ubuntu jammy v1.486
Metadata:
BOSH Agent Version: 2.663.0
Kernel Version: 5.15.0.113.113
USNs:
Title: USN-6847-1: libheif vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6847-1
Priorities: medium
Description:
It was discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-11471)
Reza Mirzazade Farkhani discovered that libheif incorrectly handled
certain image data. An attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-23109)
Eugene Lim discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)
Min Jang discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-29659)
Yuchuan Meng discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 23.10.
(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)
CVEs:
- https://ubuntu.com/security/CVE-2019-11471
- https://ubuntu.com/security/CVE-2020-23109
- https://ubuntu.com/security/CVE-2023-0996
- https://ubuntu.com/security/CVE-2023-29659
- https://ubuntu.com/security/CVE-2023-49460
- https://ubuntu.com/security/CVE-2023-49462
- https://ubuntu.com/security/CVE-2023-49463
- https://ubuntu.com/security/CVE-2023-49464
- https://ubuntu.com/security/CVE-2023-49463
- https://ubuntu.com/security/CVE-2020-23109
- https://ubuntu.com/security/CVE-2023-49464
- https://ubuntu.com/security/CVE-2023-29659
- https://ubuntu.com/security/CVE-2023-49462
- https://ubuntu.com/security/CVE-2019-11471
- https://ubuntu.com/security/CVE-2023-49460
- https://ubuntu.com/security/CVE-2023-0996
Title: USN-6842-1: gdb vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6842-1
Priorities: low
Description:
It was discovered that gdb incorrectly handled certain memory operations
when parsing an ELF file. An attacker could possibly use this issue
to cause a denial of service. This issue is the result of an
incomplete fix for CVE-2020-16599. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-4285)
It was discovered that gdb incorrectly handled memory leading
to a heap based buffer overflow. An attacker could use this
issue to cause a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-1972)
It was discovered that gdb incorrectly handled memory leading
to a stack overflow. An attacker could possibly use this issue
to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39128)
It was discovered that gdb had a use after free vulnerability
under certain circumstances. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2023-39129)
It was discovered that gdb incorrectly handled memory leading to a
heap based buffer overflow. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39130)
CVEs:
- https://ubuntu.com/security/CVE-2020-16599
- https://ubuntu.com/security/CVE-2022-4285
- https://ubuntu.com/security/CVE-2023-1972
- https://ubuntu.com/security/CVE-2023-39128
- https://ubuntu.com/security/CVE-2023-39129
- https://ubuntu.com/security/CVE-2023-39130
Title: USN-6809-1: BlueZ vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6809-1
Priorities: low,medium
Description:
It was discovered that BlueZ could be made to dereference invalid memory.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3563)
It was discovered that BlueZ could be made to write out of bounds. If a
user were tricked into connecting to a malicious device, an attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2023-27349)
CVEs:
- https://ubuntu.com/security/CVE-2022-3563
- https://ubuntu.com/security/CVE-2023-27349
- https://ubuntu.com/security/CVE-2023-27349
- https://ubuntu.com/security/CVE-2022-3563
Title: USN-6846-1: Ansible vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6846-1
Priorities: medium
Description:
It was discovered that Ansible incorrectly handled certain inputs when using
tower_callback parameter. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)
It was discovered that Ansible incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a Template Injection.
(CVE-2023-5764)
CVEs:
- https://ubuntu.com/security/CVE-2022-3697
- https://ubuntu.com/security/CVE-2023-5764
- https://ubuntu.com/security/CVE-2023-5764
- https://ubuntu.com/security/CVE-2022-3697
Title: USN-6854-1: OpenSSL vulnerability
URL: https://ubuntu.com/security/notices/USN-6854-1
Priorities: medium
Description:
It was discovered that OpenSSL failed to choose an appropriately short
private key size when computing shared-secrets in the Diffie-Hellman Key
Agreement Protocol. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, resulting in a denial of service.
CVEs:
Title: USN-6851-1: Netplan vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6851-1
Priorities: medium
Description:
Andreas Hasenack discovered that netplan incorrectly handled the permissions
for netdev files containing wireguard configuration. An attacker could use this to obtain
wireguard secret keys.
It was discovered that netplan configuration could be manipulated into injecting
arbitrary commands while setting up network interfaces. An attacker could
use this to execute arbitrary commands or escalate privileges.
CVEs:
Title: USN-6822-1: Node.js vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6822-1
Priorities: medium
Description:
It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)
It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a privilege escalation. (CVE-2023-32559)
CVEs:
- https://ubuntu.com/security/CVE-2023-32002
- https://ubuntu.com/security/CVE-2023-32006
- https://ubuntu.com/security/CVE-2023-32559
- https://ubuntu.com/security/CVE-2023-32002
- https://ubuntu.com/security/CVE-2023-32559
- https://ubuntu.com/security/CVE-2023-32006
Title: USN-6800-1: browserify-sign vulnerability
URL: https://ubuntu.com/security/notices/USN-6800-1
Priorities: medium
Description:
It was discovered that browserify-sign incorrectly handled an upper bound check
in signature verification. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a signature forgery attack.
CVEs:
Title: LSN-0104-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0104-1
Priorities: high
Description:
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that are
not yet active.(CVE-2024-26581)
In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a bigger maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes.(CVE-2024-26597)
CVEs:
- https://ubuntu.com/security/CVE-2023-6270
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2024-26581
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2023-6270
- https://ubuntu.com/security/CVE-2023-51781
- https://ubuntu.com/security/CVE-2024-26597
- https://ubuntu.com/security/CVE-2024-26581
Title: USN-6819-4: Linux kernel (Oracle) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6819-4
Priorities: medium,low,high,negligible
Description:
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- Core kernel;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Drivers core;
- Power management core;
- Bus devices;
- Device frequency scaling framework;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCMI message protocol;
- GPU drivers;
- IIO ADC drivers;
- InfiniBand drivers;
- IOMMU subsystem;
- Media drivers;
- Multifunction device drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- Device tree and open firmware driver;
- PCI driver for MicroSemi Switchtec;
- Power supply drivers;
- RPMSG subsystem;
- SCSI drivers;
- QCOM SoC drivers;
- SPMI drivers;
- Thermal drivers;
- TTY drivers;
- VFIO drivers;
- BTRFS file system;
- Ceph distributed file system;
- EFI Variable file system;
- EROFS file system;
- Ext4 file system;
- F2FS file system;
- GFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system server daemon;
- File systems infrastructure;
- Pstore file system;
- ReiserFS file system;
- SMB network file system;
- BPF subsystem;
- Memory management;
- TLS protocol;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NetLabel subsystem;
- Network traffic control;
- SMC sockets;
- Sun RPC protocol;
- AppArmor security module;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,
CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,
CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,
CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,
CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,
CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,
CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,
CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,
CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,
CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,
CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,
CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,
CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,
CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,
CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,
CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,
CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,
CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,
CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,
CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,
CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,
CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,
CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,
CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,
CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,
CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,
CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,
CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,
CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,
CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,
CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,
CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,
CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,
CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,
CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,
CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)
CVEs: - https://ubuntu.com/security/CVE-2023-6356
- https://ubuntu.com/security/CVE-2023-6535
- https://ubuntu.com/security/CVE-2023-6536
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2023-52612
- https://ubuntu.com/security/CVE-2024-26808
- https://ubuntu.com/security/CVE-2023-52691
- https://ubuntu.com/security/CVE-2023-52618
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2024-26668
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2024-26670
- https://ubuntu.com/security/CVE-2024-26646
- https://ubuntu.com/security/CVE-2023-52472
- https://ubuntu.com/security/CVE-2024-26586
- https://ubuntu.com/security/CVE-2023-52681
- https://ubuntu.com/security/CVE-2023-52453
- https://ubuntu.com/security/CVE-2023-52611
- https://ubuntu.com/security/CVE-2023-52622
- https://ubuntu.com/security/CVE-2024-26641
- https://ubuntu.com/security/CVE-2023-52616
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2024-26620
- https://ubuntu.com/security/CVE-2023-52692
- https://ubuntu.com/security/CVE-2024-26669
- https://ubuntu.com/security/CVE-2023-52623
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2024-26616
- https://ubuntu.com/security/CVE-2024-26610
- https://ubuntu.com/security/CVE-2024-35839
- https://ubuntu.com/security/CVE-2023-52490
- https://ubuntu.com/security/CVE-2023-52672
- https://ubuntu.com/security/CVE-2024-26612
- https://ubuntu.com/security/CVE-2023-52617
- https://ubuntu.com/security/CVE-2023-52697
- https://ubuntu.com/security/CVE-2024-26644
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-35841
- https://ubuntu.com/security/CVE-2023-52664
- https://ubuntu.com/security/CVE-2023-52635
- https://ubuntu.com/security/CVE-2023-52676
- https://ubuntu.com/security/CVE-2023-52669
- https://ubuntu.com/security/CVE-2024-26632
- https://ubuntu.com/security/CVE-2023-52486
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52608
- https://ubuntu.com/security/CVE-2024-26634
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2024-26618
- https://ubuntu.com/security/CVE-2024-26640
- https://ubuntu.com/security/CVE-2023-52489
- https://ubuntu.com/security/CVE-2023-52675
- https://ubuntu.com/security/CVE-2023-52678
- https://ubuntu.com/security/CVE-2024-26583
- https://ubuntu.com/security/CVE-2023-52693
- https://ubuntu.com/security/CVE-2023-52498
- https://ubuntu.com/security/CVE-2024-26649
- https://ubuntu.com/security/CVE-2023-52670
- https://ubuntu.com/security/CVE-2023-52473
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52667
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2023-52686
- https://ubuntu.com/security/CVE-2024-26633
- https://ubuntu.com/security/CVE-2023-52666
- https://ubuntu.com/security/CVE-2024-35840
- https://ubuntu.com/security/CVE-2024-26629
- https://ubuntu.com/security/CVE-2024-26595
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52687
- https://ubuntu.com/security/CVE-2023-52465
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2023-52493
- https://ubuntu.com/security/CVE-2023-52491
- https://ubuntu.com/security/CVE-2024-26636
- https://ubuntu.com/security/CVE-2024-26584
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2023-52633
- https://ubuntu.com/security/CVE-2023-52696
- https://ubuntu.com/security/CVE-2024-26585
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2024-35838
- https://ubuntu.com/security/CVE-2024-26645
- https://ubuntu.com/security/CVE-2023-52591
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52609
- https://ubuntu.com/security/CVE-2024-26608
- https://ubuntu.com/security/CVE-2023-52450
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52495
- https://ubuntu.com/security/CVE-2023-52626
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2023-52680
- https://ubuntu.com/security/CVE-2023-52632
- https://ubuntu.com/security/CVE-2024-26582
- https://ubuntu.com/security/CVE-2024-35837
- https://ubuntu.com/security/CVE-2023-52494
- https://ubuntu.com/security/CVE-2023-52614
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52698
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2024-26615
- https://ubuntu.com/security/CVE-2023-52452
- https://ubuntu.com/security/CVE-2023-52492
- https://ubuntu.com/security/CVE-2024-26647
- https://ubuntu.com/security/CVE-2023-52468
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2023-52621
- https://ubuntu.com/security/CVE-2024-26638
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2024-26673
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52677
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2024-26623
- https://ubuntu.com/security/CVE-2023-52488
- https://ubuntu.com/security/CVE-2023-52497
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2024-26607
- https://ubuntu.com/security/CVE-2023-52610
- https://ubuntu.com/security/CVE-2024-35842
- https://ubuntu.com/security/CVE-2023-52690
- https://ubuntu.com/security/CVE-2023-52683
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2024-26671
- https://ubuntu.com/security/CVE-2023-52455
- https://ubuntu.com/security/CVE-2023-52679
- https://ubuntu.com/security/CVE-2024-26598
- https://ubuntu.com/security/CVE-2023-52674
- https://ubuntu.com/security/CVE-2023-52627
- https://ubuntu.com/security/CVE-2023-52619
- https://ubuntu.com/security/CVE-2023-52487
- https://ubuntu.com/security/CVE-2023-52446
- https://ubuntu.com/security/CVE-2024-35835
- https://ubuntu.com/security/CVE-2023-52682
- https://ubuntu.com/security/CVE-2023-52685
- https://ubuntu.com/security/CVE-2023-52694
- https://ubuntu.com/security/CVE-2024-26631
- https://ubuntu.com/security/CVE-2023-52599
- https://ubuntu.com/security/CVE-2023-52453
- https://ubuntu.com/security/CVE-2023-52462
- https://ubuntu.com/security/CVE-2023-52598
- https://ubuntu.com/security/CVE-2024-35835
- https://ubuntu.com/security/CVE-2023-52681
- https://ubuntu.com/security/CVE-2023-52454
- https://ubuntu.com/security/CVE-2024-26608
- https://ubuntu.com/security/CVE-2023-52607
- https://ubuntu.com/security/CVE-2024-26623
- https://ubuntu.com/security/CVE-2023-52486
- https://ubuntu.com/security/CVE-2023-52686
- https://ubuntu.com/security/CVE-2024-26584
- https://ubuntu.com/security/CVE-2023-52627
- https://ubuntu.com/security/CVE-2023-52467
- https://ubuntu.com/security/CVE-2023-52458
- https://ubuntu.com/security/CVE-2024-35839
- https://ubuntu.com/security/CVE-2023-52593
- https://ubuntu.com/security/CVE-2023-52498
- https://ubuntu.com/security/CVE-2023-52465
- https://ubuntu.com/security/CVE-2024-26610
- https://ubuntu.com/security/CVE-2023-52677
- https://ubuntu.com/security/CVE-2023-52635
- https://ubuntu.com/security/CVE-2024-26583
- https://ubuntu.com/security/CVE-2024-26616
- https://ubuntu.com/security/CVE-2023-52455
- https://ubuntu.com/security/CVE-2023-52464
- https://ubuntu.com/security/CVE-2023-52446
- https://ubuntu.com/security/CVE-2024-26638
- https://ubuntu.com/security/CVE-2023-52691
- https://ubuntu.com/security/CVE-2023-52608
- https://ubuntu.com/security/CVE-2023-52618
- https://ubuntu.com/security/CVE-2023-52470
- https://ubuntu.com/security/CVE-2024-26641
- https://ubuntu.com/security/CVE-2023-52588
- https://ubuntu.com/security/CVE-2024-26598
- https://ubuntu.com/security/CVE-2023-52447
- https://ubuntu.com/security/CVE-2023-52469
- https://ubuntu.com/security/CVE-2023-52583
- https://ubuntu.com/security/CVE-2023-52696
- https://ubuntu.com/security/CVE-2023-52616
- https://ubuntu.com/security/CVE-2023-52685
- https://ubuntu.com/security/CVE-2024-24860
- https://ubuntu.com/security/CVE-2023-52584
- https://ubuntu.com/security/CVE-2023-52489
- https://ubuntu.com/security/CVE-2023-52683
- https://ubuntu.com/security/CVE-2023-52495
- https://ubuntu.com/security/CVE-2023-52670
- https://ubuntu.com/security/CVE-2024-26668
- https://ubuntu.com/security/CVE-2024-26634
- https://ubuntu.com/security/CVE-2023-52457
- https://ubuntu.com/security/CVE-2023-52609
- https://ubuntu.com/security/CVE-2024-26625
- https://ubuntu.com/security/CVE-2023-52621
- https://ubuntu.com/security/CVE-2024-26632
- https://ubuntu.com/security/CVE-2023-52451
- https://ubuntu.com/security/CVE-2023-52606
- https://ubuntu.com/security/CVE-2024-26594
- https://ubuntu.com/security/CVE-2023-6356
- https://ubuntu.com/security/CVE-2023-52594
- https://ubuntu.com/security/CVE-2024-26646
- https://ubuntu.com/security/CVE-2023-52632
- https://ubuntu.com/security/CVE-2023-52597
- https://ubuntu.com/security/CVE-2023-52491
- https://ubuntu.com/security/CVE-2023-52619
- https://ubuntu.com/security/CVE-2024-26615
- https://ubuntu.com/security/CVE-2023-52468
- https://ubuntu.com/security/CVE-2023-52587
- https://ubuntu.com/security/CVE-2024-26618
- https://ubuntu.com/security/CVE-2023-52626
- https://ubuntu.com/security/CVE-2024-26645
- https://ubuntu.com/security/CVE-2023-6535
- https://ubuntu.com/security/CVE-2023-52589
- https://ubuntu.com/security/CVE-2023-52612
- https://ubuntu.com/security/CVE-2024-26582
- https://ubuntu.com/security/CVE-2023-52443
- https://ubuntu.com/security/CVE-2023-52611
- https://ubuntu.com/security/CVE-2023-52617
- https://ubuntu.com/security/CVE-2024-26673
- https://ubuntu.com/security/CVE-2023-52463
- https://ubuntu.com/security/CVE-2024-26670
- https://ubuntu.com/security/CVE-2023-52494
- https://ubuntu.com/security/CVE-2024-26649
- https://ubuntu.com/security/CVE-2023-52692
- https://ubuntu.com/security/CVE-2024-26640
- https://ubuntu.com/security/CVE-2023-52488
- https://ubuntu.com/security/CVE-2023-52690
- https://ubuntu.com/security/CVE-2024-26629
- https://ubuntu.com/security/CVE-2024-26808
- https://ubuntu.com/security/CVE-2023-52669
- https://ubuntu.com/security/CVE-2024-26633
- https://ubuntu.com/security/CVE-2024-26607
- https://ubuntu.com/security/CVE-2024-26671
- https://ubuntu.com/security/CVE-2023-52698
- https://ubuntu.com/security/CVE-2023-52672
- https://ubuntu.com/security/CVE-2024-26631
- https://ubuntu.com/security/CVE-2023-52666
- https://ubuntu.com/security/CVE-2023-52591
- https://ubuntu.com/security/CVE-2023-52614
- https://ubuntu.com/security/CVE-2024-26585
- https://ubuntu.com/security/CVE-2024-26612
- https://ubuntu.com/security/CVE-2024-35837
- https://ubuntu.com/security/CVE-2023-52472
- https://ubuntu.com/security/CVE-2023-52674
- https://ubuntu.com/security/CVE-2023-52694
- https://ubuntu.com/security/CVE-2023-52449
- https://ubuntu.com/security/CVE-2023-52678
- https://ubuntu.com/security/CVE-2023-52450
- https://ubuntu.com/security/CVE-2023-52676
- https://ubuntu.com/security/CVE-2023-52490
- https://ubuntu.com/security/CVE-2023-52487
- https://ubuntu.com/security/CVE-2023-52497
- https://ubuntu.com/security/CVE-2024-35840
- https://ubuntu.com/security/CVE-2024-23849
- https://ubuntu.com/security/CVE-2023-52493
- https://ubuntu.com/security/CVE-2024-26586
- https://ubuntu.com/security/CVE-2023-52473
- https://ubuntu.com/security/CVE-2024-26647
- https://ubuntu.com/security/CVE-2023-52664
- https://ubuntu.com/security/CVE-2024-35838
- https://ubuntu.com/security/CVE-2023-52444
- https://ubuntu.com/security/CVE-2024-35842
- https://ubuntu.com/security/CVE-2024-26636
- https://ubuntu.com/security/CVE-2024-26595
- https://ubuntu.com/security/CVE-2023-52675
- https://ubuntu.com/security/CVE-2023-52633
- https://ubuntu.com/security/CVE-2023-6536
- https://ubuntu.com/security/CVE-2024-26644
- https://ubuntu.com/security/CVE-2023-52456
- https://ubuntu.com/security/CVE-2024-35841
- https://ubuntu.com/security/CVE-2023-52610
- https://ubuntu.com/security/CVE-2023-52622
- https://ubuntu.com/security/CVE-2023-52445
- https://ubuntu.com/security/CVE-2023-52492
- https://ubuntu.com/security/CVE-2023-52595
- https://ubuntu.com/security/CVE-2023-52680
- https://ubuntu.com/security/CVE-2023-52623
- https://ubuntu.com/security/CVE-2023-52448
- https://ubuntu.com/security/CVE-2023-52679
- https://ubuntu.com/security/CVE-2023-52693
- https://ubuntu.com/security/CVE-2024-26620
- https://ubuntu.com/security/CVE-2023-52687
- https://ubuntu.com/security/CVE-2024-26669
- https://ubuntu.com/security/CVE-2023-52682
- https://ubuntu.com/security/CVE-2024-26627
- https://ubuntu.com/security/CVE-2023-52452
- https://ubuntu.com/security/CVE-2023-52697
- https://ubuntu.com/security/CVE-2024-26592
- https://ubuntu.com/security/CVE-2023-52667
Title: USN-6805-1: libarchive vulnerability
URL: https://ubuntu.com/security/notices/USN-6805-1
Priorities: medium
Description:
It was discovered that libarchive incorrectly handled certain RAR archive files.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
CVEs:
Title: USN-6844-1: CUPS vulnerability
URL: https://ubuntu.com/security/notices/USN-6844-1
Priorities: medium
Description:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.
CVEs:
Title: USN-6801-1: PyMySQL vulnerability
URL: https://ubuntu.com/security/notices/USN-6801-1
Priorities: medium
Description:
It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An
attacker could possibly use this issue to perform SQL injection attacks.
CVEs:
Title: USN-6843-1: Plasma Workspace vulnerability
URL: https://ubuntu.com/security/notices/USN-6843-1
Priorities: medium
Description:
Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user's session manager and execute arbitrary code.
CVEs:
Title: USN-6852-1: Wget vulnerability
URL: https://ubuntu.com/security/notices/USN-6852-1
Priorities: medium
Description:
It was discovered that Wget incorrectly handled semicolons in the userinfo
subcomponent of a URI. A remote attacker could possibly trick a user into
connecting to a different host than expected.
CVEs:
Title: USN-6798-1: GStreamer Base Plugins vulnerability
URL: https://ubuntu.com/security/notices/USN-6798-1
Priorities: medium
Description:
It was discovered that GStreamer Base Plugins incorrectly handled certain
EXIF metadata. An attacker could possibly use this issue to execute arbitrary
code or cause a crash.
CVEs:
Title: USN-6859-1: OpenSSH vulnerability
URL: https://ubuntu.com/security/notices/USN-6859-1
Priorities: high
Description:
It was discovered that OpenSSH incorrectly handled signal management. A
remote attacker could use this issue to bypass authentication and remotely
access systems without proper credentials.
CVEs:
What's Changed
New Contributors
Full Changelog: ubuntu-jammy/v1.351...ubuntu-jammy/v1.486