, CVE-2024-43889, CVE-2024-43890,
CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43902,
CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43909,
CVE-2024-43914, CVE-2024-44934, CVE-2024-44935, CVE-2024-44944,
CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44954,
CVE-2024-44958, CVE-2024-44960, CVE-2024-44965, CVE-2024-44966,
CVE-2024-44969, CVE-2024-44971, CVE-2024-44974, CVE-2024-44982,
CVE-2024-44983, CVE-2024-44985, CVE-2024-44986, CVE-2024-44987,
CVE-2024-44988, CVE-2024-44989, CVE-2024-44990, CVE-2024-44995,
CVE-2024-44998, CVE-2024-44999, CVE-2024-45003, CVE-2024-45006,
CVE-2024-45007, CVE-2024-45008, CVE-2024-45009, CVE-2024-45011,
CVE-2024-45018, CVE-2024-45021, CVE-2024-45025, CVE-2024-45026,
CVE-2024-45028, CVE-2024-46673, CVE-2024-46675, CVE-2024-46676,
CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46689,
CVE-2024-46702, CVE-2024-46707, CVE-2024-46713, CVE-2024-46714,
CVE-2024-46719, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723,
CVE-2024-46724, CVE-2024-46725, CVE-2024-46731, CVE-2024-46732,
CVE-2024-46737, CVE-2024-46738, CVE-2024-46739, CVE-2024-46740,
CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46746,
CVE-2024-46747, CVE-2024-46750, CVE-2024-46752, CVE-2024-46755,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46761, CVE-2024-46763, CVE-2024-46771, CVE-2024-46777,
CVE-2024-46780, CVE-2024-46781, CVE-2024-46782, CVE-2024-46783,
CVE-2024-46791, CVE-2024-46795, CVE-2024-46798, CVE-2024-46800,
CVE-2024-46804, CVE-2024-46805, CVE-2024-46807, CVE-2024-46810,
CVE-2024-46814, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,
CVE-2024-46819, CVE-2024-46822, CVE-2024-46828, CVE-2024-46829,
CVE-2024-46832, CVE-2024-46840, CVE-2024-46844, CVE-2024-47659,
CVE-2024-47660, CVE-2024-47663, CVE-2024-47665, CVE-2024-47667,
CVE-2024-47668, CVE-2024-47669
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1075.84
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc9624FAwAAAAAACgkQZ0GeRcM5nt1l
NAf/V+ofzhEgVxKdaGrQrxeDENde+XdOU7JUmxKvZpySIEnSChoYoHwz55gKHkV5rizhz5TLeeFa
LOPQ8uQsr/dw5JQ0u8nna15TSEOahmZVCDkXZ+xCAeFiFOmWsG6YZRfvZpvIYiJovHT4zZhLC+sz
BDgAq1jH+Nco77yAxMuvlxj7YUBoVegct72XJD2HPueQCm3XpqLRi5J9NqBwhiyL/3R/idP1R8Dh
WfT3gKHHwqxvo7sHSk2oy72Wt7s6my4WsTkFf1oKRDVNOFdzHrB2cz+zJ4vKccIKG/S5703Tk3tH
mK71q74PGkYsDlxY39cRcsIPeftM8KcSr9xIlPohgw==
=VmR3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7123-1
November 20, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-6610)
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Android drivers;
- Serial ATA and Parallel ATA drivers;
- ATM drivers;
- Drivers core;
- Null block device driver;
- Character device driver;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I3C subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- Input Device (Miscellaneous) drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- ISDN/mISDN subsystem;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Device tree and open firmware driver;
- Parport drivers;
- PCI subsystem;
- Pin controllers subsystem;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI drivers;
- QCOM SoC drivers;
- Direct Digital Synthesis drivers;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- Userspace I/O drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- USB Host Controller drivers;
- USB Type-C Connector System Software Interface driver;
- USB over IP driver;
- VHOST drivers;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- Proc file system;
- SMB network file system;
- Core kernel;
- DMA mapping infrastructure;
- RCU subsystem;
- Tracing infrastructure;
- Radix Tree data structure library;
- Kernel userspace event delivery library;
- Objagg library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- Ethernet bridge;
- CAN network layer;
- Networking core;
- Ethtool driver;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- KCM (Kernel Connection Multiplexor) sockets driver;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Wireless networking;
- AppArmor security module;
- Landlock security;
- Simplified Mandatory Access Control Kernel framework;
- FireWire sound drivers;
- SoC audio core drivers;
- USB sound devices;
(CVE-2023-52751, CVE-2024-43902, CVE-2024-46791, CVE-2024-45018,
CVE-2024-44987, CVE-2024-46763, CVE-2024-46724, CVE-2024-26893,
CVE-2024-42283, CVE-2024-46738, CVE-2024-46819, CVE-2024-44982,
CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800,
CVE-2024-46756, CVE-2024-46719, CVE-2024-39472, CVE-2024-42292,
CVE-2024-45006, CVE-2024-46675, CVE-2024-44971, CVE-2024-46731,
CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746,
CVE-2024-42276, CVE-2024-43869, CVE-2024-43830, CVE-2024-42288,
CVE-2024-41042, CVE-2024-42126, CVE-2024-43870, CVE-2024-46805,
CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795,
CVE-2024-44988, CVE-2024-38577, CVE-2024-43839, CVE-2024-43909,
CVE-2024-46745, CVE-2024-42285, CVE-2024-43871, CVE-2024-41081,
CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284,
CVE-2024-45009, CVE-2024-41068, CVE-2024-44958, CVE-2024-46759,
CVE-2024-42304, CVE-2024-43890, CVE-2024-41019, CVE-2024-43846,
CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702,
CVE-2024-26800, CVE-2024-42302, CVE-2023-52572, CVE-2024-46783,
CVE-2024-43892, CVE-2024-45028, CVE-2024-44999, CVE-2024-46814,
CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290,
CVE-2024-44960, CVE-2024-41071, CVE-2024-41091, CVE-2024-44990,
CVE-2024-46757, CVE-2024-38611, CVE-2024-47668, CVE-2024-45008,
CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771,
CVE-2024-42265, CVE-2024-43883, CVE-2024-46673, CVE-2024-46747,
CVE-2024-43875, CVE-2024-44985, CVE-2024-42311, CVE-2024-46798,
CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873,
CVE-2024-42296, CVE-2024-43907, CVE-2024-43834, CVE-2024-46721,
CVE-2024-47659, CVE-2024-45026, CVE-2024-47667, CVE-2024-44986,
CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946,
CVE-2024-43861, CVE-2024-42269, CVE-2024-46822, CVE-2024-46739,
CVE-2024-44948, CVE-2024-46804, CVE-2024-41064, CVE-2024-44995,
CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246,
CVE-2024-46780, CVE-2024-46743, CVE-2024-44947, CVE-2024-47663,
CVE-2024-46752, CVE-2024-43893, CVE-2024-45021, CVE-2024-43856,
CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832,
CVE-2024-46737, CVE-2024-43867, CVE-2024-42277, CVE-2024-44934,
CVE-2024-46723, CVE-2024-43880, CVE-2024-43860, CVE-2024-42297,
CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287,
CVE-2024-43854, CVE-2024-42313, CVE-2024-42305, CVE-2024-41077,
CVE-2024-38602, CVE-2024-46758, CVE-2024-46807, CVE-2024-43853,
CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844,
CVE-2024-45011, CVE-2024-47660, CVE-2024-47665, CVE-2024-46829,
CVE-2024-44944, CVE-2024-41015, CVE-2024-42259, CVE-2024-43914,
CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755,
CVE-2024-43858, CVE-2024-46740, CVE-2024-46689, CVE-2024-42309,
CVE-2024-42295, CVE-2024-41098, CVE-2023-52757, CVE-2024-46782,
CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669,
CVE-2024-43882, CVE-2024-42310, CVE-2024-43905, CVE-2024-44998,
CVE-2024-42306, CVE-2024-40915, CVE-2024-46713, CVE-2024-41059,
CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312,
CVE-2024-43908, CVE-2024-46750, CVE-2024-46722, CVE-2024-42267,
CVE-2024-46818, CVE-2024-26661, CVE-2024-43817, CVE-2024-42272,
CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676,
CVE-2024-43841, CVE-2024-46815, CVE-2024-26607, CVE-2023-52434,
CVE-2024-46761, CVE-2024-42114, CVE-2024-41073, CVE-2024-43894,
CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484,
CVE-2024-42301, CVE-2024-44974, CVE-2024-43863, CVE-2024-41063)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1075-azure 5.15.0-1075.84
linux-image-azure-lts-22.04 5.15.0.1075.73
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7123-1
CVE-2022-48666, CVE-2023-52434, CVE-2023-52572, CVE-2023-52751,
CVE-2023-52757, CVE-2023-52889, CVE-2023-52918, CVE-2023-6610,
CVE-2024-25744, CVE-2024-26607, CVE-2024-26661, CVE-2024-26669,
CVE-2024-26800, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577,
CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915,
CVE-2024-41011, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017,
CVE-2024-41019, CVE-2024-41020, CVE-2024-41022, CVE-2024-41042,
CVE-2024-41059, CVE-2024-41060, CVE-2024-41063, CVE-2024-41064,
CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41071,
CVE-2024-41072, CVE-2024-41073, CVE-2024-41077, CVE-2024-41078,
CVE-2024-41081, CVE-2024-41090, CVE-2024-41091, CVE-2024-41098,
CVE-2024-42114, CVE-2024-42126, CVE-2024-42246, CVE-2024-42259,
CVE-2024-42265, CVE-2024-42267, CVE-2024-42269, CVE-2024-42271,
CVE-2024-42272, CVE-2024-42274, CVE-2024-42276, CVE-2024-42277,
CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284,
CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288,
CVE-2024-42289, CVE-2024-42290, CVE-2024-42292, CVE-2024-42295,
CVE-2024-42296, CVE-2024-42297, CVE-2024-42299, CVE-2024-42301,
CVE-2024-42302, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,
CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42312,
CVE-2024-42313, CVE-2024-42318, CVE-2024-43817, CVE-2024-43828,
CVE-2024-43829, CVE-2024-43830, CVE-2024-43834, CVE-2024-43835,
CVE-2024-43839, CVE-2024-43841, CVE-2024-43846, CVE-2024-43849,
CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858,
CVE-2024-43860, CVE-2024-43861, CVE-2024-43863, CVE-2024-43867,
CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873,
CVE-2024-43875, CVE-2024-43879, CVE-2024-43880, CVE-2024-43882,
CVE-2024-43883, CVE-2024-43884, CVE-2024-43889, CVE-2024-43890,
CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43902,
CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43909,
CVE-2024-43914, CVE-2024-44934, CVE-2024-44935, CVE-2024-44944,
CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44954,
CVE-2024-44958, CVE-2024-44960, CVE-2024-44965, CVE-2024-44966,
CVE-2024-44969, CVE-2024-44971, CVE-2024-44974, CVE-2024-44982,
CVE-2024-44983, CVE-2024-44985, CVE-2024-44986, CVE-2024-44987,
CVE-2024-44988, CVE-2024-44989, CVE-2024-44990, CVE-2024-44995,
CVE-2024-44998, CVE-2024-44999, CVE-2024-45003, CVE-2024-45006,
CVE-2024-45007, CVE-2024-45008, CVE-2024-45009, CVE-2024-45011,
CVE-2024-45018, CVE-2024-45021, CVE-2024-45025, CVE-2024-45026,
CVE-2024-45028, CVE-2024-46673, CVE-2024-46675, CVE-2024-46676,
CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46689,
CVE-2024-46702, CVE-2024-46707, CVE-2024-46713, CVE-2024-46714,
CVE-2024-46719, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723,
CVE-2024-46724, CVE-2024-46725, CVE-2024-46731, CVE-2024-46732,
CVE-2024-46737, CVE-2024-46738, CVE-2024-46739, CVE-2024-46740,
CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46746,
CVE-2024-46747, CVE-2024-46750, CVE-2024-46752, CVE-2024-46755,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46761, CVE-2024-46763, CVE-2024-46771, CVE-2024-46777,
CVE-2024-46780, CVE-2024-46781, CVE-2024-46782, CVE-2024-46783,
CVE-2024-46791, CVE-2024-46795, CVE-2024-46798, CVE-2024-46800,
CVE-2024-46804, CVE-2024-46805, CVE-2024-46807, CVE-2024-46810,
CVE-2024-46814, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,
CVE-2024-46819, CVE-2024-46822, CVE-2024-46828, CVE-2024-46829,
CVE-2024-46832, CVE-2024-46840, CVE-2024-46844, CVE-2024-47659,
CVE-2024-47660, CVE-2024-47663, CVE-2024-47665, CVE-2024-47667,
CVE-2024-47668, CVE-2024-47669
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1075.84
[USN-7120-2] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc96zkFAwAAAAAACgkQZ0GeRcM5nt17
jwf/RqN56twb1TaHL1KaNDGAcCQEtOzp1ImYJaUu23yp4lGtW444l4r4fKbwe4dXCTulvUDFM/fe
2V26Vq4LyMxJcj/9MYPi2kwdAjKjPEKm1gM50ZVg4U74PXpgY9nMDif+ddqPAfAGWgjUgpQkp+Li
5zVh6aqaV9CkNXx1E+QV7pr8fkV4+c2wtmJpIJqtYRos0vaceceEHzV+8Umu/Cp951sBCK8SICcH
be5ZTAluhuzwXJ9ztWiFXDE43x45R03ONcw7MKU7EuudhbNC0rIioasa3tzpABU9hxhDB9y3f0da
Zy55vbN1qXjoryykVu9wftGsuXTkfJmMiRH35X0fyA==
=/h+I
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7120-2
November 20, 2024
linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems
- linux-oracle-6.8: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- File systems infrastructure;
- Network traffic control;
(CVE-2024-46800, CVE-2024-43882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1018-azure 6.8.0-1018.21
linux-image-6.8.0-1018-azure-fde 6.8.0-1018.21
linux-image-azure 6.8.0-1018.21
linux-image-azure-fde 6.8.0-1018.21
Ubuntu 22.04 LTS
linux-image-6.8.0-1016-oracle 6.8.0-1016.17~22.04.1
linux-image-6.8.0-1016-oracle-64k 6.8.0-1016.17~22.04.1
linux-image-6.8.0-1018-azure 6.8.0-1018.21~22.04.1
linux-image-6.8.0-1018-azure-fde 6.8.0-1018.21~22.04.1
linux-image-6.8.0-1019-aws 6.8.0-1019.21~22.04.1
linux-image-aws 6.8.0-1019.21~22.04.1
linux-image-azure 6.8.0-1018.21~22.04.1
linux-image-azure-fde 6.8.0-1018.21~22.04.1
linux-image-oracle 6.8.0-1016.17~22.04.1
linux-image-oracle-64k 6.8.0-1016.17~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7120-2
https://ubuntu.com/security/notices/USN-7120-1
CVE-2024-43882, CVE-2024-46800
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1018.21
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1019.21~22.04.1
https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1018.21~22.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1016.17~22.04.1
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc96zkFAwAAAAAACgkQZ0GeRcM5nt17
jwf/RqN56twb1TaHL1KaNDGAcCQEtOzp1ImYJaUu23yp4lGtW444l4r4fKbwe4dXCTulvUDFM/fe
2V26Vq4LyMxJcj/9MYPi2kwdAjKjPEKm1gM50ZVg4U74PXpgY9nMDif+ddqPAfAGWgjUgpQkp+Li
5zVh6aqaV9CkNXx1E+QV7pr8fkV4+c2wtmJpIJqtYRos0vaceceEHzV+8Umu/Cp951sBCK8SICcH
be5ZTAluhuzwXJ9ztWiFXDE43x45R03ONcw7MKU7EuudhbNC0rIioasa3tzpABU9hxhDB9y3f0da
Zy55vbN1qXjoryykVu9wftGsuXTkfJmMiRH35X0fyA==
=/h+I
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7120-2
November 20, 2024
linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems
- linux-oracle-6.8: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- File systems infrastructure;
- Network traffic control;
(CVE-2024-46800, CVE-2024-43882)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1018-azure 6.8.0-1018.21
linux-image-6.8.0-1018-azure-fde 6.8.0-1018.21
linux-image-azure 6.8.0-1018.21
linux-image-azure-fde 6.8.0-1018.21
Ubuntu 22.04 LTS
linux-image-6.8.0-1016-oracle 6.8.0-1016.17~22.04.1
linux-image-6.8.0-1016-oracle-64k 6.8.0-1016.17~22.04.1
linux-image-6.8.0-1018-azure 6.8.0-1018.21~22.04.1
linux-image-6.8.0-1018-azure-fde 6.8.0-1018.21~22.04.1
linux-image-6.8.0-1019-aws 6.8.0-1019.21~22.04.1
linux-image-aws 6.8.0-1019.21~22.04.1
linux-image-azure 6.8.0-1018.21~22.04.1
linux-image-azure-fde 6.8.0-1018.21~22.04.1
linux-image-oracle 6.8.0-1016.17~22.04.1
linux-image-oracle-64k 6.8.0-1016.17~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7120-2
https://ubuntu.com/security/notices/USN-7120-1
CVE-2024-43882, CVE-2024-46800
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1018.21
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1019.21~22.04.1
https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1018.21~22.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1016.17~22.04.1
[USN-7121-2] Linux kernel (Azure) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc961EFAwAAAAAACgkQZ0GeRcM5nt0/
Mgf/U6WUE23+sBmSAz6cvLpHTaD8MvVj9ZMsGTRmuzuUusTyCjsUXxtwx1nL8EpaG5G26WKBmbxQ
e98LUO7wyJ9hYayA3/pwBO81l9SI9RlD5B85KvM7OVj5F7q3KcgJ+jWQR1PFxhUdhSjZ7ZlnnPwc
xfepacL0mAYJxmtyHOUhTbl/N7kKh5Tf1kjsG6mxcEshZ0/mrgApvdld6kmJ2ywD93hUJU6+n7aP
4fUWx7wwrCkkWMI7P/BOqbN54pDr8ibKQRmfOCXyowc90FWh3KnE9npLX2Nyl/REDCIiopK6GcO5
MUWmOQKbRWSYGBXWpfU8ye8aSBI7IAt6UZXXZNhQ9A==
=qiDB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-2
November 20, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-4.15.0-1183-azure 4.15.0-1183.198~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1183.198~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-2
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc961EFAwAAAAAACgkQZ0GeRcM5nt0/
Mgf/U6WUE23+sBmSAz6cvLpHTaD8MvVj9ZMsGTRmuzuUusTyCjsUXxtwx1nL8EpaG5G26WKBmbxQ
e98LUO7wyJ9hYayA3/pwBO81l9SI9RlD5B85KvM7OVj5F7q3KcgJ+jWQR1PFxhUdhSjZ7ZlnnPwc
xfepacL0mAYJxmtyHOUhTbl/N7kKh5Tf1kjsG6mxcEshZ0/mrgApvdld6kmJ2ywD93hUJU6+n7aP
4fUWx7wwrCkkWMI7P/BOqbN54pDr8ibKQRmfOCXyowc90FWh3KnE9npLX2Nyl/REDCIiopK6GcO5
MUWmOQKbRWSYGBXWpfU8ye8aSBI7IAt6UZXXZNhQ9A==
=qiDB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-2
November 20, 2024
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-4.15.0-1183-azure 4.15.0-1183.198~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1183.198~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-2
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
Tuesday, November 19, 2024
[USN-7121-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc9LCAFAwAAAAAACgkQZ0GeRcM5nt3Y
qAgAt+Ww2bnX0Dev/1EHyXcNMnlF5f+9DYUizSn6O+XwkcgmcLoj0NCGiIoxzqSzDq+wrjuSxyDu
ZDWSzf1sUsu9C31suU6rdVaYxV0w4JM89QSlcS1LvLhEzD3sX3TJDXpMdMWJNQxAfGM0J8kWO4D6
Qse/0UVCRrohrEIWrXNjHUefSmYMYVlRyiEfwO9ubiAhumnFX6w0NQ7oZs5V6C8gmFPRrgzcJ5zD
oqSdOVfl+p8d6NbsrIm96ARakFE55lMEEGhLTWX3Bftz3e31gjYM/i7FDzwvseWln9m48U+Rk23t
6OUSm1GBhwTTeIAMzxfxgq6lm87/tBN2A4JICpO94Q==
=v1XG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-1
November 19, 2024
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1137-oracle 4.15.0-1137.148
Available with Ubuntu Pro
linux-image-4.15.0-1158-kvm 4.15.0-1158.163
Available with Ubuntu Pro
linux-image-4.15.0-1168-gcp 4.15.0-1168.185
Available with Ubuntu Pro
linux-image-4.15.0-1175-aws 4.15.0-1175.188
Available with Ubuntu Pro
linux-image-4.15.0-1183-azure 4.15.0-1183.198
Available with Ubuntu Pro
linux-image-4.15.0-231-generic 4.15.0-231.243
Available with Ubuntu Pro
linux-image-4.15.0-231-lowlatency 4.15.0-231.243
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1175.173
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1183.151
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1168.181
Available with Ubuntu Pro
linux-image-generic 4.15.0.231.215
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1158.149
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.231.215
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1137.142
Available with Ubuntu Pro
linux-image-virtual 4.15.0.231.215
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1168-gcp 4.15.0-1168.185~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1175-aws 4.15.0-1175.188~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1183-azure 4.15.0-1183.198~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-231-generic 4.15.0-231.243~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-231-lowlatency 4.15.0-231.243~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1175.188~16.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1183.198~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1168.185~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1168.185~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmc9LCAFAwAAAAAACgkQZ0GeRcM5nt3Y
qAgAt+Ww2bnX0Dev/1EHyXcNMnlF5f+9DYUizSn6O+XwkcgmcLoj0NCGiIoxzqSzDq+wrjuSxyDu
ZDWSzf1sUsu9C31suU6rdVaYxV0w4JM89QSlcS1LvLhEzD3sX3TJDXpMdMWJNQxAfGM0J8kWO4D6
Qse/0UVCRrohrEIWrXNjHUefSmYMYVlRyiEfwO9ubiAhumnFX6w0NQ7oZs5V6C8gmFPRrgzcJ5zD
oqSdOVfl+p8d6NbsrIm96ARakFE55lMEEGhLTWX3Bftz3e31gjYM/i7FDzwvseWln9m48U+Rk23t
6OUSm1GBhwTTeIAMzxfxgq6lm87/tBN2A4JICpO94Q==
=v1XG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7121-1
November 19, 2024
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ATM drivers;
- Device frequency scaling framework;
- GPU drivers;
- Hardware monitoring drivers;
- VMware VMCI Driver;
- Network drivers;
- Device tree and open firmware driver;
- SCSI drivers;
- Greybus lights staging drivers;
- BTRFS file system;
- File systems infrastructure;
- F2FS file system;
- JFS file system;
- NILFS2 file system;
- Netfilter;
- Memory management;
- Ethernet bridge;
- IPv6 networking;
- IUCV driver;
- Logical Link layer;
- MAC80211 subsystem;
- NFC subsystem;
- Network traffic control;
- Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1137-oracle 4.15.0-1137.148
Available with Ubuntu Pro
linux-image-4.15.0-1158-kvm 4.15.0-1158.163
Available with Ubuntu Pro
linux-image-4.15.0-1168-gcp 4.15.0-1168.185
Available with Ubuntu Pro
linux-image-4.15.0-1175-aws 4.15.0-1175.188
Available with Ubuntu Pro
linux-image-4.15.0-1183-azure 4.15.0-1183.198
Available with Ubuntu Pro
linux-image-4.15.0-231-generic 4.15.0-231.243
Available with Ubuntu Pro
linux-image-4.15.0-231-lowlatency 4.15.0-231.243
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1175.173
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1183.151
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1168.181
Available with Ubuntu Pro
linux-image-generic 4.15.0.231.215
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1158.149
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.231.215
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1137.142
Available with Ubuntu Pro
linux-image-virtual 4.15.0.231.215
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1168-gcp 4.15.0-1168.185~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1175-aws 4.15.0-1175.188~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1183-azure 4.15.0-1183.198~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-231-generic 4.15.0-231.243~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-231-lowlatency 4.15.0-231.243~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1175.188~16.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1183.198~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1168.185~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1168.185~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.231.243~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7121-1
CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,
CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,
CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,
CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,
CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,
CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,
CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,
CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,
CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,
CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,
CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,
CVE-2024-46800
Subscribe to:
Posts (Atom)