[USN-8178-1] oFono vulnerabilities

========================================================================== Ubuntu Security Notice USN-8178-1 April 16, 2026 ofono vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: oFono could be made to crash if it received specially crafted input. Software Description: - ofono: A free software project for mobile telephony applications Details: It was discovered that oFono incorrectly handled crafted responses from AT commands. An attacker could possibly use this issue to crash the program, resulting in a denial of service or arbitrary code execution. (CVE-2024-7538, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541, CVE-2024-7542) Lucas Leong discovered that oFono incorrectly handled crafted input. An attacker could possibly use this issue to crash the program, resulting in a denial of service or arbitrary code execution. (CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546, CVE-2024-7547) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ofono 1.31-3ubuntu3.24.04.2+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS ofono 1.31-3ubuntu1.2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS ofono 1.31-2ubuntu1+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS ofono 1.21-1ubuntu1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS ofono 1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3 Available with Ubuntu Pro References: https://ubuntu.com/security/notices/USN-8178-1 CVE-2024-7538, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541, CVE-2024-7542, CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546, CVE-2024-7547