USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

USN-6909-2: Bind vulnerabilities

USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possib...

USN-6926-2: Linux kernel vulnerabilities

黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...

USN-6942-1: Gross vulnerability

It was discovered that Gross incorrectly handled memory when composing log entries. An attacker could possibly use this issue to cause Gross to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-6922-2: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Chenyuan Yang discovered...

USN-6941-1: Python vulnerability

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies...

USN-6940-1: snapd vulnerabilities

Neil McPhail discovered that snapd did not properly restrict writes to the $HOME/bin path in the AppArmor profile for snaps using the home plug. An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. CVE-2024-1724 Zeyad Gouda...

USN-6939-1: Exim vulnerability

Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...

USN-6936-1: Apache Commons Collections vulnerability

It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...

USN-6913-2: phpCAS vulnerability

USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacke...

USN-6938-1: Linux kernel vulnerabilities

It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service system crash. CVE-2022-48619 黄思聪 discovered that the NFC Controller Interface NCI...

USN-6937-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when certain non-default TLS server configurations were in use. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2024-2511 It was discovered that OpenSSL...

USN-6935-1: Prometheus Alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

USN-6934-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new...

USN-6933-1: ClickHouse vulnerabilities

It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cause a denial of service, or leak sensitive information. CVE-2021-42387, CVE-2021-41388 It was discovered that ClickHouse incorrectly handled...

USN-6932-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

USN-6931-1: OpenJDK 17 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 17 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

USN-6930-1: OpenJDK 11 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 11 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

USN-6929-1: OpenJDK 8 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 8 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

USN-6928-1: Python vulnerabilities

It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. CVE-2024-0397 It was discovered...

USN-6924-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM SCMI message protocol; - InfiniBand drivers; - TTY drivers; - TLS protocol; CVE-2022-48655, CVE-2024-36016,...

USN-6927-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6923-2: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6921-2: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6926-1: Linux kernel vulnerabilities

黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...

USN-6925-1: Linux kernel vulnerability

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - IPv4 networking; CVE-2024-26882...

USN-6924-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM SCMI message protocol; - InfiniBand drivers; - TTY drivers; - TLS protocol; CVE-2024-26584, CVE-2024-36016,...

USN-6921-1: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6923-1: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6922-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Chenyuan Yang discovered...

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

USN-6920-1: EDK II vulnerabilities

It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. CVE-2017-5731 It was discovered that EDK II had an insufficient...

USN-6919-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 It was discovered that the ATA over...

USN-6918-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker...

USN-6917-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6200-2: ImageMagick vulnerabilities

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected...

USN-6915-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain malformed PDF. An attacker could possibly use this issue to cause a denial of service...

USN-6914-1: OCS Inventory vulnerability

Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account...

USN-6913-1: phpCAS vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

USN-6912-1: provd vulnerability

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges...

USN-6906-1: python-zipp vulnerability

It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service...

USN-6910-1: Apache ActiveMQ vulnerabilities

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2015-7559 Peter Stöckli discovered that Apache ActiveMQ...

USN-6530-2: HAProxy vulnerability

Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain pathend rules...

USN-6911-1: Nova vulnerability

Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...

USN-6907-1: Squid vulnerability

Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes ESI processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service...

USN-6909-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. CVE-2024-0760 Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large numb...

USN-6908-1: Tomcat vulnerabilities

It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore...

USN-6898-4: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

USN-6893-3: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Several security issues we...

USN-6896-5: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...