[USN-6985-1] ImageMagick vulnerabilities
[USN-6989-1] OpenStack vulnerability
[USN-6992-1] Firefox vulnerabilities
[USN-6990-1] znc vulnerability
[USN-6985-1] ImageMagick vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6985-1
September 04, 2024
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or execute code with the privileges of the user
invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6985-1
( https://ubuntu.com/security/notices/USN-6985-1)
CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975,
CVE-2019-12976, CVE-2019-12978, CVE-2019-12979
[USN-6989-1] OpenStack vulnerability
=========================================================================
Ubuntu Security Notice USN-6989-1
September 04, 2024
ironic vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenStack could be made to expose sensitive information.
Software Description:
- ironic: Openstack bare metal provisioning service - API
Details:
Dan Smith, Julia Kreger and Jay Faulkner discovered that in
image processing for Ironic, a specially crafted image
could be used by an authenticated user to exploit undesired behaviors
in qemu-img, including possible unauthorized access to potentially
sensitive data.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python3-ironic 1:24.1.1-0ubuntu1.2
Ubuntu 22.04 LTS
python3-ironic 1:20.1.0-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6989-1
CVE-2024-44082
Package Information:
https://launchpad.net/ubuntu/+source/ironic/1:24.1.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ironic/1:20.1.0-0ubuntu1.2
[USN-6992-1] Firefox vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6992-1
September 05, 2024
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)
Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)
It was discovered that Firefox did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)
Seunghyun Lee discovered that Firefox contained a type confusion
vulnerability when handling certain ArrayTypes. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8385)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
firefox 130.0+build2-0ubuntu0.20.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes
References:
https://ubuntu.com/security/notices/USN-6992-1
CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384,
CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389
Package Information:
https://launchpad.net/ubuntu/+source/firefox/130.0+build2-0ubuntu0.20.04.1
[USN-6990-1] znc vulnerability
==============================
============================================
Ubuntu Security Notice USN-6990-1
September 04, 2024
znc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
znc could be made to execute arbitrary code on a user's system if
they were persuaded to join a malicious server.
Software Description:
- znc: advanced modular IRC bouncer
Details:
Johannes Kuhn (DasBrain) discovered that znc incorrectly handled
user input under certain operations. An attacker could possibly
use this issue to execute arbitrary code on a user's system if
the user was tricked into joining a malicious server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
znc 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
znc 1.8.2-2ubuntu0.1
znc-dev 1.8.2-2ubuntu0.1
znc-perl 1.8.2-2ubuntu0.1
znc-python 1.8.2-2ubuntu0.1
znc-tcl 1.8.2-2ubuntu0.1
Ubuntu 20.04 LTS
znc 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
znc 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
znc 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
znc 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-dev 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-perl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-python 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-tcl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6990-1
( https://ubuntu.com/security/notices/USN-6990-1)
CVE-2024-39844
Package Information:
https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1
( https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1)
