Ubuntu 6614 Published by

The following security updates have been released for Ubuntu Linux:

[USN-6985-1] ImageMagick vulnerabilities
[USN-6989-1] OpenStack vulnerability
[USN-6992-1] Firefox vulnerabilities
[USN-6990-1] znc vulnerability




[USN-6985-1] ImageMagick vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6985-1
September 04, 2024

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or execute code with the privileges of the user
invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  imagemagick-common              8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro
  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm9
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6985-1
( https://ubuntu.com/security/notices/USN-6985-1)
  CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
  CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975,
  CVE-2019-12976, CVE-2019-12978, CVE-2019-12979



[USN-6989-1] OpenStack vulnerability


=========================================================================
Ubuntu Security Notice USN-6989-1
September 04, 2024

ironic vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

OpenStack could be made to expose sensitive information.

Software Description:
- ironic: Openstack bare metal provisioning service - API

Details:

Dan Smith, Julia Kreger and Jay Faulkner discovered that in
image processing for Ironic, a specially crafted image
could be used by an authenticated user to exploit undesired behaviors
in qemu-img, including possible unauthorized access to potentially
sensitive data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3-ironic 1:24.1.1-0ubuntu1.2

Ubuntu 22.04 LTS
python3-ironic 1:20.1.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6989-1
CVE-2024-44082

Package Information:
https://launchpad.net/ubuntu/+source/ironic/1:24.1.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ironic/1:20.1.0-0ubuntu1.2



[USN-6992-1] Firefox vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6992-1
September 05, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-8382,
CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)

Nils Bars discovered that Firefox contained a type confusion vulnerability
when performing certain property name lookups. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8381)

It was discovered that Firefox did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)

Seunghyun Lee discovered that Firefox contained a type confusion
vulnerability when handling certain ArrayTypes. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-8385)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
firefox 130.0+build2-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes

References:
https://ubuntu.com/security/notices/USN-6992-1
CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384,
CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389

Package Information:
https://launchpad.net/ubuntu/+source/firefox/130.0+build2-0ubuntu0.20.04.1



[USN-6990-1] znc vulnerability


==============================

============================================
Ubuntu Security Notice USN-6990-1
September 04, 2024

znc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

znc could be made to execute arbitrary code on a user's system if
they were persuaded to join a malicious server.

Software Description:
- znc: advanced modular IRC bouncer

Details:

Johannes Kuhn (DasBrain) discovered that znc incorrectly handled
user input under certain operations. An attacker could possibly
use this issue to execute arbitrary code on a user's system if
the user was tricked into joining a malicious server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  znc                             1.9.0-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-dev                         1.9.0-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-perl                        1.9.0-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-python                      1.9.0-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-tcl                         1.9.0-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  znc                             1.8.2-2ubuntu0.1
  znc-dev                         1.8.2-2ubuntu0.1
  znc-perl                        1.8.2-2ubuntu0.1
  znc-python                      1.8.2-2ubuntu0.1
  znc-tcl                         1.8.2-2ubuntu0.1

Ubuntu 20.04 LTS
  znc                             1.7.5-4ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-dev                         1.7.5-4ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-perl                        1.7.5-4ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-python                      1.7.5-4ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  znc-tcl                         1.7.5-4ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  znc                             1.6.6-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-dev                         1.6.6-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-perl                        1.6.6-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-python                      1.6.6-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-tcl                         1.6.6-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  znc                             1.6.3-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-dev                         1.6.3-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-perl                        1.6.3-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-python                      1.6.3-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  znc-tcl                         1.6.3-1ubuntu0.2+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  znc                             1.2-3ubuntu0.1+esm3
                                  Available with Ubuntu Pro
  znc-dev                         1.2-3ubuntu0.1+esm3
                                  Available with Ubuntu Pro
  znc-perl                        1.2-3ubuntu0.1+esm3
                                  Available with Ubuntu Pro
  znc-python                      1.2-3ubuntu0.1+esm3
                                  Available with Ubuntu Pro
  znc-tcl                         1.2-3ubuntu0.1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6990-1
( https://ubuntu.com/security/notices/USN-6990-1)
  CVE-2024-39844

Package Information:
https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1
( https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1)