[USN-6768-1] GLib vulnerability
[USN-6769-1] Spreadsheet::ParseXLSX vulnerabilities
[USN-6770-1] Fossil regression
[USN-6768-1] GLib vulnerability
==========================================================================
Ubuntu Security Notice USN-6768-1
May 09, 2024
glib2.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
GLib could be made to accept spoofed D-Bus signals.
Software Description:
- glib2.0: GLib library of C routines
Details:
Alicia Boya García discovered that GLib incorrectly handled signal
subscriptions. A local attacker could use this issue to spoof D-Bus signals
resulting in a variety of impacts including possible privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libglib2.0-0t64 2.80.0-6ubuntu3.1
libglib2.0-bin 2.80.0-6ubuntu3.1
Ubuntu 23.10
libglib2.0-0 2.78.0-2ubuntu0.1
libglib2.0-bin 2.78.0-2ubuntu0.1
Ubuntu 22.04 LTS
libglib2.0-0 2.72.4-0ubuntu2.3
libglib2.0-bin 2.72.4-0ubuntu2.3
Ubuntu 20.04 LTS
libglib2.0-0 2.64.6-1~ubuntu20.04.7
libglib2.0-bin 2.64.6-1~ubuntu20.04.7
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6768-1
CVE-2024-34397
Package Information:
https://launchpad.net/ubuntu/+source/glib2.0/2.80.0-6ubuntu3.1
https://launchpad.net/ubuntu/+source/glib2.0/2.78.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/glib2.0/2.72.4-0ubuntu2.3
https://launchpad.net/ubuntu/+source/glib2.0/2.64.6-1~ubuntu20.04.7
[USN-6769-1] Spreadsheet::ParseXLSX vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6769-1
May 09, 2024
libspreadsheet-parsexlsx-perl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in libspreadsheet-parsexlsx-perl.
Software Description:
- libspreadsheet-parsexlsx-perl: Perl module to parse XLSX files
Details:
Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage
memory during cell merge operations. An attacker could possibly use this
issue to consume large amounts of memory, resulting in a denial of service
condition. (CVE-2024-22368)
An Pham discovered that Spreadsheet::ParseXLSX allowed the processing of
external entities in a default configuration. An attacker could possibly
use this vulnerability to execute an XML External Entity (XXE) injection
attack. (CVE-2024-23525)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10
libspreadsheet-parsexlsx-perl 0.27-3+deb12u2build0.23.10.1
Ubuntu 22.04 LTS
libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u2build0.22.04.1
Ubuntu 20.04 LTS
libspreadsheet-parsexlsx-perl 0.27-2+deb10u1build0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6769-1
CVE-2024-22368, CVE-2024-23525
Package Information:
https://launchpad.net/ubuntu/+source/libspreadsheet-parsexlsx-perl/0.27-3+deb12u2build0.23.10.1
https://launchpad.net/ubuntu/+source/libspreadsheet-parsexlsx-perl/0.27-2.1+deb11u2build0.22.04.1
https://launchpad.net/ubuntu/+source/libspreadsheet-parsexlsx-perl/0.27-2+deb10u1build0.20.04.1
[USN-6770-1] Fossil regression
==========================================================================
Ubuntu Security Notice USN-6770-1
May 09, 2024
fossil regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Fossil regression
Software Description:
- fossil: DSCM with built-in wiki, http interface and server, tickets datab
Details:
USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The
update lead to the discovery of a regression in Fossil with
regards to the handling of POST requests that do not have a
Content-Length field set. This update fixes the problem.
We apologize for the inconvenience.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
fossil 1:2.23-1ubuntu0.1
Ubuntu 23.10
fossil 1:2.22-1ubuntu0.1
Ubuntu 22.04 LTS
fossil 1:2.18-1ubuntu0.1
Ubuntu 20.04 LTS
fossil 1:2.10-1ubuntu0.1
Ubuntu 18.04 LTS
fossil 1:2.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
fossil 1:1.33-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6770-1
https://launchpad.net/bugs/2064509
Package Information:
https://launchpad.net/ubuntu/+source/fossil/1:2.23-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.22-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.18-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.10-1ubuntu0.1
