==========================================================================
Ubuntu Security Notice USN-6989-1
September 04, 2024
ironic vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenStack could be made to expose sensitive information.
Software Description:
- ironic: Openstack bare metal provisioning service - API
Details:
Dan Smith, Julia Kreger and Jay Faulkner discovered that in
image processing for Ironic, a specially crafted image
could be used by an authenticated user to exploit undesired behaviors
in qemu-img, including possible unauthorized access to potentially
sensitive data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-ironic 1:24.1.1-0ubuntu1.2
Ubuntu 22.04 LTS
python3-ironic 1:20.1.0-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6989-1
CVE-2024-44082
Package Information:
https://launchpad.net/ubuntu/+source/ironic/1:24.1.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ironic/1:20.1.0-0ubuntu1.2
Wednesday, September 4, 2024
[USN-6985-1] ImageMagick vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmbYbgUFAwAAAAAACgkQC+du+fOjiEz4
eQv/ZLDaMITZlLSjX/i2b2ROOlzy7ynebk372MskuBgJ2iZmpgzmHBY7sMYmFawkGBnsSV299Jtl
UQ77jlMR6ZV/BGe/CH92Tmz+igHk8rWywPbUPmpaKbArZoHVWzXtIo34ro/a/cOeX1fRGpPu1+Oy
PeIODD0JMAZ1gnZ6AY5gOQ9C5ruI/TqNFcUzGy8F5Xd7XuHA2XzCnjENY9nxZSTJDeBgzH4KCSqR
6F4tZI+R1PcMCfGR3GtmRY1bZW9FRmRbekIeQ3l131ejt7YFhzV7oYzR0sqmK2QdWcxwGVgV9oQm
+1XoTK1S8spoe36hTWyCBcwCt2wN6Zoxo7beAYGjAkOnsv4QWmF2OsW3j63u5yDvl/qKa7YKLppv
SixTynMu932T5ku25ZkM6t5Gv5OJrBdKIGn6D/S3eWBS+uiSr5O/MaSk4/77/xEH64vdfu0vl9wE
I2v5Pfv8l8PmjE4vLoTaldgY26rnn88AvkPoM1YID1S5fyWm+z2SW5W4FZSR
=0FoU
-----END PGP SIGNATURE-----
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6985-1
CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975,
CVE-2019-12976, CVE-2019-12978, CVE-2019-12979
wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmbYbgUFAwAAAAAACgkQC+du+fOjiEz4
eQv/ZLDaMITZlLSjX/i2b2ROOlzy7ynebk372MskuBgJ2iZmpgzmHBY7sMYmFawkGBnsSV299Jtl
UQ77jlMR6ZV/BGe/CH92Tmz+igHk8rWywPbUPmpaKbArZoHVWzXtIo34ro/a/cOeX1fRGpPu1+Oy
PeIODD0JMAZ1gnZ6AY5gOQ9C5ruI/TqNFcUzGy8F5Xd7XuHA2XzCnjENY9nxZSTJDeBgzH4KCSqR
6F4tZI+R1PcMCfGR3GtmRY1bZW9FRmRbekIeQ3l131ejt7YFhzV7oYzR0sqmK2QdWcxwGVgV9oQm
+1XoTK1S8spoe36hTWyCBcwCt2wN6Zoxo7beAYGjAkOnsv4QWmF2OsW3j63u5yDvl/qKa7YKLppv
SixTynMu932T5ku25ZkM6t5Gv5OJrBdKIGn6D/S3eWBS+uiSr5O/MaSk4/77/xEH64vdfu0vl9wE
I2v5Pfv8l8PmjE4vLoTaldgY26rnn88AvkPoM1YID1S5fyWm+z2SW5W4FZSR
=0FoU
-----END PGP SIGNATURE-----
==============================
Ubuntu Security Notice USN-6985-1
September 04, 2024
imagemagick vulnerabilities
==============================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/no
CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975,
CVE-2019-12976, CVE-2019-12978, CVE-2019-12979
[announce] Sept 4 NYC*BUG: GEFS: The Long road to Production Use, Ori Bernstein
RSVPs closing at 12 noon EDT today
GEFS: The Long road to Production Use, Ori Bernstein
2024-09-04 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn
RSVP: Those either considering or wishing to attend, a guest list is
required by the venue. Please RVSP to rsvp at lists dot nycbug dot org
no later than noon localtime, day-of; an acknowledgement will be sent
and the email address will be used solely for the purpose of attendance
to this meeting's venue.
***The hard deadline for RSVPs is 12 noon EDT on the day of the meeting.***
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
GEFS: The Long road to Production Use
Since GEFS was announced and discussed, a lot of debugging and
stabilization has happened. I'm using it on my laptop. Others are
testing it out. But there's still a lot of work to do. Join for an
update on it.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
GEFS: The Long road to Production Use, Ori Bernstein
2024-09-04 @ 18:45 EDT (22:45 UTC) - NYU Tandon Engineering Building
(new), 370 Jay St, 7th Floor kitchen area, Brooklyn
RSVP: Those either considering or wishing to attend, a guest list is
required by the venue. Please RVSP to rsvp at lists dot nycbug dot org
no later than noon localtime, day-of; an acknowledgement will be sent
and the email address will be used solely for the purpose of attendance
to this meeting's venue.
***The hard deadline for RSVPs is 12 noon EDT on the day of the meeting.***
Remote participation: Plans are to stream via NYC*BUG website. Q&A will
be via IRC on libera.chat channel #nycbug - please preface your
questions with '[Q]'.
GEFS: The Long road to Production Use
Since GEFS was announced and discussed, a lot of debugging and
stabilization has happened. I'm using it on my laptop. Others are
testing it out. But there's still a lot of work to do. Join for an
update on it.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
https://lists.nycbug.org:8443/mailman/listinfo/announce
[USN-6988-1] Twisted vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEE5rkwSLC9ntq84w397Dtram9gyMMFAmbYNYgFAwAAAAAACgkQ7Dtram9gyMO4
PQf+Nac72axe8j+v6WqhWYUjWXj8CM3GVT3uOFHz/smb5P51VuVWGNdQMmfgpvjlebhX+86NQ7qE
R8oUP8OR0WsigSbSAa51Xcdz/n7/tP8kW738BLqabzueCOP73nSKPADzpcHnQYz33kO8MTq9Nw32
1vig/j87oczvLG9fuPRrtdSDzESg8M5XPK2NlP0yewRuLPDa7uhs/vc0+Csw/8d9qhWgYzC8Dj2z
dZmNzrAkh6x9HrKc3ZijGZ1ahNgoWGanq3oqEsslqH0ckFlWoidbWIyx2TjGejcAv6UPogO8FbE8
eELnDgp1W8OY3sTnvwuwFHEoDKg9FaciHxMIyUmkMA==
=uuX8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6988-1
September 04, 2024
twisted vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Twisted.
Software Description:
- twisted: Event-based framework for internet applications
Details:
It was discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)
It was discovered that Twisted did not properly sanitize certain input.
An attacker could use this vulnerability to possibly execute an HTML
injection leading to a cross-site scripting (XSS) attack.
(CVE-2024-41810)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-twisted 24.3.0-1ubuntu0.1
Ubuntu 22.04 LTS
python3-twisted 22.1.0-2ubuntu2.5
Ubuntu 20.04 LTS
python3-twisted 18.9.0-11ubuntu0.20.04.4
Ubuntu 18.04 LTS
python-twisted 17.9.0-2ubuntu0.3+esm1
Available with Ubuntu Pro
python3-twisted 17.9.0-2ubuntu0.3+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-twisted 16.0.0-1ubuntu0.4+esm2
Available with Ubuntu Pro
python3-twisted 16.0.0-1ubuntu0.4+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-twisted 13.2.0-1ubuntu1.2+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6988-1
CVE-2024-41671, CVE-2024-41810
Package Information:
https://launchpad.net/ubuntu/+source/twisted/24.3.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.5
https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.4
wsB5BAABCAAjFiEE5rkwSLC9ntq84w397Dtram9gyMMFAmbYNYgFAwAAAAAACgkQ7Dtram9gyMO4
PQf+Nac72axe8j+v6WqhWYUjWXj8CM3GVT3uOFHz/smb5P51VuVWGNdQMmfgpvjlebhX+86NQ7qE
R8oUP8OR0WsigSbSAa51Xcdz/n7/tP8kW738BLqabzueCOP73nSKPADzpcHnQYz33kO8MTq9Nw32
1vig/j87oczvLG9fuPRrtdSDzESg8M5XPK2NlP0yewRuLPDa7uhs/vc0+Csw/8d9qhWgYzC8Dj2z
dZmNzrAkh6x9HrKc3ZijGZ1ahNgoWGanq3oqEsslqH0ckFlWoidbWIyx2TjGejcAv6UPogO8FbE8
eELnDgp1W8OY3sTnvwuwFHEoDKg9FaciHxMIyUmkMA==
=uuX8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6988-1
September 04, 2024
twisted vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Twisted.
Software Description:
- twisted: Event-based framework for internet applications
Details:
It was discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)
It was discovered that Twisted did not properly sanitize certain input.
An attacker could use this vulnerability to possibly execute an HTML
injection leading to a cross-site scripting (XSS) attack.
(CVE-2024-41810)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-twisted 24.3.0-1ubuntu0.1
Ubuntu 22.04 LTS
python3-twisted 22.1.0-2ubuntu2.5
Ubuntu 20.04 LTS
python3-twisted 18.9.0-11ubuntu0.20.04.4
Ubuntu 18.04 LTS
python-twisted 17.9.0-2ubuntu0.3+esm1
Available with Ubuntu Pro
python3-twisted 17.9.0-2ubuntu0.3+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-twisted 16.0.0-1ubuntu0.4+esm2
Available with Ubuntu Pro
python3-twisted 16.0.0-1ubuntu0.4+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-twisted 13.2.0-1ubuntu1.2+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6988-1
CVE-2024-41671, CVE-2024-41810
Package Information:
https://launchpad.net/ubuntu/+source/twisted/24.3.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.5
https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.4
Tuesday, September 3, 2024
[USN-6987-1] Django vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6987-1
September 03, 2024
python-django vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description:
- python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-45230)
It was discovered that Django incorrectly handled certain email sending
failures. A remote attacker could possibly use this issue to enumerate
user emails by issuing password reset requests and observing the outcomes.
(CVE-2024-45231)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.3
Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.14
Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.25
Ubuntu 18.04 LTS
python-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro
python3-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6987-1
CVE-2024-45230, CVE-2024-45231
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25
Ubuntu Security Notice USN-6987-1
September 03, 2024
python-django vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description:
- python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-45230)
It was discovered that Django incorrectly handled certain email sending
failures. A remote attacker could possibly use this issue to enumerate
user emails by issuing password reset requests and observing the outcomes.
(CVE-2024-45231)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.3
Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.14
Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.25
Ubuntu 18.04 LTS
python-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro
python3-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6987-1
CVE-2024-45230, CVE-2024-45231
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25
[USN-6986-1] OpenSSL vulnerability
==========================================================================
Ubuntu Security Notice USN-6986-1
September 03, 2024
openssl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenSSL could be made to crash or expose sensitive information
if it received a specially crafted certificate.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
David Benjamin discovered that OpenSSL incorrectly handled certain
X.509 certificates. An attacker could possible use this issue to
cause a denial of service or expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.4
openssl 3.0.13-0ubuntu3.4
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.18
openssl 3.0.2-0ubuntu1.18
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6986-1
CVE-2024-6119
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.4
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.18
Ubuntu Security Notice USN-6986-1
September 03, 2024
openssl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenSSL could be made to crash or expose sensitive information
if it received a specially crafted certificate.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
David Benjamin discovered that OpenSSL incorrectly handled certain
X.509 certificates. An attacker could possible use this issue to
cause a denial of service or expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.4
openssl 3.0.13-0ubuntu3.4
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.18
openssl 3.0.2-0ubuntu1.18
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6986-1
CVE-2024-6119
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.4
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.18
[USN-6981-2] Drupal vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbXMWwFAwAAAAAACgkQ9uFA9ts1nlhf
uQ/9FaDvg4WMvedDtBOzDXFZoMNeSjz9gr1kq/fQ1U8eZjTvG8XAAIr/tfdeOVFstvPstSAbD1Ju
7eFWyS//W4QFe/xrb6NPa/G/Ncsxdpi/9ZFTeSobVfLvZ4fDBYsXihAQCF/sTQJ5KnMwRRmHVvP+
d2ohg2SO29qBGvq9Ivh/+WQcmm8p+jsOb0O/m0ia6sjM778mcKfbPr1EXdMIap0pA3dR7Wk98qyK
B+L3YdjfBIKnvO5T9LfyAzFwmvIKwzujwfrXrd6lOd5Xe422ZtQzbd5orhMieCNH1FVruNGZVGjA
0Xlj4ygx4PNEjm9rmsaSeUxFlFDzMQeLBEx6VVKFqrv3OlCWlIOS6XHuMKD6TRhjpvEg7BVjpcbQ
EmoIfAkVi3+W1SiNaZt+6cOgb4GjVmPnG4PMpJIzhZrRwfdL/M9t4vJpvS5iJKsWRjc13tCUdZeV
sezbovLR21qmnCeMF60u5LK39itJBXUblilXll0U5b2rTzmlvxxApJJ/4tpNm6bHju00nSfp0e4w
QoQkn+oBNQCwmNluYXoP9SftCLykogRavaajIPiKz+92UEjx6WpQ2rkB/Hickn9MISJ9mcLEMAmA
wIPk5vbkIbZs6zeeo5jlOX9olNNSmXzGMvIPcShsoOAUnd2+sl6n6vHdYzGA0wtVtBciYClaa18Y
8zg=
=9otK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6981-2
September 03, 2024
drupal7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Drupal could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- drupal7: fully-featured content management framework
Details:
USN-6981-1 fixed vulnerabilities in Drupal. This update provides the
corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)
It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary
files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
drupal7 7.26-1ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6981-2
https://ubuntu.com/security/notices/USN-6981-1
CVE-2020-13671, CVE-2020-28948, CVE-2020-28949
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbXMWwFAwAAAAAACgkQ9uFA9ts1nlhf
uQ/9FaDvg4WMvedDtBOzDXFZoMNeSjz9gr1kq/fQ1U8eZjTvG8XAAIr/tfdeOVFstvPstSAbD1Ju
7eFWyS//W4QFe/xrb6NPa/G/Ncsxdpi/9ZFTeSobVfLvZ4fDBYsXihAQCF/sTQJ5KnMwRRmHVvP+
d2ohg2SO29qBGvq9Ivh/+WQcmm8p+jsOb0O/m0ia6sjM778mcKfbPr1EXdMIap0pA3dR7Wk98qyK
B+L3YdjfBIKnvO5T9LfyAzFwmvIKwzujwfrXrd6lOd5Xe422ZtQzbd5orhMieCNH1FVruNGZVGjA
0Xlj4ygx4PNEjm9rmsaSeUxFlFDzMQeLBEx6VVKFqrv3OlCWlIOS6XHuMKD6TRhjpvEg7BVjpcbQ
EmoIfAkVi3+W1SiNaZt+6cOgb4GjVmPnG4PMpJIzhZrRwfdL/M9t4vJpvS5iJKsWRjc13tCUdZeV
sezbovLR21qmnCeMF60u5LK39itJBXUblilXll0U5b2rTzmlvxxApJJ/4tpNm6bHju00nSfp0e4w
QoQkn+oBNQCwmNluYXoP9SftCLykogRavaajIPiKz+92UEjx6WpQ2rkB/Hickn9MISJ9mcLEMAmA
wIPk5vbkIbZs6zeeo5jlOX9olNNSmXzGMvIPcShsoOAUnd2+sl6n6vHdYzGA0wtVtBciYClaa18Y
8zg=
=9otK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6981-2
September 03, 2024
drupal7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Drupal could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- drupal7: fully-featured content management framework
Details:
USN-6981-1 fixed vulnerabilities in Drupal. This update provides the
corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)
It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary
files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
drupal7 7.26-1ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6981-2
https://ubuntu.com/security/notices/USN-6981-1
CVE-2020-13671, CVE-2020-28948, CVE-2020-28949
Monday, September 2, 2024
[USN-6973-4] Linux kernel (Raspberry Pi) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmbWDIkFAwAAAAAACgkQZ0GeRcM5nt2y
cQf9FDSTveXRpsuykIcH1eEkfqh7eQD3DDMaA5/xmcEvfXwNClf/S0FjE0ldkEoIiDaCzb5V2G8u
WYqG8LcrkUIkijVQjJpaRUq/muoKreKTDSQxue/4uyQ+jBYH9urE/ToxQJYFqSH9ElCoOPYsSzRS
xjVNJgWpjPJ9xmtS5RFW3OsE9cchfLmlyWwVDeqiaHrpDtqg7n5vEO+7+cT0cEUXCq2Ex/5JQVpM
U5inPcSqTftQBbX2IFED0PepokFXbadqAlPdDv350+gYxW5d+wdDXJJvuIW1kHFTRUm/5LzCK9Qu
NagmE1pmKBVZMFzxRpFB1/p9u9DNYUmisZfGo9m8pQ==
=vdp5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6973-4
September 02, 2024
linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-5.4.0-1115-raspi 5.4.0-1115.127~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1115.127~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6973-4
https://ubuntu.com/security/notices/USN-6973-3
https://ubuntu.com/security/notices/USN-6973-2
https://ubuntu.com/security/notices/USN-6973-1
CVE-2021-46926, CVE-2023-52629, CVE-2023-52760, CVE-2024-24860,
CVE-2024-26830, CVE-2024-26921, CVE-2024-26929, CVE-2024-36901,
CVE-2024-39484
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmbWDIkFAwAAAAAACgkQZ0GeRcM5nt2y
cQf9FDSTveXRpsuykIcH1eEkfqh7eQD3DDMaA5/xmcEvfXwNClf/S0FjE0ldkEoIiDaCzb5V2G8u
WYqG8LcrkUIkijVQjJpaRUq/muoKreKTDSQxue/4uyQ+jBYH9urE/ToxQJYFqSH9ElCoOPYsSzRS
xjVNJgWpjPJ9xmtS5RFW3OsE9cchfLmlyWwVDeqiaHrpDtqg7n5vEO+7+cT0cEUXCq2Ex/5JQVpM
U5inPcSqTftQBbX2IFED0PepokFXbadqAlPdDv350+gYxW5d+wdDXJJvuIW1kHFTRUm/5LzCK9Qu
NagmE1pmKBVZMFzxRpFB1/p9u9DNYUmisZfGo9m8pQ==
=vdp5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6973-4
September 02, 2024
linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-5.4.0-1115-raspi 5.4.0-1115.127~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1115.127~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-6973-4
https://ubuntu.com/security/notices/USN-6973-3
https://ubuntu.com/security/notices/USN-6973-2
https://ubuntu.com/security/notices/USN-6973-1
CVE-2021-46926, CVE-2023-52629, CVE-2023-52760, CVE-2024-24860,
CVE-2024-26830, CVE-2024-26921, CVE-2024-26929, CVE-2024-36901,
CVE-2024-39484
[USN-6984-1] WebOb vulnerability
==========================================================================
Ubuntu Security Notice USN-6984-1
September 02, 2024
python-webob vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
WebOb could be made to redirect of forward to undesired URLs.
Software Description:
- python-webob: Python module providing WSGI request and response objects
Details:
It was discovered that WebOb incorrectly handled certain URLs.
An attacker could possibly use this issue to control a redirect or
forward to another URL.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-webob 1:1.8.7-1ubuntu0.1.24.04.1
Ubuntu 22.04 LTS
python3-webob 1:1.8.6-1.1ubuntu0.1
Ubuntu 20.04 LTS
python3-webob 1:1.8.5-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6984-1
CVE-2024-42353
Package Information:
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.7-1ubuntu0.1.24.04.1
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.6-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.5-2ubuntu0.1
Ubuntu Security Notice USN-6984-1
September 02, 2024
python-webob vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
WebOb could be made to redirect of forward to undesired URLs.
Software Description:
- python-webob: Python module providing WSGI request and response objects
Details:
It was discovered that WebOb incorrectly handled certain URLs.
An attacker could possibly use this issue to control a redirect or
forward to another URL.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-webob 1:1.8.7-1ubuntu0.1.24.04.1
Ubuntu 22.04 LTS
python3-webob 1:1.8.6-1.1ubuntu0.1
Ubuntu 20.04 LTS
python3-webob 1:1.8.5-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6984-1
CVE-2024-42353
Package Information:
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.7-1ubuntu0.1.24.04.1
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.6-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-webob/1:1.8.5-2ubuntu0.1
[USN-6983-1] FFmpeg vulnerability
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbV0H8FAwAAAAAACgkQ9uFA9ts1nlgv
KA/+P9DDRvqsuuYpgVmwcUND2vPryVLT8oJdzj+5O9DnNh0XmfvkxpdPdMj8Plzsas9F1f1184BT
R2c4JIUAOZ8WINLZDbMd0V/r8BePu0vuXJ6x2klgzRbANN0fHjN+4ZPTRg2D5olciVITQDhA0RL4
jxySDXZoL6o/1XXQeNTp8sLvO6VG2w4O4hQyYk7KIio0qlPWkPd7IybXnxAP5lT6C+LYUbQabwNP
xjPbOfWq5IHUGxmfxmeRWCqBdZsAEzLFtuF53d/tU0D2uVeOk79oRzYREvZsungUO95IHpU17lpg
d/erF46WFkMLRrNc60KMRamAGjOxoPxs/NiR17mxJwuvAGvUcyM3anKdaaxFdcHzJ8ySlbJtZV5u
Au1XOvl2i1F25BWxKerqLIDmRF8ZjSf1RWvOAE7bsvhb1LaAUv1oRRCp4yNOmWjICayUy4t22UHM
etnDZ73SnMV8GWU9Ej9fJOzlJ3lu9rttOZp5fJC3FG6b0o+AkrM60fXx7jFpahtGC41fU6HSO8Wh
ic1fU78cGD1FoO/1J746PauPw8co5pmhIvvmTA0i8rN8qYTsVkYSCYUv+eAISaojx3U/xH214piT
LCl66A4BYXWO4Cm0Rk5lfoYj6Q1Ld22p3zar+GBy0CGpE5qrVq/qnstyTCP10ChxpFJKR+yboCb9
5bg=
=V7tB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6983-1
September 02, 2024
ffmpeg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during
video encoding. An attacker could possibly use this issue to perform a
denial of service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-dev 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavdevice60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter-extra9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavutil58 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libpostproc57 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswresample4 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswscale7 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-dev 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample4 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil56 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc55 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample3 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale5 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample3 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil55 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc54 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample2 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale4 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libav-tools 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-dev 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6983-1
CVE-2024-32230
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbV0H8FAwAAAAAACgkQ9uFA9ts1nlgv
KA/+P9DDRvqsuuYpgVmwcUND2vPryVLT8oJdzj+5O9DnNh0XmfvkxpdPdMj8Plzsas9F1f1184BT
R2c4JIUAOZ8WINLZDbMd0V/r8BePu0vuXJ6x2klgzRbANN0fHjN+4ZPTRg2D5olciVITQDhA0RL4
jxySDXZoL6o/1XXQeNTp8sLvO6VG2w4O4hQyYk7KIio0qlPWkPd7IybXnxAP5lT6C+LYUbQabwNP
xjPbOfWq5IHUGxmfxmeRWCqBdZsAEzLFtuF53d/tU0D2uVeOk79oRzYREvZsungUO95IHpU17lpg
d/erF46WFkMLRrNc60KMRamAGjOxoPxs/NiR17mxJwuvAGvUcyM3anKdaaxFdcHzJ8ySlbJtZV5u
Au1XOvl2i1F25BWxKerqLIDmRF8ZjSf1RWvOAE7bsvhb1LaAUv1oRRCp4yNOmWjICayUy4t22UHM
etnDZ73SnMV8GWU9Ej9fJOzlJ3lu9rttOZp5fJC3FG6b0o+AkrM60fXx7jFpahtGC41fU6HSO8Wh
ic1fU78cGD1FoO/1J746PauPw8co5pmhIvvmTA0i8rN8qYTsVkYSCYUv+eAISaojx3U/xH214piT
LCl66A4BYXWO4Cm0Rk5lfoYj6Q1Ld22p3zar+GBy0CGpE5qrVq/qnstyTCP10ChxpFJKR+yboCb9
5bg=
=V7tB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6983-1
September 02, 2024
ffmpeg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during
video encoding. An attacker could possibly use this issue to perform a
denial of service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-dev 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavdevice60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter-extra9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavutil58 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libpostproc57 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswresample4 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswscale7 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-dev 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample4 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil56 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc55 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample3 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale5 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample3 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil55 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc54 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample2 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale4 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libav-tools 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-dev 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6983-1
CVE-2024-32230
[USN-6982-1] Dovecot vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6982-1
September 02, 2024
dovecot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Dovecot.
Software Description:
- dovecot: IMAP and POP3 email server
Details:
It was discovered that Dovecot did not not properly have restrictions on
ithe size of address headers. A remote attacker could possibly use this
issue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
dovecot-core 1:2.3.21+dfsg1-2ubuntu6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6982-1
CVE-2024-23184, CVE-2024-23185
Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.21+dfsg1-2ubuntu6
Ubuntu Security Notice USN-6982-1
September 02, 2024
dovecot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Dovecot.
Software Description:
- dovecot: IMAP and POP3 email server
Details:
It was discovered that Dovecot did not not properly have restrictions on
ithe size of address headers. A remote attacker could possibly use this
issue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
dovecot-core 1:2.3.21+dfsg1-2ubuntu6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6982-1
CVE-2024-23184, CVE-2024-23185
Package Information:
https://launchpad.net/ubuntu/+source/dovecot/1:2.3.21+dfsg1-2ubuntu6
Sunday, September 1, 2024
[lfs-announce] LFS and BLFS 12.2 are released.
The Linux From Scratch community is pleased to announce the release of
LFS Version 12.2, LFS Version 12.2 (systemd), BLFS Version 12.2, and
BLFS Version 12.2 (systemd).
This release is a major update to both LFS and BLFS.
The LFS release includes updates to binutils-2.43.1, glibc-2.40, and gcc-14.2.0. In
total, 45 packages were updated since the last release and extensive updates to the
text have been made throughout the book to improve readability. The Linux kernel has
also been updated to version 6.10.5.
Overall there have been 146 commits to LFS since the previous stable version of the book.
In BLFS, a significant change was an upgrade from KDE5 (Frameworks, Gear, Plasma) to
KDE6. New packages of interest that were added are FreeRDP, gnome-connections, and
KDE's dolphin and konversation. A total of 32 other packages were added to support
other packages already in the book. In addition 21 unmaintained packages have been
removed. This includes Python2 and GTK2 and packages that have not been updated to
use more current versions.
Overall there were more than 925 tickets closed via more than 1750 commits made to
the book.
Please see the ChangeLog in the book for a full list of changes.
DEPRECATION NOTICE: Future versions of BLFS will remove qt5.
Thanks for this release goes to many contributors. Notably:
Douglas Reno
Xi Ruoyao
Thomas Trepl
Tim Tassonis
Rahul Chandra
You can read the books online[0]-[3], or download[4]-[7] to read locally.
Please direct any comments about this release to the LFS development
team at lfs-dev@lists.linuxfromscratch.org or
blfs-dev@lists.linuxfromscratch.org. Registration for the mailing lists
is required to avoid junk email.
-- Bruce Dubbs
LFS
[0] http://www.linuxfromscratch.org/lfs/view/12.2/
[1] http://www.linuxfromscratch.org/blfs/view/12.2/
[2] http://www.linuxfromscratch.org/lfs/view/12.2-systemd/
[3] http://www.linuxfromscratch.org/blfs/view/12.2-systemd/
[4] http://www.linuxfromscratch.org/lfs/downloads/12.2/
[5] http://www.linuxfromscratch.org/blfs/downloads/12.2/
[6] http://www.linuxfromscratch.org/lfs/downloads/12.2-systemd/
[7] http://www.linuxfromscratch.org/blfs/downloads/12.2-systemd/
LFS Version 12.2, LFS Version 12.2 (systemd), BLFS Version 12.2, and
BLFS Version 12.2 (systemd).
This release is a major update to both LFS and BLFS.
The LFS release includes updates to binutils-2.43.1, glibc-2.40, and gcc-14.2.0. In
total, 45 packages were updated since the last release and extensive updates to the
text have been made throughout the book to improve readability. The Linux kernel has
also been updated to version 6.10.5.
Overall there have been 146 commits to LFS since the previous stable version of the book.
In BLFS, a significant change was an upgrade from KDE5 (Frameworks, Gear, Plasma) to
KDE6. New packages of interest that were added are FreeRDP, gnome-connections, and
KDE's dolphin and konversation. A total of 32 other packages were added to support
other packages already in the book. In addition 21 unmaintained packages have been
removed. This includes Python2 and GTK2 and packages that have not been updated to
use more current versions.
Overall there were more than 925 tickets closed via more than 1750 commits made to
the book.
Please see the ChangeLog in the book for a full list of changes.
DEPRECATION NOTICE: Future versions of BLFS will remove qt5.
Thanks for this release goes to many contributors. Notably:
Douglas Reno
Xi Ruoyao
Thomas Trepl
Tim Tassonis
Rahul Chandra
You can read the books online[0]-[3], or download[4]-[7] to read locally.
Please direct any comments about this release to the LFS development
team at lfs-dev@lists.linuxfromscratch.org or
blfs-dev@lists.linuxfromscratch.org. Registration for the mailing lists
is required to avoid junk email.
-- Bruce Dubbs
LFS
[0] http://www.linuxfromscratch.org/lfs/view/12.2/
[1] http://www.linuxfromscratch.org/blfs/view/12.2/
[2] http://www.linuxfromscratch.org/lfs/view/12.2-systemd/
[3] http://www.linuxfromscratch.org/blfs/view/12.2-systemd/
[4] http://www.linuxfromscratch.org/lfs/downloads/12.2/
[5] http://www.linuxfromscratch.org/blfs/downloads/12.2/
[6] http://www.linuxfromscratch.org/lfs/downloads/12.2-systemd/
[7] http://www.linuxfromscratch.org/blfs/downloads/12.2-systemd/
Subscribe to:
Posts (Atom)