[USN-7169-3] Linux kernel vulnerabilities
[USN-7167-2] Linux kernel vulnerabilities
[USN-7179-3] Linux kernel (GKE) vulnerabilities
[USN-7189-1] HTMLDOC vulnerabilities
[USN-7188-1] FFmpeg vulnerability
[USN-7169-3] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7169-3
January 07, 2025
linux-aws, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-raspi: Linux kernel for Raspberry Pi systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ext4 file system;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
linux-image-6.11.0-1006-raspi 6.11.0-1006.6
linux-image-6.11.0-1007-aws 6.11.0-1007.7
linux-image-aws 6.11.0-1007.7
linux-image-raspi 6.11.0-1006.6
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7169-3
https://ubuntu.com/security/notices/USN-7169-2
https://ubuntu.com/security/notices/USN-7169-1
CVE-2024-49967, CVE-2024-50264, CVE-2024-53057
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.11.0-1007.7
https://launchpad.net/ubuntu/+source/linux-raspi/6.11.0-1006.6
[USN-7167-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7167-2
January 07, 2025
linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
- linux-lowlatency-hwe-6.8: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ext4 file system;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-50264, CVE-2024-49967, CVE-2024-53057)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-51-lowlatency 6.8.0-51.52.1
linux-image-6.8.0-51-lowlatency-64k 6.8.0-51.52.1
linux-image-lowlatency 6.8.0-51.52.1
linux-image-lowlatency-64k 6.8.0-51.52.1
linux-image-lowlatency-64k-hwe-24.04 6.8.0-51.52.1
linux-image-lowlatency-hwe-24.04 6.8.0-51.52.1
Ubuntu 22.04 LTS
linux-image-6.8.0-51-generic 6.8.0-51.52~22.04.1
linux-image-6.8.0-51-generic-64k 6.8.0-51.52~22.04.1
linux-image-6.8.0-51-lowlatency 6.8.0-51.52.1~22.04.1
linux-image-6.8.0-51-lowlatency-64k 6.8.0-51.52.1~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-51.52~22.04.1
linux-image-generic-hwe-22.04 6.8.0-51.52~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-51.52.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-51.52.1~22.04.1
linux-image-oem-22.04 6.8.0-51.52~22.04.1
linux-image-oem-22.04a 6.8.0-51.52~22.04.1
linux-image-oem-22.04b 6.8.0-51.52~22.04.1
linux-image-oem-22.04c 6.8.0-51.52~22.04.1
linux-image-oem-22.04d 6.8.0-51.52~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-51.52~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7167-2
https://ubuntu.com/security/notices/USN-7167-1
CVE-2024-49967, CVE-2024-50264, CVE-2024-53057
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-51.52.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-51.52~22.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-51.52.1~22.04.1
[USN-7179-3] Linux kernel (GKE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7179-3
January 07, 2025
linux-gke vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
Details:
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Media drivers;
- Network drivers;
- SMB network file system;
- Bluetooth subsystem;
- Amateur Radio drivers;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973,
CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553,
CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1072-gke 5.15.0-1072.78
linux-image-gke 5.15.0.1072.71
linux-image-gke-5.15 5.15.0.1072.71
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7179-3
https://ubuntu.com/security/notices/USN-7179-2
https://ubuntu.com/security/notices/USN-7179-1
CVE-2020-12351, CVE-2020-12352, CVE-2020-24490, CVE-2024-26822,
CVE-2024-35963, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967,
CVE-2024-38553, CVE-2024-40910, CVE-2024-40973, CVE-2024-43904,
CVE-2024-50264, CVE-2024-53057
Package Information:
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1072.78
[USN-7189-1] HTMLDOC vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7189-1
January 08, 2025
HTMLDOC vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in HTMLDOC.
Software Description:
- htmldoc: HTML processor that generates indexed HTML, PS, and PDF
Details:
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to a stack buffer overflow. An attacker could potentially use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23206, CVE-2021-40985, CVE-2021-43579)
It was discovered that HTMLDOC incorrectly handled memory in
pdpdf_prepare_page and render_table_row, which could lead to a heap buffer
overflow. An attacker could potentially use this issue to cause a denial
of service or execute arbitrary code. (CVE-2021-26252, CVE-2021-26259)
It was discovered that HTMLDOC incorrectly handled memory in
parse_paragraph, which could lead to a heap buffer overflow. An attacker
could potentially use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34119)
It was discovered that HTMLDOC incorrectly handled memory in parse_tree.
An attacker could potentially use this issue to leak sensitive
information. (CVE-2021-34121)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
htmldoc 1.9.7-1ubuntu0.3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
htmldoc 1.9.2-1ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
htmldoc 1.8.27-8ubuntu1.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
htmldoc 1.8.27-8ubuntu1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7189-1
CVE-2021-20308, CVE-2021-23158, CVE-2021-23191, CVE-2021-23206,
CVE-2021-26252, CVE-2021-26259, CVE-2021-26948, CVE-2021-34119,
CVE-2021-34121, CVE-2021-40985, CVE-2021-43579
[USN-7188-1] FFmpeg vulnerability
==========================================================================
Ubuntu Security Notice USN-7188-1
January 08, 2025
ffmpeg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
FFmpeg could be made to crash if it received specially crafted input.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
It was discovered that FFmpeg incorrectly handled certain input, which
could lead to an integer overflow. An attacker could possibly use this
issue to cause a denial of service by crashing the application.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm6
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavdevice58 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavfilter7 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavresample4 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavutil56 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libpostproc55 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswresample3 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswscale5 7:4.2.7-0ubuntu0.1+esm7
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavdevice57 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavfilter6 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavresample3 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavutil55 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libpostproc54 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswresample2 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswscale4 7:3.4.11-0ubuntu0.1+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libav-tools 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm9
Available with Ubuntu Pro
After a standard system update you need to restart FFmpeg to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7188-1
CVE-2024-36617
