ubuntu jammy v1.613
Metadata:
BOSH Agent Version: 2.695.0
Kernel Version: 5.15.0.122.122
USNs:
Title: USN-7007-3: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7007-3
Priorities: medium,unknown,high,low,critical
Description:
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel
did not properly check for the device to be enabled before writing. A local
attacker could possibly use this to cause a denial of service.
(CVE-2024-25741)
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- M68K architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Accessibility subsystem;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Bluetooth drivers;
- Character device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Macintosh device drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- NVME drivers;
- Pin controllers subsystem;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Greybus lights staging drivers;
- Media staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- DesignWare USB3 driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- eCrypt file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- IOMMU subsystem;
- Memory management;
- Netfilter;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Tracing infrastructure;
- 9P file system network protocol;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- Multipath TCP;
- NET/ROM layer;
- NFC subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
- Kirkwood ASoC drivers;
(CVE-2024-42105, CVE-2024-41002, CVE-2024-38558, CVE-2023-52887,
CVE-2024-39487, CVE-2024-39276, CVE-2024-42077, CVE-2024-39493,
CVE-2024-40934, CVE-2024-39277, CVE-2024-42087, CVE-2024-38598,
CVE-2024-38618, CVE-2024-40981, CVE-2024-42127, CVE-2024-38607,
CVE-2024-38586, CVE-2024-40901, CVE-2024-40916, CVE-2024-42247,
CVE-2024-42093, CVE-2024-36489, CVE-2024-38615, CVE-2024-42120,
CVE-2024-38567, CVE-2024-40957, CVE-2024-39501, CVE-2024-42140,
CVE-2024-33621, CVE-2024-38573, CVE-2023-52884, CVE-2024-39468,
CVE-2024-41092, CVE-2024-40931, CVE-2024-42145, CVE-2024-39490,
CVE-2024-38555, CVE-2024-42086, CVE-2024-38597, CVE-2024-40956,
CVE-2024-42223, CVE-2024-36894, CVE-2024-40961, CVE-2024-42076,
CVE-2024-40994, CVE-2024-38619, CVE-2024-39467, CVE-2024-39466,
CVE-2022-48772, CVE-2024-39507, CVE-2024-40914, CVE-2024-41046,
CVE-2024-42094, CVE-2024-38591, CVE-2024-42098, CVE-2024-41027,
CVE-2024-41040, CVE-2024-41089, CVE-2024-40945, CVE-2024-39503,
CVE-2024-37356, CVE-2024-36286, CVE-2024-39495, CVE-2024-42101,
CVE-2024-40941, CVE-2024-42137, CVE-2024-38381, CVE-2024-38627,
CVE-2024-31076, CVE-2024-42092, CVE-2024-40932, CVE-2024-40995,
CVE-2024-40937, CVE-2024-39489, CVE-2024-42084, CVE-2024-40929,
CVE-2024-36978, CVE-2024-36015, CVE-2024-36014, CVE-2024-42124,
CVE-2024-40976, CVE-2024-39502, CVE-2024-38599, CVE-2024-38661,
CVE-2024-42104, CVE-2024-42096, CVE-2024-40904, CVE-2024-40990,
CVE-2024-38579, CVE-2024-40974, CVE-2024-41055, CVE-2024-38633,
CVE-2024-38659, CVE-2024-41093, CVE-2024-42154, CVE-2024-38624,
CVE-2024-41049, CVE-2024-38552, CVE-2024-38578, CVE-2024-38605,
CVE-2024-40970, CVE-2024-38601, CVE-2024-38550, CVE-2024-38559,
CVE-2024-38571, CVE-2024-40971, CVE-2024-41097, CVE-2024-40967,
CVE-2024-38612, CVE-2024-38587, CVE-2024-41004, CVE-2024-33847,
CVE-2024-38580, CVE-2024-39506, CVE-2024-42102, CVE-2024-36032,
CVE-2024-38548, CVE-2024-39499, CVE-2024-38610, CVE-2024-42152,
CVE-2024-40943, CVE-2024-40959, CVE-2024-39488, CVE-2024-36972,
CVE-2024-38637, CVE-2024-40942, CVE-2024-42106, CVE-2024-38546,
CVE-2024-38634, CVE-2024-39471, CVE-2024-39482, CVE-2024-41095,
CVE-2024-42229, CVE-2024-42131, CVE-2024-41007, CVE-2024-42095,
CVE-2024-42097, CVE-2024-39480, CVE-2024-35927, CVE-2024-42153,
CVE-2024-42080, CVE-2024-42089, CVE-2024-41087, CVE-2024-39475,
CVE-2024-42119, CVE-2024-41041, CVE-2024-38623, CVE-2024-39469,
CVE-2024-34777, CVE-2024-42157, CVE-2024-42085, CVE-2024-36270,
CVE-2024-34027, CVE-2024-35247, CVE-2024-38549, CVE-2024-40954,
CVE-2024-41034, CVE-2024-41044, CVE-2024-39509, CVE-2024-40987,
CVE-2024-42161, CVE-2024-40911, CVE-2024-42070, CVE-2024-42109,
CVE-2024-37078, CVE-2024-40912, CVE-2024-40988, CVE-2024-40978,
CVE-2024-41048, CVE-2024-41005, CVE-2024-40905, CVE-2024-41047,
CVE-2024-41006, CVE-2024-38560, CVE-2024-42225, CVE-2024-42148,
CVE-2024-38596, CVE-2024-38588, CVE-2024-39301, CVE-2024-38613,
CVE-2024-38635, CVE-2024-40960, CVE-2024-39505, CVE-2024-42244,
CVE-2024-40963, CVE-2024-39500, CVE-2024-42082, CVE-2024-36971,
CVE-2024-42068, CVE-2024-40984, CVE-2024-41035, CVE-2024-38583,
CVE-2024-42121, CVE-2024-40968, CVE-2024-40958, CVE-2024-40927,
CVE-2024-40980, CVE-2024-40908, CVE-2024-38780, CVE-2024-38590,
CVE-2024-42115, CVE-2024-42224, CVE-2024-42232, CVE-2024-42240,
CVE-2024-42236, CVE-2024-38547, CVE-2024-38565, CVE-2024-40902,
CVE-2024-38662, CVE-2024-42090, CVE-2024-36974, CVE-2024-38621,
CVE-2024-41000, CVE-2024-40983, CVE-2024-42130, CVE-2024-38582,
CVE-2024-38589)
CVEs: - https://ubuntu.com/security/CVE-2022-48772
- https://ubuntu.com/security/CVE-2023-52884
- https://ubuntu.com/security/CVE-2023-52887
- https://ubuntu.com/security/CVE-2024-23848
- https://ubuntu.com/security/CVE-2024-25741
- https://ubuntu.com/security/CVE-2024-31076
- https://ubuntu.com/security/CVE-2024-33621
- https://ubuntu.com/security/CVE-2024-33847
- https://ubuntu.com/security/CVE-2024-34027
- https://ubuntu.com/security/CVE-2024-34777
- https://ubuntu.com/security/CVE-2024-35247
- https://ubuntu.com/security/CVE-2024-35927
- https://ubuntu.com/security/CVE-2024-36014
- https://ubuntu.com/security/CVE-2024-36015
- https://ubuntu.com/security/CVE-2024-36032
- https://ubuntu.com/security/CVE-2024-36270
- https://ubuntu.com/security/CVE-2024-36286
- https://ubuntu.com/security/CVE-2024-36489
- https://ubuntu.com/security/CVE-2024-36894
- https://ubuntu.com/security/CVE-2024-36971
- https://ubuntu.com/security/CVE-2024-36972
- https://ubuntu.com/security/CVE-2024-36974
- https://ubuntu.com/security/CVE-2024-36978
- https://ubuntu.com/security/CVE-2024-37078
- https://ubuntu.com/security/CVE-2024-37356
- https://ubuntu.com/security/CVE-2024-38381
- https://ubuntu.com/security/CVE-2024-38546
- https://ubuntu.com/security/CVE-2024-38547
- https://ubuntu.com/security/CVE-2024-38548
- https://ubuntu.com/security/CVE-2024-38549
- https://ubuntu.com/security/CVE-2024-38550
- https://ubuntu.com/security/CVE-2024-38552
- https://ubuntu.com/security/CVE-2024-38555
- https://ubuntu.com/security/CVE-2024-38558
- https://ubuntu.com/security/CVE-2024-38559
- https://ubuntu.com/security/CVE-2024-38560
- https://ubuntu.com/security/CVE-2024-38565
- https://ubuntu.com/security/CVE-2024-38567
- https://ubuntu.com/security/CVE-2024-38571
- https://ubuntu.com/security/CVE-2024-38573
- https://ubuntu.com/security/CVE-2024-38578
- https://ubuntu.com/security/CVE-2024-38579
- https://ubuntu.com/security/CVE-2024-38580
- https://ubuntu.com/security/CVE-2024-38582
- https://ubuntu.com/security/CVE-2024-38583
- https://ubuntu.com/security/CVE-2024-38586
- https://ubuntu.com/security/CVE-2024-38587
- https://ubuntu.com/security/CVE-2024-38588
- https://ubuntu.com/security/CVE-2024-38589
- https://ubuntu.com/security/CVE-2024-38590
- https://ubuntu.com/security/CVE-2024-38591
- https://ubuntu.com/security/CVE-2024-38596
- https://ubuntu.com/security/CVE-2024-38597
- https://ubuntu.com/security/CVE-2024-38598
- https://ubuntu.com/security/CVE-2024-38599
- https://ubuntu.com/security/CVE-2024-38601
- https://ubuntu.com/security/CVE-2024-38605
- https://ubuntu.com/security/CVE-2024-38607
- https://ubuntu.com/security/CVE-2024-38610
- https://ubuntu.com/security/CVE-2024-38612
- https://ubuntu.com/security/CVE-2024-38613
- https://ubuntu.com/security/CVE-2024-38615
- https://ubuntu.com/security/CVE-2024-38618
- https://ubuntu.com/security/CVE-2024-38619
- https://ubuntu.com/security/CVE-2024-38621
- https://ubuntu.com/security/CVE-2024-38623
- https://ubuntu.com/security/CVE-2024-38624
- https://ubuntu.com/security/CVE-2024-38627
- https://ubuntu.com/security/CVE-2024-38633
- https://ubuntu.com/security/CVE-2024-38634
- https://ubuntu.com/security/CVE-2024-38635
- https://ubuntu.com/security/CVE-2024-38637
- https://ubuntu.com/security/CVE-2024-38659
- https://ubuntu.com/security/CVE-2024-38661
- https://ubuntu.com/security/CVE-2024-38662
- https://ubuntu.com/security/CVE-2024-38780
- https://ubuntu.com/security/CVE-2024-39276
- https://ubuntu.com/security/CVE-2024-39277
- https://ubuntu.com/security/CVE-2024-39301
- https://ubuntu.com/security/CVE-2024-39466
- https://ubuntu.com/security/CVE-2024-39467
- https://ubuntu.com/security/CVE-2024-39468
- https://ubuntu.com/security/CVE-2024-39469
- https://ubuntu.com/security/CVE-2024-39471
- https://ubuntu.com/security/CVE-2024-39475
- https://ubuntu.com/security/CVE-2024-39480
- https://ubuntu.com/security/CVE-2024-39482
- https://ubuntu.com/security/CVE-2024-39487
- https://ubuntu.com/security/CVE-2024-39488
- https://ubuntu.com/security/CVE-2024-39489
- https://ubuntu.com/security/CVE-2024-39490
- https://ubuntu.com/security/CVE-2024-39493
- https://ubuntu.com/security/CVE-2024-39495
- https://ubuntu.com/security/CVE-2024-39499
- https://ubuntu.com/security/CVE-2024-39500
- https://ubuntu.com/security/CVE-2024-39501
- https://ubuntu.com/security/CVE-2024-39502
- https://ubuntu.com/security/CVE-2024-39503
- https://ubuntu.com/security/CVE-2024-39505
- https://ubuntu.com/security/CVE-2024-39506
- https://ubuntu.com/security/CVE-2024-39507
- https://ubuntu.com/security/CVE-2024-39509
- https://ubuntu.com/security/CVE-2024-40901
- https://ubuntu.com/security/CVE-2024-40902
- https://ubuntu.com/security/CVE-2024-40904
- https://ubuntu.com/security/CVE-2024-40905
- https://ubuntu.com/security/CVE-2024-40908
- https://ubuntu.com/security/CVE-2024-40911
- https://ubuntu.com/security/CVE-2024-40912
- https://ubuntu.com/security/CVE-2024-40914
- https://ubuntu.com/security/CVE-2024-40916
- https://ubuntu.com/security/CVE-2024-40927
- https://ubuntu.com/security/CVE-2024-40929
- https://ubuntu.com/security/CVE-2024-40931
- https://ubuntu.com/security/CVE-2024-40932
- https://ubuntu.com/security/CVE-2024-40934
- https://ubuntu.com/security/CVE-2024-40937
- https://ubuntu.com/security/CVE-2024-40941
- https://ubuntu.com/security/CVE-2024-40942
- https://ubuntu.com/security/CVE-2024-40943
- https://ubuntu.com/security/CVE-2024-40945
- https://ubuntu.com/security/CVE-2024-40954
- https://ubuntu.com/security/CVE-2024-40956
- https://ubuntu.com/security/CVE-2024-40957
- https://ubuntu.com/security/CVE-2024-40958
- https://ubuntu.com/security/CVE-2024-40959
- https://ubuntu.com/security/CVE-2024-40960
- https://ubuntu.com/security/CVE-2024-40961
- https://ubuntu.com/security/CVE-2024-40963
- https://ubuntu.com/security/CVE-2024-40967
- https://ubuntu.com/security/CVE-2024-40968
- https://ubuntu.com/security/CVE-2024-40970
- https://ubuntu.com/security/CVE-2024-40971
- https://ubuntu.com/security/CVE-2024-40974
- https://ubuntu.com/security/CVE-2024-40976
- https://ubuntu.com/security/CVE-2024-40978
- https://ubuntu.com/security/CVE-2024-40980
- https://ubuntu.com/security/CVE-2024-40981
- https://ubuntu.com/security/CVE-2024-40983
- https://ubuntu.com/security/CVE-2024-40984
- https://ubuntu.com/security/CVE-2024-40987
- https://ubuntu.com/security/CVE-2024-40988
- https://ubuntu.com/security/CVE-2024-40990
- https://ubuntu.com/security/CVE-2024-40994
- https://ubuntu.com/security/CVE-2024-40995
- https://ubuntu.com/security/CVE-2024-41000
- https://ubuntu.com/security/CVE-2024-41002
- https://ubuntu.com/security/CVE-2024-41004
- https://ubuntu.com/security/CVE-2024-41005
- https://ubuntu.com/security/CVE-2024-41006
- https://ubuntu.com/security/CVE-2024-41007
- https://ubuntu.com/security/CVE-2024-41027
- https://ubuntu.com/security/CVE-2024-41034
- https://ubuntu.com/security/CVE-2024-41035
- https://ubuntu.com/security/CVE-2024-41040
- https://ubuntu.com/security/CVE-2024-41041
- https://ubuntu.com/security/CVE-2024-41044
- https://ubuntu.com/security/CVE-2024-41046
- https://ubuntu.com/security/CVE-2024-41047
- https://ubuntu.com/security/CVE-2024-41048
- https://ubuntu.com/security/CVE-2024-41049
- https://ubuntu.com/security/CVE-2024-41055
- https://ubuntu.com/security/CVE-2024-41087
- https://ubuntu.com/security/CVE-2024-41089
- https://ubuntu.com/security/CVE-2024-41092
- https://ubuntu.com/security/CVE-2024-41093
- https://ubuntu.com/security/CVE-2024-41095
- https://ubuntu.com/security/CVE-2024-41097
- https://ubuntu.com/security/CVE-2024-42068
- https://ubuntu.com/security/CVE-2024-42070
- https://ubuntu.com/security/CVE-2024-42076
- https://ubuntu.com/security/CVE-2024-42077
- https://ubuntu.com/security/CVE-2024-42080
- https://ubuntu.com/security/CVE-2024-42082
- https://ubuntu.com/security/CVE-2024-42084
- https://ubuntu.com/security/CVE-2024-42085
- https://ubuntu.com/security/CVE-2024-42086
- https://ubuntu.com/security/CVE-2024-42087
- https://ubuntu.com/security/CVE-2024-42089
- https://ubuntu.com/security/CVE-2024-42090
- https://ubuntu.com/security/CVE-2024-42092
- https://ubuntu.com/security/CVE-2024-42093
- https://ubuntu.com/security/CVE-2024-42094
- https://ubuntu.com/security/CVE-2024-42095
- https://ubuntu.com/security/CVE-2024-42096
- https://ubuntu.com/security/CVE-2024-42097
- https://ubuntu.com/security/CVE-2024-42098
- https://ubuntu.com/security/CVE-2024-42101
- https://ubuntu.com/security/CVE-2024-42102
- https://ubuntu.com/security/CVE-2024-42104
- https://ubuntu.com/security/CVE-2024-42105
- https://ubuntu.com/security/CVE-2024-42106
- https://ubuntu.com/security/CVE-2024-42109
- https://ubuntu.com/security/CVE-2024-42115
- https://ubuntu.com/security/CVE-2024-42119
- https://ubuntu.com/security/CVE-2024-42120
- https://ubuntu.com/security/CVE-2024-42121
- https://ubuntu.com/security/CVE-2024-42124
- https://ubuntu.com/security/CVE-2024-42127
- https://ubuntu.com/security/CVE-2024-42130
- https://ubuntu.com/security/CVE-2024-42131
- https://ubuntu.com/security/CVE-2024-42137
- https://ubuntu.com/security/CVE-2024-42140
- https://ubuntu.com/security/CVE-2024-42145
- https://ubuntu.com/security/CVE-2024-42148
- https://ubuntu.com/security/CVE-2024-42152
- https://ubuntu.com/security/CVE-2024-42153
- https://ubuntu.com/security/CVE-2024-42154
- https://ubuntu.com/security/CVE-2024-42157
- https://ubuntu.com/security/CVE-2024-42161
- https://ubuntu.com/security/CVE-2024-42223
- https://ubuntu.com/security/CVE-2024-42224
- https://ubuntu.com/security/CVE-2024-42225
- https://ubuntu.com/security/CVE-2024-42229
- https://ubuntu.com/security/CVE-2024-42232
- https://ubuntu.com/security/CVE-2024-42236
- https://ubuntu.com/security/CVE-2024-42240
- https://ubuntu.com/security/CVE-2024-42244
- https://ubuntu.com/security/CVE-2024-42247
Title: USN-7015-2: Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7015-2
Priorities: high
Description:
USN-7015-1 fixed several vulnerabilities in Python. This update provides
one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for
python3.5 for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Python allowed excessive backtracking while
parsing certain tarfile headers. A remote attacker could possibly use
this issue to cause Python to consume resources, leading to a denial
of service. This issue only affected python3.5 for
Ubuntu 16.04 LTS (CVE-2024-6232)
It was discovered that the Python http.cookies module incorrectly
handled parsing cookies that contained backslashes for quoted
characters. A remote attacker could possibly use this issue to cause
Python to consume resources, leading to a denial of service.
(CVE-2024-7592)
CVEs:
Title: USN-7015-3: Python vulnerability
URL: https://ubuntu.com/security/notices/USN-7015-3
Priorities: medium,high,unknown
Description:
USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for
python3.5 in Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
CVEs:
- https://ubuntu.com/security/CVE-2023-27043
- https://ubuntu.com/security/CVE-2024-6232
- https://ubuntu.com/security/CVE-2024-6923
- https://ubuntu.com/security/CVE-2024-7592
- https://ubuntu.com/security/CVE-2024-8088
Title: USN-7020-4: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7020-4
Priorities: medium,high
Description:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI drivers;
- F2FS file system;
- BPF subsystem;
- IPv4 networking;
(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,
CVE-2024-41009, CVE-2024-42224)
CVEs: - https://ubuntu.com/security/CVE-2024-41009
- https://ubuntu.com/security/CVE-2024-42154
- https://ubuntu.com/security/CVE-2024-42159
- https://ubuntu.com/security/CVE-2024-42160
- https://ubuntu.com/security/CVE-2024-42224
- https://ubuntu.com/security/CVE-2024-42228
Title: USN-7021-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7021-2
Priorities: unknown,medium,high
Description:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-27012, CVE-2024-39496, CVE-2024-26677, CVE-2024-42228,
CVE-2024-38570, CVE-2024-39494, CVE-2024-42160, CVE-2024-41009)
CVEs: - https://ubuntu.com/security/CVE-2024-26677
- https://ubuntu.com/security/CVE-2024-27012
- https://ubuntu.com/security/CVE-2024-38570
- https://ubuntu.com/security/CVE-2024-39494
- https://ubuntu.com/security/CVE-2024-39496
- https://ubuntu.com/security/CVE-2024-41009
- https://ubuntu.com/security/CVE-2024-42160
- https://ubuntu.com/security/CVE-2024-42228
Title: USN-7021-3: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7021-3
Priorities: unknown,medium,high
Description:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)
CVEs: - https://ubuntu.com/security/CVE-2024-26677
- https://ubuntu.com/security/CVE-2024-27012
- https://ubuntu.com/security/CVE-2024-38570
- https://ubuntu.com/security/CVE-2024-39494
- https://ubuntu.com/security/CVE-2024-39496
- https://ubuntu.com/security/CVE-2024-41009
- https://ubuntu.com/security/CVE-2024-42160
- https://ubuntu.com/security/CVE-2024-42228
Title: USN-7027-1: Emacs vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7027-1
Priorities: high,critical,unknown
Description:
It was discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-45939)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-48337)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-48339)
It was discovered that Emacs incorrectly handled filename sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2023-28617)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to crash the program, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203,
CVE-2024-30204, CVE-2024-30205)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to execute arbitrary commands.
(CVE-2024-39331)
CVEs:
- https://ubuntu.com/security/CVE-2022-45939
- https://ubuntu.com/security/CVE-2022-48337
- https://ubuntu.com/security/CVE-2022-48338
- https://ubuntu.com/security/CVE-2022-48339
- https://ubuntu.com/security/CVE-2023-28617
- https://ubuntu.com/security/CVE-2024-30203
- https://ubuntu.com/security/CVE-2024-30204
- https://ubuntu.com/security/CVE-2024-30205
- https://ubuntu.com/security/CVE-2024-39331
Title: USN-7029-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7029-1
Priorities: medium,unknown,high,critical
Description:
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PA-RISC architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- Null block device driver;
- Character device driver;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- EFI core;
- FPGA Framework;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Mailbox framework;
- Media drivers;
- Microchip PCI driver;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- PCI subsystem;
- x86 platform drivers;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Sonic Silicon Backplane drivers;
- Greybus lights staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- VFIO drivers;
- Framebuffer layer;
- Watchdog drivers;
- 9P distributed file system;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file system server daemon;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- Tracing file system;
- IOMMU subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- Core kernel;
- BPF subsystem;
- Kernel debugger infrastructure;
- DMA mapping infrastructure;
- IRQ subsystem;
- Memory management;
- 9P file system network protocol;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Networking core;
- Ethtool driver;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NET/ROM layer;
- NFC subsystem;
- Network traffic control;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- Wireless networking;
- XFRM subsystem;
- AppArmor security module;
- Integrity Measurement Architecture(IMA) framework;
- Landlock security;
- Linux Security Modules (LSM) Framework;
- SELinux security module;
- Simplified Mandatory Access Control Kernel framework;
- ALSA framework;
- HD-audio driver;
- SOF drivers;
- KVM core;
(CVE-2024-39498, CVE-2024-33847, CVE-2024-39510, CVE-2024-39462,
CVE-2024-40930, CVE-2024-38634, CVE-2024-40962, CVE-2024-37078,
CVE-2024-39371, CVE-2024-40972, CVE-2024-41002, CVE-2024-40920,
CVE-2024-40982, CVE-2024-40915, CVE-2024-40942, CVE-2024-42154,
CVE-2024-40937, CVE-2024-40967, CVE-2024-40909, CVE-2024-36244,
CVE-2024-33619, CVE-2024-39277, CVE-2024-40900, CVE-2024-38661,
CVE-2024-40974, CVE-2024-38618, CVE-2024-32936, CVE-2024-40906,
CVE-2024-40919, CVE-2024-39470, CVE-2024-38390, CVE-2024-40966,
CVE-2024-39467, CVE-2024-40938, CVE-2024-39471, CVE-2024-39485,
CVE-2024-39495, CVE-2024-39492, CVE-2024-39475, CVE-2024-40953,
CVE-2024-40939, CVE-2024-39493, CVE-2024-38637, CVE-2024-40945,
CVE-2024-41006, CVE-2024-39461, CVE-2024-40948, CVE-2024-40916,
CVE-2024-40925, CVE-2024-40956, CVE-2024-40970, CVE-2024-40912,
CVE-2024-33621, CVE-2024-40989, CVE-2024-36489, CVE-2024-37354,
CVE-2024-34027, CVE-2024-39506, CVE-2024-39296, CVE-2024-40977,
CVE-2024-38624, CVE-2024-40983, CVE-2024-40911, CVE-2024-36477,
CVE-2024-38384, CVE-2024-39507, CVE-2024-38659, CVE-2024-40987,
CVE-2024-40922, CVE-2024-36978, CVE-2024-38629, CVE-2024-38622,
CVE-2024-40921, CVE-2024-40903, CVE-2024-38306, CVE-2024-40926,
CVE-2024-39291, CVE-2024-36286, CVE-2024-40910, CVE-2024-40943,
CVE-2024-40899, CVE-2024-37356, CVE-2024-40961, CVE-2024-39468,
CVE-2024-40940, CVE-2024-40931, CVE-2024-38381, CVE-2024-40998,
CVE-2024-34030, CVE-2024-41000, CVE-2024-40986, CVE-2024-38663,
CVE-2024-40914, CVE-2024-31076, CVE-2024-42228, CVE-2024-40978,
CVE-2024-40975, CVE-2024-39494, CVE-2024-40905, CVE-2024-40908,
CVE-2024-38625, CVE-2024-38388, CVE-2024-40965, CVE-2024-41004,
CVE-2023-52884, CVE-2024-39484, CVE-2024-40951, CVE-2024-40988,
CVE-2024-40929, CVE-2024-39491, CVE-2024-40992, CVE-2024-41009,
CVE-2024-40976, CVE-2024-40917, CVE-2024-39502, CVE-2024-40999,
CVE-2024-39479, CVE-2024-39505, CVE-2024-40981, CVE-2024-38662,
CVE-2024-38636, CVE-2024-39496, CVE-2024-39276, CVE-2024-41003,
CVE-2024-37021, CVE-2024-36972, CVE-2024-38780, CVE-2024-40954,
CVE-2024-40963, CVE-2024-36478, CVE-2024-39465, CVE-2024-39474,
CVE-2024-39490, CVE-2024-36484, CVE-2024-36974, CVE-2024-38628,
CVE-2024-36479, CVE-2024-42078, CVE-2024-40936, CVE-2024-38385,
CVE-2024-40996, CVE-2024-40901, CVE-2024-40969, CVE-2024-39483,
CVE-2024-40990, CVE-2024-40947, CVE-2024-40980, CVE-2024-39464,
CVE-2024-40923, CVE-2024-40933, CVE-2024-39481, CVE-2024-40927,
CVE-2024-38667, CVE-2024-42159, CVE-2024-38635, CVE-2024-38627,
CVE-2024-38630, CVE-2024-39504, CVE-2024-34777, CVE-2024-40944,
CVE-2024-37026, CVE-2024-38633, CVE-2024-40941, CVE-2024-39499,
CVE-2024-36270, CVE-2024-35247, CVE-2024-40924, CVE-2024-40984,
CVE-2024-40968, CVE-2024-39489, CVE-2024-39298, CVE-2024-40949,
CVE-2024-39508, CVE-2024-41001, CVE-2024-40934, CVE-2024-40957,
CVE-2024-39292, CVE-2024-40979, CVE-2024-39488, CVE-2024-40995,
CVE-2024-39500, CVE-2024-40918, CVE-2024-36015, CVE-2024-39503,
CVE-2024-39301, CVE-2024-39466, CVE-2024-42224, CVE-2024-39478,
CVE-2024-40902, CVE-2024-39509, CVE-2024-39463, CVE-2024-40971,
CVE-2024-40928, CVE-2024-38664, CVE-2024-39473, CVE-2024-39501,
CVE-2024-36288, CVE-2024-42148, CVE-2024-38621, CVE-2024-38632,
CVE-2024-41005, CVE-2024-38619, CVE-2024-36973, CVE-2024-40994,
CVE-2024-42160, CVE-2024-40960, CVE-2024-40958, CVE-2024-39469,
CVE-2022-48772, CVE-2024-40964, CVE-2024-40913, CVE-2024-36481,
CVE-2024-40932, CVE-2024-36971, CVE-2024-40935, CVE-2024-38623,
CVE-2024-40997, CVE-2024-40952, CVE-2024-40955, CVE-2024-36281,
CVE-2024-39480, CVE-2024-40904, CVE-2024-40985, CVE-2024-39497,
CVE-2024-40973, CVE-2024-40959)
CVEs: - https://ubuntu.com/security/CVE-2022-48772
- https://ubuntu.com/security/CVE-2023-52884
- https://ubuntu.com/security/CVE-2024-23848
- https://ubuntu.com/security/CVE-2024-31076
- https://ubuntu.com/security/CVE-2024-32936
- https://ubuntu.com/security/CVE-2024-33619
- https://ubuntu.com/security/CVE-2024-33621
- https://ubuntu.com/security/CVE-2024-33847
- https://ubuntu.com/security/CVE-2024-34027
- https://ubuntu.com/security/CVE-2024-34030
- https://ubuntu.com/security/CVE-2024-34777
- https://ubuntu.com/security/CVE-2024-35247
- https://ubuntu.com/security/CVE-2024-36015
- https://ubuntu.com/security/CVE-2024-36244
- https://ubuntu.com/security/CVE-2024-36270
- https://ubuntu.com/security/CVE-2024-36281
- https://ubuntu.com/security/CVE-2024-36286
- https://ubuntu.com/security/CVE-2024-36288
- https://ubuntu.com/security/CVE-2024-36477
- https://ubuntu.com/security/CVE-2024-36478
- https://ubuntu.com/security/CVE-2024-36479
- https://ubuntu.com/security/CVE-2024-36481
- https://ubuntu.com/security/CVE-2024-36484
- https://ubuntu.com/security/CVE-2024-36489
- https://ubuntu.com/security/CVE-2024-36971
- https://ubuntu.com/security/CVE-2024-36972
- https://ubuntu.com/security/CVE-2024-36973
- https://ubuntu.com/security/CVE-2024-36974
- https://ubuntu.com/security/CVE-2024-36978
- https://ubuntu.com/security/CVE-2024-37021
- https://ubuntu.com/security/CVE-2024-37026
- https://ubuntu.com/security/CVE-2024-37078
- https://ubuntu.com/security/CVE-2024-37354
- https://ubuntu.com/security/CVE-2024-37356
- https://ubuntu.com/security/CVE-2024-38306
- https://ubuntu.com/security/CVE-2024-38381
- https://ubuntu.com/security/CVE-2024-38384
- https://ubuntu.com/security/CVE-2024-38385
- https://ubuntu.com/security/CVE-2024-38388
- https://ubuntu.com/security/CVE-2024-38390
- https://ubuntu.com/security/CVE-2024-38618
- https://ubuntu.com/security/CVE-2024-38619
- https://ubuntu.com/security/CVE-2024-38621
- https://ubuntu.com/security/CVE-2024-38622
- https://ubuntu.com/security/CVE-2024-38623
- https://ubuntu.com/security/CVE-2024-38624
- https://ubuntu.com/security/CVE-2024-38625
- https://ubuntu.com/security/CVE-2024-38627
- https://ubuntu.com/security/CVE-2024-38628
- https://ubuntu.com/security/CVE-2024-38629
- https://ubuntu.com/security/CVE-2024-38630
- https://ubuntu.com/security/CVE-2024-38632
- https://ubuntu.com/security/CVE-2024-38633
- https://ubuntu.com/security/CVE-2024-38634
- https://ubuntu.com/security/CVE-2024-38635
- https://ubuntu.com/security/CVE-2024-38636
- https://ubuntu.com/security/CVE-2024-38637
- https://ubuntu.com/security/CVE-2024-38659
- https://ubuntu.com/security/CVE-2024-38661
- https://ubuntu.com/security/CVE-2024-38662
- https://ubuntu.com/security/CVE-2024-38663
- https://ubuntu.com/security/CVE-2024-38664
- https://ubuntu.com/security/CVE-2024-38667
- https://ubuntu.com/security/CVE-2024-38780
- https://ubuntu.com/security/CVE-2024-39276
- https://ubuntu.com/security/CVE-2024-39277
- https://ubuntu.com/security/CVE-2024-39291
- https://ubuntu.com/security/CVE-2024-39292
- https://ubuntu.com/security/CVE-2024-39296
- https://ubuntu.com/security/CVE-2024-39298
- https://ubuntu.com/security/CVE-2024-39301
- https://ubuntu.com/security/CVE-2024-39371
- https://ubuntu.com/security/CVE-2024-39461
- https://ubuntu.com/security/CVE-2024-39462
- https://ubuntu.com/security/CVE-2024-39463
- https://ubuntu.com/security/CVE-2024-39464
- https://ubuntu.com/security/CVE-2024-39465
- https://ubuntu.com/security/CVE-2024-39466
- https://ubuntu.com/security/CVE-2024-39467
- https://ubuntu.com/security/CVE-2024-39468
- https://ubuntu.com/security/CVE-2024-39469
- https://ubuntu.com/security/CVE-2024-39470
- https://ubuntu.com/security/CVE-2024-39471
- https://ubuntu.com/security/CVE-2024-39473
- https://ubuntu.com/security/CVE-2024-39474
- https://ubuntu.com/security/CVE-2024-39475
- https://ubuntu.com/security/CVE-2024-39478
- https://ubuntu.com/security/CVE-2024-39479
- https://ubuntu.com/security/CVE-2024-39480
- https://ubuntu.com/security/CVE-2024-39481
- https://ubuntu.com/security/CVE-2024-39483
- https://ubuntu.com/security/CVE-2024-39484
- https://ubuntu.com/security/CVE-2024-39485
- https://ubuntu.com/security/CVE-2024-39488
- https://ubuntu.com/security/CVE-2024-39489
- https://ubuntu.com/security/CVE-2024-39490
- https://ubuntu.com/security/CVE-2024-39491
- https://ubuntu.com/security/CVE-2024-39492
- https://ubuntu.com/security/CVE-2024-39493
- https://ubuntu.com/security/CVE-2024-39494
- https://ubuntu.com/security/CVE-2024-39495
- https://ubuntu.com/security/CVE-2024-39496
- https://ubuntu.com/security/CVE-2024-39497
- https://ubuntu.com/security/CVE-2024-39498
- https://ubuntu.com/security/CVE-2024-39499
- https://ubuntu.com/security/CVE-2024-39500
- https://ubuntu.com/security/CVE-2024-39501
- https://ubuntu.com/security/CVE-2024-39502
- https://ubuntu.com/security/CVE-2024-39503
- https://ubuntu.com/security/CVE-2024-39504
- https://ubuntu.com/security/CVE-2024-39505
- https://ubuntu.com/security/CVE-2024-39506
- https://ubuntu.com/security/CVE-2024-39507
- https://ubuntu.com/security/CVE-2024-39508
- https://ubuntu.com/security/CVE-2024-39509
- https://ubuntu.com/security/CVE-2024-39510
- https://ubuntu.com/security/CVE-2024-40899
- https://ubuntu.com/security/CVE-2024-40900
- https://ubuntu.com/security/CVE-2024-40901
- https://ubuntu.com/security/CVE-2024-40902
- https://ubuntu.com/security/CVE-2024-40903
- https://ubuntu.com/security/CVE-2024-40904
- https://ubuntu.com/security/CVE-2024-40905
- https://ubuntu.com/security/CVE-2024-40906
- https://ubuntu.com/security/CVE-2024-40908
- https://ubuntu.com/security/CVE-2024-40909
- https://ubuntu.com/security/CVE-2024-40910
- https://ubuntu.com/security/CVE-2024-40911
- https://ubuntu.com/security/CVE-2024-40912
- https://ubuntu.com/security/CVE-2024-40913
- https://ubuntu.com/security/CVE-2024-40914
- https://ubuntu.com/security/CVE-2024-40915
- https://ubuntu.com/security/CVE-2024-40916
- https://ubuntu.com/security/CVE-2024-40917
- https://ubuntu.com/security/CVE-2024-40918
- https://ubuntu.com/security/CVE-2024-40919
- https://ubuntu.com/security/CVE-2024-40920
- https://ubuntu.com/security/CVE-2024-40921
- https://ubuntu.com/security/CVE-2024-40922
- https://ubuntu.com/security/CVE-2024-40923
- https://ubuntu.com/security/CVE-2024-40924
- https://ubuntu.com/security/CVE-2024-40925
- https://ubuntu.com/security/CVE-2024-40926
- https://ubuntu.com/security/CVE-2024-40927
- https://ubuntu.com/security/CVE-2024-40928
- https://ubuntu.com/security/CVE-2024-40929
- https://ubuntu.com/security/CVE-2024-40930
- https://ubuntu.com/security/CVE-2024-40931
- https://ubuntu.com/security/CVE-2024-40932
- https://ubuntu.com/security/CVE-2024-40933
- https://ubuntu.com/security/CVE-2024-40934
- https://ubuntu.com/security/CVE-2024-40935
- https://ubuntu.com/security/CVE-2024-40936
- https://ubuntu.com/security/CVE-2024-40937
- https://ubuntu.com/security/CVE-2024-40938
- https://ubuntu.com/security/CVE-2024-40939
- https://ubuntu.com/security/CVE-2024-40940
- https://ubuntu.com/security/CVE-2024-40941
- https://ubuntu.com/security/CVE-2024-40942
- https://ubuntu.com/security/CVE-2024-40943
- https://ubuntu.com/security/CVE-2024-40944
- https://ubuntu.com/security/CVE-2024-40945
- https://ubuntu.com/security/CVE-2024-40947
- https://ubuntu.com/security/CVE-2024-40948
- https://ubuntu.com/security/CVE-2024-40949
- https://ubuntu.com/security/CVE-2024-40951
- https://ubuntu.com/security/CVE-2024-40952
- https://ubuntu.com/security/CVE-2024-40953
- https://ubuntu.com/security/CVE-2024-40954
- https://ubuntu.com/security/CVE-2024-40955
- https://ubuntu.com/security/CVE-2024-40956
- https://ubuntu.com/security/CVE-2024-40957
- https://ubuntu.com/security/CVE-2024-40958
- https://ubuntu.com/security/CVE-2024-40959
- https://ubuntu.com/security/CVE-2024-40960
- https://ubuntu.com/security/CVE-2024-40961
- https://ubuntu.com/security/CVE-2024-40962
- https://ubuntu.com/security/CVE-2024-40963
- https://ubuntu.com/security/CVE-2024-40964
- https://ubuntu.com/security/CVE-2024-40965
- https://ubuntu.com/security/CVE-2024-40966
- https://ubuntu.com/security/CVE-2024-40967
- https://ubuntu.com/security/CVE-2024-40968
- https://ubuntu.com/security/CVE-2024-40969
- https://ubuntu.com/security/CVE-2024-40970
- https://ubuntu.com/security/CVE-2024-40971
- https://ubuntu.com/security/CVE-2024-40972
- https://ubuntu.com/security/CVE-2024-40973
- https://ubuntu.com/security/CVE-2024-40974
- https://ubuntu.com/security/CVE-2024-40975
- https://ubuntu.com/security/CVE-2024-40976
- https://ubuntu.com/security/CVE-2024-40977
- https://ubuntu.com/security/CVE-2024-40978
- https://ubuntu.com/security/CVE-2024-40979
- https://ubuntu.com/security/CVE-2024-40980
- https://ubuntu.com/security/CVE-2024-40981
- https://ubuntu.com/security/CVE-2024-40982
- https://ubuntu.com/security/CVE-2024-40983
- https://ubuntu.com/security/CVE-2024-40984
- https://ubuntu.com/security/CVE-2024-40985
- https://ubuntu.com/security/CVE-2024-40986
- https://ubuntu.com/security/CVE-2024-40987
- https://ubuntu.com/security/CVE-2024-40988
- https://ubuntu.com/security/CVE-2024-40989
- https://ubuntu.com/security/CVE-2024-40990
- https://ubuntu.com/security/CVE-2024-40992
- https://ubuntu.com/security/CVE-2024-40994
- https://ubuntu.com/security/CVE-2024-40995
- https://ubuntu.com/security/CVE-2024-40996
- https://ubuntu.com/security/CVE-2024-40997
- https://ubuntu.com/security/CVE-2024-40998
- https://ubuntu.com/security/CVE-2024-40999
- https://ubuntu.com/security/CVE-2024-41000
- https://ubuntu.com/security/CVE-2024-41001
- https://ubuntu.com/security/CVE-2024-41002
- https://ubuntu.com/security/CVE-2024-41003
- https://ubuntu.com/security/CVE-2024-41004
- https://ubuntu.com/security/CVE-2024-41005
- https://ubuntu.com/security/CVE-2024-41006
- https://ubuntu.com/security/CVE-2024-41009
- https://ubuntu.com/security/CVE-2024-42078
- https://ubuntu.com/security/CVE-2024-42148
- https://ubuntu.com/security/CVE-2024-42154
- https://ubuntu.com/security/CVE-2024-42159
- https://ubuntu.com/security/CVE-2024-42160
- https://ubuntu.com/security/CVE-2024-42224
- https://ubuntu.com/security/CVE-2024-42228
Title: USN-7030-1: py7zr vulnerability
URL: https://ubuntu.com/security/notices/USN-7030-1
Priorities: critical
Description:
It was discovered that py7zr was vulnerable to path traversal attacks.
If a user or automated system were tricked into extracting a specially
crafted 7z archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host.
CVEs:
Title: USN-7032-1: Tomcat vulnerability
URL: https://ubuntu.com/security/notices/USN-7032-1
Priorities: high
Description:
It was discovered that Tomcat incorrectly handled HTTP trailer headers. A
remote attacker could possibly use this issue to perform HTTP request
smuggling.
CVEs:
Title: USN-7035-1: AppArmor vulnerability
URL: https://ubuntu.com/security/notices/USN-7035-1
Priorities: critical
Description:
It was discovered that the AppArmor policy compiler incorrectly generated
looser restrictions than expected for rules allowing mount operations. A
local attacker could possibly use this to bypass AppArmor restrictions in
applications where some mount operations were permitted.
CVEs:
Title: USN-7038-1: APR vulnerability
URL: https://ubuntu.com/security/notices/USN-7038-1
Priorities: medium
Description:
Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.
CVEs:
Title: USN-7040-1: ConfigObj vulnerability
URL: https://ubuntu.com/security/notices/USN-7040-1
Priorities: medium
Description:
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
CVEs:
Title: USN-7043-4: cups-filters vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7043-4
Priorities: unknown,high
Description:
USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the
fix for CVE-2024-47176 by removing support for the legacy CUPS printer
discovery protocol entirely.
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside the
local network. In combination with issues in other printing components, a
remote attacker could possibly use this issue to connect to a system,
created manipulated PPD files, and execute arbitrary code when a printer
is used. This update disables support for the legacy CUPS printer
discovery protocol. (CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)
CVEs:
Title: USN-7050-1: Devise-Two-Factor vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7050-1
Priorities: medium
Description:
Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor
incorrectly handled one-time password validation. An attacker could
possibly use this issue to intercept and re-use a one-time password.
(CVE-2021-43177)
Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled
generating multi-factor authentication codes. An attacker could possibly
use this issue to generate valid multi-factor authentication codes.
(CVE-2024-8796)
CVEs:
Title: USN-7055-1: FreeRADIUS vulnerability
URL: https://ubuntu.com/security/notices/USN-7055-1
Priorities: high
Description:
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces new configuration options called "limit_proxy_state"
and "require_message_authenticator" that default to "auto" but should be
set to "yes" once all RADIUS devices have been upgraded on a network.
CVEs:
Title: USN-7058-1: .NET vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7058-1
Priorities: high,unknown
Description:
Brennan Conroy discovered that the .NET Kestrel web server did not
properly handle closing HTTP/3 streams under certain circumstances. An
attacker could possibly use this issue to achieve remote code execution.
This vulnerability only impacted .NET8. (CVE-2024-38229)
It was discovered that .NET components designed to process malicious input
were susceptible to hash flooding attacks. An attacker could possibly use
this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43483)
It was discovered that the .NET System.IO.Packaging namespace did not
properly process SortedList data structures. An attacker could possibly
use this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43484)
It was discovered that .NET did not properly handle the deserialization of
of certain JSON properties. An attacker could possibly use this issue to
cause a denial of service, resulting in a crash. (CVE-2024-43485)
CVEs:
- https://ubuntu.com/security/CVE-2024-38229
- https://ubuntu.com/security/CVE-2024-43483
- https://ubuntu.com/security/CVE-2024-43484
- https://ubuntu.com/security/CVE-2024-43485
Title: USN-7060-1: EDK II vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7060-1
Priorities: medium,high,critical
Description:
It was discovered that EDK II did not check the buffer length in XHCI,
which could lead to a stack overflow. A local attacker could potentially
use this issue to cause a denial of service. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-0161)
Laszlo Ersek discovered that EDK II incorrectly handled recursion. A
remote attacker could possibly use this issue to cause EDK II to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-28210)
Satoshi Tanda discovered that EDK II incorrectly handled decompressing
certain images. A remote attacker could use this issue to cause EDK II to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2021-28211)
It was discovered that EDK II incorrectly decoded certain strings. A remote
attacker could use this issue to cause EDK II to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-38575)
It was discovered that EDK II had integer underflow vulnerability in
SmmEntryPoint, which could result in a buffer overflow. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-38578)
Elison Niven discovered that OpenSSL, vendored in EDK II, incorrectly
handled the c_rehash script. A local attacker could possibly use this
issue to execute arbitrary commands when c_rehash is run. This issue
only affected Ubuntu 16.04 LTS. (CVE-2022-1292)
CVEs:
- https://ubuntu.com/security/CVE-2019-0161
- https://ubuntu.com/security/CVE-2021-28210
- https://ubuntu.com/security/CVE-2021-28211
- https://ubuntu.com/security/CVE-2021-38575
- https://ubuntu.com/security/CVE-2021-38578
- https://ubuntu.com/security/CVE-2022-1292
Title: USN-7061-1: Go vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7061-1
Priorities: unknown,critical,high,medium
Description:
Hunter Wittenborn discovered that Go incorrectly handled the sanitization
of environment variables. An attacker could possibly use this issue to run
arbitrary commands. (CVE-2023-24531)
Sohom Datta discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and did not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. (CVE-2023-24538)
Juho Nurminen discovered that Go incorrectly handled certain special
characters in directory or file paths. An attacker could possibly use
this issue to inject code into the resulting binaries. (CVE-2023-29402)
Vincent Dehors discovered that Go incorrectly handled permission bits.
An attacker could possibly use this issue to read or write files with
elevated privileges. (CVE-2023-29403)
Juho Nurminen discovered that Go incorrectly handled certain crafted
arguments. An attacker could possibly use this issue to execute arbitrary
code at build time. (CVE-2023-29405)
It was discovered that Go incorrectly validated the contents of host
headers. A remote attacker could possibly use this issue to inject
additional headers or entire requests. (CVE-2023-29406)
Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a
cross-site scripting attack. (CVE-2023-39318, CVE-2023-39319)
It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting in a denial of service.
(CVE-2023-39325)
It was discovered that the Go html/template module did not validate errors
returned from MarshalJSON methods. An attacker could possibly use this
issue to inject arbitrary code into the Go template. (CVE-2024-24785)
CVEs:
- https://ubuntu.com/security/CVE-2023-24531
- https://ubuntu.com/security/CVE-2023-24538
- https://ubuntu.com/security/CVE-2023-29402
- https://ubuntu.com/security/CVE-2023-29403
- https://ubuntu.com/security/CVE-2023-29404
- https://ubuntu.com/security/CVE-2023-29405
- https://ubuntu.com/security/CVE-2023-29406
- https://ubuntu.com/security/CVE-2023-39318
- https://ubuntu.com/security/CVE-2023-39319
- https://ubuntu.com/security/CVE-2023-39325
- https://ubuntu.com/security/CVE-2024-24785
What's Changed
- fix for jammy cis rule 1.6.1.2 by @xtreme-nitin-ravindran in #382
Full Changelog: ubuntu-jammy/v1.318...ubuntu-jammy/v1.613