[USN-7322-1] Linux kernel vulnerabilities
[USN-7327-1] Linux kernel vulnerability
[USN-7321-1] Redis vulnerabilities
[USN-7320-1] GPAC vulnerabilities
[USN-7322-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7322-1
March 05, 2025
linux, linux-oem-6.11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-oem-6.11: Linux kernel for OEM systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Networking core;
(CVE-2024-56672, CVE-2024-56658)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
linux-image-6.11.0-19-generic 6.11.0-19.19
linux-image-6.11.0-19-generic-64k 6.11.0-19.19
linux-image-generic 6.11.0-19.19
linux-image-generic-64k 6.11.0-19.19
linux-image-virtual 6.11.0-19.19
Ubuntu 24.04 LTS
linux-image-6.11.0-1016-oem 6.11.0-1016.16
linux-image-oem-24.04b 6.11.0-1016.16
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7322-1
CVE-2024-56658, CVE-2024-56672
Package Information:
https://launchpad.net/ubuntu/+source/linux/6.11.0-19.19
https://launchpad.net/ubuntu/+source/linux-oem-6.11/6.11.0-1016.16
[USN-7327-1] Linux kernel vulnerability
==========================================================================
Ubuntu Security Notice USN-7327-1
March 05, 2025
linux, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
A security issue was fixed in Linux kernel.
Software Description:
- linux: Linux kernel
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-5.15: Linux low latency kernel
Details:
A security issues was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
(CVE-2024-56672)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-134-generic 5.15.0-134.145
linux-image-5.15.0-134-generic-64k 5.15.0-134.145
linux-image-5.15.0-134-generic-lpae 5.15.0-134.145
linux-image-5.15.0-134-lowlatency 5.15.0-134.145
linux-image-5.15.0-134-lowlatency-64k 5.15.0-134.145
linux-image-generic 5.15.0.134.133
linux-image-generic-64k 5.15.0.134.133
linux-image-generic-lpae 5.15.0.134.133
linux-image-lowlatency 5.15.0.134.121
linux-image-lowlatency-64k 5.15.0.134.121
linux-image-virtual 5.15.0.134.133
Ubuntu 20.04 LTS
linux-image-5.15.0-134-lowlatency 5.15.0-134.145~20.04.1
linux-image-5.15.0-134-lowlatency-64k 5.15.0-134.145~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.134.145~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.134.145~20.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7327-1
CVE-2024-56672
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-134.145
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-134.145
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-134.145~20.04.1
[USN-7321-1] Redis vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7321-1
March 05, 2025
redis vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Redis.
Software Description:
- redis: Persistent key-value database with network interface
Details:
It was discovered that Redis incorrectly handled certain memory operations
during pattern matching. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-31228)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2024-46981)
It was discovered that Redis incorrectly handled some malformed ACL
selectors. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 24.10 and Ubuntu 24.04 LTS.
(CVE-2024-51741)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
redis-server 5:7.0.15-1ubuntu0.24.10.1
redis-tools 5:7.0.15-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
redis-server 5:7.0.15-1ubuntu0.24.04.1
redis-tools 5:7.0.15-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
redis-server 5:6.0.16-1ubuntu1+esm2
Available with Ubuntu Pro
redis-tools 5:6.0.16-1ubuntu1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
redis-server 5:5.0.7-2ubuntu0.1+esm3
Available with Ubuntu Pro
redis-tools 5:5.0.7-2ubuntu0.1+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
redis-server 5:4.0.9-1ubuntu0.2+esm5
Available with Ubuntu Pro
redis-tools 5:4.0.9-1ubuntu0.2+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
redis-server 2:3.0.6-1ubuntu0.4+esm3
Available with Ubuntu Pro
redis-tools 2:3.0.6-1ubuntu0.4+esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
redis-server 2:2.8.4-2ubuntu0.2+esm4
Available with Ubuntu Pro
redis-tools 2:2.8.4-2ubuntu0.2+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7321-1
CVE-2024-31228, CVE-2024-46981, CVE-2024-51741
Package Information:
https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubuntu0.24.04.1
[USN-7320-1] GPAC vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7320-1
March 04, 2025
gpac vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in GPAC.
Software Description:
- gpac: GPAC Project on Advanced Content
Details:
It was discovered that the GPAC MP4Box utility incorrectly handled certain
AC3 files, which could lead to an out-of-bounds read. A remote attacker
could use this issue to cause MP4Box to crash, resulting in a denial of
service (system crash). This issue only affected Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322)
It was discovered that the GPAC MP4Box utility incorrectly handled certain
malformed text files. If a user or automated system using MP4Box were
tricked into opening a specially crafted RST file, an attacker could use
this issue to cause a denial of service (system crash) or execute arbitrary
code. (CVE-2024-0321)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gpac 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac12t64 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gpac 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac11 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
gpac 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
libgpac2 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7320-1
CVE-2023-5520, CVE-2024-0321, CVE-2024-0322
