Advisories: Ubuntu

Here are the latest advisories specifically for Ubuntu Linux:

  • USN-6919-1: Linux kernel vulnerabilities
    Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. (CVE-2024-21823) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Cryptographic API; - DMA engine subsystem; - EFI core; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - NTB driver; - NVME drivers; - Device tree and open firmware driver; - PCI subsystem; - MediaTek PM domains; - Power supply drivers; - S/390 drivers; - SCSI drivers; - Freescale SoC drivers; - SPI subsystem; - Media staging drivers; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - AFS file system; - File systems infrastructure; - BTRFS file system; - EROFS file system; - Ext4 file system; - F2FS file system; - FAT file system; - Network file system client; - Network file system server daemon; - NILFS2 file system; - NTFS3 file system; - Pstore file system; - Diskquota system; - SMB network file system; - UBI file system; - BPF subsystem; - Netfilter; - TLS protocol; - io_uring subsystem; - Core kernel; - PCI iomap interfaces; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - Distributed Switch Architecture; - HSR network protocol; - IPv4 networking; - IPv6 networking; - L2TP protocol; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - Multipath TCP; - Netlink; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Packet sockets; - RDS protocol; - Network traffic control; - SMC sockets; - Sun RPC protocol; - Unix domain sockets; - Wireless networking; - eXpress Data Path; - ALSA SH drivers; - USB sound devices; - KVM core; (CVE-2024-26984, CVE-2024-26838, CVE-2024-26925, CVE-2024-26790, CVE-2024-26955, CVE-2024-27431, CVE-2024-26737, CVE-2024-27044, CVE-2024-26964, CVE-2024-26880, CVE-2024-26926, CVE-2024-26843, CVE-2024-26735, CVE-2024-26881, CVE-2023-52644, CVE-2024-26747, CVE-2024-27405, CVE-2024-26875, CVE-2024-35896, CVE-2024-35829, CVE-2024-26877, CVE-2024-26855, CVE-2024-27414, CVE-2024-35897, CVE-2024-35845, CVE-2024-26601, CVE-2024-35817, CVE-2024-36006, CVE-2024-26957, CVE-2024-27019, CVE-2024-35830, CVE-2024-26977, CVE-2024-26803, CVE-2024-26629, CVE-2024-26994, CVE-2024-27078, CVE-2024-35789, CVE-2023-52641, CVE-2024-27016, CVE-2024-26752, CVE-2024-27028, CVE-2024-26817, CVE-2024-26840, CVE-2024-26969, CVE-2024-26965, CVE-2023-52656, CVE-2024-35973, CVE-2024-35852, CVE-2024-26651, CVE-2024-27432, CVE-2024-27416, CVE-2024-26792, CVE-2024-35877, CVE-2024-26584, CVE-2024-26903, CVE-2024-26951, CVE-2024-36004, CVE-2024-26861, CVE-2024-27412, CVE-2024-26788, CVE-2024-35813, CVE-2024-26931, CVE-2023-52620, CVE-2024-27075, CVE-2024-36008, CVE-2024-35855, CVE-2024-27059, CVE-2024-35806, CVE-2024-26763, CVE-2024-35955, CVE-2024-35936, CVE-2024-26856, CVE-2024-26966, CVE-2024-35969, CVE-2024-35960, CVE-2024-35796, CVE-2024-26810, CVE-2024-26862, CVE-2023-52434, CVE-2024-27046, CVE-2024-26999, CVE-2024-26778, CVE-2023-52497, CVE-2024-35872, CVE-2024-26585, CVE-2024-35978, CVE-2024-35918, CVE-2024-35879, CVE-2024-27388, CVE-2024-26898, CVE-2024-26879, CVE-2024-26882, CVE-2023-52650, CVE-2024-35884, CVE-2024-27396, CVE-2024-35785, CVE-2024-36005, CVE-2024-35989, CVE-2023-52662, CVE-2024-35857, CVE-2024-26828, CVE-2024-27054, CVE-2024-26688, CVE-2024-35997, CVE-2024-26603, CVE-2024-26820, CVE-2024-35915, CVE-2024-35982, CVE-2024-26874, CVE-2024-26801, CVE-2024-26814, CVE-2024-27045, CVE-2024-26897, CVE-2024-35895, CVE-2024-35944, CVE-2024-35804, CVE-2024-26805, CVE-2024-27052, CVE-2024-35851, CVE-2024-35900, CVE-2024-35807, CVE-2024-26816, CVE-2024-26769, CVE-2024-27004, CVE-2024-27001, CVE-2024-27415, CVE-2024-35825, CVE-2024-26777, CVE-2024-27000, CVE-2024-27030, CVE-2024-26878, CVE-2024-26804, CVE-2024-27051, CVE-2024-26934, CVE-2024-27043, CVE-2024-26791, CVE-2024-27009, CVE-2024-26795, CVE-2023-52640, CVE-2024-35893, CVE-2024-35898, CVE-2024-26859, CVE-2024-27393, CVE-2024-26766, CVE-2024-26659, CVE-2024-26642, CVE-2024-26989, CVE-2024-26811, CVE-2024-26846, CVE-2024-26743, CVE-2024-35823, CVE-2024-27076, CVE-2024-26935, CVE-2023-52645, CVE-2024-26813, CVE-2024-26782, CVE-2024-26970, CVE-2024-26915, CVE-2024-27039, CVE-2024-26906, CVE-2024-35791, CVE-2024-35990, CVE-2024-26845, CVE-2024-35805, CVE-2024-35912, CVE-2024-27437, CVE-2024-27436, CVE-2024-26772, CVE-2024-26812, CVE-2024-26754, CVE-2024-26958, CVE-2024-26956, CVE-2024-26749, CVE-2024-27413, CVE-2024-27037, CVE-2023-52447, CVE-2024-27403, CVE-2023-52652, CVE-2024-36025, CVE-2024-26996, CVE-2024-35847, CVE-2022-48808, CVE-2024-26976, CVE-2024-26802, CVE-2024-36020, CVE-2024-27034, CVE-2024-26993, CVE-2024-27065, CVE-2024-35930, CVE-2024-26774, CVE-2024-26872, CVE-2024-26924, CVE-2024-26852, CVE-2024-26923, CVE-2024-26771, CVE-2024-35933, CVE-2024-35925, CVE-2024-26937, CVE-2024-26894, CVE-2024-26839, CVE-2024-35899, CVE-2024-26889, CVE-2024-35958, CVE-2024-35885, CVE-2024-35828, CVE-2024-26870, CVE-2024-26583, CVE-2024-26736, CVE-2024-35938, CVE-2024-26793, CVE-2024-26891, CVE-2024-35910, CVE-2024-26654, CVE-2024-35940, CVE-2024-26851, CVE-2024-35984, CVE-2024-26809, CVE-2024-35819, CVE-2024-35821, CVE-2024-26643, CVE-2024-36029, CVE-2024-35888, CVE-2024-27390, CVE-2024-26773, CVE-2024-26733, CVE-2024-26961, CVE-2024-35822, CVE-2024-35854, CVE-2024-35950, CVE-2024-35970, CVE-2024-27053, CVE-2024-26907, CVE-2024-26776, CVE-2024-26748, CVE-2024-26988, CVE-2024-35935, CVE-2024-26744, CVE-2024-27008, CVE-2024-35905, CVE-2024-26974, CVE-2024-26950, CVE-2024-26787, CVE-2024-27077, CVE-2024-35886, CVE-2024-35907, CVE-2024-27020, CVE-2024-26764, CVE-2024-26835, CVE-2024-35988, CVE-2024-26687, CVE-2024-35809, CVE-2024-35844, CVE-2024-26901, CVE-2024-26848, CVE-2024-26857, CVE-2024-26751, CVE-2024-27074, CVE-2024-26885, CVE-2024-26884, CVE-2024-27410, CVE-2024-35871, CVE-2024-26883, CVE-2023-52699, CVE-2024-35922, CVE-2024-26895, CVE-2024-26798, CVE-2024-26981, CVE-2024-27013, CVE-2024-27419, CVE-2024-26779, CVE-2024-27395, CVE-2024-27015, CVE-2024-35890, CVE-2024-26863, CVE-2024-26922, CVE-2024-27417, CVE-2023-52488, CVE-2024-26929, CVE-2024-26960, CVE-2024-26833, CVE-2024-26750, CVE-2024-27024, CVE-2024-36007, CVE-2024-27047, CVE-2024-35853, CVE-2024-26973, CVE-2024-27038, CVE-2024-35934, CVE-2024-27073, CVE-2024-35849, CVE-2023-52880, CVE-2024-35976)
  • USN-6918-1: Linux kernel vulnerabilities
    It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - Buffer Sharing and Synchronization framework; - GPU drivers; - On-Chip Interconnect management framework; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - Device tree and open firmware driver; - Chrome hardware platform drivers; - i.MX PM domains; - TI SCI PM domains driver; - S/390 drivers; - SCSI drivers; - SPI subsystem; - Thermal drivers; - TTY drivers; - USB subsystem; - Framebuffer layer; - BTRFS file system; - Network file system server daemon; - NILFS2 file system; - File systems infrastructure; - Pstore file system; - SMB network file system; - BPF subsystem; - Bluetooth subsystem; - Netfilter; - io_uring subsystem; - Core kernel; - Extra boot config (XBC); - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Multipath TCP; - NFC subsystem; - RDS protocol; - Network traffic control; - SMC sockets; - Sun RPC protocol; - TLS protocol; - Unix domain sockets; - Wireless networking; - eXpress Data Path; - SELinux security module; (CVE-2024-26988, CVE-2024-36023, CVE-2024-35869, CVE-2024-35938, CVE-2024-27000, CVE-2024-35880, CVE-2024-35915, CVE-2024-35959, CVE-2024-35883, CVE-2024-35886, CVE-2024-35976, CVE-2024-35903, CVE-2024-35980, CVE-2024-27020, CVE-2024-35955, CVE-2024-35964, CVE-2024-26980, CVE-2024-35882, CVE-2024-35927, CVE-2024-35884, CVE-2024-35914, CVE-2024-35905, CVE-2024-26925, CVE-2024-35885, CVE-2024-26990, CVE-2024-27012, CVE-2024-35969, CVE-2024-35862, CVE-2024-35956, CVE-2024-35971, CVE-2024-27022, CVE-2024-35935, CVE-2024-26992, CVE-2024-27010, CVE-2024-35892, CVE-2024-26999, CVE-2024-26989, CVE-2024-35963, CVE-2024-35981, CVE-2024-26997, CVE-2024-35920, CVE-2024-35918, CVE-2024-35933, CVE-2024-35867, CVE-2024-35904, CVE-2024-35890, CVE-2024-35968, CVE-2024-35917, CVE-2024-35897, CVE-2024-26922, CVE-2024-36026, CVE-2024-27013, CVE-2024-26991, CVE-2024-26996, CVE-2024-35873, CVE-2024-26987, CVE-2024-35895, CVE-2024-36027, CVE-2024-35896, CVE-2024-35894, CVE-2024-26983, CVE-2024-35966, CVE-2024-35967, CVE-2024-35945, CVE-2024-27003, CVE-2024-35939, CVE-2024-35861, CVE-2024-26985, CVE-2024-27015, CVE-2024-35982, CVE-2024-35912, CVE-2024-35979, CVE-2024-35879, CVE-2024-26982, CVE-2024-35891, CVE-2024-35925, CVE-2024-35870, CVE-2024-27021, CVE-2024-35866, CVE-2024-27014, CVE-2024-27001, CVE-2024-27004, CVE-2024-35953, CVE-2024-36021, CVE-2024-35931, CVE-2024-27007, CVE-2024-35922, CVE-2024-35872, CVE-2024-35926, CVE-2024-27016, CVE-2024-26984, CVE-2024-35919, CVE-2024-35911, CVE-2024-26923, CVE-2024-35929, CVE-2024-35887, CVE-2024-35893, CVE-2024-35898, CVE-2024-35930, CVE-2024-35934, CVE-2024-35916, CVE-2024-35877, CVE-2024-26926, CVE-2024-35974, CVE-2024-36018, CVE-2024-27002, CVE-2024-35975, CVE-2024-35864, CVE-2024-35958, CVE-2024-35944, CVE-2024-35985, CVE-2024-35940, CVE-2024-35900, CVE-2024-27018, CVE-2024-26936, CVE-2024-36024, CVE-2024-26998, CVE-2024-35954, CVE-2024-35878, CVE-2024-26928, CVE-2024-35952, CVE-2024-36020, CVE-2024-26986, CVE-2024-35950, CVE-2024-35957, CVE-2024-35909, CVE-2024-27005, CVE-2024-35978, CVE-2024-35875, CVE-2024-35943, CVE-2024-35970, CVE-2024-35863, CVE-2024-26993, CVE-2024-35865, CVE-2024-26995, CVE-2024-35888, CVE-2024-35899, CVE-2024-35868, CVE-2023-52699, CVE-2024-26994, CVE-2024-26817, CVE-2024-35902, CVE-2024-35977, CVE-2024-35961, CVE-2024-36025, CVE-2024-35936, CVE-2024-35913, CVE-2024-27017, CVE-2024-35889, CVE-2024-35972, CVE-2024-35901, CVE-2024-26921, CVE-2024-26924, CVE-2024-35951, CVE-2024-35860, CVE-2024-35907, CVE-2024-35910, CVE-2024-36022, CVE-2024-27019, CVE-2024-27009, CVE-2024-26981, CVE-2024-35973, CVE-2024-35965, CVE-2024-36019, CVE-2024-35871, CVE-2024-27008, CVE-2024-26811, CVE-2024-35908, CVE-2024-35921, CVE-2024-35942, CVE-2024-35946, CVE-2024-35924, CVE-2024-27011, CVE-2024-35960, CVE-2024-27006, CVE-2024-35937, CVE-2024-35932)
  • USN-6917-1: Linux kernel vulnerabilities
    Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - DMA engine subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - IRQ chip drivers; - Multiple devices driver; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - Device tree and open firmware driver; - PCI subsystem; - S/390 drivers; - SCSI drivers; - Freescale SoC drivers; - Trusted Execution Environment drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - FAT file system; - Network file system client; - Network file system server daemon; - NILFS2 file system; - Pstore file system; - SMB network file system; - UBI file system; - Netfilter; - BPF subsystem; - Core kernel; - PCI iomap interfaces; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - Distributed Switch Architecture; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - NFC subsystem; - Open vSwitch; - RDS protocol; - Network traffic control; - SMC sockets; - Unix domain sockets; - eXpress Data Path; - Key management; - ALSA SH drivers; - KVM core; (CVE-2024-26993, CVE-2024-26996, CVE-2024-35879, CVE-2024-26812, CVE-2024-26984, CVE-2024-26817, CVE-2024-35950, CVE-2024-26960, CVE-2024-27437, CVE-2024-26964, CVE-2024-27059, CVE-2024-35969, CVE-2024-35936, CVE-2024-35912, CVE-2024-35915, CVE-2024-35938, CVE-2024-27019, CVE-2024-35822, CVE-2024-35997, CVE-2024-35855, CVE-2024-26925, CVE-2024-26654, CVE-2024-26923, CVE-2024-36031, CVE-2024-36020, CVE-2024-35823, CVE-2024-35852, CVE-2024-35989, CVE-2024-27000, CVE-2024-35853, CVE-2024-27013, CVE-2024-35854, CVE-2024-35922, CVE-2024-26937, CVE-2023-52880, CVE-2024-26974, CVE-2024-26629, CVE-2024-35804, CVE-2024-35958, CVE-2024-26814, CVE-2024-35890, CVE-2024-35940, CVE-2024-26999, CVE-2024-35847, CVE-2024-27015, CVE-2024-26687, CVE-2024-26970, CVE-2024-35930, CVE-2024-26813, CVE-2024-26810, CVE-2024-26969, CVE-2024-26977, CVE-2024-26956, CVE-2024-35901, CVE-2024-27020, CVE-2024-35905, CVE-2024-35785, CVE-2024-27009, CVE-2024-35877, CVE-2024-35893, CVE-2024-26989, CVE-2024-26642, CVE-2024-35857, CVE-2024-35935, CVE-2024-26828, CVE-2024-26965, CVE-2024-35888, CVE-2024-35900, CVE-2024-26951, CVE-2024-35809, CVE-2024-27008, CVE-2024-26958, CVE-2024-35973, CVE-2024-26935, CVE-2024-26934, CVE-2024-35982, CVE-2023-52488, CVE-2024-35884, CVE-2024-35907, CVE-2024-27018, CVE-2024-26929, CVE-2024-35984, CVE-2024-35899, CVE-2024-26976, CVE-2024-26922, CVE-2024-35817, CVE-2024-26961, CVE-2024-35925, CVE-2024-35821, CVE-2024-36005, CVE-2024-35988, CVE-2024-35970, CVE-2024-27001, CVE-2024-35960, CVE-2022-48808, CVE-2024-35927, CVE-2024-35806, CVE-2024-27016, CVE-2024-35897, CVE-2024-26957, CVE-2024-36025, CVE-2024-35872, CVE-2024-26988, CVE-2024-35819, CVE-2024-35896, CVE-2024-36007, CVE-2024-35944, CVE-2024-35990, CVE-2024-36006, CVE-2024-36004, CVE-2024-35955, CVE-2024-35898, CVE-2024-26973, CVE-2024-26950, CVE-2024-36008, CVE-2024-35805, CVE-2024-35807, CVE-2024-35934, CVE-2024-26926, CVE-2024-35902, CVE-2024-35918, CVE-2024-35895, CVE-2024-35978, CVE-2024-35849, CVE-2024-35791, CVE-2024-26931, CVE-2024-35886, CVE-2024-26981, CVE-2024-27395, CVE-2024-35815, CVE-2024-26994, CVE-2024-35825, CVE-2024-35789, CVE-2024-35813, CVE-2024-35885, CVE-2024-35851, CVE-2024-35796, CVE-2023-52699, CVE-2024-35871, CVE-2024-26811, CVE-2024-26966, CVE-2024-35976, CVE-2024-26955, CVE-2024-36029, CVE-2024-27396, CVE-2024-27004, CVE-2024-27393, CVE-2024-35910, CVE-2024-35933)
  • USN-6915-1: poppler vulnerability
    It was discovered that poppler incorrectly handled certain malformed PDF. An attacker could possibly use this issue to cause a denial of service.
  • USN-6914-1: OCS Inventory vulnerability
    Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.
  • USN-6913-1: phpCAS vulnerability
    Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class. For more information please refer to the section "Upgrading 1.5.0 -> 1.6.0" of the phpCAS upgrading document: https://github.com/apereo/phpCAS/blob/master/docs/Upgrading
  • USN-6912-1: provd vulnerability
    James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.
  • USN-6906-1: python-zipp vulnerability
    It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.
  • USN-6910-1: Apache ActiveMQ vulnerabilities
    Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7559) Peter Stöckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-11775) Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache ActiveMQ incorrectly handled authentication in certain functions. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920) Gregor Tudan discovered that Apache ActiveMQ incorrectly handled LDAP authentication. A remote attacker could possibly use this issue to acquire unauthenticated access. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117) It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2022-41678) It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run arbitrary shell commands. (CVE-2023-46604)
  • USN-6530-2: HAProxy vulnerability
    Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character (#). A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.
  • More...

One thought on “Advisories: Ubuntu

  1. Hello !J aimerais svaoir, j ai essaye9 en machine virtuel et me manque l onglet administration, est-ce a cause de la VM ou bien c est Gnome 3.0 ?Merci 😉

Tell me what you are thinking?