[USN-7068-1] ImageMagick vulnerabilities
[USN-7069-1] Linux kernel vulnerabilities
[USN-7064-1] nano vulnerability
[USN-7068-1] ImageMagick vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7068-1
October 15, 2024
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain
malformed image files. If a user or automated system using ImageMagick
were tricked into processing a specially crafted file, an attacker could
exploit this to cause a denial of service or affect the reliability of the
system. The vulnerabilities included memory leaks, buffer overflows, and
improper handling of pixel data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libimage-magick-perl 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm11
Available with Ubuntu Pro
Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm11
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7068-1
( https://ubuntu.com/security/notices/USN-7068-1)
CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2020-19667,
CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674,
CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27753,
CVE-2020-27754, CVE-2020-27755, CVE-2020-27758, CVE-2020-27759,
CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763,
CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767,
CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771,
CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775,
CVE-2020-27776
[USN-7069-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7069-1
October 15, 2024
linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- Cryptographic API;
- CPU frequency scaling framework;
- HW tracing;
- ISDN/mISDN subsystem;
- Media drivers;
- Network drivers;
- NVME drivers;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- VFIO drivers;
- Watchdog drivers;
- JFS file system;
- IRQ subsystem;
- Core kernel;
- Memory management;
- Amateur Radio drivers;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- Network traffic control;
- TIPC protocol;
- XFRM subsystem;
- Integrity Measurement Architecture(IMA) framework;
- SoC Audio for Freescale CPUs drivers;
- USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1136-oracle 4.15.0-1136.147
Available with Ubuntu Pro
linux-image-4.15.0-1157-kvm 4.15.0-1157.162
Available with Ubuntu Pro
linux-image-4.15.0-1167-gcp 4.15.0-1167.184
Available with Ubuntu Pro
linux-image-4.15.0-1174-aws 4.15.0-1174.187
Available with Ubuntu Pro
linux-image-4.15.0-1182-azure 4.15.0-1182.197
Available with Ubuntu Pro
linux-image-4.15.0-230-generic 4.15.0-230.242
Available with Ubuntu Pro
linux-image-4.15.0-230-lowlatency 4.15.0-230.242
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1174.172
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1182.150
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1167.180
Available with Ubuntu Pro
linux-image-generic 4.15.0.230.214
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1157.148
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.230.214
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1136.141
Available with Ubuntu Pro
linux-image-virtual 4.15.0.230.214
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1136-oracle 4.15.0-1136.147~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1167-gcp 4.15.0-1167.184~16.04.2
Available with Ubuntu Pro
linux-image-4.15.0-1174-aws 4.15.0-1174.187~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-230-generic 4.15.0-230.242~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-230-lowlatency 4.15.0-230.242~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1174.187~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1167.184~16.04.2
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1167.184~16.04.2
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1136.147~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7069-1
CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,
CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,
CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,
CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,
CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,
CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,
CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,
CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,
CVE-2024-44940, CVE-2024-45016, CVE-2024-46673
[USN-7064-1] nano vulnerability
==========================================================================
Ubuntu Security Notice USN-7064-1
October 15, 2024
nano vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
nano could be made to give users administrator privileges.
Software Description:
- nano: small, friendly text editor inspired by Pico
Details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
nano 7.2-2ubuntu0.1
Ubuntu 22.04 LTS
nano 6.2-1ubuntu0.1
Ubuntu 20.04 LTS
nano 4.8-1ubuntu1.1
Ubuntu 18.04 LTS
nano 2.9.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
nano 2.5.3-2ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7064-1
CVE-2024-5742
Package Information:
https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/4.8-1ubuntu1.1
